XSS Payload without Anything
What is XSS Payload without Anything?
When I work for a company or bug bounty, the unexpected hurdle is a protection(xss filter) of special char in the JS(Javascript) area. So I am devising a way to easily solve these problems, and one of the processes is this document.https://github.com/hahwul/XSS-Payload-without-Anything
Let’s collect a lot of thoughts and solve our problems.
Concept
It is similar to “Payload all the things” in terms of collecting the payload, but I want to provide a list of payloads with special tag (without char, used char, other..)I plan to make it easy to search and to show what characters (or what they are made of) are unusable.
format
without char:()
,
'
XSS Payload
// usedchar:
// author:
// description:
without char (Frequently filtered characters)
I have selected special characters that are often blocked.( )
{ }
,
"
'
`
[ ]
\
/
;
+
.
=
Usage
on Github.com1) Ctrl + F >
2) find your problem char
3) XSS
on hahwul.com
comming soon
![]() |
https://github.com/hahwul/XSS-Payload-without-Anything |
Submit XSS Payloads
Add issue form & labelXSS Payload:
WithOut:
Description:
or
Pull Request
or
Tweet with @hahwul