Merge pull request danielmiessler#769 from ivan-sincek/master

Fuzz amounts, quantities, or any other numerical values.

Source: https://research.nccgroup.com/wp-content/uploads/2020/07/common_security_issues_in_financially-orientated_web.pdf

https://github.com/ivan-sincek/amounts

Author: g0tmi1k

Fuzzing/Amounts/README.md

@@ -0,0 +1,9 @@
+# Amounts
+
+Pre-generated wordlists based on [Common Security Issues in Financially-Oriented Web Applications](https://research.nccgroup.com/wp-content/uploads/2020/07/common_security_issues_in_financially-orientated_web.pdf) PDF.
+
+Created to fuzz amounts, quantities, or any other numerical values.
+
+Bypass minimum and maximum restrictions, cause unintended behavior and errors, etc.
+
+Tool to create such wordlists can be found at [ivan-sincek/amounts](https://github.com/ivan-sincek/amounts). Feel free to create and add more wordlists on your own. Works with integer and float numerical values.

Fuzzing/Amounts/all.txt

@@ -0,0 +1,388 @@
+0
+000
+0.00
+0,00
++0
+0+
+-0
+0-
+$0
+$-0
+-$0
+£0
+£-0
+-£0
+€0
+€-0
+-€0
+()
+(,,)
+(0)
+(0,1)
+("0")
+("0","1")
+[]
+[,,]
+[0]
+[0,1]
+["0"]
+["0","1"]
+{}
+{,,}
+{0}
+{0,1}
+{"0"}
+{"0","1"}
+-1
+1
+NaN
+-NaN
+Infinity
+-Infinity
+inf
+-inf
+0b0
+0x0
+&h00
+&hff
+0.00000000000000000000000000000000000000000000000001
+1e-50
+0e0
+true
+false
++1
+null
+None
+nil
+An Array
+%20%090
+0%20%00%00
+-2147483648
+2147483647
+4294967295
+-2147483649
+2147483648
+4294967296
+99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
+9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
+999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
+-9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
+-999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
+-99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
+0.1
+000.1
+0,1
++0.1
+0.1+
+-0.1
+0.1-
+$0.1
+$-0.1
+-$0.1
+£0.1
+£-0.1
+-£0.1
+€0.1
+€-0.1
+-€0.1
+(0.1)
+(0.1,1.1)
+("0.1")
+("0.1","1.1")
+[0.1]
+[0.1,1.1]
+["0.1"]
+["0.1","1.1"]
+{0.1}
+{0.1,1.1}
+{"0.1"}
+{"0.1","1.1"}
+-0.9
+1.1
+0b00111101110011001100110011001101
+0x1.999999999999ap-4
+0.1e0
+0.1e-1
+0.1e1
+%20%090.1
+0.1%20%00%00
+001
+1.00
+1,00
+1+
+1-
+$1
+$-1
+-$1
+£1
+£-1
+-£1
+€1
+€-1
+-€1
+(1)
+(1,2)
+("1")
+("1","2")
+[1]
+[1,2]
+["1"]
+["1","2"]
+{1}
+{1,2}
+{"1"}
+{"1","2"}
+2
+0b1
+0x1
+1e0
+1e-1
+1e1
+%20%091
+1%20%00%00
+10
+0010
+10.00
+10,00
++10
+10+
+-10
+10-
+$10
+$-10
+-$10
+£10
+£-10
+-£10
+€10
+€-10
+-€10
+(10)
+(10,11)
+("10")
+("10","11")
+[10]
+[10,11]
+["10"]
+["10","11"]
+{10}
+{10,11}
+{"10"}
+{"10","11"}
+9
+11
+0b1010
+0xa
+10e0
+10e-1
+10e1
+1,,0
+%20%0910
+10%20%00%00
+100
+00100
+100.00
+100,00
++100
+100+
+-100
+100-
+$100
+$-100
+-$100
+£100
+£-100
+-£100
+€100
+€-100
+-€100
+(100)
+(100,101)
+("100")
+("100","101")
+[100]
+[100,101]
+["100"]
+["100","101"]
+{100}
+{100,101}
+{"100"}
+{"100","101"}
+99
+101
+0b1100100
+0x64
+100e0
+100e-1
+100e1
+1,,0,,0
+%20%09100
+100%20%00%00
+1000
+1 000
+1.000
+1,000
+001000
+1000.00
+1000,00
++1000
+1000+
+-1000
+1000-
+$1000
+$-1000
+-$1000
+£1000
+£-1000
+-£1000
+€1000
+€-1000
+-€1000
+(1000)
+(1000,1001)
+("1000")
+("1000","1001")
+[1000]
+[1000,1001]
+["1000"]
+["1000","1001"]
+{1000}
+{1000,1001}
+{"1000"}
+{"1000","1001"}
+999
+1001
+0b1111101000
+0x3e8
+1000e0
+1000e-1
+1000e1
+1,,0,,0,,0
+%20%091000
+1000%20%00%00
+10000
+10 000
+10.000
+10,000
+0010000
+10000.00
+10000,00
++10000
+10000+
+-10000
+10000-
+$10000
+$-10000
+-$10000
+£10000
+£-10000
+-£10000
+€10000
+€-10000
+-€10000
+(10000)
+(10000,10001)
+("10000")
+("10000","10001")
+[10000]
+[10000,10001]
+["10000"]
+["10000","10001"]
+{10000}
+{10000,10001}
+{"10000"}
+{"10000","10001"}
+9999
+10001
+0b10011100010000
+0x2710
+10000e0
+10000e-1
+10000e1
+1,,0,,0,,0,,0
+%20%0910000
+10000%20%00%00
+100000
+100 000
+100.000
+100,000
+00100000
+100000.00
+100000,00
++100000
+100000+
+-100000
+100000-
+$100000
+$-100000
+-$100000
+£100000
+£-100000
+-£100000
+€100000
+€-100000
+-€100000
+(100000)
+(100000,100001)
+("100000")
+("100000","100001")
+[100000]
+[100000,100001]
+["100000"]
+["100000","100001"]
+{100000}
+{100000,100001}
+{"100000"}
+{"100000","100001"}
+99999
+100001
+0b11000011010100000
+0x186a0
+100000e0
+100000e-1
+100000e1
+1,,0,,0,,0,,0,,0
+%20%09100000
+100000%20%00%00
+1000000
+1 000 000
+1.000.000
+1,000,000
+001000000
+1000000.00
+1000000,00
++1000000
+1000000+
+-1000000
+1000000-
+$1000000
+$-1000000
+-$1000000
+£1000000
+£-1000000
+-£1000000
+€1000000
+€-1000000
+-€1000000
+(1000000)
+(1000000,1000001)
+("1000000")
+("1000000","1000001")
+[1000000]
+[1000000,1000001]
+["1000000"]
+["1000000","1000001"]
+{1000000}
+{1000000,1000001}
+{"1000000"}
+{"1000000","1000001"}
+999999
+1000001
+0b11110100001001000000
+0xf4240
+1000000e0
+1000000e-1
+1000000e1
+1,,0,,0,,0,,0,,0,,0
+%20%091000000
+1000000%20%00%00