ch0ic3/XSS
1
0
Fork 0
mirror of https://github.com/ShadowByte1/XSS.git synced 2024-12-18 10:26:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
ShadowByte 2024-08-06 10:47:43 +10:00 committed by GitHub
parent 514f126274
commit ed774788cf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -17,8 +17,14 @@ Check if any value you control (parameters, path, headers, cookies) is reflected
# Determine Reflection Context
Raw HTML: Can you create new HTML tags or use attributes/events that support JavaScript?
Inside HTML Tag: Can you exit to raw HTML or create events/attributes to execute JavaScript?
Inside JavaScript Code: Can you escape the <script> tag or string context to execute arbitrary JavaScript?
4. Contexts for XSS Injection
Raw HTML Context
When your input is reflected in the raw HTML of a page, you can exploit it by injecting HTML tags that execute JavaScript. Common tags include: