Skip to content

Brute XSS

Master the art of Cross Site Scripting.

Home
XSS Cheat Sheet
- Brutal Addendum
Secrets
XSS 101
About

HomeXSS Cheat Sheet

XSS Cheat Sheet

GET YOURS NOW!

Featured Posts

Chrome XSS Auditor – SVG Bypass
More than an year ago, in my private twitter account Brutal Secrets, I shared an […]
XSS Filter Bypass With Spell Checking
Some sites offer spell checking as a feature of their search functionality or translation […]
Source-Breaking Injections
When dealing with HTML injections there’s an interesting trick to make a XSS attack […]

Follow me

Don’t MISS a Post

Get a notification inbox when a new post is published (no spam).

Name

Email *

All Posts

DOM-based XSS – The 3 Sinks
Chrome XSS Auditor – SVG Bypass
The 7 Main XSS Cases Everyone Should Know
Compromising CMSes with XSS
Alternative to Javascript Pseudo-Protocol
XSS Filter Bypass With Spell Checking
XSS Challenge I
Calling Remote Script With Event Handlers
Four Horsemen of the Web Apocalypse
The Easiest Way to Bypass XSS Mitigations
XSS Authority Abuse
Reflected in Watering Hole
Bypassing Javascript Overrides
The Genesis of an XSS Worm – Part III
The Genesis of an XSS Worm – Part II
The Genesis of an XSS Worm – Part I
The Shortest Reflected XSS Attack Possible
Looking for XSS in PHP Source Code
AntiviruXSS White Paper
Avoiding XSS Detection
Blind XSS Code
XSS and RCE
CORS Enabled XSS
Chrome XSS Bypass
File Upload XSS
Leveraging Self-XSS
XSS in Mobile Devices
Cross-Origin Scripting
Transcending Context-Based Filters
XSS Without Event Handlers
Multi Reflection XSS
Using XSS to Control a Browser
Source-Breaking Injections
Location Based Payloads – Part IV
Location Based Payloads – Part III
Location Based Payloads – Part II
Location Based Payloads – Part I
Probing to Find XSS
Filter Bypass Procedure
Existing Code Reuse
Agnostic Event Handlers
XSS Payload Scheme

Proudly powered by WordPress | Theme: Big Brother by WordPress.com.

Translate »

Know the Brutal Secrets

Get access to NEW vectors/payloads, bypass tricks and… Tools!

Know what others don’t about XSS;
Find more and better XSS attacks to report;
Increase your chances to be acknowledged in bug bounty programs!

Enjoy this blog? Please spread the word :)

5k
Follow
999