Initial commit.
This commit is contained in:
parent
8ad16053ab
commit
77ef98a6f5
|
@ -0,0 +1,26 @@
|
|||
<!-- shows how the input can be executed by eval and eval write document source in -->
|
||||
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<title>Test extended Eval </title>
|
||||
<script type="text/javascript">
|
||||
function validate () { // this method is called @ submit
|
||||
var nerd =document.getElementById("in").value;
|
||||
eval("document.write('"+document.URL.substring(document.URL.indexOf("name=")+5,document.URL.length)+"');"+nerd);
|
||||
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<form name="test" action="" >
|
||||
Name: <input type="text" name="eingabe" id="in"><br>
|
||||
<input name="submit" value="submit" type="button" onClick="validate()">
|
||||
</form>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
<!-- shows how the input can be executed by eval ,the eval command is sliced into string parts-->
|
||||
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<title>Test Eval </title>
|
||||
|
||||
<script>
|
||||
function hash() {
|
||||
var temp= document.getElementById("description").value ;
|
||||
alert("Your input:"+temp+" will now be executed");
|
||||
document.write("<script"+">eval("+temp+")");
|
||||
document.write("</scr" + "ipt>");
|
||||
|
||||
|
||||
|
||||
}
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<form onsubmit="hash()">
|
||||
<textarea id="description" type="text" cols="10" rows="1"></textarea>
|
||||
<input type="submit" value="Show Description">
|
||||
</form>
|
||||
<p> example type alert("xss") <p>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,26 @@
|
|||
<!-- shows how the input can be executed by eval -->
|
||||
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<title>Test Eval </title>
|
||||
<script type="text/javascript">
|
||||
function validate () { // this method is called @ submit
|
||||
var nerd =document.getElementById("in").value;
|
||||
alert(document.getElementById("in").value);
|
||||
eval(nerd); // anykind of string can be executed
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<form name="test" action="" >
|
||||
Name: <input type="text" name="eingabe" id="in"><br>
|
||||
<input name="submit" value="submit" type="button" onClick="validate()">
|
||||
</form>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue