Adam Muntner
04556e50c8
Merge pull request #170 from AddaxSoft/patch-1
...
added other common paths
2019-09-28 16:33:58 -04:00
Adam Muntner
aca3346b38
Merge pull request #167 from sempf/master
...
Removed PGSQL per Issue #2
2019-09-28 16:32:52 -04:00
Bill Sempf
c91b254eec
Added a numeric check
2019-02-16 11:34:08 -05:00
Bill Sempf
199993fb41
Removed payloads that alter the database
...
This is the "detect" list, and it has payloads that alter the database. That's not good for a "detect" list - should be in "exploit".
2019-02-16 11:33:00 -05:00
A.K
973e5a4f12
added other common paths
...
bitnami, apache, httpd on different linux flavors
2018-01-20 12:27:25 +01:00
Bill Sempf
67fd2f1159
Removed PGSQL per Issue #2
...
I confirmed that the pg_sleep returned a null and caused a non-exploitable error, so I deleted the commands that referenced it.
2017-10-03 01:54:55 -04:00
Jordan Brown
cfcec0e6cb
removed new lines
2017-03-07 12:42:50 +11:00
Jordan Brown
e682447cb5
added Null representations for double encoding, format string %* and octal representations of localhost
2017-03-07 11:54:22 +11:00
Adam Muntner
ecb0850538
Strings which can be accidentally expanded into different strings if evaluated in the wrong context
...
e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string.
from minimaxir/big-list-of-naughty-strings
2017-01-16 12:55:38 -05:00
Adam Muntner
80772679c2
Strings which crashed iMessage in iOS versions 8.3 and earlier
...
from minimaxir/big-list-of-naughty-strings
2017-01-16 12:53:07 -05:00
Adam Muntner
85f3e0bd0d
Strings which punish the fools who use cat/type on this file
...
from minimaxir/big-list-of-naughty-strings
2017-01-16 12:51:19 -05:00
Adam Muntner
480f487cbf
Update invalid-filenames-microsoft.txt
2017-01-16 12:48:39 -05:00
Adam Muntner
d4dfa84417
Strings which contain unicode with an "upsidedown" effect (via http://www.upsidedowntext.com )
...
from minimaxir/big-list-of-naughty-strings
2017-01-16 12:44:51 -05:00
Adam Muntner
1e797dcaf3
Strings which contain "corrupted" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net )
...
from minimaxir/big-list-of-naughty-strings
2017-01-16 12:44:01 -05:00
Adam Muntner
330b3613f9
Strings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)
...
from minimaxir/big-list-of-naughty-strings/
2017-01-16 12:43:14 -05:00
Adam Muntner
0c8789bb6a
Update emoji.txt
2017-01-16 12:40:55 -05:00
Adam Muntner
7b5e1e92e8
Create regionalindicators.txt
...
from minimaxir/big-list-of-naughty-strings
2017-01-16 12:40:31 -05:00
Adam Muntner
7d53ff81f5
Create README.md
2017-01-16 12:38:32 -05:00
Adam Muntner
5a5b403c1f
add unicode files
2017-01-16 12:35:19 -05:00
Adam Muntner
df5fd2e3ef
Strings which contain Emoji; should be the same behavior as two-byte characters, but not always
...
from minimaxir/big-list-of-naughty-strings
2017-01-16 12:26:04 -05:00
Adam Muntner
9ddc02dcb8
Strings which consists of Japanese-style emoticons
...
from minimaxir/big-list-of-naughty-strings
2017-01-16 12:22:46 -05:00
Adam Muntner
594f0894b4
Strings which contain two-byte characters: can cause rendering issues or character-length issues
...
minimaxir/big-list-of-naughty-strings
2017-01-16 12:21:34 -05:00
Adam Muntner
9deeda4647
Strings which contain misplaced quotation marks; can cause encoding errors
...
from minimaxir/big-list-of-naughty-strings
2017-01-16 12:20:21 -05:00
Adam Muntner
ada2f9308f
common unicode symbols (e.g. smart quotes),Subscript/Superscript/Accents, cause rendering issues.
