diff --git a/src/main/java/org/sasanlabs/internal/utility/LevelEnum.java b/src/main/java/org/sasanlabs/internal/utility/LevelEnum.java
index cfa57546..361ddbe3 100755
--- a/src/main/java/org/sasanlabs/internal/utility/LevelEnum.java
+++ b/src/main/java/org/sasanlabs/internal/utility/LevelEnum.java
@@ -19,6 +19,8 @@ public enum LevelEnum {
LEVEL_8,
LEVEL_9,
LEVEL_10,
+ LEVEL_11,
+ LEVEL_12,
SECURE;
public static LevelEnum getLevelEnumByName(String name) throws ServiceApplicationException {
diff --git a/src/main/java/org/sasanlabs/service/vulnerability/commandInjection/CommandInjectionVulnerability.java b/src/main/java/org/sasanlabs/service/vulnerability/commandInjection/CommandInjectionVulnerability.java
index d5a536e2..7edfa68e 100644
--- a/src/main/java/org/sasanlabs/service/vulnerability/commandInjection/CommandInjectionVulnerability.java
+++ b/src/main/java/org/sasanlabs/service/vulnerability/commandInjection/CommandInjectionVulnerability.java
@@ -3,10 +3,8 @@
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
-import java.util.concurrent.TimeUnit;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
+import java.util.function.Supplier;
+import java.util.regex.Pattern;
import org.sasanlabs.internal.utility.LevelEnum;
import org.sasanlabs.internal.utility.annotations.AttackVector;
import org.sasanlabs.internal.utility.annotations.VulnerabilityLevel;
@@ -19,46 +17,190 @@
import org.sasanlabs.vulnerability.types.VulnerabilitySubType;
import org.sasanlabs.vulnerability.types.VulnerabilityType;
-
/**
- * This class contains vulnerabilities related to Command Injection.
- * For More information
- *
+ * This class contains vulnerabilities related to Command Injection. For More information
+ *
* @author KSASAN preetkaran20@gmail.com
*/
@VulnerableServiceRestEndPoint(
descriptionLabel = "COMMAND_INJECTION_VULNERABILITY",
value = "CommandInjectionVulnerability",
type = {VulnerabilityType.COMMAND_INJECTION})
-public class CommandInjectionVulnerability implements ICustomVulnerableEndPoint{
+public class CommandInjectionVulnerability implements ICustomVulnerableEndPoint {
+
+ private static final String IP_ADDRESS = "ipaddr";
+ private static final Pattern SEMICOLON_SPACE_LOGICAL_AND_PATTERN = Pattern.compile("[;& ]");
+ private static final Pattern IP_ADDRESS_PATTERN =
+ Pattern.compile("\\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}\\b");
- private static final String IP_ADDRESS = "ipaddr";
- private static final transient Logger LOGGER = LogManager.getLogger(CommandInjectionVulnerability.class);
+ private StringBuilder getResponseFromPingCommand(String ipAddress, Supplier predicate)
+ throws IOException {
+ boolean isWindows = System.getProperty("os.name").toLowerCase().startsWith("windows");
+ StringBuilder stringBuilder = new StringBuilder();
+ if (predicate.get()) {
+ Process process;
+ if (!isWindows) {
+ process =
+ new ProcessBuilder(new String[] {"bash", "-c", "ping -c 2 " + ipAddress})
+ .redirectErrorStream(true)
+ .start();
+ } else {
+ process =
+ new ProcessBuilder(new String[] {"cmd", "/c", "ping -n 2 " + ipAddress})
+ .redirectErrorStream(true)
+ .start();
+ }
+ try (BufferedReader bufferedReader =
+ new BufferedReader(new InputStreamReader(process.getInputStream()))) {
+ bufferedReader.lines().forEach(val -> stringBuilder.append(val).append("\n"));
+ }
+ }
+ return stringBuilder;
+ }
- @AttackVector(
+ @AttackVector(
vulnerabilityExposed = VulnerabilitySubType.COMMAND_INJECTION,
description = "JWT_URL_EXPOSING_SECURE_INFORMATION")
@VulnerabilityLevel(
value = LevelEnum.LEVEL_1,
descriptionLabel = "URL_CONTAINING_JWT_TOKEN",
