Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Payload"

From NetSec
Jump to: navigation, search
(Created page with "A '''payload''' is a piece of code or data that will cause arbitrary actions on part of the vulnerable application. * An XSS payload is written in spec...")
 
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
 
A '''payload''' is a piece of code or data that will cause arbitrary actions on part of the [[vulnerability|vulnerable]] application.   
 
A '''payload''' is a piece of code or data that will cause arbitrary actions on part of the [[vulnerability|vulnerable]] application.   
  
 
+
* An [[XSS]] payload is written in specially-crafted [[HTML]] or [[JavaScript]].                                  
* An [[XSS]] payload is written in specially-crafted [[HTML]] or [[JavaScript]].
+
:(Compatibility limited by browser)
* A [[SQL injection]] payload is usually written in specially-crafted [[SQL]] statements.
+
* A [[SQL injection]] payload is usually written in specially-crafted [[SQL]] statements.  
* A [[buffer overflow]] payload is typically specially-crafted [[machine code]] otherwise known as [[shellcode]]
+
:(Compatibility limited by SQL server version)
 +
* A [[buffer overflow]] payload is typically specially-crafted [[machine code]], otherwise known as [[shellcode]].
 +
:(Compatibility limited by processor architecture)

Latest revision as of 04:19, 20 September 2012

A payload is a piece of code or data that will cause arbitrary actions on part of the vulnerable application.

(Compatibility limited by browser)
  • A SQL injection payload is usually written in specially-crafted SQL statements.
(Compatibility limited by SQL server version)
(Compatibility limited by processor architecture)