alert(document.domain)
or setInterval`alert\x28document.domain\x29`
if you have to use backticks. [1] Using document.domain
instead of alert(1)
can help avoid reporting XSS bugs in sandbox domains.cat /proc/1/maps
touch /root/your_username
id
<?php echo 7*7; ?>
SELECT @@version
SELECT version FROM v$instance;
SELECT version()
google.com
), or if looking to demonstrate potential impact, to your own website with an example login screen resembling the target's.style="display:none;"
) and make it submit automatically, or design it so that it resembles a component from the target's page.