FuzzDB 1.09 is now up at https://fuzzdb.googlecode.com New stuff since 1.08: * Thanks to lawKnee, new features added to the cfm webshell, he also submitted a nifty cfm sql webshell * The data dir from the tool raft, containing paths extracted from the "disallow" fields from the robots.txr files of 1.7 million websites, presented at BlackHat 2011 (https://raft.googlecode.com/) * Added new attack payload file os-cmd-execution/OSCommandInject.Windows.fuzz.txt and a case to the unix version of the file that breaks out of regex with a $ * Many more platforms added to discovery, check the svn logs, too many to list here * /attack-payloads/BizLogic/CommonMethods.fuzz.txt - thanks to Tim Brown and darkraver * /generic/interesting-files-siteminder.txt - CA Siteminder discovery * /generic/proxy-conf.txt - Various popular locations for proxy.pac files * Updated sqli attacks using new filename convention to make it simpler to navigate fuzzdb and include it in other projects, other directories will follow. Thanks to Nathan Hamiel and Marcin Wielgoszewski for prompting me to create the new namespace format. * Fixed a few misplaced SQLI test cases thanks to Michael Brooks careful eye.