reddit hackernews mail facebook facebook linkedin
Weaponised XSS Payloads

Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

Or "How to upgrade your XSS bugs from medium to critical".

In this repository you will find a bunch of JavaScript files which can be loaded into an XSS payload in order to perform sensitive functions on popular CMS platforms in the context of the victim's browser. This can help to chain a plain old XSS bug into something more critical, like an account takeover.

This is perfect for beefing up the severity of a pentest or bug bounty report by demonstrating real security impact.