Commit Graph

58 Commits

Author SHA1 Message Date
Cory Cline
f23f28c4e2
Shortened payload
Shortened the document.cookie blacklist bypass payload.
2022-10-13 18:43:54 -05:00
Cory Cline
5d561ea7d6
Added document.cookie blacklist bypass
Added an alternative to document.cookie for situations when this text is blacklisted.
2022-10-13 18:23:36 -05:00
Deep Dhakate
a670a26eea Update 2022-10-02 06:13:01 +00:00
clem9669
88134256c8
Adding brutelogic polyglot
Adding brutelogic polyglot from blog post.
2022-09-13 11:58:10 +00:00
its0x08
31b213227e fix: Fix more spelling 2022-08-09 11:05:40 +02:00
idealphase
6738f878f3
Updated README.md
Added References: Bypassing Signature-Based XSS Filters: Modifying Script Code
2022-04-19 10:45:32 +07:00
idealphase
de532030df
Merge branch 'swisskyrepo:master' into master 2022-04-19 10:43:04 +07:00
Ooggle
39d1c6e7d8
Add document blacklist bypass 2022-04-09 12:55:21 +02:00
idealphase
e9eac5ca59
Update README.md 2021-11-10 22:40:40 +07:00
idealphase
6c7df7dc4e
Update README.md
Add Bypass dot filter
2021-11-10 22:38:02 +07:00
Markus
7996b4f905
Update XSS README.md
Remove unnecessary complexity from CSP bypass payload
2021-10-01 16:10:23 +02:00
Lorenzo Grazian
7369ee28b3
Added XSS <object> payload 2021-09-02 15:14:29 +02:00
Swissky
1e85308ae2
Merge pull request #395 from daffainfo/patch-1
Adding Cloudflare XSS payload
2021-08-25 22:21:54 +02:00
Swissky
f89597725a
Merge pull request #416 from Bort-Millipede/master
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…
2021-08-25 22:17:53 +02:00
Alexandre ZANNI
4791962be5
document.domain, window.origin and console.log usage 2021-08-24 20:29:02 +02:00
Jeffrey Cap
9bde75b32d Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload 2021-08-23 14:41:40 -05:00
Swissky
87be30d3b2 DB2 Injection + ADCS 2021-08-10 23:00:19 +02:00
Xib3rR4dAr
ae98d629f0
Update README.md
Removed duplicates.
2021-08-04 09:29:24 +05:00
Swissky
1fd9260d1e
Update README.md 2021-07-31 11:28:23 +02:00
c14dd49h
ee12f8e480
Update README.md 2021-07-22 16:55:03 +02:00
c14dd49h
eddc716d8c
Update README.md 2021-07-22 14:47:36 +02:00
Muhammad Daffa
2b6c3cb360
Adding Cloudflare XSS payload 2021-07-15 12:48:02 +07:00
PinkDev1
21c1690adf
Fixed typo on "Tips" section 2021-06-16 19:24:17 +00:00
Swissky
62b897c936
Merge pull request #376 from noraj/patch-2
XSS: add quick tips for bXSS
2021-06-16 13:56:29 +02:00
Alexandre ZANNI
c469236204
XSS: add quick tips for bXSS 2021-06-16 13:25:46 +02:00
Alexandre ZANNI
8547ac7dfc
XSS: remove bluelotus
the project is empty
2021-06-16 13:18:08 +02:00
Swissky
08b59f2856 AD update CME+DCOM 2021-04-21 22:27:07 +02:00
linoskoczek
825295e465
Update README.md
Fix broken links in Summary
2021-03-18 19:16:59 +00:00
lapolis_aka_blu
6f758ba6c0
Added closing bracket in unicode full width bypass
Yeah I know it is logic to use it if you really need the closing tag. But having both brackets in your repo makes it quicker to copy paste :D
2021-01-15 16:38:51 +00:00
Swissky
f7e8f515a5 Application Escape and Breakout 2020-12-17 08:56:58 +01:00
Max Boll
2a65064d15 little update 2020-10-27 14:10:35 +01:00
Max Boll
350c55a1ac XSS Tools added 2020-10-27 13:31:37 +01:00
Vincent Gilles
0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
Max Rodrigo
2f40961990 Fix PHP XSS data collector line breaks 2020-09-05 10:36:58 +02:00
Swissky
c7e3ea005e Powershell Remoting 2020-08-09 12:15:56 +02:00
Swissky
dd40ddd233 XSS summary subentries + GraphTCP 2020-07-12 14:44:33 +02:00
looCiprian
93a372cea4 Add jsfuck bypassing method to xss cheat sheet 2020-06-23 18:34:02 +02:00
reza.duty
010b550dec
Update README.md 2020-06-17 11:42:26 +04:30
reza.duty
03a0bda20d
Update README.md 2020-06-09 20:05:32 +04:30
Swissky
7f1c150edd Mimikatz Summary 2020-05-10 16:17:10 +02:00
Thomas Orlita
d0bb0f6f5b
Update CSP Evaluator blog link 2020-05-10 10:32:51 +02:00
reza.duty
eb28e4c28d
add Self Closing Script 2020-05-06 22:57:55 +04:30
bohdansec
c4af354d8f
Update Cloudflare XSS bypasses
Add 3 bypasses by Bohdan Korzhynskyi. Update twitter
2020-04-22 00:51:36 +03:00
clem9669
286f7caaa3
Bypass XSS filters on alert
Bypass XSS filters using javascript global variables based on the following article https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/ from theMiddle.
2019-12-03 15:24:24 +01:00
Swissky
f6d5221a85 SID history break trust + Powershell history + SCF files 2019-11-07 23:21:00 +01:00
Swissky
6fecedd880 MXSS - Mutated XSS - Google POC 2019-11-06 18:32:29 +01:00
nizam0906
ab341cff38
Updated Blind XSS endpoint
* User Agent
* Comment Box
2019-10-28 16:51:36 +05:30
Swissky
3221197b1e RCE vBulletin + findomain 2019-09-26 20:41:01 +02:00
Jonathan Leitschuh
7b6c8d46aa
Add dot filter bypass with decimal IP 2019-08-28 13:56:55 -04:00
Swissky
bd449e9cea XSS PostMessage 2019-08-03 23:22:14 +02:00