Merge pull request #1 from ejcx/commonwebattacks

Add some web stuff

blns.json

@@ -91,7 +91,10 @@
   "00˙Ɩ$-", 
   "<script>alert('hi')</script>", 
   "<img src=x onerror=alert('hi') />", 
+  "<svg><script>0<1>alert('XSS')</script>",
   "1;DROP TABLE users", 
   "1'; DROP TABLE users--", 
-  "/dev/null; rm -rf /*; echo"
-]
+  "/dev/null; rm -rf /*; echo",
+  "../../../../../../../../../../../etc/passwd%00",
+  "../../../../../../../../../../../etc/hosts"
+]

blns.txt

@@ -169,6 +169,7 @@ Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
 
 <script>alert('hi')</script>
 <img src=x onerror=alert('hi') />
+<svg><script>0<1>alert('XSS')</script> 
 
 #	SQL Injection
 #
@@ -181,4 +182,11 @@ Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
 #
 #	Strings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)
 
-/dev/null; rm -rf /*; echo
+/dev/null; rm -rf /*; echo
+
+#	File Inclusion
+#
+#	Strings which can cause user to pull in files that should not be a part of a web server
+
+../../../../../../../../../../../etc/passwd%00
+../../../../../../../../../../../etc/hosts