What is XSS Payload without Anything?
When I work for a company or bug bounty, the unexpected hurdle is a protection(xss filter) of special char in the JS(Javascript) area. So I am devising a way to easily solve these problems, and one of the processes is this document.https://github.com/hahwul/XSS-Payload-without-Anything
Let’s collect a lot of thoughts and solve our problems.
Concept
It is similar to “Payload all the things” in terms of collecting the payload, but I want to provide a list of payloads with special tag (without char, used char, other..)I plan to make it easy to search and to show what characters (or what they are made of) are unusable.
format
without char:() , ' XSS Payload
// usedchar:
// author:
// description:
without char (Frequently filtered characters)
I have selected special characters that are often blocked.( )
{ }
,
"
'
`
[ ]
\
/
;
+
.
=
Usage
on Github.com1) Ctrl + F >
2) find your problem char
3) XSS
on hahwul.com
comming soon
 |
| https://github.com/hahwul/XSS-Payload-without-Anything |
Submit XSS Payloads
Add issue form & labelXSS Payload:
WithOut:
Description:
or
Pull Request
or
Tweet with @hahwul
Conclusion
There is likely to be a meaningful result when accumulated. I look forward to your involvement. plz join me!
 |
HAHWULSecurity engineer, Gopher and H4cker!
 |
0 κ°μ λκΈ:
Post a Comment