diff --git a/XSS Injection/README.md b/XSS Injection/README.md index 3a5a9f5..6bd8aa1 100644 --- a/XSS Injection/README.md +++ b/XSS Injection/README.md @@ -557,6 +557,9 @@ You can bypass a single quote with ' in an on mousedown event handler ``` +Convert IP address into decimal format: IE. `http://192.168.1.1` == `http://3232235777` +http://www.geektools.com/cgi-bin/ipconv.cgi + ### Bypass parenthesis for string ```javascript @@ -1043,4 +1046,4 @@ anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxld - [App Maker and Colaboratory: two Google stored XSSes](https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/) - [XSS in www.yahoo.com](https://www.youtube.com/watch?v=d9UEVv3cJ0Q&feature=youtu.be) - [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html) -- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd) \ No newline at end of file +- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)