Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2025-12-06 08:54:40 +01:00
Code Issues Projects Releases Wiki Activity

Update README.md

Browse source
This commit is contained in:
ninjaki 2025-07-10 00:19:25 +03:00 committed by GitHub
parent 3fd2f8c481
commit ad3dfc2455
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
XSS Injection/README.md
View file

@ -103,6 +103,15 @@ document.body.innerHTML = "</br></br></br></br></br><h1>Please login to continue
</script>
```
The following research presents a use case demonstrating how various attacks can be executed by weaponizing an XSS vulnerability abusing legitimate domains to deliver phishing: [lauraops07 XSS at its finest. "Weaponizing XSS vulnerabilities for Red Team engagements."](https://github.com/dhmosfunk/lauraops07-xss-at-its-finest)
- Phishing
- Clickfix
- HTML Smuggling
### Javascript Keylogger
Another way to collect sensitive data is to set a javascript keylogger.