Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Payload"
From NetSec
Levi99Vmsb (Talk | contribs) |
|||
| Line 1: | Line 1: | ||
A '''payload''' is a piece of code or data that will cause arbitrary actions on part of the [[vulnerability|vulnerable]] application. | A '''payload''' is a piece of code or data that will cause arbitrary actions on part of the [[vulnerability|vulnerable]] application. | ||
| − | |||
* An [[XSS]] payload is written in specially-crafted [[HTML]] or [[JavaScript]]. | * An [[XSS]] payload is written in specially-crafted [[HTML]] or [[JavaScript]]. | ||
Latest revision as of 05:19, 20 September 2012
A payload is a piece of code or data that will cause arbitrary actions on part of the vulnerable application.
- An XSS payload is written in specially-crafted HTML or JavaScript.
- (Compatibility limited by browser)
- A SQL injection payload is usually written in specially-crafted SQL statements.
- (Compatibility limited by SQL server version)
- A buffer overflow payload is typically specially-crafted machine code, otherwise known as shellcode.
- (Compatibility limited by processor architecture)
