mirror of https://github.com/danielmiessler/SecLists.git synced 2025-07-18 17:59:25 -04:00

History

Mo Langning d0b72e7e31 duplicated files		2024-02-14 12:24:12 +00:00
..
README.md	Added readme for xss human version	2023-12-08 03:45:03 +08:00
XSS-BruteLogic.txt	Added entry from #964	2024-02-14 06:00:37 +00:00
XSS-Bypass-Strings-BruteLogic.txt	categorized the files	2023-12-02 22:54:22 +08:00
XSS-Cheat-Sheet-PortSwigger.txt	categorized the files	2023-12-02 22:54:22 +08:00
XSS-EnDe-evation.txt	duplicated files	2024-02-14 12:24:12 +00:00
XSS-EnDe-h4k.xml	duplicated files	2024-02-14 12:24:12 +00:00
XSS-EnDe-mario.xml	duplicated files	2024-02-14 12:24:12 +00:00
XSS-EnDe-xssAttacks.xml	duplicated files	2024-02-14 12:24:12 +00:00
XSS-Jhaddix.txt	categorized the files	2023-12-02 22:54:22 +08:00
XSS-OFJAAAH.txt	categorized the files	2023-12-02 22:54:22 +08:00
XSS-payloadbox.txt	duplicated files	2024-02-14 12:24:12 +00:00
XSS-RSNAKE.txt	categorized the files	2023-12-02 22:54:22 +08:00
XSS-Somdev.txt	categorized the files	2023-12-02 22:54:22 +08:00
XSS-Vectors-Mario.txt	categorized the files	2023-12-02 22:54:22 +08:00
XSS-With-Context-Jhaddix.txt	categorized the files	2023-12-02 22:54:22 +08:00
xss-without-parentheses-semi-colons-portswigger.txt	categorized the files	2023-12-02 22:54:22 +08:00

README.md

XSS Human-Friendly version

This directory contains XSS you can test for. For usage in tools, go to the robot-friendly directory.

There are some line you may need to change/take note in order for your testing process to go smoothly. (e.g. third party resources that may get flagged by WAF and the xss itself)

Some XSS trigger condition may require you to interact with the web pages to trigger it. You should read through all the wordlists here and understand what each XSS does, then customizing it to your own needs.

To see the results, look out for message popups or network activity in the devtools of your browser.

Happy hacking!