This causes an HTML textarea that is filled with unescaped input to break and execute a simple JavaScript.

2017-01-16 16:50:21 +01:00 · 2017-01-16 16:50:21 +01:00 · 2ea9147278
commit 2ea9147278
parent 98056309f9
4 changed files with 4 additions and 0 deletions
--- a/blns.base64.json
+++ b/blns.base64.json
@ -394,6 +394,7 @@
     "PGlmcmFtZSBzcmM9aHR0cDovL2hhLmNrZXJzLm9yZy9zY3JpcHRsZXQuaHRtbCA8Cg==",
     "IjthbGVydCgnWFNTJyk7Ly8K",
     "PHBsYWludGV4dD4K",
+     "PC90ZXh0YXJlYT48c2NyaXB0PmFsZXJ0KDEyMyk8L3NjcmlwdD4=",
     "MTtEUk9QIFRBQkxFIHVzZXJzCg==",
     "MSc7IERST1AgVEFCTEUgdXNlcnMtLSAxCg==",
     "JyBPUiAxPTEgLS0gMQo=",
--- a/blns.base64.txt
+++ b/blns.base64.txt
@ -495,6 +495,7 @@ PGlmcmFtZSBzcmM9aHR0cDovL2hhLmNrZXJzLm9yZy9zY3JpcHRsZXQuaHRtbCA8Cg==
 IjthbGVydCgnWFNTJyk7Ly8K
 PHBsYWludGV4dD4K
 aHR0cDovL2EvJSUzMCUzMAo=
+PC90ZXh0YXJlYT48c2NyaXB0PmFsZXJ0KDEyMyk8L3NjcmlwdD4=

 # SQL Injection
 #
--- a/blns.json
+++ b/blns.json
@ -415,6 +415,7 @@
  "<i onwheel=alert(1)> Scroll over me </i>", 
  "<plaintext>", 
  "http://a/%%30%30", 
+  "</textarea><script>alert(123)</script>",
  "1;DROP TABLE users", 
  "1'; DROP TABLE users-- 1", 
  "' OR 1=1 -- 1", 
--- a/blns.txt
+++ b/blns.txt
@ -506,6 +506,7 @@ perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
 <i onwheel=alert(1)> Scroll over me </i>
 <plaintext>
 http://a/%%30%30
+</textarea><script>alert(123)</script>

 #	SQL Injection
 #