supererki
June 1st, 2010, 05:32 PM
hello :
in the script there is a sed command :
sed -e 's/\/\\\\/g; s///\\//g; s/:::.*//g'
anyway, it doesn't work :
sed: -e expression #1, char 15: unknown option to `s'
any help would be apprechiated.
The whole script goes like :
#!/usr/bin/env bash
sed -e 's/\/\\\\/g; s///\\//g; s/:::.*//g' All_attack.txt > All_attack.txt~
n=0
for i in `ls -1 *.xml`
do
while read line
do
sed "s/?/${line}/" $i > $i.$n
echo "Writing $i.$n"
echo -n "."
let "n+=1"
done < All_attack.txt~
let n=0
done
rm All_attack.txt~
exit 0
---------
attack file is something like : (small part)
%27%20or%201=1:::SQL Injection (SQLi)
%20$(sleep%2050):::SQL Injection (SQLi)
%20'sleep%2050':::SQL Injection (SQLi)
char%4039%41%2b%40SELECT:::SQL Injection (SQLi)
'%20OR:::SQL Injection (SQLi)
'sqlattempt1:::SQL Injection (SQLi)
(sqlattempt2):::SQL Injection (SQLi)
|:::LDAP Injection
%7C:::LDAP Injection
*|:::LDAP Injection
%2A%7C:::LDAP Injection
*(|(mail=*)):::LDAP Injection
%2A%28%7C%28mail%3D%2A%29%29:::LDAP Injection
*(|(objectclass=*)):::LDAP Injection
%2A%28%7C%28objectclass%3D%2A%29%29:::LDAP Injection
(:::LDAP Injection
%28:::LDAP Injection
):::LDAP Injection
%29:::LDAP Injection
&:::LDAP Injection
%26:::LDAP Injection
!:::LDAP Injection
%21:::LDAP Injection
/:::LDAP Injection
//:::LDAP Injection
//*:::LDAP Injection
*/*:::LDAP Injection
@*:::LDAP Injection
x' or name()='username' or 'x'='y:::LDAP Injection
count(/child::node()):::XPath Injection
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>:::Script Injection
<name>','')); phpinfo(); exit;/*</name>:::Script Injection
it is not anything malicious, its for fuzztesting my own webservice.
in the script there is a sed command :
sed -e 's/\/\\\\/g; s///\\//g; s/:::.*//g'
anyway, it doesn't work :
sed: -e expression #1, char 15: unknown option to `s'
any help would be apprechiated.
The whole script goes like :
#!/usr/bin/env bash
sed -e 's/\/\\\\/g; s///\\//g; s/:::.*//g' All_attack.txt > All_attack.txt~
n=0
for i in `ls -1 *.xml`
do
while read line
do
sed "s/?/${line}/" $i > $i.$n
echo "Writing $i.$n"
echo -n "."
let "n+=1"
done < All_attack.txt~
let n=0
done
rm All_attack.txt~
exit 0
---------
attack file is something like : (small part)
%27%20or%201=1:::SQL Injection (SQLi)
%20$(sleep%2050):::SQL Injection (SQLi)
%20'sleep%2050':::SQL Injection (SQLi)
char%4039%41%2b%40SELECT:::SQL Injection (SQLi)
'%20OR:::SQL Injection (SQLi)
'sqlattempt1:::SQL Injection (SQLi)
(sqlattempt2):::SQL Injection (SQLi)
|:::LDAP Injection
%7C:::LDAP Injection
*|:::LDAP Injection
%2A%7C:::LDAP Injection
*(|(mail=*)):::LDAP Injection
%2A%28%7C%28mail%3D%2A%29%29:::LDAP Injection
*(|(objectclass=*)):::LDAP Injection
%2A%28%7C%28objectclass%3D%2A%29%29:::LDAP Injection
(:::LDAP Injection
%28:::LDAP Injection
):::LDAP Injection
%29:::LDAP Injection
&:::LDAP Injection
%26:::LDAP Injection
!:::LDAP Injection
%21:::LDAP Injection
/:::LDAP Injection
//:::LDAP Injection
//*:::LDAP Injection
*/*:::LDAP Injection
@*:::LDAP Injection
x' or name()='username' or 'x'='y:::LDAP Injection
count(/child::node()):::XPath Injection
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>:::Script Injection
<name>','')); phpinfo(); exit;/*</name>:::Script Injection
it is not anything malicious, its for fuzztesting my own webservice.