chuang yu dun

test

By
0x_Jin 1 Seen 147 times
Tags
test
Run this test now.

Results


Tested on
Chrome - 63 - Mac OS X
Tag nameEvent nameXSS payload

Tested on
Mobile Safari - 10 - iOS
Tag nameEvent nameXSS payload

Tested on
Googlebot - 2.1 - undefined
Tag nameEvent nameXSS payload

Tested on
Chrome Mobile - 41 - Android
Tag nameEvent nameXSS payload

User Script (ENUM_FUNCTION)

					
TESTRUNNER_MAXIMUM_IFRAMES=20;
var tag = '';
var event = '';
function vulnerable(){
	addError('Tag: &lt;' + tag + '&gt;', 'event ' + event, '<b>Full XSS payload: &lt;'+tag+' '+event+'="alert(document.domain)"&gt;</b>');
}

function safe(){
	addSuccess('', '', '');
}
	
function removeIframe(){
	var x = document.getElementById('XSSFrameID');
	x.parentNode.removeChild(x);
}


function test(data){
	try{
	    console.log(data)
	    
		tag = data.substring(0,data.indexOf(":"));
		event = data.substring(data.indexOf(":")+1,data.length);
		
		var XSSFrame = document.createElement('iframe');
		XSSFrame.id = 'XSSFrameID';
		var exploitHTML = '<script>var tst<\/script><'+tag+' '+event+'="tst=1">1</'+tag+'>';
		document.body.appendChild(XSSFrame);
		iframeDoc = XSSFrame.contentDocument || XSSFrame.contentWindow.document;
		iframeDoc.open();
        
        iframeDoc.write(exploitHTML);
        setTimeout(function(){
          	if(iframeDoc.defaultView.tst=="1"){
            	vulnerable()
            }else{
            	safe()
            }
        	removeIframe()
        },500)
		iframeDoc.close();
		
	}
	catch(err){
		addInfo(jQuery_version , Migrate_version,  'Some Error Occured: ' + err);
	}
}

					
				

Enum Data (ENUM_FUNCTION)

					
var tagslist =["a","abbr","acronym","address","applet","area","article","aside","audio","b","base","basefont","bdi","bdo","big","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","datalist","dd","del","details","dfn","dialog","dir","div","dl","dt","em","embed","fieldset","figcaption","figure","font","footer","form","frame","frameset","h1","head","header","hr","html","i","iframe","img","input","ins","isindex","kbd","keygen","label","legend","li","link","main","map","marquee","mark","menu","menuitem","meta","meter","nav","noframes","noscript","object","ol","optgroup","option","output","p","param","pre","progress","q","rp","rt","ruby","s","samp","script","section","select","small","source","span","strike","strong","style","sub","summary","sup","table","tbody","td","textarea","tfoot","th","thead","time","title","tr","track","tt","u","ul","var","video","wbr","bgsound","blackface","blink","bq","ilayer","layer","nosmartquotes","xml","xmp","server","shadow","sidebar","spacer","plaintext","multicol","nobr","noembed","limittext","listing","kdb","fn","comment","audioscope"];
var eventlist =["onautocompleteerror","ondeviceorientation"];
var data = [];
var d = 0;

for(var i in tagslist){
	for(var ii in eventlist){
        data[d] = (tagslist[i] + ":" + eventlist[ii]);
        d++;
        
    }
}