0266a7dd67
[Update] Added 1 payload
...
Added one payload which executes without any usage of single or double quotes. Helpful when you have AngularJS injection but quotes are blocked by application.
Working proof of payload here:
https://portswigger-labs.net/xss/angularjs.php?type=reflected&csp=0&version=1.6.0&x= {{x=valueOf.name.constructor.fromCharCode;constructor.constructor(x(97,108,101,114,116,40,49,41))()}}
2020-08-15 16:29:13 +05:30
c7e3ea005e
Powershell Remoting
2020-08-09 12:15:56 +02:00
dd40ddd233
XSS summary subentries + GraphTCP
2020-07-12 14:44:33 +02:00
93a372cea4
Add jsfuck bypassing method to xss cheat sheet
2020-06-23 18:34:02 +02:00
010b550dec
Update README.md
2020-06-17 11:42:26 +04:30
03a0bda20d
Update README.md
2020-06-09 20:05:32 +04:30
7f1c150edd
Mimikatz Summary
2020-05-10 16:17:10 +02:00
d0bb0f6f5b
Update CSP Evaluator blog link
2020-05-10 10:32:51 +02:00
eb28e4c28d
add Self Closing Script
2020-05-06 22:57:55 +04:30
5163ef902c
XSS Google Scholar Payload + Skeleton Key Persistence
2020-05-03 16:28:17 +02:00
e9b296adb3
DoyenSec Payloads XSS Google Scholar
2020-05-02 14:31:33 +02:00
c4af354d8f
Update Cloudflare XSS bypasses
...
Add 3 bypasses by Bohdan Korzhynskyi. Update twitter
2020-04-22 00:51:36 +03:00
d3ce3924a9
Create 0xcela_event_handlers.txt
2020-01-15 17:00:26 +01:00
e95b0c34a3
clarify AngularJS vs Angular
2019-12-07 10:54:47 +13:00
286f7caaa3
Bypass XSS filters on alert
...
Bypass XSS filters using javascript global variables based on the following article https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/ from theMiddle.
2019-12-03 15:24:24 +01:00
f44d014fc2
Copy this -> Cut this
...
Change copy to cut instruction
2019-12-02 12:59:54 +07:00
f6d5221a85
SID history break trust + Powershell history + SCF files
2019-11-07 23:21:00 +01:00
6fecedd880
MXSS - Mutated XSS - Google POC
2019-11-06 18:32:29 +01:00
ab341cff38
Updated Blind XSS endpoint
...
* User Agent
* Comment Box
2019-10-28 16:51:36 +05:30
aef5bb864a
Update jsonp_endpoint.txt
...
Added 3 yahoo jsonp endpoints
* https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?cb=alert(1337)
* https://mempf.yahoo.co.jp/offer?position=h&callback=alert(1337)
* https://suggest-shop.yahooapis.jp/Shopping/Suggest/V1/suggester?callback=alert(1)//&appid=dj0zaiZpPVkwMDJ1RHlqOEdwdCZzPWNvbnN1bWVyc2VjcmV0Jng9M2Y-
2019-10-25 22:27:16 +05:30
920da73bd7
Add Angular automatic sanitization
2019-10-02 21:24:53 -04:00
3221197b1e
RCE vBulletin + findomain
2019-09-26 20:41:01 +02:00
7b6c8d46aa
Add dot filter bypass with decimal IP
2019-08-28 13:56:55 -04:00
4a176615fe
CORS Misconfiguration
2019-08-18 12:08:51 +02:00
bd449e9cea
XSS PostMessage
2019-08-03 23:22:14 +02:00
9b96c7692f
XSS onpointer*
2019-08-01 14:39:15 +02:00
dab064a583
adding reference to blog
2019-07-12 12:49:02 -07:00
edcac293a8
Cloudflare XSS Bypasses by Bohdan Korzhynskyi
2019-06-05 21:36:41 +03:00
9c2e63818f
XSS without parenthesis, semi-colon + Lontara
2019-05-15 21:55:17 +02:00
bab04f8587
Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp
2019-05-12 21:34:09 +02:00
765c615efe
XSS injection Summary + MSF web delivery
2019-05-12 14:22:48 +02:00
e0dbfc1578
Fixed link for google CSP bypass
2019-04-16 11:37:59 +01:00
bbc9029dd6
XSS in several filetype based on @__Mn1__ blogpost
2019-03-26 21:49:03 +01:00
4b38516e3b
Update README.md
...
Added Cloudflare XSS bypass
2019-03-22 13:53:25 +05:30
404afd1d71
Fix name's capitalization
2019-03-07 00:07:55 +01:00
Viren Pawar
Swissky
looCiprian
reza.duty
Thomas Orlita
bohdansec
Çlirim Emini
Kyle Martin
clem9669
Minh Triet Pham Tran
nizam0906
marcan2020
Jonathan Leitschuh
Lewis
h1-ragnar
Swissky
BillyNoGoat
Rakesh Mane