malectricasoftware
/
XSS
mirror of https://github.com/malectricasoftware/XSS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

main
ShadowByte 2024-08-06 10:47:43 +10:00 committed by GitHub
parent 514f126274
commit ed774788cf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -17,8 +17,14 @@ Check if any value you control (parameters, path, headers, cookies) is reflected
# Determine Reflection Context
Raw HTML: Can you create new HTML tags or use attributes/events that support JavaScript?
Inside HTML Tag: Can you exit to raw HTML or create events/attributes to execute JavaScript?
Inside JavaScript Code: Can you escape the <script> tag or string context to execute arbitrary JavaScript?
4. Contexts for XSS Injection
Raw HTML Context
When your input is reflected in the raw HTML of a page, you can exploit it by injecting HTML tags that execute JavaScript. Common tags include: