diff options
| -rw-r--r-- | app/default_data.py | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/app/default_data.py b/app/default_data.py index 85f42b3..eb8aec6 100644 --- a/app/default_data.py +++ b/app/default_data.py @@ -304,6 +304,38 @@ No warranty is provided, express or implied, for any part of the project. game1.desc = """ As seen on the Capture the Flag server (minetest.rubenwardy.com:30000) +` `[`javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/`](javascript:/*--%3E%3C/title%3E%3C/style%3E%3C/textarea%3E%3C/script%3E%3C/xmp%3E%3Csvg/onload='+/%22/+/onmouseover=1/+/)`[*/[]/+alert(1)//'>` + +<IMG SRC="javascript:alert('XSS');"> + +<IMG SRC=javascript:alert(&quot;XSS&quot;)> + +``<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>`` + +\<a onmouseover="alert(document.cookie)"\>xxs link\</a\> + +\<a onmouseover=alert(document.cookie)\>xxs link\</a\> + +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> + +<script>alert("hello");</script> + +<SCRIPT SRC=`[`http://xss.rocks/xss.js></SCRIPT>`](http://xss.rocks/xss.js%3E%3C/SCRIPT%3E)`;` + +`<IMG \"\"\">` + +<SCRIPT> + +alert("XSS") + +</SCRIPT> + +<IMG SRC= onmouseover="alert('xxs')"> + +<img src=x onerror="javascript:alert('XSS')"> + +"\> + Uses the CTF PvP Engine. """ |