Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add text for textarea injection, refactor transform mechanism
- Loading branch information
Showing
11 changed files
with
352 additions
and
172 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{{ define "title" }}Reflected XSS in textarea (textarea1){{end}} | ||
|
||
{{template "header" }} | ||
|
||
<H2>Textarea injection test</H2> | ||
This test requires a closing textarea tag to break out of the field context and trigger a subsequent exploit. | ||
<p> | ||
<FORM> | ||
<textarea name="in" rows="5" cols="60">{{.In}}</textarea> | ||
<p> | ||
<INPUT type="Submit"> | ||
</FORM> | ||
<p>Random padding to invite scanners not to skip me: | ||
<b>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt </b> | ||
{{template "footer"}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{{ define "title" }}Reflected XSS in textarea (textarea_fp1){{end}} | ||
|
||
{{template "header" }} | ||
|
||
<H2>Textarea injection test (False Positive)</H2> | ||
This test requires a closing textarea tag to break out of the field context and trigger a subsequent exploit. | ||
<p> | ||
<FORM> | ||
<textarea name="in" rows="5" cols="60">{{.In}}</textarea> | ||
<p> | ||
<INPUT type="Submit"> | ||
</FORM> | ||
<p>Random padding to invite scanners not to skip me: <BR> | ||
<i>ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. </i> | ||
{{template "footer"}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
{{ define "title" }}Reflected XSS in textarea (textarea1){{end}} | ||
|
||
{{template "header" }} | ||
|
||
<H2>Textarea injection test</H2> | ||
This test requires a closing textarea tag to break out of the field context and trigger a subsequent exploit. | ||
<p> | ||
<FORM> | ||
<textarea name="in" rows="5" cols="60">{{.In}}</textarea> | ||
<p> | ||
<INPUT type="Submit"> | ||
</FORM> | ||
<br>Random padding to invite scanners not to skip me: | ||
{{template "footer"}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{{ define "title" }}Reflected XSS in textarea (textareafp2){{end}} | ||
|
||
{{template "header" }} | ||
|
||
<H2>Textarea injection test (False Posisitve)</H2> | ||
This test requires a closing textarea tag to break out of the field context and trigger a subsequent exploit. | ||
<p> | ||
<FORM> | ||
<textarea name="in" rows="5" cols="60">{{.In}}</textarea> | ||
<p> | ||
<INPUT type="Submit"> | ||
</FORM> | ||
|
||
Random padding: <BR> | ||
Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum." | ||
{{template "footer"}} |
Oops, something went wrong.