vos9/Web_Hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update XSS.md

Browse Source
This commit is contained in:
Mehdi 2023-08-18 18:56:14 +03:30 committed by GitHub
parent 76b816434c
commit 5c2745df83
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
XSS.md
View File

@ -762,6 +762,7 @@ More information about this technique here: https://book.hacktricks.xyz/pentesti
**XSS in dynamic created PDF**
If a web page is creating a PDF using user controlled input, you can try to trick the bot that is creating the PDF into executing arbitrary JS code.
So, if the PDF creator bot finds some kind of HTML tags, it is going to interpret them, and you can abuse this behaviour to cause a Server XSS.
@ -771,6 +772,7 @@ If you cannot inject HTML tags it could be worth it to try to inject PDF data:
https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting/pdf-injection
**XSS uploading files (svg)**
Upload as an image a file like the following one (from : https://ghostlulz.com/xss-svg/)