HTML Context — Simple Tag Injection

HTML Context — In Block Tag Injection

HTML Context — Source Injection

Javascript Context — Code Injection in Logical Block

Javascript Context — Tag Injection


Multi Reflection — Double Reflection (Single Input)

Multi Reflection — Triple Reflection (Single Input)

Multi Input Reflections (Double & Triple)

File Upload Injection — Metadata

File Upload Injection — SVG File

DOM Insert Injection

DOM Insert Injection — Resource Request

Script Injection — No Closing

Javascript postMessage() DOM Injection (with Iframe)


Mixed Case XSS

Uppercase XSS

Double Encoded XSS

Alert without Parentheses (Strings Only)

Alert Obfuscation

Blogger | Security Researcher | Digital forensic analyst | Twitter — @mrunal110

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store