From ad3dfc2455996a0983f11ffaa2e37505bee36e6e Mon Sep 17 00:00:00 2001
From: ninjaki <45040001+dhmosfunk@users.noreply.github.com>
Date: Thu, 10 Jul 2025 00:19:25 +0300
Subject: [PATCH] Update README.md

---
 XSS Injection/README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/XSS Injection/README.md b/XSS Injection/README.md
index d42f59b5..9e4f630f 100644
--- a/XSS Injection/README.md	
+++ b/XSS Injection/README.md	
@@ -103,6 +103,15 @@ document.body.innerHTML = "</br></br></br></br></br><h1>Please login to continue
 </script>
 ```
 
+The following research presents a use case demonstrating how various attacks can be executed by weaponizing an XSS vulnerability abusing legitimate domains to deliver phishing: [lauraops07 XSS at its finest. "Weaponizing XSS vulnerabilities for Red Team engagements."](https://github.com/dhmosfunk/lauraops07-xss-at-its-finest)
+- Phishing
+- Clickfix
+- HTML Smuggling
+
+
+
+
+
 ### Javascript Keylogger
 
 Another way to collect sensitive data is to set a javascript keylogger.