Update README.md
parent
514f126274
commit
ed774788cf
|
@ -17,8 +17,14 @@ Check if any value you control (parameters, path, headers, cookies) is reflected
|
||||||
# Determine Reflection Context
|
# Determine Reflection Context
|
||||||
|
|
||||||
Raw HTML: Can you create new HTML tags or use attributes/events that support JavaScript?
|
Raw HTML: Can you create new HTML tags or use attributes/events that support JavaScript?
|
||||||
|
|
||||||
|
|
||||||
Inside HTML Tag: Can you exit to raw HTML or create events/attributes to execute JavaScript?
|
Inside HTML Tag: Can you exit to raw HTML or create events/attributes to execute JavaScript?
|
||||||
|
|
||||||
|
|
||||||
Inside JavaScript Code: Can you escape the <script> tag or string context to execute arbitrary JavaScript?
|
Inside JavaScript Code: Can you escape the <script> tag or string context to execute arbitrary JavaScript?
|
||||||
|
|
||||||
|
|
||||||
4. Contexts for XSS Injection
|
4. Contexts for XSS Injection
|
||||||
Raw HTML Context
|
Raw HTML Context
|
||||||
When your input is reflected in the raw HTML of a page, you can exploit it by injecting HTML tags that execute JavaScript. Common tags include:
|
When your input is reflected in the raw HTML of a page, you can exploit it by injecting HTML tags that execute JavaScript. Common tags include:
|
||||||
|
|
Loading…
Reference in New Issue