PinkDev1
21c1690adf
Fixed typo on "Tips" section
2021-06-16 19:24:17 +00:00
Swissky
62b897c936
Merge pull request #376 from noraj/patch-2
...
XSS: add quick tips for bXSS
2021-06-16 13:56:29 +02:00
Alexandre ZANNI
c469236204
XSS: add quick tips for bXSS
2021-06-16 13:25:46 +02:00
Alexandre ZANNI
8547ac7dfc
XSS: remove bluelotus
...
the project is empty
2021-06-16 13:18:08 +02:00
Swissky
08b59f2856
AD update CME+DCOM
2021-04-21 22:27:07 +02:00
linoskoczek
825295e465
Update README.md
...
Fix broken links in Summary
2021-03-18 19:16:59 +00:00
lapolis_aka_blu
6f758ba6c0
Added closing bracket in unicode full width bypass
...
Yeah I know it is logic to use it if you really need the closing tag. But having both brackets in your repo makes it quicker to copy paste :D
2021-01-15 16:38:51 +00:00
Swissky
f7e8f515a5
Application Escape and Breakout
2020-12-17 08:56:58 +01:00
Max Boll
2a65064d15
little update
2020-10-27 14:10:35 +01:00
Max Boll
350c55a1ac
XSS Tools added
2020-10-27 13:31:37 +01:00
Vincent Gilles
0b90094002
Fix(Docs): Correcting typos on the repo
2020-10-17 22:52:35 +02:00
Max Rodrigo
2f40961990
Fix PHP XSS data collector line breaks
2020-09-05 10:36:58 +02:00
Viren Pawar
0266a7dd67
[Update] Added 1 payload
...
Added one payload which executes without any usage of single or double quotes. Helpful when you have AngularJS injection but quotes are blocked by application.
Working proof of payload here:
https://portswigger-labs.net/xss/angularjs.php?type=reflected&csp=0&version=1.6.0&x= {{x=valueOf.name.constructor.fromCharCode;constructor.constructor(x(97,108,101,114,116,40,49,41))()}}
2020-08-15 16:29:13 +05:30
Swissky
c7e3ea005e
Powershell Remoting
2020-08-09 12:15:56 +02:00
Swissky
dd40ddd233
XSS summary subentries + GraphTCP
2020-07-12 14:44:33 +02:00
looCiprian
93a372cea4
Add jsfuck bypassing method to xss cheat sheet
2020-06-23 18:34:02 +02:00
reza.duty
010b550dec
Update README.md
2020-06-17 11:42:26 +04:30
reza.duty
03a0bda20d
Update README.md
2020-06-09 20:05:32 +04:30
Swissky
7f1c150edd
Mimikatz Summary
2020-05-10 16:17:10 +02:00
Thomas Orlita
d0bb0f6f5b
Update CSP Evaluator blog link
2020-05-10 10:32:51 +02:00
reza.duty
eb28e4c28d
add Self Closing Script
2020-05-06 22:57:55 +04:30
Swissky
5163ef902c
XSS Google Scholar Payload + Skeleton Key Persistence
2020-05-03 16:28:17 +02:00
Swissky
e9b296adb3
DoyenSec Payloads XSS Google Scholar
2020-05-02 14:31:33 +02:00
bohdansec
c4af354d8f
Update Cloudflare XSS bypasses
...
Add 3 bypasses by Bohdan Korzhynskyi. Update twitter
2020-04-22 00:51:36 +03:00
Çlirim Emini
d3ce3924a9
Create 0xcela_event_handlers.txt
2020-01-15 17:00:26 +01:00
Kyle Martin
e95b0c34a3
clarify AngularJS vs Angular
2019-12-07 10:54:47 +13:00
clem9669
286f7caaa3
Bypass XSS filters on alert
...
Bypass XSS filters using javascript global variables based on the following article https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/ from theMiddle.
2019-12-03 15:24:24 +01:00
Minh Triet Pham Tran
f44d014fc2
Copy this -> Cut this
...
Change copy to cut instruction
2019-12-02 12:59:54 +07:00
Swissky
f6d5221a85
SID history break trust + Powershell history + SCF files
2019-11-07 23:21:00 +01:00
Swissky
6fecedd880
MXSS - Mutated XSS - Google POC
2019-11-06 18:32:29 +01:00
nizam0906
ab341cff38
Updated Blind XSS endpoint
...
* User Agent
* Comment Box
2019-10-28 16:51:36 +05:30
nizam0906
aef5bb864a
Update jsonp_endpoint.txt
...
Added 3 yahoo jsonp endpoints
* https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?cb=alert(1337)
* https://mempf.yahoo.co.jp/offer?position=h&callback=alert(1337)
* https://suggest-shop.yahooapis.jp/Shopping/Suggest/V1/suggester?callback=alert(1)//&appid=dj0zaiZpPVkwMDJ1RHlqOEdwdCZzPWNvbnN1bWVyc2VjcmV0Jng9M2Y-
2019-10-25 22:27:16 +05:30
marcan2020
920da73bd7
Add Angular automatic sanitization
2019-10-02 21:24:53 -04:00
Swissky
3221197b1e
RCE vBulletin + findomain
2019-09-26 20:41:01 +02:00
Jonathan Leitschuh
7b6c8d46aa
Add dot filter bypass with decimal IP
2019-08-28 13:56:55 -04:00
Swissky
4a176615fe
CORS Misconfiguration
2019-08-18 12:08:51 +02:00
Swissky
bd449e9cea
XSS PostMessage
2019-08-03 23:22:14 +02:00
Swissky
9b96c7692f
XSS onpointer*
2019-08-01 14:39:15 +02:00
Lewis
dab064a583
adding reference to blog
2019-07-12 12:49:02 -07:00
h1-ragnar
edcac293a8
Cloudflare XSS Bypasses by Bohdan Korzhynskyi
2019-06-05 21:36:41 +03:00
Swissky
9c2e63818f
XSS without parenthesis, semi-colon + Lontara
2019-05-15 21:55:17 +02:00
Swissky
bab04f8587
Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp
2019-05-12 21:34:09 +02:00
Swissky
765c615efe
XSS injection Summary + MSF web delivery
2019-05-12 14:22:48 +02:00
BillyNoGoat
e0dbfc1578
Fixed link for google CSP bypass
2019-04-16 11:37:59 +01:00
Swissky
bbc9029dd6
XSS in several filetype based on @__Mn1__ blogpost
2019-03-26 21:49:03 +01:00
Rakesh Mane
4b38516e3b
Update README.md
...
Added Cloudflare XSS bypass
2019-03-22 13:53:25 +05:30
Swissky
404afd1d71
Fix name's capitalization
2019-03-07 00:07:55 +01:00