Mirrors/fuzzdb
2
0
Fork 0
mirror of https://github.com/fuzzdb-project/fuzzdb.git synced 2024-11-23 11:33:04 +00:00
Code Issues Projects Releases Packages Wiki Activity
336 commits 2 branches 0 tags 8.8 MiB
Commit graph

96 commits

Author SHA1 Message Date
Adam Muntner
984b37e742 Template for generating OS Commanding tests 
Replacement string is {cmd}
 2016-10-05 20:49:35 -04:00
Adam Muntner
ea7dd32b51 Patterns for separating shell commands 2016-10-05 20:34:28 -04:00
Adam Muntner
8bad923d65 reformat xterm examples 2016-10-04 09:13:29 -04:00
Adam Muntner
66f94cd903 update reverse shell one-liners & xterm examples 
Thanks Bernardo Damele A. G http://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html
 2016-10-04 09:11:57 -04:00
Adam Muntner
a9d9991944 os command execution cheatsheet cleanup 2016-10-04 08:38:44 -04:00
Adam Muntner
8645354266 os command execution cheatsheet cleanup 2016-10-04 08:37:43 -04:00
Adam Muntner
7e886d0d9d shell commands without spaces, edits 2016-10-04 07:26:39 -04:00
Adam Muntner
b50de0d583 Add more remote cmd exec without spaces 2016-10-04 00:33:05 -04:00
Adam Muntner
8ed1ab4773 Add more remote cmd exec without spaces 
technique from https://www.mailchannels.com/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ using $IFS
 2016-10-04 00:32:00 -04:00
Adam Muntner
d1209f4b31 Update docs: remote command exec without spaces 2016-10-04 00:22:49 -04:00
Adam Muntner
1f4867321f remove old header, replace with "" 2016-10-04 00:12:04 -04:00
Adam Muntner
a0b1672889 fixup 2016-10-04 00:05:28 -04:00
Adam Muntner
b41ed8173e More command exec without spaces 
Credits:

Joe Sylve
Daniel Frisch
 2016-10-04 00:03:33 -04:00
Adam Muntner
0891bb84ec Cmd injection without spaces 
Thanks:
Andre Gironda
Ben Toews https://gist.github.com/btoews/3056269
Jon Oberheide https://jon.oberheide.org/blog/2008/09/04/bash-brace-expansion-cleverness/
 2016-10-03 23:41:58 -04:00
Adam Muntner
d034e66d6c Create Readme.md 2016-09-20 08:07:40 -04:00
Adam Muntner
e2062d0dbb Original source: https://github.com/cr0hn/nosqlinjection_wordlists 2016-09-20 07:54:59 -04:00
cr0hn
0dfbeda6e7 added wordlist for no-sqli-injections for mongoDB 2016-09-20 12:37:07 +02:00
Adam Muntner
104aac598d change ordering 2016-09-14 00:50:45 -04:00
Adam Muntner
9825554871 Adding newer html5 tags that were missing 2016-09-13 18:26:43 -04:00
leikarne
cb7b69a789 Removed crocodiles 
When fuzzing for allowed html tags, some libraries such as OWASP AntiSamy will require a matching closing tag.
Removing the crocodiles from the html tags, it allow you to do the following: <$POS$></$POS$>, and you can use this file to fuzz for valid html tags, and still provide valid html at the same time.
 2016-09-13 23:52:20 +02:00
Adam Muntner
19071973bc HTML entities, blank line, and a real null byte 2016-09-10 17:20:40 -04:00
Adam Muntner
13021c06a4 oops! 2016-09-10 17:19:28 -04:00
Adam Muntner
05d4b0ab25 Real null byte for fault injection into binaries + intentional blank line for "" 2016-09-10 17:01:31 -04:00
Adam Muntner
2d3ea1436e replacing 2016-09-10 16:58:40 -04:00
Adam Muntner
0e5ab90100 Various representations of localhost 2016-09-04 02:43:29 -04:00
dud3z
8c913fbd38 Fix missing phpinfo in GIFs, add POCs for phpinfo in GIF/JPG metadata 2016-09-04 00:57:45 +02:00
dud3z
c8aced196c Fix missing malicious images, XSS .swf file and EICAR test 2016-09-04 00:57:10 +02:00
Adam Muntner
9a999e0af1 fixup 2016-09-02 08:41:12 -04:00
Adam Muntner
1bc10ab87e wikimedia exploit T137264 
https://phabricator.wikimedia.org/T137264
 2016-08-22 23:35:08 -04:00
Adam Muntner
3154ff4f84 add payloads 2016-08-16 09:54:40 -04:00
Adam Muntner
895232fb9c Updated link 2016-08-14 20:52:52 -04:00
Adam Muntner
5860461322 add fimap how-to link 2016-08-14 20:37:06 -04:00
Adam Muntner
17cedd2a99 Update README.md 2016-08-14 20:35:00 -04:00
Ricardo Madriz
2863f7a588 Fix #144 2016-05-25 17:56:24 -06:00
Ricardo Madriz
f7aa901576 Fix #144 2016-05-25 17:55:49 -06:00
Adam Muntner
27abfa211a add payload 
/\..%2f\..%2f\..%2f etc etc etc
 2016-05-20 02:04:44 -04:00
Adam Muntner
e7b121ab2b Overly-long UTF-8 representations of Null 2016-04-18 20:16:24 -04:00
Adam Muntner
4f05417bc5 Added files via upload 2016-03-09 19:08:45 -05:00
Adam Muntner
ff47fde34e Create README.md 2016-03-09 19:08:21 -05:00
Adam Muntner
47e2cdb451 From SecLists Generic_SQLi 2016-03-09 19:04:21 -05:00
Adam Muntner
3c770bab38 Create JHADDIX_LFI.fuzz.txt 2016-03-09 19:02:35 -05:00
Adam Muntner
8ae928dc58 Update server-side-includes-generic.fuzz.txt 2016-03-09 19:00:51 -05:00
Adam Muntner
83f7c51f01 Update README.md 2016-03-09 18:59:10 -05:00
Adam Muntner
2f66b32d56 added records from SecLists JHADDIX_XSS.txt 2016-03-09 18:57:33 -05:00
Adam Muntner
e38d1820c9 JHADDIX_XSS_WITH_CONTEXT.txt from SecLists 2016-03-09 18:54:51 -05:00
Adam Muntner
238567db24 by Danny Chrastil submitted to SecLists 2016-03-09 18:52:55 -05:00
Adam Muntner
ea0b7142c2 Update xss-other.fuzz.txt 2016-03-09 18:49:32 -05:00
Adam Muntner
a949e4e409 Update xml-attacks.fuzz.txt 2016-03-09 18:42:06 -05:00
Adam Muntner
fc2beb2743 Update ldap-injection.fuzz.txt 2016-03-09 16:15:35 -05:00
Adam Muntner
8690869ae3 Create js_inject.fuzz.txt 2016-03-09 16:14:03 -05:00