sudoninja book
  • sudoninja book
  • About us
  • Security Area
    • Penetration Testing Methodologies
      • 7 Layer
    • How to Find CVE
      • TOP All bugbounty pentesting CVE
      • What is CVE
      • Where I try to find vulnerability and exploit
      • How to find vulnerability (approach).
      • How to Request CVE
      • My CVE
      • My submission on exploit DB
      • Write up and CVE
      • Published CVE on website
    • DAST/SAST
    • Penetration-Testing
      • Offensive-Resources
      • pentest tool
      • Mind map
    • Web Application Penetration Testing
      • Web Pentesting Methodology
      • Video
      • Cheat sheet
      • Book
      • Lab
      • Mind Map
      • Check list
      • Blog
      • Payload
      • Report
      • Tool
    • Network Penetration Testing
      • Checklist
    • Mobile Penetration testing
      • Mobile PT methology
      • APK Penetration Testing
      • Android PT
        • Methology
        • Github
        • video
        • Report
        • Tool
        • Mind Map
        • Payload
        • Cheat sheet
        • Check list
        • Lab
        • Book
        • Blog
      • iOS PT
        • Methology
        • Check list
        • Github
        • Lab
        • Book
        • Payload
        • Report
        • Mind Map
        • Blog
        • Tool
        • Video
      • Cheatsheet
      • Mind Map
    • Active Directory penetration testing
      • Methodology
      • Note
      • Checklist
      • Mind map
      • Cheatsheet
      • Tool
      • Note
      • Lab
      • Payload
    • API Penetration Testing
      • Methodology
      • Video
      • Book
      • Mind map
      • Lab
      • Checklist
      • Blog
      • Payload
      • Report
      • Tool
    • Source Code Review
      • Mindmap
      • Link
      • Blog
    • CTF
      • Practice
        • Youtube
        • CTF
    • IOT Penetration Testing
      • Methodology
      • Cheat sheet
      • Book
      • Mind Map
      • Check list
      • Blog
      • Video
      • Report
      • Tool
    • Red Teaming
      • Mind map
      • OSINT
      • Configure your own vulnerable CTF machine
    • Cloud Security
      • Google Cloud Platform
      • Azure
      • Report
      • AWS
      • Lab
    • Bug Bounty Hunting
      • Learning Engine for Bug Hunter
      • bug bounty tips
        • Book
        • Guide
      • Cheat sheet
      • Bugbounty writeup - medium / others
      • Hackerone Report
      • Recon map
      • Writeups
      • Bug bounty Platform
      • Tool
    • Thick Client Pentesting
    • Malware Analysis
    • DevSecOps
    • Wireless Penetration Testing
      • Note
      • Cheatsheet
  • Practice and improve skills
  • list of Vulnerabilities-1
    • 2FA/OTP Bypass
    • Account Takeover
    • Apache Log Poisoning through LFI
    • Broken Links
    • Bruteforcing
    • Business Logic Flaws
    • Broken Authentication & Session Management
    • Cross Site Scripting
    • Crawl/Fuzz
    • Content Security Policy (CSP)
    • CORS
    • CSRF
    • Clickjacking
    • CRLF
    • Command Injection
    • Client Side Template Injection (CSTI)
    • cookie
    • Cookies Hacking
    • Captcha Bypass
    • Dangling Markup - HTML scriptless injection
    • Deserialization
    • Directory Browsing
    • DNS Rebinding
    • Email Header Injection
    • Email attacks
    • File Inclusion/Path traversal
    • File Upload
    • Github Recon
    • Header injections
    • HTTP Request Smuggling
    • HTTP Parameter pollution
    • HTML Injection
    • HTTP Authentication
    • HTTP Protocol
    • IDOR
    • JWT Vulnerabilities (Json Web Tokens)
    • LDAP Injection
    • NoSQL injection
    • Open Redirect
    • Online hashes cracked
    • Race Condition
    • Ruby on Rails
    • Rate Limit Bypass
    • Pastejacking
    • Path Traversal
    • Password Reset
    • Prototype Pollution
    • SQL Injection
    • SSRF (Server Side Request Forgery)
    • SSTI (Server Side Template Injection)
    • Session fixation
    • Subdomain Takeover
    • S3 Bucket
    • Unicode Normalization vulnerability
    • XPATH injection
    • XSLT Server Side Injection
    • XXE - XML External Entity
    • XS-Search
    • Web Cache Deception
    • Web Sockets
    • Webshells
  • list of Vulnerabilities-2
    • Web Application Vulnerability 2022
  • Tool
    • sqlmap
      • Sql login bypass
    • Extra
    • Github
    • Search Engine for Hackers
    • Burp Extensions
    • Dorks
    • Python
    • one line script
      • more
  • Note
  • AWAE/OSWE
    • Cherry Tree
  • Burp Suite Certified Practitioner
    • Sql Injection
  • Pentesting Bible
  • Free Certification
  • Hack The Box
  • Bookmark
  • Report
  • Lab
    • MY Machine
  • Framework
    • OWASP guide
      • Map
      • OWASP Cheatsheet
  • CheatSheet
  • Mind Map
  • Certifications
  • Research Tool
  • Learn for Fun
    • Email spoofing
  • POST
    • Here are 24 websites to learn Linux for free:
    • 39 cybersecurity news resources
    • 30 cybersecurity search engines
    • 27 ways to learn ethical hacking for free
Powered by GitBook
On this page

Was this helpful?

  1. Security Area
  2. Web Application Penetration Testing

Payload

  1. https://github.com/swisskyrepo/PayloadsAllTheThings

  2. https://github.com/s0md3v/AwesomeXSS

  3. https://github.com/pgaijin66/XSS-Payloads/blob/master/payload/payload.txt

  4. https://raw.githubusercontent.com/pgaijin66/XSS-Payloads/master/payload/payload.txt

PreviousBlogNextReport

Last updated 3 years ago

Was this helpful?