From 7915fff6904f6619343ddd7cd4ede4b92413e0e5 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Thu, 5 May 2022 01:01:31 +0700
Subject: [PATCH] Update README.md
---
README.md | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/README.md b/README.md
index e7ae483..f51ca6d 100644
--- a/README.md
+++ b/README.md
@@ -65,3 +65,28 @@ By changing original user UUID to another UUID
> Create another rule but change the `type` to "Request First Line"
+
+## Finding XSS
+By adding some XSS payload into the request
+
+* Finding XSS on `User-Agent`
+
+
+
+* Finding XSS on `Referer`
+
+
+
+* Auto replace user input with XSS payload
+
+
+
+> So by just inputting the words `xss_payload` on the website it will be immediately replaced with `">`
+
+## MISC
+Some random match and replace rules
+* Finding CVE-2021-44221
+
+
+
+> Create some another rules to look for them in headers, parameters and more. Because log4j can be found anywhere