Talk:XSS Filter Evasion Cheat Sheet

I can speak from being on the receiving end of XSS Evasion Attacks :)

http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html http://blog.spiderlabs.com/2013/08/the-web-is-vulnerable-xss-on-the-battlefront-part-1.html

Essentially what we need to do is to consolidate a couple of key resources. The top two being -

HTML5Sec Vectors - https://raw.githubusercontent.com/cure53/H5SC/master/vectors.txt. These are taken from Mario's awesome work - http://html5sec.org/ Shazzer's Successful Fuzzes - https://raw.githubusercontent.com/client9/libinjection/master/data/xss-shazzer.txt. These are from Gareth's equally awesome work - http://shazzer.co.uk/home.

I would start with these two resources as the base and build from there.

-Ryan