├── CNAME ├── intro.png ├── dom-xss.js ├── index.html ├── style.css ├── README.md ├── payloads.js └── main.js /CNAME: -------------------------------------------------------------------------------- 1 | tinyxss.terjanq.me -------------------------------------------------------------------------------- /intro.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/terjanq/Tiny-XSS-Payloads/HEAD/intro.png -------------------------------------------------------------------------------- /dom-xss.js: -------------------------------------------------------------------------------- 1 | onload = () => { 2 | url = new URL(location.href); 3 | payload.innerHTML = url.searchParams.get('dom_xss'); 4 | } -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Tiny XSS Payloads 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 |

Tiny XSS Payloads

26 | 27 |
28 | github.com/terjanq/Tiny-XSS-Payloads 29 | 32 |
33 | 34 | 35 |

Features available

36 |
37 | 38 |
39 | 40 |

Payloads

41 |
42 | 43 |
44 |
45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /style.css: -------------------------------------------------------------------------------- 1 | 2 | html{ 3 | background: #f6f8fa!important 4 | } 5 | 6 | h2{ 7 | color: #2f2f2f 8 | } 9 | .main{ 10 | margin: auto; 11 | margin-top: 50px; 12 | max-width: 1000px; 13 | } 14 | 15 | #checkboxesForm{ 16 | display: flex; 17 | flex-wrap: wrap; 18 | } 19 | 20 | #checkboxesForm .feature{ 21 | flex: 1 20%; 22 | padding: 2px; 23 | } 24 | 25 | input[type=checkbox]:not(:first-child){ 26 | margin-left: 15px; 27 | } 28 | 29 | input[type=checkbox], #checkboxesForm label{ 30 | cursor: pointer; 31 | } 32 | 33 | #payloads{ 34 | display: flex; 35 | flex-wrap: wrap; 36 | flex-direction: row; 37 | } 38 | 39 | .payload{ 40 | flex: 1 0 25%; 41 | background: #e2e2e2; 42 | padding:10px; 43 | border-radius:5px; 44 | margin: 5px; 45 | position:relative; 46 | padding-left: 30px; 47 | display:inline-block; 48 | max-width: 500px; 49 | } 50 | 51 | .payload .tags{ 52 | max-width: 400px; 53 | } 54 | 55 | .payload .tags span{ 56 | background: #b3bfbf; 57 | font-size:13px; 58 | border-radius:3px; 59 | padding: 2px 4px; 60 | margin: 2px; 61 | pointer-events: none; 62 | display: inline-block; 63 | } 64 | 65 | .payload .counter{ 66 | position:absolute; 67 | top:0; 68 | left:0; 69 | background: #adadad; 70 | font-size: 12px; 71 | padding: 4px; 72 | border-radius: 5px; 73 | color:white; 74 | font-weight: bold; 75 | pointer-events: none; 76 | } 77 | 78 | .payload .pocs{ 79 | position:absolute; 80 | top:0; 81 | right:0; 82 | margin:0; 83 | padding:0; 84 | /* float: right; */ 85 | } 86 | 87 | .payload .pocs span{ 88 | margin-left: 5px; 89 | background: #adadad; 90 | padding: 4px; 91 | border-radius: 5px; 92 | text-decoration: none; 93 | cursor:pointer; 94 | font-size: 10px; 95 | color:white; 96 | font-weight: bold; 97 | float: right; 98 | } 99 | 100 | .payload .poc-reflected{ 101 | right: 100px; 102 | } 103 | 104 | .payload .poc-dom::before{ 105 | content: "PoC DOM" 106 | } 107 | 108 | .payload .poc-reflected::before{ 109 | content: "PoC Reflected" 110 | } 111 | 112 | .subtitle{ 113 | color: black; 114 | display: inline-block; 115 | opacity: 0.6; 116 | height: 30px; 117 | margin-top:-20px; 118 | transform: scale(0.8); 119 | transform-origin: left center; 120 | } 121 | .repo-link{ 122 | color: black; 123 | text-decoration: none; 124 | vertical-align: middle; 125 | font-size: 22px; 126 | } 127 | 128 | .subtitle span{ 129 | vertical-align: middle; 130 | margin-left: 10px; 131 | 132 | } 133 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Tiny-XSS-Payloads 2 | A collection of short XSS payloads that can be used in different contexts. 3 | 4 | The DEMO available here: 5 | 6 | 7 | ## Current Payloads 8 | 9 | ```html 10 | 12 | 13 | ``` 14 | 15 | ```html 16 | 17 | 18 | ``` 19 | 20 | ```html 21 | 22 | 23 | ``` 24 | 25 | ```html 26 | 27 | 28 | ``` 29 | 30 | ```html 31 | 32 | 33 | ``` 34 | 35 | ```html 36 | 37 | 43 | ``` 44 | 45 | ```html 46 | 47 | 48 | ``` 49 | 50 | ```html 51 | 52 |