- //htmlTemplate = "LEVEL_1/JWT_Level1",
+ // htmlTemplate = "LEVEL_1/JWT_Level1",
+ parameterName = IP_ADDRESS,
+ sampleValues = {""})
+ public ResponseBean> getVulnerablePayloadLevel1(
+ ParameterBean parameterBean) throws ServiceApplicationException, IOException {
+ String ipAddress = parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS);
+ Supplier condition = () -> ipAddress != null;
+ return new ResponseBean>(
+ new GenericVulnerabilityResponseBean(
+ this.getResponseFromPingCommand(ipAddress, condition).toString(), true));
+ }
+
+ @AttackVector(
+ vulnerabilityExposed = VulnerabilitySubType.COMMAND_INJECTION,
+ description = "JWT_URL_EXPOSING_SECURE_INFORMATION")
+ @VulnerabilityLevel(
+ value = LevelEnum.LEVEL_2,
+ descriptionLabel = "URL_CONTAINING_JWT_TOKEN",
+ // htmlTemplate = "LEVEL_1/JWT_Level1",
+ parameterName = IP_ADDRESS,
+ sampleValues = {""})
+ public ResponseBean> getVulnerablePayloadLevel2(
+ ParameterBean parameterBean) throws ServiceApplicationException, IOException {
+ String ipAddress = parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS);
+ Supplier condition =
+ () ->
+ ipAddress != null
+ && !SEMICOLON_SPACE_LOGICAL_AND_PATTERN
+ .matcher(parameterBean.getUrl())
+ .find();
+ return new ResponseBean>(
+ new GenericVulnerabilityResponseBean(
+ this.getResponseFromPingCommand(ipAddress, condition).toString(), true));
+ }
+
+ // Case Insensitive
+ @AttackVector(
+ vulnerabilityExposed = VulnerabilitySubType.COMMAND_INJECTION,
+ description = "JWT_URL_EXPOSING_SECURE_INFORMATION")
+ @VulnerabilityLevel(
+ value = LevelEnum.LEVEL_3,
+ descriptionLabel = "URL_CONTAINING_JWT_TOKEN",
+ // htmlTemplate = "LEVEL_1/JWT_Level1",
+ parameterName = IP_ADDRESS,
+ sampleValues = {""})
+ public ResponseBean> getVulnerablePayloadLevel3(
+ ParameterBean parameterBean) throws ServiceApplicationException, IOException {
+ String ipAddress = parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS);
+ Supplier condition =
+ () ->
+ ipAddress != null
+ && !SEMICOLON_SPACE_LOGICAL_AND_PATTERN
+ .matcher(parameterBean.getUrl())
+ .find()
+ && !parameterBean.getUrl().contains("%26")
+ && !parameterBean.getUrl().contains("%3B");
+ return new ResponseBean>(
+ new GenericVulnerabilityResponseBean(
+ this.getResponseFromPingCommand(ipAddress, condition).toString(), true));
+ }
+
+ // e.g Attack
+ // http://localhost:9090/vulnerable/CommandInjectionVulnerability/LEVEL_3?ipaddr=192.168.0.1%20%7c%20cat%20/etc/passwd
+ @AttackVector(
+ vulnerabilityExposed = VulnerabilitySubType.COMMAND_INJECTION,
+ description = "JWT_URL_EXPOSING_SECURE_INFORMATION")
+ @VulnerabilityLevel(
+ value = LevelEnum.LEVEL_4,
+ descriptionLabel = "URL_CONTAINING_JWT_TOKEN",
+ // htmlTemplate = "LEVEL_1/JWT_Level1",
+ parameterName = IP_ADDRESS,
+ sampleValues = {""})
+ public ResponseBean> getVulnerablePayloadLevel4(
+ ParameterBean parameterBean) throws ServiceApplicationException, IOException {
+ String ipAddress = parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS);
+ Supplier condition =
+ () ->
+ ipAddress != null
+ && !SEMICOLON_SPACE_LOGICAL_AND_PATTERN
+ .matcher(parameterBean.getUrl())
+ .find()
+ && !parameterBean.getUrl().toUpperCase().contains("%26")
+ && !parameterBean.getUrl().toUpperCase().contains("%3B");
+ return new ResponseBean>(
+ new GenericVulnerabilityResponseBean(
+ this.getResponseFromPingCommand(ipAddress, condition).toString(), true));
+ }
+
+ @AttackVector(
+ vulnerabilityExposed = VulnerabilitySubType.COMMAND_INJECTION,
+ description = "JWT_URL_EXPOSING_SECURE_INFORMATION")
+ @VulnerabilityLevel(
+ value = LevelEnum.LEVEL_5,
