Effective Payload Generation Method

XSS Components:

Components

-------------------------------------------------------------

-------------------------------------------------------------

Component: tags:

-------------------------------------------------------------

Special attributes:

special attributes

src

dynsrc

lowsrc

href

action

data

background

formaction

poster

code

location

name

-------------------------------------------------------------

Pseudoprotocols:

Pseudoprotocols

Javascript

data

-------------------------------------------------------------

Malicious code:

Malicious code

alert()

confirm()

prompt()

self.location

top.location

location.href

-------------------------------------------------------------

Events:

- onabort: This event is triggered when an image fails to load.
- onerror: This event is triggered when an error occurs or an image fails to load.
- onload: This event is triggered when an object has loaded.
- onchange: This event is triggered when the content of a form element, the selection, or the checked state has changed (for <input>, <select>, <textarea>).
- onsubmit: This event is triggered when a form is submitted.
- onreset: This event is triggered when a form is reset.
- onselect: This event is triggered after some text has been selected in an element.
- onblur: This event is triggered when an element loses focus.
- onfocus: This event is triggered when an element receives focus.Pyload= "onfocus=alert(1337) autofocus="
- onkeydown: This event is triggered when a key is pressed.
- onkeypress: This event is triggered when a key is pressed and released.
- onkeyup: This event is triggered when a key is released.
- onclick: This event is triggered when an element is clicked.
- ondblclick: This event is triggered when an element is double-clicked.
- onmousedown: This event is triggered when a mouse button is pressed.
- onmousemove: This event is triggered when the mouse is moved.
- onmouseout: This event is triggered when the mouse is moved off an element.
- onmouseover: This event is triggered when the mouse is moved over an element.
- onmouseup: This event is triggered when a mouse button is released.

-------------------------------------------------------------

XSS Payload bypass method:

Mutation forms

Specific description

Coding confusion

1.HTML encode

2. Unicode encode

3. URL encode

4.Base64

Sensitive words replacement

5. Events-sensitive words replacement

6. Sensitive functions replacement

7. Blank character replacement

8. Bracket replacement

Position or form change

9. Attributes and events swap positions

10. Case change

11. Shape transformation of pop-up window function

Add special characters

Add a blank character (between the event and the trigger code)

13. Insert the tag into the tag

14. Add notes (between the function and the parentheses)

15. Add some characters before or after the vector

PreviousUnderstanding XSS filters NextXSS WAF Bypass Trick

Last updated 14 days ago

hashtagXSS Components:

hashtag-------------------------------------------------------------

hashtag-------------------------------------------------------------

hashtagComponent: tags:

hashtag-------------------------------------------------------------

hashtagSpecial attributes:

hashtag-------------------------------------------------------------

hashtagPseudoprotocols:

hashtag-------------------------------------------------------------

hashtagMalicious code:

hashtag-------------------------------------------------------------

hashtagEvents:

hashtag-------------------------------------------------------------

hashtagXSS Payload bypass method:

XSS Components:

-------------------------------------------------------------

-------------------------------------------------------------

Component: tags:

-------------------------------------------------------------

Special attributes:

-------------------------------------------------------------

Pseudoprotocols:

-------------------------------------------------------------

Malicious code:

-------------------------------------------------------------

Events:

-------------------------------------------------------------

XSS Payload bypass method: