ush.it - a beautiful place

XSS Cheat Sheet: non repeating payloads

January 26, 2009 at 12:40 pm - Filed under aa, bb - 206 words, reading time ~0 minutes - Permalink - Comments

We always try to add something on topics discussed in old articles, if you liked XSS Cheat Sheet: the PLAINTEXT tag and XSS Cheat Sheet: two stage payloads perhaps you'll like this one. This article contains a more complete list of ways to avoid multiple execution of your payloads, it's a fast reading!

Plaintext tag (used chars [a-z<>]):

payload<plaintext>

Hidden plaintext tag (used chars [a-z <>":;], the semicolon can be avoided):

payload<plaintext style="display:none;">

Local scope JS check (used chars [a-z <>:;!=(){}]):

if(a!=1){var a=1;payload();}

Global scope JS check (used chars [a-z <>':;!=(){}[]]):

if(window['a']!=1){var window['a']=1;payload();}

Global scope JS anonymous function with return (used chars [a-z<>"/*:;!=()[]]):

var/**/j=new/**/Function("if(window[j])return;window[j]=1;payload()");j();

Note: if spaces are an issue comments can be useful (/**/, <--#-->).

Suggestions?

Reed's Alert! Got something burning? Tell USH team.
THP USH (HTTPS) Wisec DigitalBullets TheHackersPlace network