[WEB SECURITY] FuzzDB 1.09

Adam Muntner unix23 at gmail.com
Mon Aug 15 19:36:11 EDT 2011


FuzzDB 1.09 is now up at https://fuzzdb.googlecode.com

New stuff since 1.08:

  * Thanks to lawKnee, new features added to the cfm webshell, he also
submitted a nifty cfm sql webshell
  * The data dir from the tool raft, containing paths extracted from
the "disallow" fields from the robots.txr files of 1.7 million
websites, presented at BlackHat 2011 (https://raft.googlecode.com/)
  * Added new attack payload file
os-cmd-execution/OSCommandInject.Windows.fuzz.txt and a case to the
unix version of the file that breaks out of regex with a $
  * Many more platforms added to discovery, check the svn logs, too
many to list here
  * /attack-payloads/BizLogic/CommonMethods.fuzz.txt - thanks to Tim
Brown and darkraver
  * /generic/interesting-files-siteminder.txt - CA Siteminder discovery
  * /generic/proxy-conf.txt - Various popular locations for proxy.pac files
  * Updated sqli attacks using new filename convention to make it
simpler to navigate fuzzdb and include it in other projects, other
directories will follow. Thanks to Nathan Hamiel and Marcin
Wielgoszewski for prompting me to create the new namespace format.
  * Fixed a few misplaced SQLI test cases thanks to Michael Brooks careful eye.




More information about the websecurity mailing list