...
from minimaxir/big-list-of-naughty-strings
2017-01-16 12:18:52 -05:00
Adam Muntner
855a9d38de
Strings which contain common special ASCII characters (may need to be escaped)
...
from minimaxir/big-list-of-naughty-string
2017-01-16 12:13:32 -05:00
Adam Muntner
374c6ad1c2
Rename crlf-notes.txt to README.md
2017-01-16 12:11:33 -05:00
Adam Muntner
da3d4e1fa9
Added additional likely method names
2017-01-15 23:52:10 -05:00
Adam Muntner
e25608f9fa
Merge pull request #161 from elnerd/patch-4
...
Added TRACK method to http-methods
2017-01-15 15:25:42 -05:00
Adam Muntner
abe819f21c
Merge pull request #160 from sempf/patch-1
...
Create json version of debug params
2017-01-15 15:24:01 -05:00
Adam Muntner
fa3e68b231
Merge pull request #155 from elnerd/patch-3
...
Patch 3 - added h2-h6 tags
2017-01-15 15:23:14 -05:00
Adam Muntner
715977900d
Merge pull request #159 from merttasci/patch-1
...
added 2 style context XSS attacks for LESS
2017-01-15 15:22:34 -05:00
Adam Muntner
1e6472ea75
Merge pull request #154 from elnerd/patch-2
...
Create html_attributes.txt
2017-01-15 15:21:35 -05:00
Adam Muntner
7b3433f960
Merge pull request #147 from GuiOm/master
...
Add HTML event attributes
2017-01-15 15:21:19 -05:00
El Nerdo
9cd7e5a2d0
Added TRACK method to http-methods
...
According to https://www.owasp.org/index.php/Cross_Site_Tracing - the TRACK method is IIS specific variant of TRACE.
2016-12-19 11:38:35 +01:00
Bill Sempf
02f6aa2687
Create json version of debug params
...
I like this for AJAXy sites.
2016-12-15 10:25:54 -05:00
Adam Muntner
6e3e71822b
Delete command-execution-cheatsheat-unix.txt
2016-11-15 16:31:53 -05:00
Mert Tasci
6724d78102
added 2 style context XSS attacks for LESS
...
cc: https://twitter.com/merttasci_/status/786878767604043776
2016-10-19 14:12:27 +03:00
Adam Muntner
71407d12e0
Create README.md
2016-10-17 09:06:26 -04:00
Adam Muntner
22fe7c4b1a
Delete README.rb
2016-10-17 08:54:04 -04:00
Adam Muntner
e3a9f305b7
Update README.rb
2016-10-17 08:52:48 -04:00
Adam Muntner
e5b926eadd
Update README.rb
2016-10-17 08:52:08 -04:00
Adam Muntner
db8c767952
Create README.rb
2016-10-17 08:51:50 -04:00
Adam Muntner
c4d8de6c78
Add PNG IDAT chunk webshell link & cleanup
2016-10-16 20:24:55 -04:00
Adam Muntner
89c59e7d74
Update arbitrary redirect docs
2016-10-12 03:44:16 -04:00
Adam Muntner
e951c9f277
doc page 1.0 for open redirect patterns
2016-10-12 03:22:12 -04:00
Adam Muntner
05c9d033fb
Arbitrary redirect injection template
2016-10-12 02:36:00 -04:00
Adam Muntner
a3768fd2a4
Open redirct injection tests
2016-10-12 02:12:47 -04:00
Adam Muntner
aaeaf2fbc4
Open redirect tests
2016-10-12 02:12:10 -04:00
Adam Muntner
55bb18a030
Open redirect url patterns
2016-10-12 02:08:10 -04:00
Adam Muntner
f38bb3e0df
Creating redirection template, more patterns otw
2016-10-12 01:42:23 -04:00