Swissky
3eae8d7458
Fix typo and structure
2024-09-11 17:07:51 +02:00
Swissky
1dae291696
IIS MachineKeys + CI/CD + CSPT + ORM leak
2024-08-26 11:27:47 +02:00
Swissky
314e4da963
SSRF DNS AXFR + LFI PHAR payloads + LFI iconv
2024-06-16 21:17:42 +02:00
masquerad3r
eca067dd7e
Create port_swigger_xss_cheatsheet_event_handlers.txt
...
Updated list of event handlers taken from https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#event-handlers .
Useful when the context of reflection is an HTML attribute and one quickly wants to check which attributes are reflected unfiltered by the target application.
2024-06-06 10:46:13 +02:00
Swissky
c34a2bac15
WAF bypass moved to a separate page
2024-06-03 09:55:29 +02:00
Swissky
2e73069238
XSS Tel URI
2024-06-03 09:37:24 +02:00
dave
fcf69f8226
Add additional XSS payload in email addresses RFC5322
2024-05-31 13:27:32 +02:00
Swissky
67adf75bc2
CSP updates + Indirect Prompt Injection
2024-05-29 15:32:58 +02:00
Vunnm
27d19813f8
specify condition to perform Angular JS Injection
...
Indicate that ng-app in a root element is needed to inject Angular JS template. Injecting below payload without a root element with ng-app will not result in a successful injection
2023-12-28 13:30:49 +01:00
Thomas Emerson Glucklich
49bc19e992
Update README.md
2023-11-01 11:32:31 -04:00
Swissky
b8c803717a
WDAC Policy Removal + SSRF domains
2023-05-31 14:18:25 +02:00
Swissky
14cc88371d
WSL + RDP Passwords + MSPaint Escape
2023-02-11 17:49:55 +01:00
Swissky
514ac98dac
SSRF + XSS details + XXE BOM
2022-12-13 22:29:20 +01:00
Swissky
3e9ef2efbe
ADFS Golden SAML
2022-11-07 10:10:21 +01:00
Swissky
2227472e1c
.NET formatters and POP gadgets
2022-11-03 21:31:50 +01:00
Fabian S. Varon Valencia
8136e462c2
remove old link, I can't find a replacement url
2022-10-26 20:36:52 -05:00
Fabian S. Varon Valencia
3822c27634
update old url's
2022-10-26 20:36:15 -05:00
Cory Cline
a8d8434756
Shortened payload
...
Make payload shorter.
2022-10-13 19:48:20 -05:00
Cory Cline
fbed4254e5
Fixed an oops
...
Somehow I deleted line 120 in a prior commit. Fixed.
2022-10-13 18:52:07 -05:00
Cory Cline
9ee8f092cd
Changed link for document.cookie blacklist
...
Link was not working due to use of period in title.
2022-10-13 18:46:52 -05:00
Cory Cline
9a42be1113
Replaced console.log with alert
...
It's more common to want alert screenshots vs console screenshots.
2022-10-13 18:45:55 -05:00
Cory Cline
f23f28c4e2
Shortened payload
...
Shortened the document.cookie blacklist bypass payload.
2022-10-13 18:43:54 -05:00
Cory Cline
5d561ea7d6
Added document.cookie blacklist bypass
...
Added an alternative to document.cookie for situations when this text is blacklisted.
2022-10-13 18:23:36 -05:00
clem9669
2aa353a5b9
Update XSS_Polyglots.txt
...
Adding the latest BruteLogic polyglot
2022-10-05 09:45:15 +00:00
Deep Dhakate
a670a26eea
Update
2022-10-02 06:13:01 +00:00
clem9669
88134256c8
Adding brutelogic polyglot
...
Adding brutelogic polyglot from blog post.
2022-09-13 11:58:10 +00:00
Swissky
d24e3f2d61
Merge pull request #497 from kz-cyber/xss/angular-xss-2
...
[update] Angular XSS payload
2022-09-07 00:34:29 +02:00
its0x08
31b213227e
fix: Fix more spelling
2022-08-09 11:05:40 +02:00
its0x08
fc1f3b25a7
fix: Fix spelling
2022-08-09 11:02:21 +02:00
khiemtq-cyber
507c493db2
Update Angular XSS
2022-05-07 12:55:15 +07:00
idealphase
6738f878f3
Updated README.md
...
Added References: Bypassing Signature-Based XSS Filters: Modifying Script Code
2022-04-19 10:45:32 +07:00
idealphase
de532030df
Merge branch 'swisskyrepo:master' into master
2022-04-19 10:43:04 +07:00
Swissky
85a50869f2
Merge pull request #482 from khiemtq-cyber/xss/angular-xss-1
...
[update] Angular XSS payload
2022-04-18 21:01:44 +02:00
Ooggle
39d1c6e7d8
Add document blacklist bypass
2022-04-09 12:55:21 +02:00
ktq-cyber
5d898e004f
[update] Angular XSS payload
2022-02-23 22:26:16 +07:00
idealphase
e9eac5ca59
Update README.md
2021-11-10 22:40:40 +07:00
idealphase
6c7df7dc4e
Update README.md
...
Add Bypass dot filter
2021-11-10 22:38:02 +07:00
Philippe Arteau
9d30f792d4
Remove filename with special characters.
...
The filename are already covered in `XSS Injection/README.md`
2021-10-29 12:56:55 -04:00
Philippe Arteau
16986febde
Remove filename with special characters.
...
The filename are already covered in `XSS Injection/README.md`
2021-10-29 12:56:41 -04:00
Philippe Arteau
7443da045a
Remove filename with special characters.
...
The filename are already covered in `XSS Injection/README.md`
2021-10-29 12:56:25 -04:00
Markus
7996b4f905
Update XSS README.md
...
Remove unnecessary complexity from CSP bypass payload
2021-10-01 16:10:23 +02:00
Lorenzo Grazian
7369ee28b3
Added XSS <object> payload
2021-09-02 15:14:29 +02:00
Swissky
1e85308ae2
Merge pull request #395 from daffainfo/patch-1
...
Adding Cloudflare XSS payload
2021-08-25 22:21:54 +02:00
Swissky
f89597725a
Merge pull request #416 from Bort-Millipede/master
...
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…
2021-08-25 22:17:53 +02:00
Alexandre ZANNI
4791962be5
document.domain, window.origin and console.log usage
2021-08-24 20:29:02 +02:00
Jeffrey Cap
9bde75b32d
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload
2021-08-23 14:41:40 -05:00
Swissky
87be30d3b2
DB2 Injection + ADCS
2021-08-10 23:00:19 +02:00
Xib3rR4dAr
ae98d629f0
Update README.md
...
Removed duplicates.
2021-08-04 09:29:24 +05:00
Swissky
1fd9260d1e
Update README.md
2021-07-31 11:28:23 +02:00
c14dd49h
ee12f8e480
Update README.md
2021-07-22 16:55:03 +02:00