Adam Muntner
93d85fb2f0
Added more OS commanding patterns
2016-10-11 01:30:00 -04:00
Adam Muntner
a9e417d045
command-injection-template.txt is nicer, use it
2016-10-11 01:21:37 -04:00
Adam Muntner
9e545e71b1
More patterns for separating shell commands
2016-10-06 10:27:50 -04:00
Adam Muntner
0bc1498c3d
Update patterns for separating shell commands
2016-10-06 10:20:43 -04:00
Adam Muntner
5dd4d67557
Template for generating OS Commanding tests
...
replace {cmd} with single value such as /usr/bin/id or a list of test values
2016-10-05 20:51:15 -04:00
Adam Muntner
984b37e742
Template for generating OS Commanding tests
...
Replacement string is {cmd}
2016-10-05 20:49:35 -04:00
Adam Muntner
ea7dd32b51
Patterns for separating shell commands
2016-10-05 20:34:28 -04:00
Adam Muntner
8bad923d65
reformat xterm examples
2016-10-04 09:13:29 -04:00
Adam Muntner
66f94cd903
update reverse shell one-liners & xterm examples
...
Thanks Bernardo Damele A. G http://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html
2016-10-04 09:11:57 -04:00
Adam Muntner
a9d9991944
os command execution cheatsheet cleanup
2016-10-04 08:38:44 -04:00
Adam Muntner
8645354266
os command execution cheatsheet cleanup
2016-10-04 08:37:43 -04:00
Adam Muntner
7e886d0d9d
shell commands without spaces, edits
2016-10-04 07:26:39 -04:00
Adam Muntner
b50de0d583
Add more remote cmd exec without spaces
2016-10-04 00:33:05 -04:00
Adam Muntner
8ed1ab4773
Add more remote cmd exec without spaces
...
technique from https://www.mailchannels.com/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ using $IFS
2016-10-04 00:32:00 -04:00
Adam Muntner
d1209f4b31
Update docs: remote command exec without spaces
2016-10-04 00:22:49 -04:00
Adam Muntner
1f4867321f
remove old header, replace with ""
2016-10-04 00:12:04 -04:00
Adam Muntner
a0b1672889
fixup
2016-10-04 00:05:28 -04:00
Adam Muntner
b41ed8173e
More command exec without spaces
...
Credits:
Joe Sylve
Daniel Frisch
2016-10-04 00:03:33 -04:00
Adam Muntner
0891bb84ec
Cmd injection without spaces
...
Thanks:
Andre Gironda
Ben Toews https://gist.github.com/btoews/3056269
Jon Oberheide https://jon.oberheide.org/blog/2008/09/04/bash-brace-expansion-cleverness/
2016-10-03 23:41:58 -04:00
Adam Muntner
d034e66d6c
Create Readme.md
2016-09-20 08:07:40 -04:00
Adam Muntner
e2062d0dbb
Original source: https://github.com/cr0hn/nosqlinjection_wordlists
2016-09-20 07:54:59 -04:00
cr0hn
0dfbeda6e7
added wordlist for no-sqli-injections for mongoDB
2016-09-20 12:37:07 +02:00
Adam Muntner
104aac598d
change ordering
2016-09-14 00:50:45 -04:00
Adam Muntner
9825554871
Adding newer html5 tags that were missing
2016-09-13 18:26:43 -04:00
leikarne
cb7b69a789
Removed crocodiles
...
When fuzzing for allowed html tags, some libraries such as OWASP AntiSamy will require a matching closing tag.
Removing the crocodiles from the html tags, it allow you to do the following: <$POS$></$POS$>, and you can use this file to fuzz for valid html tags, and still provide valid html at the same time.
2016-09-13 23:52:20 +02:00
Adam Muntner
19071973bc
HTML entities, blank line, and a real null byte
2016-09-10 17:20:40 -04:00
Adam Muntner
13021c06a4
oops!
2016-09-10 17:19:28 -04:00
Adam Muntner
05d4b0ab25
Real null byte for fault injection into binaries + intentional blank line for ""
2016-09-10 17:01:31 -04:00
Adam Muntner
2d3ea1436e
replacing
2016-09-10 16:58:40 -04:00
Adam Muntner
0e5ab90100
Various representations of localhost
2016-09-04 02:43:29 -04:00
dud3z
8c913fbd38
Fix missing phpinfo in GIFs, add POCs for phpinfo in GIF/JPG metadata
2016-09-04 00:57:45 +02:00
dud3z
c8aced196c
Fix missing malicious images, XSS .swf file and EICAR test
2016-09-04 00:57:10 +02:00
Adam Muntner
9a999e0af1
fixup
2016-09-02 08:41:12 -04:00
Adam Muntner
1bc10ab87e
wikimedia exploit T137264
...
https://phabricator.wikimedia.org/T137264
2016-08-22 23:35:08 -04:00
Adam Muntner
3154ff4f84
add payloads
2016-08-16 09:54:40 -04:00
Adam Muntner
895232fb9c
Updated link
2016-08-14 20:52:52 -04:00
Adam Muntner
5860461322
add fimap how-to link
2016-08-14 20:37:06 -04:00
Adam Muntner
17cedd2a99
Update README.md
2016-08-14 20:35:00 -04:00
Ricardo Madriz
2863f7a588
Fix #144
2016-05-25 17:56:24 -06:00
Ricardo Madriz
f7aa901576
Fix #144
2016-05-25 17:55:49 -06:00
Adam Muntner
27abfa211a
add payload
...
/\..%2f\..%2f\..%2f etc etc etc
2016-05-20 02:04:44 -04:00
Adam Muntner
e7b121ab2b
Overly-long UTF-8 representations of Null
2016-04-18 20:16:24 -04:00
Adam Muntner
4f05417bc5
Added files via upload
2016-03-09 19:08:45 -05:00
Adam Muntner
ff47fde34e
Create README.md
2016-03-09 19:08:21 -05:00
Adam Muntner
47e2cdb451
From SecLists Generic_SQLi
2016-03-09 19:04:21 -05:00
Adam Muntner
3c770bab38
Create JHADDIX_LFI.fuzz.txt
2016-03-09 19:02:35 -05:00
Adam Muntner
8ae928dc58
Update server-side-includes-generic.fuzz.txt
2016-03-09 19:00:51 -05:00
Adam Muntner
83f7c51f01
Update README.md
2016-03-09 18:59:10 -05:00
Adam Muntner
2f66b32d56
added records from SecLists JHADDIX_XSS.txt
2016-03-09 18:57:33 -05:00
Adam Muntner
e38d1820c9
JHADDIX_XSS_WITH_CONTEXT.txt from SecLists
2016-03-09 18:54:51 -05:00