Merge pull request #6 from jason0x90/patch-1

Reduce false positives - Increase value entropy of math function
jaeles-project · Sep 4, 2020 · 344b0ba · 344b0ba
2 parents d88e2c2 + f13f4b4
commit 344b0ba
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/fuzz/ssti/template-injection.yaml b/fuzz/ssti/template-injection.yaml
@@ -7,10 +7,10 @@ info:
 
 # origin: gonna come from Burp
 payloads:
-    - '${7*191}'
-    - '${{"{{"}}7*191{{"}}"}}'
-    - '<%= 7 * 191 %>'
-    - '#{ 7 * 191 }'
+    - '${3*313373133731337}'
+    - '${{"{{"}}3*313373133731337{{"}}"}}'
+    - '<%= 3 * 313373133731337 %>'
+    - '#{ 3 * 313373133731337 }'
 
 requests:
   - generators:
@@ -21,7 +21,7 @@ requests:
     # if response have result of template code above
     detections:
       - >-
-        StringSearch("response", "1337") && (StringCount("response", "1337") > StringCount("oresponse", "1337"))
+        StringSearch("response", "940119401194011") && (StringCount("response", "940119401194011") > StringCount("oresponse", "940119401194011"))
   # another request builder with URL encode the payload
   - encoding: URL()
     generators:
@@ -32,5 +32,5 @@ requests:
     # if response have result of template code above
     detections:
       - >-
-        StringSearch("response", "1337") && (StringCount("response", "1337") > StringCount("oresponse", "1337"))
+        StringSearch("response", "940119401194011") && (StringCount("response", "940119401194011") > StringCount("oresponse", "940119401194011"))