info/big-list-of-naughty-strings
1
0
Fork 0
mirror of https://github.com/minimaxir/big-list-of-naughty-strings.git synced 2025-09-24 21:01:32 +02:00
Code Issues Releases Wiki Activity
273 Commits 1 Branch 0 Tags
master
Commit Graph

273 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joseph Lennox
183ae90ec5 Unify message for XSS strings to a numeric value. This is the best for a PoC because it avoids any quote escaping. 2015-08-12 08:54:41 -07:00
Max Woolf
d981a1fc39 Merge pull request #34 from YR/master 
Add package.json to repository
 2015-08-12 07:03:12 -07:00
Sofien Lazreg
7942dbec92 change to minimaxir/master 2015-08-12 10:21:10 +02:00
Sofien Lazreg
fda211217e add package.json 2015-08-12 10:10:31 +02:00
Max Woolf
ce4d3a4321 Merge pull request #32 from rschoultz/master 
Added XXE injection string.
 2015-08-11 23:41:13 -07:00
Rickard Schoultz
e97c828fa3 Added XXE injection string. 2015-08-12 08:35:20 +02:00
Max Woolf
7ef8595322 Merge pull request #31 from 06b/master 
Added string that will lock up OneNote 2013, because of a bug in msspell7.dll
 2015-08-11 21:26:51 -07:00
Adrian D. Alvarez
d9cdb7cd76 Merge pull request #1 from 06b/bug-in-msspell7.dll 
Added string that will lock up OneNote 2013, because of a bug in msspell7.dll
 2015-08-12 00:19:33 -04:00
Adrian D. Alvarez
a49eebfb85 Updated blns.json to include msspell7.dll bug 2015-08-12 00:19:12 -04:00
Adrian D. Alvarez
1d209c567a Added string that will lock up OneNote 2013, because of a bug in msspell7.dll 
As pointed out by this tweet - https://twitter.com/ThiceNL/status/623147453177589760
 2015-08-12 00:17:44 -04:00
Max Woolf
409a74e222 #30; updated blns.json to latest 2015-08-11 21:05:10 -07:00
Max Woolf
896a6faf4f #29 2015-08-11 21:00:39 -07:00
Max Woolf
4f0ad73423 #27 2015-08-11 20:57:00 -07:00
Max Woolf
26585a7641 #24 2015-08-11 20:53:57 -07:00
Max Woolf
f5217d8ab3 edit README in light of #28 2015-08-11 20:50:29 -07:00
Max Woolf
b021962ef5 #24 2015-08-11 20:43:14 -07:00
Max Woolf
62066882b5 Null character defeated! 2015-08-11 20:41:59 -07:00
Max Woolf
ff6e9a72f1 #21; .gitattributes 2015-08-11 20:25:32 -07:00
Max Woolf
ad59ef98b3 #21; Fix .gitattributes again 2015-08-11 20:20:24 -07:00
Max Woolf
e3886d3275 Manually add strings from #9 2015-08-11 20:07:56 -07:00
Max Woolf
a03151d467 Merge branch 'jwilkins-patch-1' 2015-08-11 19:57:56 -07:00
Max Woolf
5bbd83d7c2 text 2015-08-11 19:57:30 -07:00
Max Woolf
7217042698 Merged #3 and included non-long strings in blns.txt 2015-08-11 19:41:08 -07:00
Max Woolf
c23d11ff9d Merge remote-tracking branch 'origin/master' 
Conflicts:
	blns.txt
 2015-08-11 19:22:34 -07:00
Max Woolf
0bbf309868 Add gitattributes file to force blns.txt to be text 2015-08-11 19:21:14 -07:00
Max Woolf
0a29e84481 Merge pull request #23 from sartak/master 
Add Perl's "undef"
 2015-08-11 10:29:01 -07:00
Shawn M Moore
7500c5ff3b Add Perl's "undef" 2015-08-11 13:08:49 -04:00
Max Woolf
3e856f7b93 Merge pull request #22 from JuanitoFatas/patch-1 
Fix comment [ci skip]
 2015-08-11 09:28:19 -07:00
Juanito Fatas
18c98526a6 Fix comment [ci skip] 2015-08-11 23:42:19 +08:00
Max Woolf
6b3a0a3489 Added EICAR note 2015-08-11 07:51:21 -07:00
Max Woolf
b518990120 More trick unicode from rspeer at HN 
https://news.ycombinator.com/item?id=10035723
 2015-08-10 19:16:01 -07:00
Max Woolf
d10f848922 update JSON to latest 2015-08-10 19:07:24 -07:00
Max Woolf
a564fe3113 add maintainer note 2015-08-10 19:00:57 -07:00
Max Woolf
ef23ab616c make formatting more consistent 2015-08-10 18:58:18 -07:00
Max Woolf
3a4375fc16 Merge pull request #17 from ataylor32/script-injection 
Added another line to the "Script Injection" section
 2015-08-10 18:52:17 -07:00
Adam Taylor
b191b4a2ef Added another line to the "Script Injection" section 
See https://docs.djangoproject.com/en/1.8/ref/utils/#django.utils.html.remove_tags
 2015-08-10 19:46:12 -06:00
Max Woolf
95189629fd Merge pull request #15 from 06b/patch-1 
Added Full width unicode lt/gt
 2015-08-10 18:08:27 -07:00
Adrian D. Alvarez
5fa6653a89 Added Full width unicode lt/gt 
Browsers will ignore the <script>, but if it's stored into a SQL varchar it get's converted into < and thus a persisted XSS
 2015-08-10 20:54:00 -04:00
Max Woolf
3fdbc7f944 Merge pull request #12 from jlennox/master 
Negative number validation errors. XSS attribute escapes without lt/gt/quote symbols.
 2015-08-10 14:37:45 -07:00
Joseph Lennox
9dbe44bf69 XSS attribute escapes without lt/gt/quote symbols. 2015-08-10 14:30:34 -07:00
Joseph Lennox
02e7317f73 Negative number validation errors. 2015-08-10 14:29:33 -07:00
Max Woolf
1f69f22e39 Merge pull request #11 from aesopwolf/patch-1 
Update blns.txt
 2015-08-10 14:21:59 -07:00
Aesop Wolf
4bc2f13535 Update blns.txt 2015-08-10 14:18:38 -07:00
Max Woolf
e00ffa398b Merge pull request #10 from mariusschulz/patch-1 
Adds more null strings
 2015-08-10 14:17:39 -07:00
Joseph Lennox
f594d6aa2a Negative number validation errors. 2015-08-10 14:16:11 -07:00
Marius Schulz
2769cc1e80 Adds "nil" and "NIL" 2015-08-10 23:09:28 +02:00
Max Woolf
6265464412 Merge pull request #7 from thebouv/master 
Minor typo and grammar fixes to README
 2015-08-10 14:09:06 -07:00
Max Woolf
a3f9ce6613 Merge pull request #8 from jlennox/master 
Decimal validation exceptions. Non-numeric JS numbers. IE7 backtick. Attribute escape XSS.
 2015-08-10 14:08:51 -07:00
Jonathan Wilkins
33e1224dce add MSDOS/Windows device names, more math parsing 2015-08-10 14:07:44 -07:00
Marius Schulz
3488e0597a Adds "NULL" as a naughty string 2015-08-10 23:05:19 +02:00