gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 15:49:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

Virtual Hosts + Encoding and Transformations

Browse Source
This commit is contained in:
Swissky
2025-08-12 20:59:36 +02:00
parent cd15d85969
commit 5e0b097983
6 changed files with 225 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
DOM Clobbering/README.md
View File

@@ -6,7 +6,7 @@
- [Tools](#tools)
- [Methodology](#methodology)
- [Lab](#lab)
- [Labs](#labs)
- [References](#references)
## Tools
@@ -130,7 +130,7 @@ Exploitation requires any kind of `HTML injection` in the page.
- DomPurify allows the protocol `cid:`, which doesn't encode double quote (`"`): `<a id=defaultAvatar><a id=defaultAvatar name=avatar href="cid:&quot;onerror=alert(1)//">`
## Lab
## Labs
- [PortSwigger - Exploiting DOM clobbering to enable XSS](https://portswigger.net/web-security/dom-based/dom-clobbering/lab-dom-xss-exploiting-dom-clobbering)
- [PortSwigger - Clobbering DOM attributes to bypass HTML filters](https://portswigger.net/web-security/dom-based/dom-clobbering/lab-dom-clobbering-attributes-to-bypass-html-filters)