-->
Agnostic
IE
Firefox
Opera
Safari
Chrome
Event Oriented
Tag Oriented
Extra 1
<form>
<frameset>
<table>
<x contextmenu=y>
<x contextmenu=">">
<
Tag
a
b
i
p
q
s
u
br
dd
dl
dt
em
h1
h2
h3
h4
h5
h6
hr
li
ol
rp
rt
td
th
tr
tt
ul
bdi
bdo
big
col
del
dfn
dir
div
img
ins
kbd
map
nav
pre
sub
sup
svg
var
wbr
xmp
abbr
area
base
body
cite
code
font
form
head
html
link
main
mark
menu
meta
ruby
samp
span
time
aside
audio
embed
frame
image
input
label
meter
param
small
style
table
tbody
tfoot
thead
title
track
video
applet
button
canvas
center
dialog
figure
footer
header
iframe
keygen
legend
object
option
output
script
select
source
strike
strong
acronym
address
article
caption
details
isindex
listing
marquee
section
summary
basefont
colgroup
datalist
fieldset
frameset
menuitem
noframes
noscript
optgroup
progress
textarea
plaintext
blockquote
figcaption
/
+
%09
%0A
%0C
%0D
%20
%2F
Extra 2
src
src=g
src="g"
autofocus
poster
style=font-size:700px
style="font-size:700px"
style=overflow:auto;height:1000px
style="overflow:auto;height:1000px"
draggable
contenteditable
required
controls
value=aaaaaaaaa
value="aaaaaaaaa"
loop=1 width=0
type=image
type="image"
<
x=""
on=""
id=y
id="y"
id=">"
id=">"<
x=">"
x=">"<
id=alert
id="alert"
123456789
/
+
%09
%0A
%0C
%0D
%20
%2F
Event
oncut
onblur
oncopy
ondrag
ondrop
onhelp
onload
onplay
onshow
onabort
onclick
onclose
onended
onerror
onfocus
oninput
onkeyup
onpaste
onpause
onreset
onwheel
onbounce
oncancel
onchange
onfinish
ononline
onresize
onscroll
onsearch
onseeked
onselect
onsubmit
ontoggle
onunload
oncanplay
ondragend
onemptied
onfocusin
oninvalid
onkeydown
onmessage
onmouseup
onoffline
onplaying
onseeking
onstalled
onstorage
onsuspend
onwaiting
onactivate
ondblclick
ondragover
onfocusout
onkeypress
onmouseout
onpagehide
onpageshow
onpopstate
onprogress
ontouchend
onbeforecut
oncuechange
ondragenter
ondragleave
ondragstart
onloadstart
onmousedown
onmousemove
onmouseover
ontouchmove
onafterprint
onbeforecopy
ongestureend
onhashchange
onloadeddata
onmouseenter
onmouseleave
onmousewheel
onratechange
ontimeupdate
ontouchstart
onafterupdate
onbeforepaste
onbeforeprint
oncontextmenu
ondevicelight
onmspointerup
ontouchcancel
onanimationend
onautocomplete
onbeforeunload
onbeforeupdate
ondevicemotion
ongesturestart
onmsgestureend
onmsgesturetap
onmspointerout
onvolumechange
oncontrolselect
ongesturechange
onmsgesturehold
onmspointerdown
onmspointermove
onmspointerover
ontransitionend
onuserproximity
onanimationstart
onbeforeactivate
oncanplaythrough
ondurationchange
onlanguagechange
onloadedmetadata
onmsgesturestart
onmsinertiastart
onmspointerenter
onmspointerhover
onmspointerleave
onbeforeeditfocus
ondeviceproximity
onmsgesturechange
onmspointercancel
onbeforedeactivate
onreadystatechange
onautocompleteerror
ondeviceorientation
onorientationchange
onanimationiteration
onmozfullscreenerror
onmsgesturedoubletap
onwebkitanimationend
onwebkitmouseforceup
onmozfullscreenchange
onmozpointerlockerror
onwebkittransitionend
onmozpointerlockchange
onwebkitanimationstart
onwebkitmouseforcedown
onwebkitwillrevealbottom
oncompassneedscalibration
onwebkitmouseforcechanged
onwebkitanimationiteration
onwebkitmouseforcewillbegin
+
%09
%0A
%0C
%0D
%20
=
+
%09
%0A
%0B
%0C
%0D
%20
Javascript
Alert - Simple
Prompt - Simple
Confirm - Simple
Write - Simple
Open - Simple
Alert - Simple Split (var $)
Prompt - Simple Split (var $)
Confirm - Simple Split (var $)
Write - Simple Split (var $)
Open - Simple Split (var $)
Alert - Simple Split (var _)
Prompt - Simple Split (var _)
Confirm - Simple Split (var _)
Write - Simple Split (var _)
Open Simple - Split (var _)
Alert - Simple Split (var q)
Prompt - Simple Split (var q)
Confirm - Simple Split (var q)
Write - Simple Split (var q)
Open - Simple Split (var q)
Alert - Conditional True
Prompt - Conditional True
Confirm - Conditional True
Write - Conditional True
Open - Conditional True
Alert - Conditional False
Prompt - Conditional False
Confirm - Conditional False
Write - Conditional False
Open - Conditional False
Alert - Simple (Cookie)
Prompt - Simple (Cookie)
Confirm - Simple (Cookie)
Write - Simple (Cookie)
Open - Simple (Google)
Defacement - Hacked 1
Browser Control (XSShell)
Force Download
+
%09
%0A
%0C
%0D
%20
>
Extra 3
#x
AAAAAAAAA
<td>AAAAAAAAA
<th>AAAAAAAAA
<input type=reset>
<input type=submit>
<option>1<option>2
<option><input type=submit>
click this!
hover this!
double click this!
right click this!
cut this!
copy this!
paste here!
resize this!
input here!
play this!
pause this!
select it!
mark this!
Back
Load
">
'>
>
none
Target
keep it
Place the payload in target with |xss|
or leave it blank for test page.
Shoot!