Swissky
|
0a5ecc407c
|
Normalize page header for Web Socket, XSLT, XSS, XXE
|
2024-11-10 21:15:44 +01:00 |
|
Swissky
|
4f0e6334bd
|
References updated for XSS + page splitted in subcategories
|
2024-11-08 18:23:43 +01:00 |
|
Swissky
|
37641d2b9e
|
References updated for XPATH, XSLT, XXE, Web Socket
|
2024-11-07 23:50:30 +01:00 |
|
Swissky
|
6e77f624f2
|
Merge pull request #728 from isacaya/add_xss_bypass
Add a few XSS filter bypass cases
|
2024-11-02 15:16:46 +01:00 |
|
Swissky
|
9866fef5b4
|
Bypass CSP, technique from #715
|
2024-11-02 12:26:45 +01:00 |
|
Swissky
|
eb4795047b
|
Merge pull request #746 from TRKBKR/master
Added oncontentvisibilityautostatechange to XSS in hidden input
|
2024-11-02 11:44:08 +01:00 |
|
Swissky
|
acb509d436
|
SVG XSS fix typo from #729 + files
|
2024-11-02 11:27:26 +01:00 |
|
Swissky
|
53ba2932ab
|
Merge pull request #729 from noraj/patch-1
XSS in SVG: more examples + nesting
|
2024-11-02 11:21:27 +01:00 |
|
ⵟⴰⵕⵉⴽ ⴱⴰⴽⵉⵕ
|
faeee7270a
|
Update README.md
addedd contentvisibilityautostatechange_event for hidden input
|
2024-10-13 23:23:07 +01:00 |
|
Swissky
|
3eae8d7458
|
Fix typo and structure
|
2024-09-11 17:07:51 +02:00 |
|
Swissky
|
1dae291696
|
IIS MachineKeys + CI/CD + CSPT + ORM leak
|
2024-08-26 11:27:47 +02:00 |
|
Alexandre ZANNI
|
8e05a2dd2a
|
XSS in SVG: more examples + nesting
|
2024-06-19 14:54:19 +02:00 |
|
isacaya
|
ca3ab6eb95
|
Add a few XSS filter bypass cases
|
2024-06-19 04:21:24 +09:00 |
|
Swissky
|
c34a2bac15
|
WAF bypass moved to a separate page
|
2024-06-03 09:55:29 +02:00 |
|
Swissky
|
2e73069238
|
XSS Tel URI
|
2024-06-03 09:37:24 +02:00 |
|
dave
|
fcf69f8226
|
Add additional XSS payload in email addresses RFC5322
|
2024-05-31 13:27:32 +02:00 |
|
Swissky
|
67adf75bc2
|
CSP updates + Indirect Prompt Injection
|
2024-05-29 15:32:58 +02:00 |
|
Thomas Emerson Glucklich
|
49bc19e992
|
Update README.md
|
2023-11-01 11:32:31 -04:00 |
|
Swissky
|
b8c803717a
|
WDAC Policy Removal + SSRF domains
|
2023-05-31 14:18:25 +02:00 |
|
Swissky
|
14cc88371d
|
WSL + RDP Passwords + MSPaint Escape
|
2023-02-11 17:49:55 +01:00 |
|
Swissky
|
514ac98dac
|
SSRF + XSS details + XXE BOM
|
2022-12-13 22:29:20 +01:00 |
|
Swissky
|
3e9ef2efbe
|
ADFS Golden SAML
|
2022-11-07 10:10:21 +01:00 |
|
Swissky
|
2227472e1c
|
.NET formatters and POP gadgets
|
2022-11-03 21:31:50 +01:00 |
|
Fabian S. Varon Valencia
|
8136e462c2
|
remove old link, I can't find a replacement url
|
2022-10-26 20:36:52 -05:00 |
|
Fabian S. Varon Valencia
|
3822c27634
|
update old url's
|
2022-10-26 20:36:15 -05:00 |
|
Cory Cline
|
a8d8434756
|
Shortened payload
Make payload shorter.
