0xRoM / AJAX_JSON_XSS_POC
Transfer to URL with SHA Find file
Newer
Older
AJAX_JSON_XSS_POC / README.md
root on 30 Jun 2020 446 bytes readme updated
Raw Blame History 
PoC Demonstrating XSS Via AJAX + JSON Data
===============


Too many people have argued that when XSS is found in JSON data that it would not be rendered in the browser. 

They either think it's due to it being JSON/XML etc. or because it contains an error code (400/500 etc.)  

This prooves that not to be the case:

![XSS_AJAX_PoC](https://rossmarks.uk/git/0xRM/AJAX_JSON_XSS_POC/raw/5b8eea36a1ce6192b5111045c243b6b1f5ecb28e/XSS_AJAX_PoC.png)