A third approach to demonstrating cross-site scripting (XSS) vulnerabilities could be more visual and less malicious than the traditional approaches of simply showing an alert or exfiltrating sensitive information.
It may be worth considering some more creative, visual payloads as a way of emphasising the risks associated with an XSS vulnerability.
It is important to note that the author does not recommend combining certain payloads due to the risk of unintended consequences.
It is crucial that these kinds of exercises are carried out in the spirit of legal penetration testing and red teaming, where explicit permission has been granted.
The article serves as an educational tool to demonstrate the potential impact of XSS attacks, which should only be tested in controlled, authorised environments.
Please refer to the disclaimer at the end of the post for additional information and caveats. Shivam Bansal, a.k.a. xssor, is the author of “Unusual XSS Payloads”. The article addresses the conventional, trivial methods of demonstrating the impact of cross-site scripting (XSS) vulnerabilities, and proposes a more captivating, unconventional approach.