OLD | NEW |
1 #!/usr/bin/perl -wT | 1 #!/usr/bin/perl -wT |
2 use strict; | 2 use strict; |
3 use CGI; | 3 use CGI; |
4 | 4 |
5 my $cgi = new CGI; | 5 my $cgi = new CGI; |
6 | 6 |
7 # Passing semicolons through the url to this script is problematic. The raw | 7 # Passing semicolons through the url to this script is problematic. The raw |
8 # form truncates the input and the %-encoded form isn't being decoded. Hence | 8 # form truncates the input and the %-encoded form isn't being decoded. Hence |
9 # this set of hard-coded headers. | 9 # this set of hard-coded headers. |
10 if ($cgi->param('disable-protection')) { | 10 if ($cgi->param('disable-protection')) { |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
85 print "</script>\n"; | 85 print "</script>\n"; |
86 } | 86 } |
87 if ($cgi->param('inHead')) { | 87 if ($cgi->param('inHead')) { |
88 print "<head>\n"; | 88 print "<head>\n"; |
89 } else { | 89 } else { |
90 print "<body>\n"; | 90 print "<body>\n"; |
91 } | 91 } |
92 if ($cgi->param('replaceState')) { | 92 if ($cgi->param('replaceState')) { |
93 print "<script>history.replaceState({}, '', '#must-not-appear');</script>\n"
; | 93 print "<script>history.replaceState({}, '', '#must-not-appear');</script>\n"
; |
94 } | 94 } |
95 print $cgi->param('q'); | 95 print $cgi->param('q'); # XSS reflected here. |
| 96 if ($cgi->param('script-expression-follows')) { |
| 97 print "\n <script>42;</script>\n"; |
| 98 } |
96 if ($cgi->param('clutter')) { | 99 if ($cgi->param('clutter')) { |
97 print $cgi->param('clutter'); | 100 print $cgi->param('clutter'); |
98 } | 101 } |
99 if ($cgi->param('q2')) { | 102 if ($cgi->param('q2')) { |
100 print $cgi->param('q2'); | 103 print $cgi->param('q2'); |
101 } | 104 } |
102 if ($cgi->param('showAction')) { | 105 if ($cgi->param('showAction')) { |
103 print "<script>\n"; | 106 print "<script>\n"; |
104 print " alert('Form action set to ' + document.forms[0].action);\n"; | 107 print " alert('Form action set to ' + document.forms[0].action);\n"; |
105 print "</script>\n"; | 108 print "</script>\n"; |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
139 } | 142 } |
140 if ($cgi->param('echo-report')) { | 143 if ($cgi->param('echo-report')) { |
141 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo
rt.js></script>\n"; | 144 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo
rt.js></script>\n"; |
142 } | 145 } |
143 if ($cgi->param('inHead')) { | 146 if ($cgi->param('inHead')) { |
144 print "</head>\n"; | 147 print "</head>\n"; |
145 } else { | 148 } else { |
146 print "</body>\n"; | 149 print "</body>\n"; |
147 } | 150 } |
148 print "</html>\n"; | 151 print "</html>\n"; |
OLD | NEW |