XSS

Tools

- Most advanced XSS detection suite: https://github.com/s0md3v/XSStrike

XSS Payloads

  • Fetch an external resource: https://github.com/aurainfosec/xss_payloads/blob/master/fetch.md
  • Advance XSS Persistence With Oauth: https://github.com/dxa4481/XSSOauthPersistence
  • https://blog.secureideas.com/2018/12/twelve-days-of-xssmas.html
  • XSS Cheat Sheet: https://brutelogic.com.br/blog/xss-cheat-sheet/
  • http://www.xss-payloads.com/payloads.html

XSS via Image

XSS via HTTP Response Splitting

XSS via AngularJS Template Injection

Impact

  • [Basic] - https://somdev.me/21-things-xss/