|
2022-10-13 19:48:20 -05:00 |
|
Cory Cline
|
fbed4254e5
|
Fixed an oops
Somehow I deleted line 120 in a prior commit. Fixed.
|
2022-10-13 18:52:07 -05:00 |
|
Cory Cline
|
9ee8f092cd
|
Changed link for document.cookie blacklist
Link was not working due to use of period in title.
|
2022-10-13 18:46:52 -05:00 |
|
Cory Cline
|
9a42be1113
|
Replaced console.log with alert
It's more common to want alert screenshots vs console screenshots.
|
2022-10-13 18:45:55 -05:00 |
|
Cory Cline
|
f23f28c4e2
|
Shortened payload
Shortened the document.cookie blacklist bypass payload.
|
2022-10-13 18:43:54 -05:00 |
|
Cory Cline
|
5d561ea7d6
|
Added document.cookie blacklist bypass
Added an alternative to document.cookie for situations when this text is blacklisted.
|
2022-10-13 18:23:36 -05:00 |
|
Deep Dhakate
|
a670a26eea
|
Update
|
2022-10-02 06:13:01 +00:00 |
|
clem9669
|
88134256c8
|
Adding brutelogic polyglot
Adding brutelogic polyglot from blog post.
|
2022-09-13 11:58:10 +00:00 |
|
its0x08
|
31b213227e
|
fix: Fix more spelling
|
2022-08-09 11:05:40 +02:00 |
|
idealphase
|
6738f878f3
|
Updated README.md
Added References: Bypassing Signature-Based XSS Filters: Modifying Script Code
|
2022-04-19 10:45:32 +07:00 |
|
idealphase
|
de532030df
|
Merge branch 'swisskyrepo:master' into master
|
2022-04-19 10:43:04 +07:00 |
|
Ooggle
|
39d1c6e7d8
|
Add document blacklist bypass
|
2022-04-09 12:55:21 +02:00 |
|
idealphase
|
e9eac5ca59
|
Update README.md
|
2021-11-10 22:40:40 +07:00 |
|
idealphase
|
6c7df7dc4e
|
Update README.md
Add Bypass dot filter
|
2021-11-10 22:38:02 +07:00 |
|
Markus
|
7996b4f905
|
Update XSS README.md
Remove unnecessary complexity from CSP bypass payload
|
2021-10-01 16:10:23 +02:00 |
|
Lorenzo Grazian
|
7369ee28b3
|
Added XSS <object> payload
|
2021-09-02 15:14:29 +02:00 |
|
Swissky
|
1e85308ae2
|
Merge pull request #395 from daffainfo/patch-1
Adding Cloudflare XSS payload
|
2021-08-25 22:21:54 +02:00 |
|
Swissky
|
f89597725a
|
Merge pull request #416 from Bort-Millipede/master
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…
|
2021-08-25 22:17:53 +02:00 |
|
Alexandre ZANNI
|
4791962be5
|
document.domain, window.origin and console.log usage
|
2021-08-24 20:29:02 +02:00 |
|
Jeffrey Cap
|
9bde75b32d
|
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload
|
2021-08-23 14:41:40 -05:00 |
|
Swissky
|
87be30d3b2
|
DB2 Injection + ADCS
|
2021-08-10 23:00:19 +02:00 |
|
Xib3rR4dAr
|
ae98d629f0
|
Update README.md
Removed duplicates.
|
2021-08-04 09:29:24 +05:00 |
|
Swissky
|
1fd9260d1e
|
Update README.md
|
2021-07-31 11:28:23 +02:00 |
|
c14dd49h
|
ee12f8e480
|
Update README.md
|
2021-07-22 16:55:03 +02:00 |
|
c14dd49h
|
eddc716d8c
|
Update README.md
|
2021-07-22 14:47:36 +02:00 |
|