mrpastewart/platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
platform/libinjection/data/xss-smoke-test.txt

87 lines
1.6 KiB
Text
Raw Normal View History

Roll libinjection
2019-08-16 14:42:40 +00:00
#
# Really simple XSS smoke test
#
#
# Script Tags
#
# in plain text context - duh
<script>alert(1);</script>
# as attribute <tag $USERINPUT></tag>
><script>alert(1);</script>
# as unquoted value <tag foo=$USERINPUT></tag>
x ><script>alert(1);</script>
# as single quoted value <tag foo='$USERINPUT'></tag>
' ><script>alert(1);</script>
# as double quoted value <tag foo="$USERINPUT"></tag>
"><script>alert(1);</script>
# inside <style>div:color=$USERINPUT;.. </style>
red;</style><script>alert(1);</script>
# inside <style>div { color=$USERINPUT;..} </style>
red;}</style><script>alert(1);</script>
# inside <div style="color:$USERINPUT"...
red;"/><script>alert(1);</script>
# inside CSS URL, e.g. background-image:url('$USERINPUT')
');}</style><script>alert(1);</script>
#
# onerror (or on-other)
#
# as attribute <tag $USERINPUT></tag>
onerror=alert(1)>
# as unquoted value <tag foo=$USERINPUT></tag>
x onerror=alert(1);>
# as single quoted value <tag foo='$USERINPUT'></tag>
x' onerror=alert(1);>
# as double quoted value <tag foo='$USERINPUT'></tag>
x" onerror=alert(1);>
#
# href-like
#
# duh
<a href="javascript:alert(1)">
<a href='javascript:alert(1)'>
<a href=javascript:alert(1)>
<a href = javascript:alert(1); >
<a href=" javascript:alert(1);" >
<a href="JAVASCRIPT:alert(1);" >
<a href="&#32;javascript:alert(1)" >
<a href="&#00032;javascript:alert(1)" >
<a href="&#x20;javascript:alert(1)" >
# does not work
#<a href="&nbsp;javascript:alert(1)" >
<a href="&#X20;javascript:alert(1)" >
<a href="&#74;avascript:alert(1)" >
<a href="&#000074;avascript:alert(1)" >
# really a raw embedded null
<a href="j&#0;avascript:alert(1)">
Reference in a new issue Copy permalink