What is this?
This can help to chain a plain old XSS bug into something more critical, like an account takeover.
This is perfect for beefing up the severity of a pentest or bug bounty report by demonstrating real security impact.
Payloads are slowly being added either as I have time. There are plenty more to come, if you can help out - pull requests are welcome! If you’re looking for inspiration on what to create - check the “issues” tab on this repo.
The simplest way to use these payloads is to host them somewhere and load them into the src attribute of a script tag for your XSS payload like this:
The Blog Post
This repo was released alongside a blogpost titled How to Upgrade Your XSS Bugs from Medium to Critical
This article from Shift8 is what inspired me to make this repo. The JS in the article has a couple of minor typos but the concepts are spot on.