From 0256509673d2104b609856b2b99d4031d99afb2e Mon Sep 17 00:00:00 2001 From: shelld3v <59408894+shelld3v@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:04:31 +0700 Subject: [PATCH] Added path traversal --- db/400_blacklist.txt | 3 ++- db/403_blacklist.txt | 3 ++- db/500_blacklist.txt | 2 ++ db/dicc.txt | 3 ++- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/db/400_blacklist.txt b/db/400_blacklist.txt index 25c364661..a9cbec45a 100644 --- a/db/400_blacklist.txt +++ b/db/400_blacklist.txt @@ -1,8 +1,9 @@ %2e%2e//google.com %ff +%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd %2e%2e;/test %3f/ %C0%AE%C0%AE%C0%AF -.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd +../../../../../../etc/passwd ..;/ cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd diff --git a/db/403_blacklist.txt b/db/403_blacklist.txt index eb57d8abd..c29f9c3a8 100644 --- a/db/403_blacklist.txt +++ b/db/403_blacklist.txt @@ -1,8 +1,9 @@ %2e%2e//google.com %ff +%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd %2e%2e;/test %3f/ %C0%AE%C0%AE%C0%AF -.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd +../../../../../../etc/passwd ..;/ cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd diff --git a/db/500_blacklist.txt b/db/500_blacklist.txt index b6aadfb9e..3f4b73ed0 100644 --- a/db/500_blacklist.txt +++ b/db/500_blacklist.txt @@ -1,6 +1,8 @@ %ff +%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd %3f/ %C0%AE%C0%AE%C0%AF %2e%2e;/test +../../../../../../etc/passwd ..;/ diff --git a/db/dicc.txt b/db/dicc.txt index fc9ea7879..73a333c9d 100644 --- a/db/dicc.txt +++ b/db/dicc.txt @@ -2,6 +2,7 @@ !.htaccess !.htpasswd %2e%2e//google.com +%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd %2e%2e;/test %3f/ %C0%AE%C0%AE%C0%AF @@ -38,7 +39,7 @@ +CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua +CSCOT+/translation +CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ -.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd +../../../../../../etc/passwd ..;/ .0 .7z