What is this?
This can help to chain a plain old XSS bug into something more critical, like an account takeover.
This is perfect for beefing up the severity of a pentest or bug bounty report by demonstrating real security impact.
Payloads are slowly being added either as I have time. There are plenty more to come, if you can help out - pull requests are welcome! If you’re looking for inspiration on what to create - check the “issues” tab on this repo.
The simplest way to use these payloads is to host them somewhere and load them into the src attribute of a script tag for your XSS payload like this:
Alternatively, depending on the context and length of the payload, it can sometimes be minified, encoded and then just included directly into the request.
The Blog Post
This repo was released alongside a blogpost titled How to Upgrade Your XSS Bugs from Medium to Critical
This article from Shift8 is what inspired me to make this repo. The JS in the article has a couple of minor typos but the concepts are spot on.