From 514f126274579ac4d29e4cb6160dd0efba6bbda9 Mon Sep 17 00:00:00 2001
From: ShadowByte <155693555+ShadowByte1@users.noreply.github.com>
Date: Tue, 6 Aug 2024 10:47:20 +1000
Subject: [PATCH] Update README.md
---
README.md | 169 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 168 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index f4534f2..6e5b434 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,168 @@
-# XSS
\ No newline at end of file
+# Comprehensive Guide on Cross-Site Scripting (XSS) and Its Bypasses
+Cross-Site Scripting (XSS) is a widespread vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This guide covers the types of XSS, methodologies for detection and exploitation, contexts of injection, and advanced techniques for bypassing protections.
+
+1. Introduction to XSS
+XSS attacks enable attackers to inject malicious scripts into web pages. These scripts can execute in the context of a user's browser, allowing attackers to steal information, hijack sessions, or perform actions on behalf of the user.
+
+1.1 Types of XSS
+Stored XSS: The malicious script is permanently stored on the target server, such as in a database or comment field.
+Reflected XSS: The malicious script is reflected off a web server, typically via a URL query parameter.
+DOM-Based XSS: The vulnerability exists in the client-side code rather than the server-side code, and the attack payload is executed as a result of modifying the DOM environment.
+
+2. Methodology for Detecting XSS
+2.1 Identify Injection Points
+
+Check if any value you control (parameters, path, headers, cookies) is reflected in the HTML or used by JavaScript code.
+
+# Determine Reflection Context
+
+Raw HTML: Can you create new HTML tags or use attributes/events that support JavaScript?
+Inside HTML Tag: Can you exit to raw HTML or create events/attributes to execute JavaScript?
+Inside JavaScript Code: Can you escape the
+```
+4.2 Polyglot XSS
+Polyglot payloads can function in multiple contexts (HTML, JS, CSS) to bypass input filters.
+
+4.2.1 Example Polyglot Payload
+```
+">