API tools faq
paste
Advertisement
SoCo_cpp

EMail XSS - Original

SoCo_cpp
Nov 28th, 2012
194
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.14 KB | None | 0 0
raw download clone embed print report
  1. [NoScript XSS]: sanitized window.name, "darla_csc_writer_0--%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%2527piV1j2KL4M8-%2527%255D%253D%2527%2528as%252412r9df01m%252Caid%2524piV1j2KL4M8-%252Cbi%25241547599051%252Ccr%25243016870051%252Cct%252425%252Cat%2524blank-H%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.yzq_d%253D%253Dnull%2529window.yzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.yzq_d%255B%25274wQBnGKL5Ug-%2527%255D%253D%2527%2526U%253D13g78rj7s%25252fN%25253d4wQBnGKL5Ug-%25252fC%25253d778931.15091561.14847828.13718810%25252fD%25253dMIP4%25252fB%25253d6289111%25252fV%25253d1%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%25274rN1j2KL4M8-%2527%255D%253D%2527%2528as%252412rt8akop%252Caid%25244rN1j2KL4M8-%252Cbi%25241389998551%252Ccr%25242936861551%252Cct%252425%252Cat%2524blank-H%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.yzq_d%253D%253Dnull%2529window.yzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.yzq_d%255B%25274gQBnGKL5Ug-%2527%255D%253D%2527%2526U%253D12dhlk8ts%25252fN%25253d4gQBnGKL5Ug-%25252fC%25253d-1%25252fD%25253dFSRVY%25252fB%25253d-1%25252fV%25253d0%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.yzq_p%253D%253Dnull%2529document.write%2528%2522%253Cscr%2522+%2522ipt%2520language%253Djavascript%2520src%253Dhttp%253A//l.yimg.com/d/lib/bc/bc_2.0.5.js%253E%253C/scr%2522+%2522ipt%253E%2522%2529%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.yzq_p%2529yzq_p%2528%2527P%253DpEYUrmKL0mNL5EvYTD4jsR.FTAvzOlC000MACL36%2526T%253D1c1snlpmc%25252fX%25253d1354027843%25252fE%25253d978500273%25252fR%25253dmail%25252fK%25253d5%25252fV%25253d1.1%25252fW%25253dJ%25252fY%25253dYAHOO%25252fF%25253d1060573008%25252fH%25253dY29udGVudD0ibm9fZXhwYW5kYWJsZTthamF4X2NlcnRfZXhwYW5kYWJsZTtleHBfaWZyYW1lX2V4cGFuZGFibGU7bWludHlfdGVudXJlOiIgc2VjdXJlLWRhcmxhPSIyLTQtNyIgc2VydmVJZD0icEVZVXJtS0wwbU5MNUV2WVRENGpzUi5GVEF2ek9sQzAwME1BQ0wzNiIgc2l0ZUlkPSI0NDU0NTUxIiB0U3RtcD0iMTM1NDAyNzg0MzYxMTAyNSIg%25252fS%25253d1%25252fJ%25253d4CD28B62%2527%2529%253B%250Aif%2528window.yzq_s%2529yzq_s%2528%2529%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250A%2528function%2528%2529%257Bwindow.xzq_p%253Dfunction%2528R%2529%257BM%253DR%257D%253Bwindow.xzq_svr%253Dfunction%2528R%2529%257BJ%253DR%257D%253Bfunction%2520F%2528S%2529%257Bvar%2520T%253Ddocument%253Bif%2528T.xzq_i%253D%253Dnull%2529%257BT.xzq_i%253Dnew%2520Array%2528%2529%253BT.xzq_i.c%253D0%257Dvar%2520R%253DT.xzq_i%253BR%255B++R.c%255D%253Dnew%2520Image%2528%2529%253BR%255BR.c%255D.src%253DS%257Dwindow.xzq_sr%253Dfunction%2528