web-exploits

SKILL.md

| SQL Injection | ', ' OR 1=1-- | ' UNION SELECT ... | | XSS | alert(1) | Cookie stealing, session hijacking | | LFI | ../../../etc/passwd | Read sensitive files, RCE via log poisoning | | SSTI | {{77}}, ${77} | RCE via template engine | | File Upload | Upload .php, .phtml | Web shell execution | | CSRF | No token validation | Force user actions |

| JWT | alg: none, weak secret | Privilege escalation |

web exploitation, SQL injection, SQLi, XSS, cross-site scripting, CSRF, LFI, RFI, local file inclusion, SSTI, template injection, file upload, webshell, JWT, JSON web token, command injection, path traversal, directory traversal, web security, OWASP, burp suite, requests, beautifulsoup

CTF 챌린지에서 SQL 주입, XSS, CSRF, LFI, SSTI 및 파일 업로드 우회에 대한 웹 취약성 테스트 패턴입니다. 트리거: 웹 애플리케이션, SQL 삽입, XSS 또는 파일 업로드를 테스트할 때. 출처: g36maid/ctf-arsenal.

원본 보기