Adam Muntner
aaeaf2fbc4
Open redirect tests
2016-10-12 02:12:10 -04:00
Adam Muntner
55bb18a030
Open redirect url patterns
2016-10-12 02:08:10 -04:00
Adam Muntner
f38bb3e0df
Creating redirection template, more patterns otw
2016-10-12 01:42:23 -04:00
Adam Muntner
69210d06f2
added redirector
2016-10-11 01:47:17 -04:00
Adam Muntner
48c40d2e54
Create shell-operators.txt
2016-10-11 01:44:27 -04:00
Adam Muntner
93d85fb2f0
Added more OS commanding patterns
2016-10-11 01:30:00 -04:00
Adam Muntner
a9e417d045
command-injection-template.txt is nicer, use it
2016-10-11 01:21:37 -04:00
Adam Muntner
0535bbd2fb
add link to webshell git repo
2016-10-10 03:44:24 -04:00
Adam Muntner
9e545e71b1
More patterns for separating shell commands
2016-10-06 10:27:50 -04:00
Adam Muntner
0bc1498c3d
Update patterns for separating shell commands
2016-10-06 10:20:43 -04:00
Adam Muntner
5dd4d67557
Template for generating OS Commanding tests
...
replace {cmd} with single value such as /usr/bin/id or a list of test values
2016-10-05 20:51:15 -04:00
Adam Muntner
984b37e742
Template for generating OS Commanding tests
...
Replacement string is {cmd}
2016-10-05 20:49:35 -04:00
Adam Muntner
ea7dd32b51
Patterns for separating shell commands
2016-10-05 20:34:28 -04:00
Adam Muntner
8bad923d65
reformat xterm examples
2016-10-04 09:13:29 -04:00
Adam Muntner
66f94cd903
update reverse shell one-liners & xterm examples
...
Thanks Bernardo Damele A. G http://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html
2016-10-04 09:11:57 -04:00
Adam Muntner
a9d9991944
os command execution cheatsheet cleanup
2016-10-04 08:38:44 -04:00
Adam Muntner
8645354266
os command execution cheatsheet cleanup
2016-10-04 08:37:43 -04:00
Adam Muntner
7e886d0d9d
shell commands without spaces, edits
2016-10-04 07:26:39 -04:00
Adam Muntner
b50de0d583
Add more remote cmd exec without spaces
2016-10-04 00:33:05 -04:00
Adam Muntner
8ed1ab4773
Add more remote cmd exec without spaces
...
technique from https://www.mailchannels.com/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ using $IFS
2016-10-04 00:32:00 -04:00
Adam Muntner
d1209f4b31
Update docs: remote command exec without spaces
2016-10-04 00:22:49 -04:00
Adam Muntner
1f4867321f
remove old header, replace with ""
2016-10-04 00:12:04 -04:00
Adam Muntner
a0b1672889
fixup
2016-10-04 00:05:28 -04:00
Adam Muntner
b41ed8173e
More command exec without spaces
...
Credits:
Joe Sylve
Daniel Frisch
2016-10-04 00:03:33 -04:00
Adam Muntner
0891bb84ec
Cmd injection without spaces
...
Thanks:
Andre Gironda
Ben Toews https://gist.github.com/btoews/3056269
Jon Oberheide https://jon.oberheide.org/blog/2008/09/04/bash-brace-expansion-cleverness/
2016-10-03 23:41:58 -04:00
Adam Muntner
c261b0955e
Update README.md
2016-10-01 22:01:36 -04:00
Adam Muntner
2663f4fbf5
Update README.md
2016-10-01 21:59:34 -04:00
Adam Muntner
8ef1593ba3
Update README.md
2016-09-26 23:02:23 -04:00
Adam Muntner
4adcf53fb8
Update README.md
2016-09-26 10:32:19 -04:00
Adam Muntner
a1318d0e5f
Update README.md
2016-09-21 02:18:24 -04:00
Adam Muntner
d21068bbb4
Update README.md
2016-09-21 02:17:01 -04:00
Adam Muntner
de4932865b
Update README.md
2016-09-21 02:14:41 -04:00
Adam Muntner
ac3613f2a1
Update README.md
2016-09-21 02:12:11 -04:00
Adam Muntner
a007516ca2
Update README.md
2016-09-21 00:47:45 -04:00
Adam Muntner
051ac4eb1b
Update wordlist-common-snmp-community-strings.txt
2016-09-21 00:39:57 -04:00
Adam Muntner
35dfd9016a
Update SAP.txt
2016-09-21 00:19:34 -04:00
Adam Muntner
c85b108085
add more common paths
2016-09-20 23:51:07 -04:00
Adam Muntner
2f8988812f
cross-updating with https://github.com/andresriancho/w3af/blob/master/w3af/plugins/grep/user_defined_regex/example_regexes.txt
2016-09-20 23:25:03 -04:00
Adam Muntner
64a2a707bc
add antivirus warning
2016-09-20 20:02:28 -04:00
Adam Muntner
664e12b813
Update README.md
2016-09-20 19:45:22 -04:00
Adam Muntner
2336d61859
Update README.md
2016-09-20 09:52:57 -04:00
Adam Muntner
d034e66d6c
Create Readme.md
2016-09-20 08:07:40 -04:00
Adam Muntner
217cfdc9ad
added wordlist for no-sqli-injections for mongoDB
...
Merge pull request #156 from cr0hn/master
2016-09-20 08:00:36 -04:00
Adam Muntner
e2062d0dbb
Original source: https://github.com/cr0hn/nosqlinjection_wordlists
2016-09-20 07:54:59 -04:00
cr0hn
0dfbeda6e7
added wordlist for no-sqli-injections for mongoDB
2016-09-20 12:37:07 +02:00
Adam Muntner
104aac598d
change ordering
2016-09-14 00:50:45 -04:00
Adam Muntner
9825554871
Adding newer html5 tags that were missing
2016-09-13 18:26:43 -04:00
Adam Muntner
bdcc8a6873
Merge pull request #153 from leikarne/patch-1
...
Removed crocodiles
2016-09-13 18:16:47 -04:00
leikarne
cb7b69a789
Removed crocodiles
...
When fuzzing for allowed html tags, some libraries such as OWASP AntiSamy will require a matching closing tag.
Removing the crocodiles from the html tags, it allow you to do the following: <$POS$></$POS$>, and you can use this file to fuzz for valid html tags, and still provide valid html at the same time.
2016-09-13 23:52:20 +02:00
Adam Muntner
19071973bc
HTML entities, blank line, and a real null byte
2016-09-10 17:20:40 -04:00