%2529%257Bvar%2520S%253Dwindow%253Bvar%2520Y%253DS.xzq_d%253Bif%2528Y%253D%253Dnull%2529%257Breturn%2520%257Dif%2528J%253D%253Dnull%2529%257Breturn%2520%257Dvar%2520T%253DJ+M%253Bif%2528T.length%253EP%2529%257BC%2528%2529%253Breturn%2520%257Dvar%2520X%253D%2522%2522%253Bvar%2520U%253D0%253Bvar%2520W%253DMath.random%2528%2529%253Bvar%2520V%253D%2528Y.hasOwnProperty%2521%253Dnull%2529%253Bvar%2520R%253Bfor%2528R%2520in%2520Y%2529%257Bif%2528typeof%2520Y%255BR%255D%253D%253D%2522string%2522%2529%257Bif%2528V%2526%2526%2521Y.hasOwnProperty%2528R%2529%2529%257Bcontinue%257Dif%2528T.length+X.length+Y%255BR%255D.length%253C%253DP%2529%257BX+%253DY%255BR%255D%257Delse%257Bif%2528T.length+Y%255BR%255D.length%253EP%2529%257B%257Delse%257BU++%253BN%2528T%252CX%252CU%252CW%2529%253BX%253DY%255BR%255D%257D%257D%257D%257Dif%2528U%2529%257BU++%257DN%2528T%252CX%252CU%252CW%2529%253BC%2528%2529%257D%253Bfunction%2520N%2528R%252CU%252CS%252CT%2529%257Bif%2528U.length%253E0%2529%257BR+%253D%2522%2526al%253D%2522%257DF%2528R+U+%2522%2526s%253D%2522+S+%2522%2526r%253D%2522+T%2529%257Dfunction%2520C%2528%2529%257Bwindow.xzq_d%253Dnull%253BM%253Dnull%253BJ%253Dnull%257Dfunction%2520K%2528R%2529%257Bxzq_sr%2528%2529%257Dfunction%2520B%2528R%2529%257Bxzq_sr%2528%2529%257Dfunction%2520L%2528U%252CV%252CW%2529%257Bif%2528W%2529%257Bvar%2520R%253DW.toString%2528%2529%253Bvar%2520T%253DU%253Bvar%2520Y%253DR.match%2528new%2520RegExp%2528%2522%255C%255C%255C%255C%2528%2528%255B%255E%255C%255C%255C%255C%2529%255D*%2529%255C%255C%255C%255C%2529%2522%2529%2529%253BY%253D%2528Y%255B1%255D.length%253E0%253FY%255B1%255D%253A%2522e%2522%2529%253BT%253DT.replace%2528new%2520RegExp%2528%2522%255C%255C%255C%255C%2528%255B%255E%255C%255C%255C%255C%2529%255D*%255C%255C%255C%255C%2529%2522%252C%2522g%2522%2529%252C%2522%2528%2522+Y+%2522%2529%2522%2529%253Bif%2528R.indexOf%2528T%2529%253C0%2529%257Bvar%2520X%253DR.indexOf%2528%2522%257B%2522%2529%253Bif%2528X%253E0%2529%257BR%253DR.substring%2528X%252CR.length%2529%257Delse%257Breturn%2520W%257DR%253DR.replace%2528new%2520RegExp%2528%2522%2528%255B%255Ea-zA-Z0-9%2524_%255D%2529this%2528%255B%255Ea-zA-Z0-9%2524_%255D%2529%2522%252C%2522g%2522%2529%252C%2522%25241xzq_this%25242%2522%2529%253Bvar%2520Z%253DT+%2522%253Bvar%2520rv%2520%253D%2520f%2528%2520%2522+Y+%2522%252Cthis%2529%253B%2522%253Bvar%2520S%253D%2522%257Bvar%2520a0%2520%253D%2520%2527%2522+Y+%2522%2527%253Bvar%2520ofb%2520%253D%2520%2527%2522+escape%2528R%2529+%2522%2527%2520%253Bvar%2520f%2520%253D%2520new%2520Function%2528%2520a0%252C%2520%2527xzq_this%2527%252C%2520unescape%2528ofb%2529%2529%253B%2522+Z+%2522return%2520rv%253B%257D%2522%253Breturn%2520new%2520Function%2528Y%252CS%2529%257Delse%257Breturn%2520W%257D%257Dreturn%2520V%257Dwindow.xzq_eh%253Dfunction%2528%2529%257Bif%2528E%257C%257CI%2529%257Bthis.onload%253DL%2528%2522xzq_onload%2528e%2529%2522%252CK%252Cthis.onload%252C0%2529%253Bif%2528E%2526%2526typeof%2520%2528this.onbeforeunload%2529%2521%253DO%2529%257Bthis.onbeforeunload%253DL%2528%2522xzq_dobeforeunload%2528e%2529%2522%252CB%252Cthis.onbeforeunload%252C0%2529%257D%257D%257D%253Bwindow.xzq_s%253Dfunction%2528%2529%257BsetTimeout%2528%2522xzq_sr%2528%2529%2522%252C1%2529%257D%253Bvar%2520J%253Dnull%253Bvar%2520M%253Dnull%253Bvar%2520Q%253Dnavigator.appName%253Bvar%2520H%253Dnavigator.appVersion%253Bvar%2520G%253Dnavigator.userAgent%253Bvar%2520A%253DparseInt%2528H%2529%253Bvar%2520D%253DQ.indexOf%2528%2522Microsoft%2522%2529%253Bvar%2520E%253DD%2521%253D-1%2526%2526A%253E%253D4%253Bvar%2520I%253D%2528Q.indexOf%2528%2522Netscape%2522%2529%2521%253D-1%257C%257CQ.indexOf%2528%2522Opera%2522%2529%2521%253D-1%2529%2526%2526A%253E%253D4%253Bvar%2520O%253D%2522undefined%2522%253Bvar%2520P%253D2000%257D%2529%2528%2529%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_svr%2529xzq_svr%2528%2527http%253A//csc.beap.bc.yahoo.com/%2527%2529%253B%250Aif%2528window.xzq_p%2529xzq_p%2528%2527yi%253Fbv%253D1.0.0%2526bs%253D%252813572srsl%2528gid%2524pEYUrmKL0mNL5EvYTD4jsR.FTAvzOlC000MACL36%252Cst%25241354027843611025%252Csi%25244454551%252Csp%2524978500273%252Cpv%25241%252Cv%25242.0%2529%2529%2526t%253DJ_3-D_3%2527%2529%253B%250Aif%2528window.xzq_s%2529xzq_s%2528%2529%253B%250A%253C/script%253E" to "darla_csc_writer_0-- 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 2527piV1j2KL4M8- 2527 255D 253D 2527 2528as 252412r9df01m 252Caid 2524piV1j2KL4M8- 252Cbi 25241547599051 252Ccr 25243016870051 252Cct 252425 252Cat 2524blank-H 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.yzq_d 253D 253Dnull 2529window.yzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.yzq_d 255B 25274wQBnGKL5Ug- 2527 255D 253D 2527 2526U 253D13g78rj7s 25252fN 25253d4wQBnGKL5Ug- 25252fC 25253d778931.15091561.14847828.13718810 25252fD 25253dMIP4 25252fB 25253d6289111 25252fV 25253d1 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 25274rN1j2KL4M8- 2527 255D 253D 2527 2528as 252412rt8akop 252Caid 25244rN1j2KL4M8- 252Cbi 25241389998551 252Ccr 25242936861551 252Cct 252425 252Cat 2524blank-H 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.yzq_d 253D 253Dnull 2529window.yzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.yzq_d 255B 25274gQBnGKL5Ug- 2527 255D 253D 2527 2526U 253D12dhlk8ts 25252fN 25253d4gQBnGKL5Ug- 25252fC 25253d-1 25252fD 25253dFSRVY 25252fB 25253d-1 25252fV 25253d0 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.yzq_p 253D 253Dnull 2529document.write 2528 2522 253Cscr 2522+ 2522ipt 2520language 253Djavascript 2520src 253Dhttp 253A//l.yimg.com/d/lib/bc/bc_2.0.5.js 