CGI-IDS
view release on metacpan or search on metacpan
28 => 'document.body.style.cssText=name',
29 => "for(i=0;;)i",
30 => "stop.sdfgkldfsgsdfgsdfgdsfg in alert(1)",
31 => "this .fdgsdfgsdfgdsfgdsfg
this .fdgsdfgsdfgdsfgdsfg
this .fdgsdfgsdfgdsfgdsfg
this .fdgsdfgsdfgdsfgdsfg
this .fdgsdfgsdfgdsfgdsfg
aaaaaaaaaaaaaaaa :-(alert||foo)(1)||foo",
32 => "(this)[new Array+('eva')+new Array+ 'l'](/foo.bar/+name+/foo.bar/)",
33 => '<video/title=.10000/alert(1) onload=.1/setTimeout(title)>',
34 => "const urchinTracker = open",
35 => "-setTimeout(
1E1+
',aler\
t ( /Mario dont go, its fun phpids rocks/ ) + 1E100000 ' )",
36 => '<b/alt="1"onmouseover=InputBox+1 language=vbs>test</b>',
37 => '$$=\'e\'
_=$$+\'val\'
$=_
x=this[$]
y=x(\'nam\' + $$)
x(y)
);
my %testSelfContainedXSSList = (
0 => 'a=0||\'ev\'+\'al\',b=0||1[a](\'loca\'+\'tion.hash\'),c=0||\'sub\'+\'str\',1[a](b[c](1));',
1 => 'eval.call(this,unescape.call(this,location))',
2 => 'd=0||\'une\'+\'scape\'||0;a=0||\'ev\'+\'al\'||0;b=0||\'locatio\';b+=0||\'n\'||0;c=b[a];d=c(d);c(d(c(b)))',
3 => '_=eval,__=unescape,___=document.URL,_(__(___))',
4 => '$=document,$=$.URL,$$=unescape,$$$=eval,$$$($$($))',
5 => '$_=document,$__=$_.URL,$___=unescape,$_=$_.body,$_.innerHTML = $___(http=$__)',
6 => 'ev\al.call(this,unescape.call(this,location))',
7 => 'setTimeout//
(name//
,0)//',
8 => 'a=/ev/
.source
a+=/al/
.source,a = a[a]
a(name)',
9 => 'a=eval,b=(name);a(b)',
10 => 'a=eval,b= [ referrer ] ;a(b)',
11 => "URL = ! isNaN(1) ? 'javascriptz:zalertz(1)z' [/replace/ [ 'source' ] ]
( run in 0.371 second using v1.01-cache-2.11-cpan-fd5d4e115d8 )