XSS

########################################################################
Amaing tool in Portswigger website:
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
########################################################################
_______________________________________________________________________________________________________________________________________________

If it shows that "tags are not allowed":
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-some-svg-markup-allowed

Basically, you will use burp (intruder) to figure it out which tags and events can be used.

_______________________________________________________________________________________________________________________________________________


Try the basics at 'hacktricks' and 'payloadallthethings' websites.

To grap cookies using https:
https://webhook.site/
_____________________________________________________________________________________________________________________________________________________

Exploiting XSS via Markdown:
SOURCE: https://medium.com/taptuit/exploiting-xss-via-markdown-72a61e774bf8

"Markdown is a simple language for writing and formatting content. By simple, I mean there is a small amount of syntax to learn which allows writers to write clean but aesthetically pleasing content. It’s used all over the place, from Gists and readme files on GitHub to the very article you’re reading right now. A standardised syntax allows the same document to be displayed in different ways by different markdown processors."

In other words: sintax to convert data into html, I think.

Ex: 

[Click Me](https://www.example.com/)
when processed by 'Medium' website, will become
<a href="https://www.example.com/">Click Me</a>

The exploit: 
to create something like: <a href="javascript:alert('XSS')">Click Me</a>, you can do: [Click Me](javascript:alert('XSS'))

___________________________________________________________________________________________________________________________________