eoneill/charencodexss.html

## charencodexss.html
<h2>Testing Character Encoding</h2>

<h3>This profile uses the rich text editor</h3>
<p><script type="IN/FullMemberProfile" data-id="OqbPFlcDV1" data-firstName="Carole" data-lastName="Bouquet"></script></p>

<h3>This profile uses plain text input</h3>
<p><script type="IN/FullMemberProfile" data-id="Xu9e7PgP9l" data-firstName="FIRSTA" data-lastName="LAST0"></script></p>

<h3>These are the attack vectors tested</h3>
<div style="border:1px solid; padding:10px;">
<code>
&lt;script&gt;alert(1)&lt;/script&gt;
<br/><br/>
&#39;;alert(String.fromCharCode(88,83,83))//\&#39;;alert(String.fromCharCode(88,83,83))//&quot;;alert(String.fromCharCode(88,83,83))//\&quot;;alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;&quot;&gt;&#39;&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
<br/><br/>
&#39;&#39;;!--&quot;&lt;XSS&gt;=&amp;{()}
<br/><br/>
a=&quot;get&quot;;<br/>
b=&quot;URL(\&quot;&quot;;<br/>
c=&quot;javascript:&quot;;<br/>
d=&quot;alert(&#39;XSS&#39;);\&quot;)&quot;;<br/>
eval(a+b+c+d);
</code>
</div>
	<h2>Testing Character Encoding</h2>

	<h3>This profile uses the rich text editor</h3>
	<p><script type="IN/FullMemberProfile" data-id="OqbPFlcDV1" data-firstName="Carole" data-lastName="Bouquet"></script></p>

	<h3>This profile uses plain text input</h3>
	<p><script type="IN/FullMemberProfile" data-id="Xu9e7PgP9l" data-firstName="FIRSTA" data-lastName="LAST0"></script></p>

	<h3>These are the attack vectors tested</h3>
	<div style="border:1px solid; padding:10px;">
	<code>
	<script>alert(1)</script>
	<br/><br/>
	';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	<br/><br/>
	'';!--"<XSS>=&{()}
	<br/><br/>
	a="get";<br/>
	b="URL(\"";<br/>
	c="javascript:";<br/>
	d="alert('XSS');\")";<br/>
	eval(a+b+c+d);
	</code>
	</div>