163 lines
3.3 KiB
Python
163 lines
3.3 KiB
Python
from utils import choice
|
|
|
|
|
|
def gen_text():
|
|
cases = {
|
|
0: lambda: 'alert(0)',
|
|
1: lambda: 'prompt\x600\x60',
|
|
2: lambda: '"confirm\x600\x60"',
|
|
3: lambda: 'window["alert"](0)',
|
|
4: lambda: 'window["prompt"](0)',
|
|
5: lambda: 'window["confirm"](0)',
|
|
6: lambda: '"alert\x600\x60"',
|
|
7: lambda: '"prompt\x600\x60"',
|
|
8: lambda: '"alert(1)"',
|
|
}
|
|
|
|
return choice(cases)()
|
|
|
|
|
|
def gen_boolean():
|
|
cases = {
|
|
0: lambda: 'yes',
|
|
1: lambda: 'no',
|
|
2: lambda: 'true',
|
|
3: lambda: 'false',
|
|
4: lambda: 'null',
|
|
5: lambda: 'undefined',
|
|
6: lambda: '""',
|
|
7: lambda: '0',
|
|
8: lambda: '1',
|
|
}
|
|
|
|
return choice(cases)()
|
|
|
|
|
|
def gen_number():
|
|
cases = {
|
|
0: lambda: '0',
|
|
1: lambda: '1',
|
|
2: lambda: '0.1',
|
|
3: lambda: '1.1',
|
|
4: lambda: '0x1',
|
|
5: lambda: '0b1',
|
|
6: lambda: '0o1',
|
|
7: lambda: '1e1',
|
|
8: lambda: '1e-1',
|
|
}
|
|
|
|
return choice(cases)()
|
|
|
|
|
|
def gen_color():
|
|
cases = {
|
|
0: lambda: '#000000',
|
|
1: lambda: '#ffffff',
|
|
2: lambda: '#ff0000',
|
|
3: lambda: '#00ff00',
|
|
4: lambda: '#0000ff',
|
|
5: lambda: '#ffff00',
|
|
6: lambda: '#00ffff',
|
|
7: lambda: '#ff00ff',
|
|
8: lambda: '#c0c0c0',
|
|
}
|
|
|
|
return choice(cases)()
|
|
|
|
|
|
def gen_javascript():
|
|
cases = {
|
|
0: lambda: 'alert(0)',
|
|
1: lambda: 'prompt\x600\x60',
|
|
2: lambda: '"confirm\x600\x60"',
|
|
3: lambda: 'window["alert"](0)',
|
|
4: lambda: 'window["prompt"](0)',
|
|
5: lambda: 'window["confirm"](0)',
|
|
6: lambda: '"alert\x600\x60"',
|
|
7: lambda: '"prompt\x600\x60"',
|
|
8: lambda: '"alert(1)"',
|
|
9: lambda: 'console.log(alert(1))//',
|
|
10: lambda: 'console.log(alert(1))/*',
|
|
11: lambda: '{1:alert(1)}',
|
|
}
|
|
|
|
return choice(cases)()
|
|
|
|
|
|
def gen_style():
|
|
# xss via style
|
|
cases = {
|
|
0: lambda: 'background-image:url("javascript:alert(1)")',
|
|
1: lambda: 'expression(alert(1))',
|
|
2: lambda: 'expression\x600\x60',
|
|
}
|
|
|
|
return choice(cases)()
|
|
|
|
|
|
def gen_url():
|
|
# xss via url
|
|
cases = {
|
|
0: lambda: 'javascript:alert(1)',
|
|
1: lambda: 'data:text/html,<script>alert(1)</script>',
|
|
2: lambda: 'data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==',
|
|
3: lambda: 'data:text/html,<script>alert\x600\x60</script>',
|
|
}
|
|
|
|
return choice(cases)()
|
|
|
|
|
|
def gen_email():
|
|
# xss via email
|
|
cases = {
|
|
0: lambda: '@javascript:alert(1)',
|
|
1: lambda: 'javascript:alert(1)@',
|
|
2: lambda: '@javascript:alert\x600\x60',
|
|
}
|
|
|
|
return choice(cases)()
|
|
|
|
|
|
def gen_date():
|
|
return ''
|
|
|
|
|
|
def gen_target(root):
|
|
if root is None:
|
|
return None
|
|
ids = []
|
|
ids.append(root.id)
|
|
for child in root.children:
|
|
ids.append(child.id)
|
|
return choice(ids)
|
|
|
|
|
|
def gen_name(root):
|
|
if root is None:
|
|
return None
|
|
names = []
|
|
names.append(root.nameattr)
|
|
for child in root.children:
|
|
names.append(child.nameattr)
|
|
return choice(names)
|
|
|
|
|
|
def gen_flag():
|
|
return None
|
|
|
|
|
|
def gen_drop():
|
|
return choice(["copy", "move", "link"])
|
|
|
|
|
|
def gen_dir():
|
|
return choice(["ltr", "rtl", "auto"])
|
|
|
|
|
|
def gen_wtarget():
|
|
return choice(["_self", "_blank", "_parent", "_top"])
|
|
|
|
|
|
def gen_access_key():
|
|
return 'X'
|