9000+ xss payloads 大全 | xss payloads collect

xss payloads

XSS Vectors Cheat Sheet

为了避免发生弹窗或者不可预测的bug,此处就不放xss代码了，xss的payloads已经全部去重放在txt中，可自行去复制粘贴。

除了常规的xss,还包含了各类绕过waf的payload。bypass waf

xss payloads 地址：

https://www.ddosi.org/xss.txt 9218个

xss项目地址

1. github.com/swisskyrepo/PayloadsAllTheThings
2. PORTSWIGGER XSS cheat sheet
3. HTML5 Security Cheatsheet
4. XSS Payloads Twitter
5. AwesomeXSS
6. Brutelogic Blog
7. XSS Cheat Sheet
8. Pgaijin66 XSS-Payloads
9. Swisskyrepo PayloadsAllTheThings
10. OWASP XSS

注意事项

本文未必更新及时，xss代码每日都在更新，可自行到如下网址进行更新。

https://xss.js.org/

https://xss.js.org/xss01.md

https://xss.js.org/xss02.md

https://xss.js.org/xss03.md

https://xss.js.org/xss04.md

https://xss.js.org/xss05.md

github.com/evai1/PayloadFix/blob/master/XssPayload.txt

gist.github.com/kurobeats/9a613c9ab68914312cbb415134795b45

自己到网页上复制粘贴使用

Cross-site scripting (XSS) cheat sheet

portswigger.net/web-security/cross-site-scripting/cheat-sheet

PDF下载：

cross-site-scripting/cheat-sheet.pdf

转载请注明出处及链接