+ descriptionLabel = "URL_CONTAINING_JWT_TOKEN",
+ // htmlTemplate = "LEVEL_1/JWT_Level1",
+ parameterName = IP_ADDRESS,
+ sampleValues = {""})
+ public ResponseBean> getVulnerablePayloadLevel5(
+ ParameterBean parameterBean) throws ServiceApplicationException, IOException {
+ String ipAddress = parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS);
+ Supplier condition =
+ () ->
+ ipAddress != null
+ && !SEMICOLON_SPACE_LOGICAL_AND_PATTERN
+ .matcher(parameterBean.getUrl())
+ .find()
+ && !parameterBean.getUrl().toUpperCase().contains("%26")
+ && !parameterBean.getUrl().toUpperCase().contains("%3B")
+ & !parameterBean.getUrl().toUpperCase().contains("%7C");
+ return new ResponseBean>(
+ new GenericVulnerabilityResponseBean(
+ this.getResponseFromPingCommand(ipAddress, condition).toString(), true));
+ }
+
+ @AttackVector(
+ vulnerabilityExposed = VulnerabilitySubType.COMMAND_INJECTION,
+ description = "JWT_URL_EXPOSING_SECURE_INFORMATION")
+ @VulnerabilityLevel(
+ value = LevelEnum.LEVEL_6,
+ descriptionLabel = "URL_CONTAINING_JWT_TOKEN",
+ // htmlTemplate = "LEVEL_1/JWT_Level1",
parameterName = IP_ADDRESS,
sampleValues = {""})
- public ResponseBean> getVulnerablePayloadLevelUnsecure(
- ParameterBean parameterBean)
- throws ServiceApplicationException, IOException {
- boolean isWindows = System.getProperty("os.name")
- .toLowerCase().startsWith("windows");
- Process process;
- if(!isWindows) {
- process = new ProcessBuilder(new String[] { "bash", "-c", "ping -c 2 " + parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS)}).redirectErrorStream(true).start();
- } else {
- process = new ProcessBuilder(new String[] { "cmd", "/c", "ping -n 2 " + parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS)}).redirectErrorStream(true).start();
- }
- StringBuilder response = new StringBuilder();
- try(BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream()))) {
- bufferedReader.lines().forEach(val -> response.append(val).append("\n"));
- }
- return new ResponseBean>(new GenericVulnerabilityResponseBean(response.toString(), true));
+ public ResponseBean> getVulnerablePayloadLevel6(
+ ParameterBean parameterBean) throws ServiceApplicationException, IOException {
+ String ipAddress = parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS);
+ return new ResponseBean>(
+ new GenericVulnerabilityResponseBean(
+ this.getResponseFromPingCommand(
+ ipAddress,
+ () ->
+ ipAddress != null
+ && IP_ADDRESS_PATTERN
+ .matcher(ipAddress)
+ .matches())
+ .toString(),
+ true));
}
}
diff --git a/src/main/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java b/src/main/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java
index 955e5c8a..94d9c88b 100644
--- a/src/main/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java
+++ b/src/main/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java
@@ -153,7 +153,7 @@ public ResponseBean> getVulnerablePaylo
@AttackVector(
vulnerabilityExposed = {VulnerabilitySubType.PATH_TRAVERSAL},
description =
- "PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_WITH_OR_WITHOUT_URL_ENCODING_NOT_PRESENT_DIRECTLY_INJECTED")
+ "PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_OR_%2F_CASE_INSENSITIVE_NOT_PRESENT_DIRECTLY_INJECTED")
@VulnerabilityLevel(
value = LevelEnum.LEVEL_5,
descriptionLabel = "PATH_TRAVERSAL_URL_CONTAINING_FILENAME",
@@ -163,6 +163,27 @@ public ResponseBean> getVulnerablePaylo
public ResponseBean> getVulnerablePayloadLevel5(
ParameterBean parameterBean) {
String fileName = parameterBean.getQueryParamKeyValueMap().get(URL_PARAM_KEY);
+ return this.readFile(
+ () ->
+ !parameterBean.getUrl().contains("..")