253E 253C/scr 2522+ 2522ipt 253E 2522 2529 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.yzq_p 2529yzq_p 2528 2527P 253DpEYUrmKL0mNL5EvYTD4jsR.FTAvzOlC000MACL36 2526T 253D1c1snlpmc 25252fX 25253d1354027843 25252fE 25253d978500273 25252fR 25253dmail 25252fK 25253d5 25252fV 25253d1.1 25252fW 25253dJ 25252fY 25253dYAHOO 25252fF 25253d1060573008 25252fH 25253dY29udGVudD0ibm9fZXhwYW5kYWJsZTthamF4X2NlcnRfZXhwYW5kYWJsZTtleHBfaWZyYW1lX2V4cGFuZGFibGU7bWludHlfdGVudXJlOiIgc2VjdXJlLWRhcmxhPSIyLTQtNyIgc2VydmVJZD0icEVZVXJtS0wwbU5MNUV2WVRENGpzUi5GVEF2ek9sQzAwME1BQ0wzNiIgc2l0ZUlkPSI0NDU0NTUxIiB0U3RtcD0iMTM1NDAyNzg0MzYxMTAyNSIg 25252fS 25253d1 25252fJ 25253d4CD28B62 2527 2529 253B 250Aif 2528window.yzq_s 2529yzq_s 2528 2529 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250A 2528function 2528 2529 257Bwindow.xzq_p 253Dfunction 2528R 2529 257BM 253DR 257D 253Bwindow.xzq_svr 253Dfunction 2528R 2529 257BJ 253DR 257D 253Bfunction 2520F 2528S 2529 257Bvar 2520T 253Ddocument 253Bif 2528T.xzq_i 253D 253Dnull 2529 257BT.xzq_i 253Dnew 2520Array 2528 2529 253BT.xzq_i.c 253D0 257Dvar 2520R 253DT.xzq_i 253BR 255B++R.c 255D 253Dnew 2520Image 2528 2529 253BR 255BR.c 255D.src 253DS 257Dwindow.xzq_sr 253Dfunction 2528 2529 257Bvar 2520S 253Dwindow 253Bvar 2520Y 253DS.xzq_d 253Bif 2528Y 253D 253Dnull 2529 257Breturn 2520 257Dif 2528J 253D 253Dnull 2529 257Breturn 2520 257Dvar 2520T 253DJ+M 253Bif 2528T.length 253EP 2529 257BC 2528 2529 253Breturn 2520 257Dvar 2520X 253D 2522 2522 253Bvar 2520U 253D0 253Bvar 2520W 253DMath.random 2528 2529 253Bvar 2520V 253D 2528Y.hasOwnProperty 2521 253Dnull 2529 253Bvar 2520R 253Bfor 2528R 2520in 2520Y 2529 257Bif 2528typeof 2520Y 255BR 255D 253D 253D 2522string 2522 2529 257Bif 2528V 2526 2526 2521Y.hasOwnProperty 2528R 2529 2529 257Bcontinue 257Dif 2528T.length+X.length+Y 255BR 255D.length 253C 253DP 2529 257BX+ 253DY 255BR 255D 257Delse 257Bif 2528T.length+Y 255BR 255D.length 253EP 2529 257B 257Delse 257BU++ 253BN 2528T 252CX 252CU 252CW 2529 253BX 253DY 255BR 255D 257D 257D 257D 257Dif 2528U 2529 257BU++ 257DN 2528T 252CX 252CU 252CW 2529 253BC 2528 2529 257D 253Bfunction 2520N 2528R 252CU 252CS 252CT 2529 257Bif 2528U.length 253E0 2529 257BR+ 253D 2522 2526al 253D 2522 257DF 2528R+U+ 2522 2526s 253D 2522+S+ 2522 2526r 253D 2522+T 2529 257Dfunction 2520C 2528 2529 257Bwindow.xzq_d 253Dnull 253BM 253Dnull 253BJ 253Dnull 257Dfunction 2520K 2528R 2529 257Bxzq_sr 2528 2529 257Dfunction 2520B 2528R 2529 257Bxzq_sr 2528 2529 257Dfunction 2520L 2528U 252CV 252CW 2529 257Bif 2528W 2529 257Bvar 2520R 253DW.toString 2528 2529 253Bvar 2520T 253DU 253Bvar 2520Y 253DR.match 2528new 2520RegExp 2528 2522 255C 255C 255C 255C 2528 2528 255B 255E 255C 255C 255C 255C 2529 255D* 2529 255C 255C 255C 255C 