Swissky
0a5ecc407c
Normalize page header for Web Socket, XSLT, XSS, XXE
2024-11-10 21:15:44 +01:00
Swissky
4f0e6334bd
References updated for XSS + page splitted in subcategories
2024-11-08 18:23:43 +01:00
Swissky
37641d2b9e
References updated for XPATH, XSLT, XXE, Web Socket
2024-11-07 23:50:30 +01:00
Swissky
6e77f624f2
Merge pull request #728 from isacaya/add_xss_bypass
...
Add a few XSS filter bypass cases
2024-11-02 15:16:46 +01:00
Swissky
9866fef5b4
Bypass CSP, technique from #715
2024-11-02 12:26:45 +01:00
Swissky
eb4795047b
Merge pull request #746 from TRKBKR/master
...
Added oncontentvisibilityautostatechange to XSS in hidden input
2024-11-02 11:44:08 +01:00
Swissky
e3877d1979
Merge pull request #739 from FatEarthler/master
...
added 'xss_alert_identifiable.txt'
2024-11-02 11:38:30 +01:00
Swissky
acb509d436
SVG XSS fix typo from #729 + files
2024-11-02 11:27:26 +01:00
Swissky
53ba2932ab
Merge pull request #729 from noraj/patch-1
...
XSS in SVG: more examples + nesting
2024-11-02 11:21:27 +01:00
ⵟⴰⵕⵉⴽ ⴱⴰⴽⵉⵕ
faeee7270a
Update README.md
...
addedd contentvisibilityautostatechange_event for hidden input
2024-10-13 23:23:07 +01:00
FatEarthler
975dde665a
added 'xss_alert_identifiable.txt'
...
same as 'xss_alert.txt', but with identifiable payloads (e.g. alert(1992) instead of just alert(1)). This is useful in case of stored xss, when you inject all the payloads and then need to identify which payloads were successful.
2024-09-14 22:14:45 +02:00
Swissky
3eae8d7458
Fix typo and structure
2024-09-11 17:07:51 +02:00
Swissky
1dae291696
IIS MachineKeys + CI/CD + CSPT + ORM leak
2024-08-26 11:27:47 +02:00
Alexandre ZANNI
8e05a2dd2a
XSS in SVG: more examples + nesting
2024-06-19 14:54:19 +02:00
isacaya
ca3ab6eb95
Add a few XSS filter bypass cases
2024-06-19 04:21:24 +09:00
Swissky
314e4da963
SSRF DNS AXFR + LFI PHAR payloads + LFI iconv
2024-06-16 21:17:42 +02:00
masquerad3r
eca067dd7e
Create port_swigger_xss_cheatsheet_event_handlers.txt
...
Updated list of event handlers taken from https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#event-handlers .
Useful when the context of reflection is an HTML attribute and one quickly wants to check which attributes are reflected unfiltered by the target application.
2024-06-06 10:46:13 +02:00
Swissky
c34a2bac15
WAF bypass moved to a separate page
2024-06-03 09:55:29 +02:00
Swissky
2e73069238
XSS Tel URI
2024-06-03 09:37:24 +02:00
dave
fcf69f8226
Add additional XSS payload in email addresses RFC5322
2024-05-31 13:27:32 +02:00
Swissky
67adf75bc2
CSP updates + Indirect Prompt Injection
2024-05-29 15:32:58 +02:00
Vunnm
27d19813f8
specify condition to perform Angular JS Injection
...
Indicate that ng-app in a root element is needed to inject Angular JS template. Injecting below payload without a root element with ng-app will not result in a successful injection
2023-12-28 13:30:49 +01:00
Thomas Emerson Glucklich
49bc19e992
Update README.md
2023-11-01 11:32:31 -04:00
Swissky
b8c803717a
WDAC Policy Removal + SSRF domains
2023-05-31 14:18:25 +02:00
Swissky
14cc88371d
WSL + RDP Passwords + MSPaint Escape
2023-02-11 17:49:55 +01:00
Swissky
514ac98dac
SSRF + XSS details + XXE BOM
2022-12-13 22:29:20 +01:00
Swissky
3e9ef2efbe
ADFS Golden SAML
2022-11-07 10:10:21 +01:00
Swissky
2227472e1c
.NET formatters and POP gadgets
2022-11-03 21:31:50 +01:00
Fabian S. Varon Valencia
8136e462c2
remove old link, I can't find a replacement url
2022-10-26 20:36:52 -05:00
Fabian S. Varon Valencia
3822c27634
update old url's
2022-10-26 20:36:15 -05:00
Cory Cline
a8d8434756
Shortened payload
...
Make payload shorter.
2022-10-13 19:48:20 -05:00
Cory Cline
fbed4254e5
Fixed an oops
...
Somehow I deleted line 120 in a prior commit. Fixed.
2022-10-13 18:52:07 -05:00
Cory Cline
9ee8f092cd
Changed link for document.cookie blacklist
...
Link was not working due to use of period in title.
2022-10-13 18:46:52 -05:00
Cory Cline
9a42be1113
Replaced console.log with alert
...
It's more common to want alert screenshots vs console screenshots.
2022-10-13 18:45:55 -05:00
Cory Cline
f23f28c4e2
Shortened payload
...
Shortened the document.cookie blacklist bypass payload.
2022-10-13 18:43:54 -05:00
Cory Cline
5d561ea7d6
Added document.cookie blacklist bypass
...
Added an alternative to document.cookie for situations when this text is blacklisted.
2022-10-13 18:23:36 -05:00
clem9669
2aa353a5b9
Update XSS_Polyglots.txt
...
Adding the latest BruteLogic polyglot
2022-10-05 09:45:15 +00:00
Deep Dhakate
a670a26eea
Update
2022-10-02 06:13:01 +00:00
clem9669
88134256c8
Adding brutelogic polyglot
...
Adding brutelogic polyglot from blog post.
2022-09-13 11:58:10 +00:00
Swissky
d24e3f2d61
Merge pull request #497 from kz-cyber/xss/angular-xss-2
...
[update] Angular XSS payload
2022-09-07 00:34:29 +02:00
its0x08
31b213227e
fix: Fix more spelling
2022-08-09 11:05:40 +02:00
its0x08
fc1f3b25a7
fix: Fix spelling
2022-08-09 11:02:21 +02:00
khiemtq-cyber
507c493db2
Update Angular XSS
2022-05-07 12:55:15 +07:00
idealphase
6738f878f3
Updated README.md
...
Added References: Bypassing Signature-Based XSS Filters: Modifying Script Code
2022-04-19 10:45:32 +07:00
idealphase
de532030df
Merge branch 'swisskyrepo:master' into master
2022-04-19 10:43:04 +07:00
Swissky
85a50869f2
Merge pull request #482 from khiemtq-cyber/xss/angular-xss-1
...
[update] Angular XSS payload
2022-04-18 21:01:44 +02:00
Ooggle
39d1c6e7d8
Add document blacklist bypass
2022-04-09 12:55:21 +02:00
ktq-cyber
5d898e004f
[update] Angular XSS payload
2022-02-23 22:26:16 +07:00
idealphase
e9eac5ca59
Update README.md
2021-11-10 22:40:40 +07:00
idealphase
6c7df7dc4e
Update README.md
...
Add Bypass dot filter
2021-11-10 22:38:02 +07:00