跳转至

Payloads All The Things

Office 文档攻击 (Office - Attacks)

English
中文

正在初始化搜索引擎

Payloads All The Things

Payloads All The Things (中文版)
贡献指南
免责声明 (DISCLAIMER)
API Key Leaks
API Key Leaks
- API 密钥和令牌泄露 (API Key and Token Leaks)
- IIS Machine Keys (IIS 机器密钥)
Account Takeover
Account Takeover
- 账户接管 (Account Takeover)
- 多因素身份验证 (MFA) 绕过
Brute Force Rate Limit
Brute Force Rate Limit
- 暴力破解与速率限制 (Brute Force & Rate Limit)
Business Logic Errors
Business Logic Errors
- 业务逻辑错误 (Business Logic Errors)
CORS Misconfiguration
CORS Misconfiguration
- CORS 配置错误 (CORS Misconfiguration)
CRLF Injection
CRLF Injection
- CRLF 注入 (Carriage Return Line Feed Injection)
CSS Injection
CSS Injection
- CSS 注入 (CSS Injection)
CSV Injection
CSV Injection
- CSV 注入 (CSV Injection)
CVE Exploits
CVE Exploits
- 常见漏洞与披露 (Common Vulnerabilities and Exposures)
- CVE-2021-44228 Log4Shell
Clickjacking
Clickjacking
- 点击劫持 (Clickjacking)
Client Side Path Traversal
Client Side Path Traversal
- 客户端路径遍历 (Client Side Path Traversal)
Command Injection
Command Injection
- 命令注入 (Command Injection)
Cross Site Request Forgery
Cross Site Request Forgery
- 跨站请求伪造 (Cross-Site Request Forgery)
DNS Rebinding
DNS Rebinding
- DNS 重绑定 (DNS Rebinding)
DOM Clobbering
DOM Clobbering
- DOM Clobbering (DOM 破坏)
Denial of Service
Denial of Service
- 拒绝服务攻击 (Denial of Service)
Dependency Confusion
Dependency Confusion
- 依赖混淆 (Dependency Confusion)
Directory Traversal
Directory Traversal
- 目录遍历 (Directory Traversal)
Encoding Transformations
Encoding Transformations
- 编码与转换 (Encoding and Transformations)
External Variable Modification
External Variable Modification
- 外部变量修改 (External Variable Modification)
File Inclusion
File Inclusion
Google Web Toolkit
Google Web Toolkit
- Google Web Toolkit (GWT)
GraphQL Injection
GraphQL Injection
- GraphQL 注入 (GraphQL Injection)
HTTP Parameter Pollution
HTTP Parameter Pollution
- HTTP 参数污染 (HTTP Parameter Pollution)
Headless Browser
Headless Browser
- 无界面浏览器 (Headless Browser)
Hidden Parameters
Hidden Parameters
- HTTP 隐藏参数 (HTTP Hidden Parameters)
Insecure Deserialization
Insecure Deserialization
Insecure Direct Object References
Insecure Direct Object References
- 不安全且直接的对象引用 (Insecure Direct Object References)
Insecure Management Interface
Insecure Management Interface
- 不安全的管理界面 (Insecure Management Interface)
Insecure Randomness
Insecure Randomness
- 不安全的随机数 (Insecure Randomness)
Insecure Source Code Management
Insecure Source Code Management
JSON Web Token
JSON Web Token
- JWT - JSON Web Token
Java RMI
Java RMI
- Java RMI
LDAP Injection
LDAP Injection
- LDAP 注入 (LDAP Injection)
LaTeX Injection
LaTeX Injection
- LaTeX 注入 (LaTeX Injection)
Mass Assignment
Mass Assignment
- 批量赋值 (Mass Assignment)
Methodology and Resources
Methodology and Resources
NoSQL Injection
NoSQL Injection
- NoSQL 注入 (NoSQL Injection)
OAuth Misconfiguration
OAuth Misconfiguration
- OAuth 错误配置 (OAuth Misconfiguration)
ORM Leak
ORM Leak
- ORM 泄漏 (ORM Leak)
Open Redirect
Open Redirect
- 开放 URL 重定向 (Open URL Redirect)
Prompt Injection
Prompt Injection
- 提示词注入 (Prompt Injection)
Prototype Pollution
Prototype Pollution
- 原型链污染 (Prototype Pollution)
Race Condition
Race Condition
- 竞态条件 (Race Condition)
Regular Expression
Regular Expression
- 正则表达式 (Regular Expression)
Request Smuggling
Request Smuggling
- 请求走私 (Request Smuggling)
Reverse Proxy Misconfigurations
Reverse Proxy Misconfigurations
- 反向代理错误配置 (Reverse Proxy Misconfigurations)
SAML Injection
SAML Injection
- SAML 注入 (SAML Injection)
SQL Injection
SQL Injection
Server Side Include Injection
Server Side Include Injection
- 服务端包含注入 (Server Side Include Injection)
Server Side Request Forgery
Server Side Request Forgery
Server Side Template Injection
Server Side Template Injection
Tabnabbing
Tabnabbing
- 切换卡劫持 (Tabnabbing)
Type Juggling
Type Juggling
- 类型混淆 (Type Juggling)
Upload Insecure Files
Upload Insecure Files
- 不安全文件上传 (Upload Insecure Files)
- Configuration Apache .htaccess
  Configuration Apache .htaccess
  - .htaccess
Virtual Hosts
Virtual Hosts
- 虚拟主机 (Virtual Host)
Web Cache Deception
Web Cache Deception
- Web 缓存欺骗 (Web Cache Deception)
Web Sockets
Web Sockets
- Web Sockets
XPATH Injection
XPATH Injection
- XPATH 注入 (XPATH Injection)
XS Leak
XS Leak
- 跨站信息泄露 (XS-Leak)
XSLT Injection
XSLT Injection
- XSLT 注入 (XSLT Injection)
XSS Injection
XSS Injection
XXE Injection
XXE Injection
- XML 外部实体注入 (XML External Entity)
Zip Slip
Zip Slip
- Zip Slip 漏洞 (Zip Slip)
LEARNING AND SOCIALS
LEARNING AND SOCIALS
template vuln
template vuln
- Vulnerability Title

Office 文档攻击 (Office - Attacks)

[!WARNING] 本页内容已移至 InternalAllTheThings/redteam/access/office-attacks

宏漏洞利用 (Macros Exploitation)
对象链接与嵌入 (OLE)
DDE 利用 (Dynamic Data Exchange)
模板注入 (Template Injection)

2026-02-22

Share this content

Made with Material for MkDocs