+ && !parameterBean.getUrl().toLowerCase().contains("%2f")
+ && fileName != null,
+ fileName);
+ }
+
+ @AttackVector(
+ vulnerabilityExposed = {VulnerabilitySubType.PATH_TRAVERSAL},
+ description =
+ "PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_WITH_OR_WITHOUT_URL_ENCODING_NOT_PRESENT_DIRECTLY_INJECTED")
+ @VulnerabilityLevel(
+ value = LevelEnum.LEVEL_6,
+ descriptionLabel = "PATH_TRAVERSAL_URL_CONTAINING_FILENAME",
+ htmlTemplate = "LEVEL_1/PathTraversal",
+ parameterName = URL_PARAM_KEY,
+ sampleValues = {SAMPLE_VALUE_FILE_NAME})
+ public ResponseBean> getVulnerablePayloadLevel6(
+ ParameterBean parameterBean) {
+ String fileName = parameterBean.getQueryParamKeyValueMap().get(URL_PARAM_KEY);
return this.readFile(() -> fileName != null && !fileName.contains(".."), fileName);
}
@@ -174,12 +195,12 @@ public ResponseBean> getVulnerablePaylo
},
description = "PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_DIRECTLY_INJECTED")
@VulnerabilityLevel(
- value = LevelEnum.LEVEL_6,
+ value = LevelEnum.LEVEL_7,
descriptionLabel = "PATH_TRAVERSAL_URL_CONTAINING_FILENAME",
htmlTemplate = "LEVEL_1/PathTraversal",
parameterName = URL_PARAM_KEY,
sampleValues = {SAMPLE_VALUE_FILE_NAME})
- public ResponseBean> getVulnerablePayloadLevel6(
+ public ResponseBean> getVulnerablePayloadLevel7(
ParameterBean parameterBean) {
String queryFileName = parameterBean.getQueryParamKeyValueMap().get(URL_PARAM_KEY);
String fileName = null;
@@ -208,12 +229,12 @@ public ResponseBean> getVulnerablePaylo
description =
"PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_PARENT_DIRECTORY_PATH_NOT_PRESENT_DIRECTLY_INJECTED")
@VulnerabilityLevel(
- value = LevelEnum.LEVEL_7,
+ value = LevelEnum.LEVEL_8,
descriptionLabel = "PATH_TRAVERSAL_URL_CONTAINING_FILENAME",
htmlTemplate = "LEVEL_1/PathTraversal",
parameterName = URL_PARAM_KEY,
sampleValues = {SAMPLE_VALUE_FILE_NAME})
- public ResponseBean> getVulnerablePayloadLevel7(
+ public ResponseBean> getVulnerablePayloadLevel8(
ParameterBean parameterBean) {
String queryFileName = parameterBean.getQueryParamKeyValueMap().get(URL_PARAM_KEY);
String fileName = null;
@@ -243,12 +264,12 @@ public ResponseBean> getVulnerablePaylo
description =
"PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_NOT_PRESENT_DIRECTLY_INJECTED")
