Mirrors/fuzzdb
2
0
Fork 0
mirror of https://github.com/fuzzdb-project/fuzzdb.git synced 2024-09-20 06:01:57 +00:00
Code Issues Projects Releases Packages Wiki Activity
475 commits 2 branches 0 tags 8.8 MiB
Commit graph

171 commits

Author SHA1 Message Date
nil0x42
4bc86409eb
Update HTTP Response Splitting resources 
- ha.ckers.org is out since 2015. replacing by archived URL.
 2020-01-30 11:42:10 +00:00
Adam Muntner
c738693f78
Merge branch 'master' into patch-17 2019-10-15 15:29:47 -04:00
Adam Muntner
77f572aa7c
Merge branch 'master' into patch-9 2019-10-15 15:26:43 -04:00
Adam Muntner
9236a71799
Create true.txt 
comment: Why 4294967295? It is the unsigned equiv of -1

This came up in a recent sudo bug. see: https://www.engadget.com/2019/10/14/linux-unix-sudo-command-security-flaw/
 2019-10-15 15:16:52 -04:00
Adam Muntner
76111f06bb
Create php_magic_hashes.fuzz.txt 
Source: https://www.whitehatsec.com/blog/magic-hashes/
 2019-09-28 17:03:55 -04:00
Adam Muntner
79ebdce9ae
Create README.md 2019-09-28 17:03:15 -04:00
Adam Muntner
dcceee0768
Merge pull request #182 from Jacc0/patch-10 
Update traversals-8-deep-exotic-encoding.txt
 2019-09-28 16:50:43 -04:00
Adam Muntner
b8162fb19b
Merge pull request #190 from securityewok/patch-1 
Update all-encodings-of-lt.txt
 2019-09-28 16:44:17 -04:00
Adam Muntner
04556e50c8
Merge pull request #170 from AddaxSoft/patch-1 
added other common paths
 2019-09-28 16:33:58 -04:00
Adam Muntner
aca3346b38
Merge pull request #167 from sempf/master 
Removed PGSQL per Issue #2
 2019-09-28 16:32:52 -04:00
grac
3968bbc537
Update all-encodings-of-lt.txt 
missing double url encode
 2019-08-20 14:53:40 +02:00
Bill Sempf
c91b254eec
Added a numeric check 2019-02-16 11:34:08 -05:00
Bill Sempf
199993fb41
Removed payloads that alter the database 
This is the "detect" list, and it has payloads that alter the database.  That's not good for a "detect" list - should be in "exploit".
 2019-02-16 11:33:00 -05:00
Jacc0
b3ada4a617
Added some more 2019-01-18 15:32:39 +01:00
Jacc0
9fd6004105
Update traversals-8-deep-exotic-encoding.txt 
removed duplicates
 2018-10-19 10:45:16 +02:00
Jacc0
ad59963da8
Update common-unix-httpd-log-locations.txt 
add some log location of nginx and apache2 vhosts
 2018-10-19 10:24:24 +02:00
A.K
973e5a4f12
added other common paths 
bitnami, apache, httpd on different linux flavors
 2018-01-20 12:27:25 +01:00
Bill Sempf
67fd2f1159 Removed PGSQL per Issue #2 
I confirmed that the pg_sleep returned a null and caused a non-exploitable error, so I deleted the commands that referenced it.
 2017-10-03 01:54:55 -04:00
Jordan Brown
cfcec0e6cb removed new lines 2017-03-07 12:42:50 +11:00
Jordan Brown
e682447cb5 added Null representations for double encoding, format string %* and octal representations of localhost 2017-03-07 11:54:22 +11:00
Adam Muntner
ecb0850538 Strings which can be accidentally expanded into different strings if evaluated in the wrong context 
e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string.

