Skip to content
This repository was archived by the owner on May 14, 2020. It is now read-only.

Commit e8b254e

Browse files
dune73dune73
committed
Add tests for 941360 that fights JSFuck and Hieroglyphy
1 parent c0f76f2 commit e8b254e

File tree

1 file changed

+58
-0
lines changed
  • util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS

1 file changed

+58
-0
lines changed

util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
---
2+
meta:
3+
author: "Christian Folini"
4+
description: None
5+
enabled: true
6+
name: 941360.yaml
7+
tests:
8+
-
9+
test_title: 941360-1
10+
desc: "JSFuck / Hieroglyphy payload obfuscation attack"
11+
stages:
12+
-
13+
stage:
14+
input:
15+
dest_addr: 127.0.0.1
16+
headers:
17+
Host: localhost
18+
method: POST
19+
port: 80
20+
data: "a=[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()"
21+
# Payload represents "alert(1)" in JSFuck encoding
22+
version: HTTP/1.1
23+
output:
24+
log_contains: id "941360"
25+
-
26+
test_title: 941360-2
27+
desc: "JSFuck / Hieroglyphy payload obfuscation attack"
28+
stages:
29+
-
30+
stage:
31+
input:
32+
dest_addr: 127.0.0.1
33+
headers:
34+
Host: localhost
35+
method: POST
36+
port: 80
37+
data: "a=(![]+[])[+!+[]]"
38+
# Payload represents "a" in JSFuck / Hieroglyphy encoding
39+
version: HTTP/1.1
40+
output:
41+
log_contains: id "941360"
42+
-
43+
test_title: 941360-3
44+
desc: "JSFuck / Hieroglyphy payload obfuscation attack"
45+
stages:
46+
-
47+
stage:
48+
input:
49+
dest_addr: 127.0.0.1
50+
headers:
51+
Host: localhost
52+
method: POST
53+
port: 80
54+
data: "a=+!![]"
55+
# Payload represents "1" in JSFuck / Hieroglyphy encoding
56+
version: HTTP/1.1
57+
output:
58+
log_contains: id "941360"

0 commit comments

Comments
 (0)