Cross-Site Scripting Testing

Try XSS using the QuickXSS tool by theinfosecguy
If output is reflected back inside the JavaScript as a value of any variable just use alert(1)
Upload a JavaScript using an Image file
The unusual way to execute your JS payload is to change the method from POST to GET. It bypasses filters sometimes

* If script tags are banned, use <h1> and other HTML tags

* Upload file using '"><img src=x onerror=alert(document.domain)>.txt

* if " are filtered then use this payload /><img src=d onerror=confirm(/alert/);>

PreviousBypassing WAF NextTag attribute value

Last updated 2 years ago