2529 2522 2529 2529 253BY 253D 2528Y 255B1 255D.length 253E0 253FY 255B1 255D 253A 2522e 2522 2529 253BT 253DT.replace 2528new 2520RegExp 2528 2522 255C 255C 255C 255C 2528 255B 255E 255C 255C 255C 255C 2529 255D* 255C 255C 255C 255C 2529 2522 252C 2522g 2522 2529 252C 2522 2528 2522+Y+ 2522 2529 2522 2529 253Bif 2528R.indexOf 2528T 2529 253C0 2529 257Bvar 2520X 253DR.indexOf 2528 2522 257B 2522 2529 253Bif 2528X 253E0 2529 257BR 253DR.substring 2528X 252CR.length 2529 257Delse 257Breturn 2520W 257DR 253DR.replace 2528new 2520RegExp 2528 2522 2528 255B 255Ea-zA-Z0-9 2524_ 255D 2529this 2528 255B 255Ea-zA-Z0-9 2524_ 255D 2529 2522 252C 2522g 2522 2529 252C 2522 25241xzq_this 25242 2522 2529 253Bvar 2520Z 253DT+ 2522 253Bvar 2520rv 2520 253D 2520f 2528 2520 2522+Y+ 2522 252Cthis 2529 253B 2522 253Bvar 2520S 253D 2522 257Bvar 2520a0 2520 253D 2520 2527 2522+Y+ 2522 2527 253Bvar 2520ofb 2520 253D 2520 2527 2522+escape 2528R 2529+ 2522 2527 2520 253Bvar 2520f 2520 253D 2520new 2520Function 2528 2520a0 252C 2520 2527xzq_this 2527 252C 2520unescape 2528ofb 2529 2529 253B 2522+Z+ 2522return 2520rv 253B 257D 2522 253Breturn 2520new 2520Function 2528Y 252CS 2529 257Delse 257Breturn 2520W 257D 257Dreturn 2520V 257Dwindow.xzq_eh 253Dfunction 2528 2529 257Bif 2528E 257C 257CI 2529 257Bthis.onload 253DL 2528 2522xzq_onload 2528e 2529 2522 252CK 252Cthis.onload 252C0 2529 253Bif 2528E 2526 2526typeof 2520 2528this.onbeforeunload 2529 2521 253DO 2529 257Bthis.onbeforeunload 253DL 2528 2522xzq_dobeforeunload 2528e 2529 2522 252CB 252Cthis.onbeforeunload 252C0 2529 257D 257D 257D 253Bwindow.xzq_s 253Dfunction 2528 2529 257BsetTimeout 2528 2522xzq_sr 2528 2529 2522 252C1 2529 257D 253Bvar 2520J 253Dnull 253Bvar 2520M 253Dnull 253Bvar 2520Q 253Dnavigator.appName 253Bvar 2520H 253Dnavigator.appVersion 253Bvar 2520G 253Dnavigator.userAgent 253Bvar 2520A 253DparseInt 2528H 2529 253Bvar 2520D 253DQ.indexOf 2528 2522Microsoft 2522 2529 253Bvar 2520E 253DD 2521 253D-1 2526 2526A 253E 253D4 253Bvar 2520I 253D 2528Q.indexOf 2528 2522Netscape 2522 2529 2521 253D-1 257C 257CQ.indexOf 2528 2522Opera 2522 2529 2521 253D-1 2529 2526 2526A 253E 253D4 253Bvar 2520O 253D 2522undefined 2522 253Bvar 2520P 253D2000 257D 2529 2528 2529 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_svr 2529xzq_svr 2528 2527http 253A//csc.beap.bc.yahoo.com/ 2527 2529 253B 250Aif 2528window.xzq_p 2529xzq_p 2528 2527yi 253Fbv 253D1.0.0 2526bs 253D 252813572srsl 2528gid 2524pEYUrmKL0mNL5EvYTD4jsR.FTAvzOlC000MACL36 252Cst 25241354027843611025 252Csi 25244454551 252Csp 2524978500273 252Cpv 25241 252Cv 25242.0 2529 2529 2526t 253DJ_3-D_3 2527 2529 253B 250Aif 2528window.xzq_s 2529xzq_s 2528 2529 253B 250A 253C/script 253E".
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!