@VulnerabilityLevel(
- value = LevelEnum.LEVEL_8,
+ value = LevelEnum.LEVEL_9,
descriptionLabel = "PATH_TRAVERSAL_URL_CONTAINING_FILENAME",
htmlTemplate = "LEVEL_1/PathTraversal",
parameterName = URL_PARAM_KEY,
sampleValues = {SAMPLE_VALUE_FILE_NAME})
- public ResponseBean> getVulnerablePayloadLevel8(
+ public ResponseBean> getVulnerablePayloadLevel9(
ParameterBean parameterBean) {
String queryFileName = parameterBean.getQueryParamKeyValueMap().get(URL_PARAM_KEY);
String fileName = null;
@@ -278,12 +299,12 @@ public ResponseBean> getVulnerablePaylo
description =
"PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_OR_%2F_NOT_PRESENT_DIRECTLY_INJECTED")
@VulnerabilityLevel(
- value = LevelEnum.LEVEL_9,
+ value = LevelEnum.LEVEL_10,
descriptionLabel = "PATH_TRAVERSAL_URL_CONTAINING_FILENAME",
htmlTemplate = "LEVEL_1/PathTraversal",
parameterName = URL_PARAM_KEY,
sampleValues = {SAMPLE_VALUE_FILE_NAME})
- public ResponseBean> getVulnerablePayloadLevel9(
+ public ResponseBean> getVulnerablePayloadLevel10(
ParameterBean parameterBean) {
String queryFileName = parameterBean.getQueryParamKeyValueMap().get(URL_PARAM_KEY);
String fileName = null;
@@ -306,6 +327,42 @@ public ResponseBean> getVulnerablePaylo
fileName);
}
+ @AttackVector(
+ vulnerabilityExposed = {
+ VulnerabilitySubType.NULL_BYTE,
+ VulnerabilitySubType.PATH_TRAVERSAL
+ },
+ description =
+ "PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_OR_%2F_CASE_INSENSITIVE_NOT_PRESENT_DIRECTLY_INJECTED")
+ @VulnerabilityLevel(
+ value = LevelEnum.LEVEL_11,
+ descriptionLabel = "PATH_TRAVERSAL_URL_CONTAINING_FILENAME",
+ htmlTemplate = "LEVEL_1/PathTraversal",
+ parameterName = URL_PARAM_KEY,
+ sampleValues = {SAMPLE_VALUE_FILE_NAME})
+ public ResponseBean> getVulnerablePayloadLevel11(
+ ParameterBean parameterBean) {
+ String queryFileName = parameterBean.getQueryParamKeyValueMap().get(URL_PARAM_KEY);
+ String fileName = null;
+ if (queryFileName != null) {
+ int indexOfNullByte = queryFileName.indexOf(NULL_BYTE_CHARACTER);
+ fileName =
+ indexOfNullByte >= 0
+ ? queryFileName.substring(0, indexOfNullByte)
+ : queryFileName;
+ }
+ return this.readFile(
+ () ->
+ queryFileName != null
+ && !parameterBean.getUrl().contains("..")
