Update README.md

This commit is contained in:
ShadowByte 2024-08-06 10:47:43 +10:00 committed by GitHub
parent 514f126274
commit ed774788cf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -17,8 +17,14 @@ Check if any value you control (parameters, path, headers, cookies) is reflected
# Determine Reflection Context # Determine Reflection Context
Raw HTML: Can you create new HTML tags or use attributes/events that support JavaScript? Raw HTML: Can you create new HTML tags or use attributes/events that support JavaScript?
Inside HTML Tag: Can you exit to raw HTML or create events/attributes to execute JavaScript? Inside HTML Tag: Can you exit to raw HTML or create events/attributes to execute JavaScript?
Inside JavaScript Code: Can you escape the <script> tag or string context to execute arbitrary JavaScript? Inside JavaScript Code: Can you escape the <script> tag or string context to execute arbitrary JavaScript?
4. Contexts for XSS Injection 4. Contexts for XSS Injection
Raw HTML Context Raw HTML Context
When your input is reflected in the raw HTML of a page, you can exploit it by injecting HTML tags that execute JavaScript. Common tags include: When your input is reflected in the raw HTML of a page, you can exploit it by injecting HTML tags that execute JavaScript. Common tags include: