SonarSource / mxss-cheatsheetLinks
This repository is a one-stop shop for diving deep into the fascinating world of mXSS (mutations caused by browser quirks in HTML parsing). providing a curated list of examples that showcase unexpected HTML behaviors.
☆23Updated 4 months ago
Alternatives and similar repositories for mxss-cheatsheet
Users that are interested in mxss-cheatsheet are comparing it to the libraries listed below
Sorting:
- Awesome MXSS ??☆52Updated 8 months ago
- ☆26Updated last month
- A collection of Server-Side Prototype Pollution gadgets and exploits☆190Updated 4 months ago
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆53Updated 2 months ago
- ☆81Updated 8 months ago
- Same Origin XSS challenge☆61Updated 3 years ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆50Updated last year
- ☆25Updated 6 months ago
- Searcher for cross-site leaks (XS-Leaks)☆82Updated 2 years ago
- Challenges I wrote for various CTF competitions☆43Updated 11 months ago
- Useful configurations for the DomLogger++ extension☆35Updated 9 months ago
- Here i will post my writeups :)☆32Updated 2 years ago
- Proof of Concepts for unsafe deserialization in Ruby☆16Updated 8 months ago
- A chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs☆69Updated last week
- Fast exfiltration of text using only CSS and Ligatures☆53Updated 2 months ago
- Automated JavaScript Debugging Tool using CDP - Automatically sets breakpoints for specified strings/patterns in JavaScript code☆90Updated 6 months ago
- CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.☆141Updated 11 months ago
- Guided Differential Fuzzing for HTTP Request Parsing Discrepancies☆17Updated last year
- ☆30Updated 2 months ago
- This is the data that powers the PortSwigger URL validation bypass cheat sheet.☆50Updated last month
- A simple mutator engine which focuses on finding unknown classes of injection vulnerabilities☆67Updated last year
- ☆63Updated 2 years ago
- HTML Universal Identifier☆68Updated 6 months ago
- List of Trusted Types bypasses☆93Updated last year
- Some tips for Bug Bounty using LibreOffice☆46Updated 3 months ago
- ☆19Updated 3 months ago
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆124Updated 2 months ago
- A collection of utilities for building extensions using Burp's Montoya API☆50Updated last year
- ☆33Updated last year
- Unsecure time-based secret exploitation and Sandwich attack implementation Resources☆141Updated 6 months ago