Initial commit.

2015-06-24 16:59:24 +02:00 · 2015-06-24 16:59:24 +02:00 · cd11b75fae
parent 6be4fa96e6
commit cd11b75fae
4 changed files with 95 additions and 0 deletions
--- a/src/eu.aniketos.dasca.js/examples/js_string_001.html
+++ b/src/eu.aniketos.dasca.js/examples/js_string_001.html
@ -0,0 +1,20 @@
+
+<html><head><title>Test XSS </title>
+</head><body>
+<form name="test" action="">
+Name: <input type="text" name="eingabe" onBlur="validate(this.value)"><br> 
+leave the input empty than klick somwhere
+</form>
+<script type="text/javascript">
+document.test.eingabe.focus(); // first set focus on input
+function validate (input) {	// this method is called @ leave focus on input
+  if (input == "") {
+
+  var info = window.location.href;
+ 
+  alert(document[String.fromCharCode(87,82,73,84,69)]+info);  
+  document.write(info); // should be found
+  }
+}
+</script>
+</body></html>
--- a/src/eu.aniketos.dasca.js/examples/js_string_002.html
+++ b/src/eu.aniketos.dasca.js/examples/js_string_002.html
@ -0,0 +1,25 @@
+<!-- normally the command document.write(info) would be found, but is the write part described 
+by letters from a String maybe not-->
+
+<html><head><title>Test XSS </title>
+</head><body>
+<form name="test" action="">
+Name: <input type="text" name="eingabe" onBlur="validate(this.value)"><br> 
+leave the input empty than klick somwhere
+</form>
+<script type="text/javascript">
+document.test.eingabe.focus(); // first set focus on input
+function validate (input) {	// this method is called @ leave focus on input
+  if (input == "") {
+
+  var info = window.location.href;
+  var infos= "awraiatae"
+  var temp= infos.charAt(1)+infos.charAt(2)+infos.charAt(4)+infos.charAt(6)+infos.charAt(8)
+
+  
+    document[temp](info);// = document.write(info) will not be found by ff
+  //document.write(info); // should be found
+  }
+}
+</script>
+</body></html>
--- a/src/eu.aniketos.dasca.js/examples/js_string_003.html
+++ b/src/eu.aniketos.dasca.js/examples/js_string_003.html
@ -0,0 +1,26 @@
+<!-- normally the command document.write(info) would be found, but is the write part described 
+by letters from a String maybe not-->
+
+<html><head><title>Test XSS </title>
+</head><body>
+<form name="test" action="">
+Name: <input type="text" name="eingabe" onBlur="validate(this.value)"><br> 
+leave the input empty than klick somwhere
+</form>
+<script type="text/javascript">
+document.test.eingabe.focus(); // first set focus on input
+function validate (input) {	// this method is called @ leave focus on input
+  if (input == "") {
+
+  var info = window.location.href;
+  var temp3="wri";
+  var temp2="te";
+  var temp= temp3.concat(temp2);
+
+  
+    document[temp](info);// = document.write(info) will not be found by ff
+  //document.write(info); // should be found
+  }
+}
+</script>
+</body></html>
--- a/src/eu.aniketos.dasca.js/examples/js_string_co_001.html
+++ b/src/eu.aniketos.dasca.js/examples/js_string_co_001.html
@ -0,0 +1,24 @@
+<!-- shows how document write url can be shared into different strings -->
+
+
+<html>
+	<head>
+<title>Test Eval </title>
+<script type="text/javascript">
+function validate () {	// this method is called @ submit
+var t = document.URL;
+var f = "write";
+var k = document[f];
+k(t);
+
+  }
+
+</script>
+	</head>
+<body>
+<form name="test" action="" >
+Name: <input type="text" name="eingabe" id="in"><br> 
+<input name="submit" value="submit" type="button" onClick="validate()">
+</form>
+
+</body></html>