Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Payload"
From NetSec
(Created page with "A '''payload''' is a piece of code or data that will cause arbitrary actions on part of the vulnerable application. * An XSS payload is written in spec...") |
Levi99Vmsb (Talk | contribs) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
A '''payload''' is a piece of code or data that will cause arbitrary actions on part of the [[vulnerability|vulnerable]] application. | A '''payload''' is a piece of code or data that will cause arbitrary actions on part of the [[vulnerability|vulnerable]] application. | ||
| − | + | * An [[XSS]] payload is written in specially-crafted [[HTML]] or [[JavaScript]]. | |
| − | * An [[XSS]] payload is written in specially-crafted [[HTML]] or [[JavaScript]]. | + | :(Compatibility limited by browser) |
| − | * A [[SQL injection]] payload is usually written in specially-crafted [[SQL]] statements. | + | * A [[SQL injection]] payload is usually written in specially-crafted [[SQL]] statements. |
| − | * A [[buffer overflow]] payload is typically specially-crafted [[machine code]] otherwise known as [[shellcode]] | + | :(Compatibility limited by SQL server version) |
| + | * A [[buffer overflow]] payload is typically specially-crafted [[machine code]], otherwise known as [[shellcode]]. | ||
| + | :(Compatibility limited by processor architecture) | ||
Latest revision as of 05:19, 20 September 2012
A payload is a piece of code or data that will cause arbitrary actions on part of the vulnerable application.
- An XSS payload is written in specially-crafted HTML or JavaScript.
- (Compatibility limited by browser)
- A SQL injection payload is usually written in specially-crafted SQL statements.
- (Compatibility limited by SQL server version)
- A buffer overflow payload is typically specially-crafted machine code, otherwise known as shellcode.
- (Compatibility limited by processor architecture)