+ && !parameterBean.getUrl().toLowerCase().contains("%2f")
+ && ALLOWED_FILE_NAMES.stream()
+ .anyMatch(
+ allowedFileName ->
+ queryFileName.contains(allowedFileName)),
+ fileName);
+ }
+
@AttackVector(
vulnerabilityExposed = {
VulnerabilitySubType.NULL_BYTE,
@@ -314,12 +371,12 @@ public ResponseBean> getVulnerablePaylo
description =
"PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_WITH_OR_WITHOUT_URL_ENCODING_NOT_PRESENT_DIRECTLY_INJECTED")
@VulnerabilityLevel(
- value = LevelEnum.LEVEL_10,
+ value = LevelEnum.LEVEL_12,
descriptionLabel = "PATH_TRAVERSAL_URL_CONTAINING_FILENAME",
htmlTemplate = "LEVEL_1/PathTraversal",
parameterName = URL_PARAM_KEY,
sampleValues = {SAMPLE_VALUE_FILE_NAME})
- public ResponseBean> getVulnerablePayloadLevel10(
+ public ResponseBean> getVulnerablePayloadLevel12(
ParameterBean parameterBean) {
String queryFileName = parameterBean.getQueryParamKeyValueMap().get(URL_PARAM_KEY);
String fileName = null;
diff --git a/src/main/java/org/sasanlabs/vulnerability/types/VulnerabilitySubType.java b/src/main/java/org/sasanlabs/vulnerability/types/VulnerabilitySubType.java
index 2b451ab5..1254c476 100644
--- a/src/main/java/org/sasanlabs/vulnerability/types/VulnerabilitySubType.java
+++ b/src/main/java/org/sasanlabs/vulnerability/types/VulnerabilitySubType.java
@@ -29,10 +29,10 @@ public enum VulnerabilitySubType {
CLIENT_SIDE_VULNERABLE_JWT(VulnerabilityType.VULNERABLE_JWT_IMPLMENTATION),
SERVER_SIDE_VULNERABLE_JWT(VulnerabilityType.VULNERABLE_JWT_IMPLMENTATION),
INSECURE_CONFIGURATION_JWT(VulnerabilityType.VULNERABLE_JWT_IMPLMENTATION),
-
+
PATH_TRAVERSAL(VulnerabilityType.PATH_TRAVERSAL),
COMMAND_INJECTION(VulnerabilityType.COMMAND_INJECTION),
-
+
// Combined Attacking Vulnerability
NULL_BYTE(VulnerabilityType.NULL_BYTE);
diff --git a/src/main/resources/i18n/messages.properties b/src/main/resources/i18n/messages.properties
index 8bb32cb9..db8c7b67 100755
--- a/src/main/resources/i18n/messages.properties
+++ b/src/main/resources/i18n/messages.properties
@@ -82,12 +82,14 @@ PATH_TRAVERSAL_URL_PARAM_DIRECTLY_INJECTED=\"fileName\" query param's value is d
PATH_TRAVERSAL_URL_PARAM_IF_PARENT_DIRECTORY_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains "../".
PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains "..".
PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_OR_%2F_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains ".." or "%2f" which is URL encoding of "/".
+PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_OR_%2F_CASE_INSENSITIVE_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains ".." or "%2f" or "%2F" which is URL encoding of "/".
PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_WITH_OR_WITHOUT_URL_ENCODING_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains "..", takes care of URL encoding too.
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended to path to read the file.
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_PARENT_DIRECTORY_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains "../".
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains "..".
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_OR_%2F_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains ".." or "%2f" which is URL encoding of "/".
+PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_OR_%2F_CASE_INSENSITIVE_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains ".." or "%2f" or "%2F" which is URL encoding of "/".
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_WITH_OR_WITHOUT_URL_ENCODING_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains "..", takes care of URL encoding too.
diff --git a/src/main/resources/i18n/messages_en_US.properties b/src/main/resources/i18n/messages_en_US.properties
index 8bb32cb9..db8c7b67 100755
--- a/src/main/resources/i18n/messages_en_US.properties
+++ b/src/main/resources/i18n/messages_en_US.properties
@@ -82,12 +82,14 @@ PATH_TRAVERSAL_URL_PARAM_DIRECTLY_INJECTED=\"fileName\" query param's value is d
PATH_TRAVERSAL_URL_PARAM_IF_PARENT_DIRECTORY_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains "../".
PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains "..".
PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_OR_%2F_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains ".." or "%2f" which is URL encoding of "/".
+PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_OR_%2F_CASE_INSENSITIVE_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains ".." or "%2f" or "%2F" which is URL encoding of "/".
PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_WITH_OR_WITHOUT_URL_ENCODING_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains "..", takes care of URL encoding too.
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended to path to read the file.
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_PARENT_DIRECTORY_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains "../".
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains "..".
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_OR_%2F_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains ".." or "%2f" which is URL encoding of "/".
+PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_OR_%2F_CASE_INSENSITIVE_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains ".." or "%2f" or "%2F" which is URL encoding of "/".
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_WITH_OR_WITHOUT_URL_ENCODING_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains "..", takes care of URL encoding too.