قرینه از
https://github.com/matomo-org/matomo.git
synced 2025-08-21 22:47:43 +00:00
22 خطوط
1.3 KiB
Plaintext
22 خطوط
1.3 KiB
Plaintext
Manual regression test procedure for XSS referer
|
|
================================================
|
|
1. set in the config.ini.php
|
|
[Tracker]
|
|
visit_standard_length = 1
|
|
enable_detect_unique_visitor_using_settings = 0
|
|
|
|
[Debug]
|
|
always_archive_data = 1
|
|
|
|
2. go to /misc/testJavascriptTracker/ and fake the referer using, eg. RefControl options Firefox extension
|
|
http://www.google.co.uk/search?hl=en&q=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
http://example.com/';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
http://example.com/"<script>alert(''test'');</script>
|
|
http://example3.com/test>"'><script>alert('XSS')</script>
|
|
http://example.com/"><script>alert('yo')</script>
|
|
http://example.com/"><script>alert(''hi'')</script>
|
|
localhost<script>alert(''test'')<', 'http://localhost<script>alert(''test'')</script>/test<script>alert(''test'')</script>
|
|
|
|
3. go to Piwik UI, and check that in referer everything looks as expected (no parse error, etc.)
|
|
|