Skip to content

Web exploitation guide

Public exploits

We can use these resources: - searchsploit - ExploitDB. - Rapid7.com. - Vulnerability Lab. - metasploit: check verification scripts to test the existence of a vulnerability.

OWASP Attack Tools Payloads
WSTG-INPV-12 Command injection attack
CRLF attack - Carriage Return and LineFeed attack
WSTG-SESS-05 CSRF attack - Cross Site Request Forgery attack BurpSuite, CSRFTester
Directory traversal attack
LFI attack - Local File Inclusion attack
Remote Code Execution
RFD attack - Reflected File Download attack Reflected File Download Checker - Burp Extension
RFI attack - Remote File Inclusion attack
Session Puzzling XSS-Me
SSRF attack - Server Side Request Forgery Burp Collaborator, Burp Intruder, manually Built-in lists in Burp
WSTG-INPV-05 SQL injection Cheat sheet for manual attack, sqlmap Payloads from my dictionary repo
XFS attack - Cross-frame Scripting attack
WSTG-INPV-01
WSTG-INPV-02
WSTG-CLNT-01
XSS attack - Cross-Site Scripting attack beef, XSSer, Easy-XSS, Manual testing, XSSMe tool on github
Last update: 2024-09-16
Created: December 26, 2023 19:00:18