0x5t4l1n/hunting
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
copilot/fix-xss-vulnerabilities
hunting/XSS
T
History
copilot-swe-agent[bot] 03aaf0ada8 Add comprehensive XSS payload collection 
Added 445+ new XSS payloads organized into logical categories including:
- Basic XSS attacks and case variations
- IMG, SVG, Body, Input tag-based XSS
- Event handler and encoded XSS
- JavaScript protocol variations
- DOM-based XSS
- Filter bypass techniques
- Form, Style, Meta refresh XSS
- Object/Embed, Video/Audio XSS
- Script source and attribute variations
- Comment-based bypass
- Link/Base, VBScript, Microsoft-specific XSS
- Character encoding variations
- And many more advanced techniques

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
2026-01-04 20:10:34 +00:00
..
README.md
Restructure repository: Remove OWASP categorization, organize by vulnerability type
2026-01-04 19:01:04 +00:00
xss-payloads.txt
Add comprehensive XSS payload collection
2026-01-04 20:10:34 +00:00

README.md

Cross-Site Scripting (XSS)

Description

Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

Types of XSS

  • Reflected XSS: Script is reflected off the web server
  • Stored XSS: Script is permanently stored on the target server
  • DOM-based XSS: Vulnerability exists in client-side code

Common Attack Vectors

  • Input fields
  • URL parameters
  • HTTP headers
  • File uploads
  • Comment sections

Testing Approach

Submit JavaScript code in various input points and observe if the code gets executed in the browser.

Payloads

See xss-payloads.txt for a comprehensive list of XSS payloads.

Reference in New Issue View Git Blame Copy Permalink