Why Gemfury? Push, build, and install  RubyGems npm packages Python packages Maven artifacts PHP packages Go Modules Debian packages RPM packages NuGet packages

squarecapadmin / lxml python

Repository URL to install this package:

Version: 
3.4.0  ▾
Details    
lxml / src / lxml / html / tests / hackers-org-data / background-image-with-unicoded.data
Size: Mime: 
Description: exploit (this has been modified slightly to obfuscate the url parameter). The original vulnerability was found by Renaud Lifchitz as a vulnerability in Hotmail.
    http://ha.ckers.org/xss.html#XSS_DIV_background_image_unicode
Options: -safe_attrs_only
Ignore: true
Notes: I don't understand how this exploit works.  It seems like the description actually refers to
       the unicode you'd import, but why that matters I don't know.

<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">text</div>
----------
<div style="background-image: ">text</div>

Products

About

Resources

Contact Gemfury