coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [#3394] No subject

Browse Source
This commit is contained in:
CPol 2022-08-16 09:38:59 +00:00 committed by gitbook-bot
parent e5fd973448
commit 4449bfc345
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pentesting-web/xss-cross-site-scripting/README.md
View File

@ -1,7 +1,5 @@
# XSS (Cross Site Scripting)
## XSS (Cross Site Scripting)
<details>
<summary><strong>Support HackTricks and get benefits!</strong></summary>
@ -1167,6 +1165,14 @@ If you cannot inject HTML tags it could be worth it to try to **inject PDF data*
[pdf-injection.md](pdf-injection.md)
{% endcontent-ref %}
### XSS in Amp4Email
AMP is a technology known for developing super fast web pages on mobile clients. **AMP is a set of HTML tags backed by JavaScript** that easily enables functionality with an added focus on performance and security. There are [AMP components](https://amp.dev/documentation/components/?format=websites) for everything from carousels, to responsive form elements, to retrieving fresh content from remote endpoints.
The [**AMP for Email**](https://amp.dev/documentation/guides-and-tutorials/learn/email-spec/amp-email-format/) format provides [a subset of AMP components](https://github.com/ampproject/amphtml/blob/master/docs/spec/email/amp-email-components.md) that you can use in email messages. Recipients of AMP emails can view and interact with the AMP components directly in the email.
Example [**writeup XSS in Amp4Email in Gmail**](https://adico.me/post/xss-in-gmail-s-amp4email).
### XSS uploading files (svg)
Upload as an image a file like the following one (from [http://ghostlulz.com/xss-svg/](http://ghostlulz.com/xss-svg/)):