from minimaxir/big-list-of-naughty-strings
 2017-01-16 12:55:38 -05:00
Adam Muntner
80772679c2 Strings which crashed iMessage in iOS versions 8.3 and earlier 
from minimaxir/big-list-of-naughty-strings
 2017-01-16 12:53:07 -05:00
Adam Muntner
85f3e0bd0d Strings which punish the fools who use cat/type on this file 
from minimaxir/big-list-of-naughty-strings
 2017-01-16 12:51:19 -05:00
Adam Muntner
480f487cbf Update invalid-filenames-microsoft.txt 2017-01-16 12:48:39 -05:00
Adam Muntner
d4dfa84417 Strings which contain unicode with an "upsidedown" effect (via http://www.upsidedowntext.com) 
from minimaxir/big-list-of-naughty-strings
 2017-01-16 12:44:51 -05:00
Adam Muntner
1e797dcaf3 Strings which contain "corrupted" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net) 
from minimaxir/big-list-of-naughty-strings
 2017-01-16 12:44:01 -05:00
Adam Muntner
330b3613f9 Strings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew) 
from minimaxir/big-list-of-naughty-strings/
 2017-01-16 12:43:14 -05:00
Adam Muntner
0c8789bb6a Update emoji.txt 2017-01-16 12:40:55 -05:00
Adam Muntner
7b5e1e92e8 Create regionalindicators.txt 
from minimaxir/big-list-of-naughty-strings
 2017-01-16 12:40:31 -05:00
Adam Muntner
7d53ff81f5 Create README.md 2017-01-16 12:38:32 -05:00
Adam Muntner
5a5b403c1f add unicode files 2017-01-16 12:35:19 -05:00
Adam Muntner
df5fd2e3ef Strings which contain Emoji; should be the same behavior as two-byte characters, but not always 
from minimaxir/big-list-of-naughty-strings
 2017-01-16 12:26:04 -05:00
Adam Muntner
9ddc02dcb8 Strings which consists of Japanese-style emoticons 
from minimaxir/big-list-of-naughty-strings
 2017-01-16 12:22:46 -05:00
Adam Muntner
594f0894b4 Strings which contain two-byte characters: can cause rendering issues or character-length issues 
minimaxir/big-list-of-naughty-strings
 2017-01-16 12:21:34 -05:00
Adam Muntner
9deeda4647 Strings which contain misplaced quotation marks; can cause encoding errors 
from minimaxir/big-list-of-naughty-strings
 2017-01-16 12:20:21 -05:00
Adam Muntner
ada2f9308f common unicode symbols (e.g. smart quotes),Subscript/Superscript/Accents, cause rendering issues. 
from minimaxir/big-list-of-naughty-strings
 2017-01-16 12:18:52 -05:00
Adam Muntner
855a9d38de Strings which contain common special ASCII characters (may need to be escaped) 
from minimaxir/big-list-of-naughty-string
 2017-01-16 12:13:32 -05:00
Adam Muntner
374c6ad1c2 Rename crlf-notes.txt to README.md 2017-01-16 12:11:33 -05:00
Adam Muntner
da3d4e1fa9 Added additional likely method names 2017-01-15 23:52:10 -05:00
Adam Muntner
e25608f9fa Merge pull request #161 from elnerd/patch-4 
Added TRACK method to http-methods
 2017-01-15 15:25:42 -05:00
Adam Muntner
abe819f21c Merge pull request #160 from sempf/patch-1 
Create json version of debug params
 2017-01-15 15:24:01 -05:00
Adam Muntner
fa3e68b231 Merge pull request #155 from elnerd/patch-3 
Patch 3 - added h2-h6 tags
 2017-01-15 15:23:14 -05:00
Adam Muntner
715977900d Merge pull request #159 from merttasci/patch-1 
added 2 style context XSS attacks for LESS
 2017-01-15 15:22:34 -05:00
Adam Muntner
1e6472ea75 Merge pull request #154 from elnerd/patch-2 
Create html_attributes.txt
 2017-01-15 15:21:35 -05:00
Adam Muntner
7b3433f960 Merge pull request #147 from GuiOm/master 
Add HTML event attributes
 2017-01-15 15:21:19 -05:00
El Nerdo
9cd7e5a2d0 Added TRACK method to http-methods 
According to https://www.owasp.org/index.php/Cross_Site_Tracing - the TRACK method is IIS specific variant of TRACE.
 2016-12-19 11:38:35 +01:00
Bill Sempf
02f6aa2687 Create json version of debug params 
I like this for AJAXy sites.
 2016-12-15 10:25:54 -05:00
Adam Muntner
6e3e71822b Delete command-execution-cheatsheat-unix.txt 2016-11-15 16:31:53 -05:00
Mert Tasci
6724d78102 added 2 style context XSS attacks for LESS 
cc: https://twitter.com/merttasci_/status/786878767604043776
 2016-10-19 14:12:27 +03:00
Adam Muntner
71407d12e0 Create README.md 2016-10-17 09:06:26 -04:00