🔥Complete Bug Bounty Cheat Sheet🔥
Xss Payload Cheat Sheet
Xss Cheat Sheet Payload All The Things
| 🔥Complete Bug Bounty Cheat Sheet🔥 |
| XSS |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md |
| https://github.com/ismailtasdelen/xss-payload-list |
| SQLi |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md |
| SSRF |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery |
| CRLF |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection |
| CSV-Injection |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/csv-injection.md |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection |
| Command Injection |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection |
| Directory Traversal |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal |
| LFI |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/lfi.md |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion |
| XXE |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md |
| Open-Redirect |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/open-redirect.md |
| RCE |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/rce.md |
| Crypto |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crypto.md |
| Template Injection |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/template-injection.md |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection |
| XSLT |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xslt.md |
| Content Injection |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/content-injection.md |
| LDAP Injection |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection |
| NoSQL Injection |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection |
| CSRF Injection |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection |
| GraphQL Injection |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection |
| IDOR |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Direct%20Object%20References |
| ISCM |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Source%20Code%20Management |
| LaTex Injection |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LaTeX%20Injection |
| OAuth |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/OAuth |
| XPATH Injection |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection |
| Bypass Upload Tricky |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files |
| BURP |
| https://drive.google.com/file/d/1r1LGt7fEh8AuhihrBfp1GGmU9ttV9CkP/view?usp=sharing |
| https://drive.google.com/file/d/1IOgrVUIQb9HGQG9tePe3v_w2gyaymUFq/view?usp=sharing |
- In today’s world, the standard XSS payload still works pretty often, but we do come across application that block certain characters or have WAF’s in front of the applications.
- From here: You can execute an XSS payload inside a hidden attribute, provided you can persuade the victim into pressing the key combination. On Firefox Windows/Linux the key combination is ALT+SHIFT+X and on OS X it is CTRL+ALT+X. You can specify a different key combination using a different key in the access key attribute. Here is the vector.
- Opera will still accept it and render the.
HTML5 Security CheatsheetWhat your browser does when you look away. Execution Hacks v1.0 XSS Payloads www.xss-payloads.com Function Example Synopsis Function('alert(1)') Function(') self(typeof prompt.
Xss Evasion Cheat Sheet
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment