From 2ea91472785888bf6b9c60b6ae37b64fd31e7c3b Mon Sep 17 00:00:00 2001
From: hjkuijf <hjkuijf@users.noreply.github.com>
Date: Mon, 16 Jan 2017 16:50:21 +0100
Subject: [PATCH] This causes an HTML textarea that is filled with unescaped
 input to break and execute a simple JavaScript.

---
 blns.base64.json | 1 +
 blns.base64.txt  | 1 +
 blns.json        | 1 +
 blns.txt         | 1 +
 4 files changed, 4 insertions(+)

diff --git a/blns.base64.json b/blns.base64.json
index 97d2516..19c54f1 100644
--- a/blns.base64.json
+++ b/blns.base64.json
@@ -394,6 +394,7 @@
      "PGlmcmFtZSBzcmM9aHR0cDovL2hhLmNrZXJzLm9yZy9zY3JpcHRsZXQuaHRtbCA8Cg==",
      "IjthbGVydCgnWFNTJyk7Ly8K",
      "PHBsYWludGV4dD4K",
+     "PC90ZXh0YXJlYT48c2NyaXB0PmFsZXJ0KDEyMyk8L3NjcmlwdD4=",
      "MTtEUk9QIFRBQkxFIHVzZXJzCg==",
      "MSc7IERST1AgVEFCTEUgdXNlcnMtLSAxCg==",
      "JyBPUiAxPTEgLS0gMQo=",
diff --git a/blns.base64.txt b/blns.base64.txt
index 96a0275..c5dd34e 100644
--- a/blns.base64.txt
+++ b/blns.base64.txt
@@ -495,6 +495,7 @@ PGlmcmFtZSBzcmM9aHR0cDovL2hhLmNrZXJzLm9yZy9zY3JpcHRsZXQuaHRtbCA8Cg==
 IjthbGVydCgnWFNTJyk7Ly8K
 PHBsYWludGV4dD4K
 aHR0cDovL2EvJSUzMCUzMAo=
+PC90ZXh0YXJlYT48c2NyaXB0PmFsZXJ0KDEyMyk8L3NjcmlwdD4=
 
 # SQL Injection
 #
diff --git a/blns.json b/blns.json
index cfc2078..2791247 100644
--- a/blns.json
+++ b/blns.json
@@ -415,6 +415,7 @@
   "<i onwheel=alert(1)> Scroll over me </i>", 
   "<plaintext>", 
   "http://a/%%30%30", 
+  "</textarea><script>alert(123)</script>",
   "1;DROP TABLE users", 
   "1'; DROP TABLE users-- 1", 
   "' OR 1=1 -- 1", 
diff --git a/blns.txt b/blns.txt
index 2564e52..78fe6c6 100644
--- a/blns.txt
+++ b/blns.txt
@@ -506,6 +506,7 @@ perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
 <i onwheel=alert(1)> Scroll over me </i>
 <plaintext>
 http://a/%%30%30
+</textarea><script>alert(123)</script>
 
 #	SQL Injection
 #