Attack Types in Web Fuzzing
What is XSS Payload without Anything?
When I work for a company or bug bounty, the unexpected hurdle is a protection(xss filter) of special char in the JS(Javascript) area. So I am devising a way to easily solve these problems, and one of the processes is this document.
https://github.com/hahwul/XSS-Payload-without-Anything
Let’s collect a lot of thoughts and solve our problems.
Concept
It is similar to “Payload all the things” in terms of collecting the payload, but I want to provide a list of payloads with special tag (without char, used char, other..) I plan to make it easy to search and to show what characters (or what they are made of) are unusable.
format
without char: (),'
XSS Payload
// usedchar:
// author:
// description:
without char (Frequently filtered characters)
I have selected special characters that are often blocked.
( )
{ }
,
"
'
`
[ ]
\
/
;
+
.
=
Usage
on Github.com 1) Ctrl + F > 2) find your problem char 3) XSS
on hahwul.com comming soon
 |
|---|
| https://github.com/hahwul/XSS-Payload-without-Anything |
Submit XSS Payloads
Add issue form & label
XSS Payload: WithOut: Description:
or
Pull Request
or
Tweet with @hahwul
Conclusion
There is likely to be a meaningful result when accumulated. I look forward to your involvement. plz join me!
