adding with brain the right Sica paths

laluka · May 5, 2024 · b019d18 · b019d18
1 parent 5baabf9
commit b019d18
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 17 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -27,12 +27,12 @@ git push --tags
 ## Github Action Release
 
 - Visit https://github.com/laluka/bypass-url-parser/actions/workflows/release.yml
-- Run Workflow with a version such as `0.4.1` or `0.4.1.a` for alpha tests
+- Run Workflow with a version such as `0.4.2` or `0.4.2.a` for alpha tests
 - Test the alpha version with the below script, once done, repeat without `.a`
 
 ```bash
 cd /tmp
-export TESTED_VERSION=0.4.1a
+export TESTED_VERSION=0.4.2a
 pipx install "bypass-url-parser==$TESTED_VERSION"
 bup --version && bup -u https://thinkloveshare.com/ -t 50 -m http_headers_scheme
 pipx uninstall bypass-url-parser

diff --git a/src/bypass_url_parser/payloads/internal_endpaths.lst b/src/bypass_url_parser/payloads/internal_endpaths.lst
@@ -44,6 +44,6 @@ true
 .js
 .css
 .gif
-.jpe?g
-.png
-.xls
+,.js
+,.css
+,.gif
diff --git a/tests-history/bup-payloads-2024-05-05.lst b/tests-history/bup-payloads-2024-05-05.lst
@@ -39,6 +39,12 @@ Bypasser has generated 3778 payloads for 'http://127.0.0.1:8000/foo/bar' url:
 [end_paths] http://127.0.0.1:8000/foo/bar%61/
 [end_paths] http://127.0.0.1:8000/foo/bar&
 [end_paths] http://127.0.0.1:8000/foo/bar&/
+[end_paths] http://127.0.0.1:8000/foo/bar,.css
+[end_paths] http://127.0.0.1:8000/foo/bar,.css/
+[end_paths] http://127.0.0.1:8000/foo/bar,.gif
+[end_paths] http://127.0.0.1:8000/foo/bar,.gif/
+[end_paths] http://127.0.0.1:8000/foo/bar,.js
+[end_paths] http://127.0.0.1:8000/foo/bar,.js/
 [end_paths] http://127.0.0.1:8000/foo/bar-
 [end_paths] http://127.0.0.1:8000/foo/bar-/
 [end_paths] http://127.0.0.1:8000/foo/bar.
@@ -54,14 +60,10 @@ Bypasser has generated 3778 payloads for 'http://127.0.0.1:8000/foo/bar' url:
 [end_paths] http://127.0.0.1:8000/foo/bar.gif/
 [end_paths] http://127.0.0.1:8000/foo/bar.html
 [end_paths] http://127.0.0.1:8000/foo/bar.html/
-[end_paths] http://127.0.0.1:8000/foo/bar.jpe?g
-[end_paths] http://127.0.0.1:8000/foo/bar.jpe?g/
 [end_paths] http://127.0.0.1:8000/foo/bar.js
 [end_paths] http://127.0.0.1:8000/foo/bar.js/
 [end_paths] http://127.0.0.1:8000/foo/bar.json
 [end_paths] http://127.0.0.1:8000/foo/bar.json/
-[end_paths] http://127.0.0.1:8000/foo/bar.png
-[end_paths] http://127.0.0.1:8000/foo/bar.png/
 [end_paths] http://127.0.0.1:8000/foo/bar.random
 [end_paths] http://127.0.0.1:8000/foo/bar.random/
 [end_paths] http://127.0.0.1:8000/foo/bar.svc
@@ -70,8 +72,6 @@ Bypasser has generated 3778 payloads for 'http://127.0.0.1:8000/foo/bar' url:
 [end_paths] http://127.0.0.1:8000/foo/bar.svc?wsdl/
 [end_paths] http://127.0.0.1:8000/foo/bar.wsdl
 [end_paths] http://127.0.0.1:8000/foo/bar.wsdl/
-[end_paths] http://127.0.0.1:8000/foo/bar.xls
-[end_paths] http://127.0.0.1:8000/foo/bar.xls/
 [end_paths] http://127.0.0.1:8000/foo/bar/
 [end_paths] http://127.0.0.1:8000/foo/bar/#
 [end_paths] http://127.0.0.1:8000/foo/bar/#/
@@ -100,6 +100,12 @@ Bypasser has generated 3778 payloads for 'http://127.0.0.1:8000/foo/bar' url:
 [end_paths] http://127.0.0.1:8000/foo/bar/%61/
 [end_paths] http://127.0.0.1:8000/foo/bar/&
 [end_paths] http://127.0.0.1:8000/foo/bar/&/
+[end_paths] http://127.0.0.1:8000/foo/bar/,.css
+[end_paths] http://127.0.0.1:8000/foo/bar/,.css/
+[end_paths] http://127.0.0.1:8000/foo/bar/,.gif
+[end_paths] http://127.0.0.1:8000/foo/bar/,.gif/
+[end_paths] http://127.0.0.1:8000/foo/bar/,.js
+[end_paths] http://127.0.0.1:8000/foo/bar/,.js/
 [end_paths] http://127.0.0.1:8000/foo/bar/-
 [end_paths] http://127.0.0.1:8000/foo/bar/-/
 [end_paths] http://127.0.0.1:8000/foo/bar/.
@@ -115,14 +121,10 @@ Bypasser has generated 3778 payloads for 'http://127.0.0.1:8000/foo/bar' url:
 [end_paths] http://127.0.0.1:8000/foo/bar/.gif/
 [end_paths] http://127.0.0.1:8000/foo/bar/.html
 [end_paths] http://127.0.0.1:8000/foo/bar/.html/
-[end_paths] http://127.0.0.1:8000/foo/bar/.jpe?g
-[end_paths] http://127.0.0.1:8000/foo/bar/.jpe?g/
 [end_paths] http://127.0.0.1:8000/foo/bar/.js
 [end_paths] http://127.0.0.1:8000/foo/bar/.js/
 [end_paths] http://127.0.0.1:8000/foo/bar/.json
 [end_paths] http://127.0.0.1:8000/foo/bar/.json/
-[end_paths] http://127.0.0.1:8000/foo/bar/.png
-[end_paths] http://127.0.0.1:8000/foo/bar/.png/
 [end_paths] http://127.0.0.1:8000/foo/bar/.random
 [end_paths] http://127.0.0.1:8000/foo/bar/.random/
 [end_paths] http://127.0.0.1:8000/foo/bar/.svc
@@ -131,8 +133,6 @@ Bypasser has generated 3778 payloads for 'http://127.0.0.1:8000/foo/bar' url:
 [end_paths] http://127.0.0.1:8000/foo/bar/.svc?wsdl/
 [end_paths] http://127.0.0.1:8000/foo/bar/.wsdl
 [end_paths] http://127.0.0.1:8000/foo/bar/.wsdl/
-[end_paths] http://127.0.0.1:8000/foo/bar/.xls
-[end_paths] http://127.0.0.1:8000/foo/bar/.xls/
 [end_paths] http://127.0.0.1:8000/foo/bar//
 [end_paths] http://127.0.0.1:8000/foo/bar///
 [end_paths] http://127.0.0.1:8000/foo/bar////