XSS PayLoads

From Tiny Pudu, 4 Months ago, written in Plain Text, viewed 119 times.
URL https://secploit.com/view/89a9e2cd Embed
Download Paste or View Raw
  1. following shows all xss payload for every needs
  2.  
  3. url :
  4. # https://github.com/nettitude/xss_payloads
  5.  
  6. # xss_payloads
  7.  
  8. Payloads for practical exploitation of cross site scripting.
  9.  
  10. ## Usage
  11.  
  12. 1. Find XSS vuln in your app
  13. 2. Get PoC exploit: alert(1) etc
  14. 3. Host these payloads somewhere
  15. 4. Use vuln to pull one of these payloads into the app `[removed][removed]`
  16. 5. Profit
  17.  
  18. ## js vs php files
  19.  
  20. Some of the files are plain JavaScript .js files, others are PHP scripts which serve JavaScript when rendered in order to do some more complex stuff. Make sure you have a PHP interpreter running on your web server of choice to get these to work `</obvious>`
  21.  
  22. ## Common Problems
  23.  
  24. * You can't serve these over HTTP if your app is running on HTTPS. You'll need to serve them over HTTPS
  25. * If you're running these over HTTPS for actual exploitation rather than a PoC, you'll need a proper trusted TLS cert (Let's Encrypt CA, for example) otherwise victim's browsers won't fetch the files at all. If it's for a PoC you can just temporarily trust your self signed cert.
  26. * Hit F12 and view the debug console for any information about why a particular script might not work
  27.  
  28. ## Payloads
  29.  
  30. ### apache_httponly_bypass.js
  31.  
  32. Uses an excessively large cookie to exploit CVE-2012-0053 and extract HTTPOnly cookie values from the response.
  33.  
  34. ### contentstealer.php
  35.  
  36. Steal the content of the current page, a specific element or another page within the same origin as the exploited web app.
  37.  
  38. ### cookiestealer.php
  39.  
  40. Steal cookies from the site.
  41.  
  42. ### formjacker.php
  43.  
  44. Man-in-the-middle all forms on the current page and also exploit browser autofill functionality in order to steal personal information.
  45.  
  46. ### formsubmitter.php
  47.  
  48. Grab a page from somewhere within the same origin, fill in a form on it and then submit that form.
  49.  
  50. ### local_network_scan.php
  51.  
  52. Get the internal IP address of a victim and then have them do a TCP port scan of common ports on the /24 of that internal IP address.
  53.  
  54. ### loginpage.php
  55.  
  56. Pop up a login page which sends the entered credentials back to this URL.
  57.  
  58. ### recon.php ###
  59.  
  60. Passes back information about where it was executed:
  61.  
  62.  - page URL
  63.  - script URL
  64.  - user's IP address
  65.  - Page content
  66.  - Any non HttpOnly cookies present
  67.  - User agent string
  68.  
  69. And then logs it all into either a file or a database. Great for when a collaborator alert is generated asynchronously and you need more info about where execution is occuring.
  70.  
  71. ### unc_hashstealer.php
  72.  
  73. Fire up Responder.py on the same host as this script and then inject this payload. All links on the injected page will be turned into UNC paths to the same host.

Reply to "XSS PayLoads "

Here you can reply to the paste above