p0dalirius
|
039dae7c32
|
Update ssti.fuzz
|
2021-10-04 09:21:10 +02:00 |
|
p0dalirius
|
deed44397a
|
Update ssti.fuzz
|
2021-10-04 09:21:10 +02:00 |
|
p0dalirius
|
e35d1b0ffd
|
Update ssti.fuzz
|
2021-10-04 09:21:10 +02:00 |
|
p0dalirius
|
106ea6b2e7
|
Update ssti.fuzz
|
2021-10-04 09:21:10 +02:00 |
|
p0dalirius
|
90eb285fe7
|
Update ssti.fuzz
|
2021-10-04 09:21:10 +02:00 |
|
Podalirius
|
25eae11675
|
Update README.md
|
2021-09-26 21:57:50 +02:00 |
|
Podalirius
|
6d48f28d99
|
Update README.md
|
2021-09-26 21:55:23 +02:00 |
|
Podalirius
|
58d88e5293
|
Update README.md
|
2021-09-26 21:48:51 +02:00 |
|
Podalirius
|
030e536586
|
Update README.md
|
2021-09-26 21:37:05 +02:00 |
|
Podalirius
|
f44fae68b5
|
Update README.md
|
2021-09-26 21:30:35 +02:00 |
|
Podalirius
|
5d846e9b8d
|
Update README.md
|
2021-09-26 21:28:29 +02:00 |
|
Podalirius
|
b5699ecf08
|
Update README.md
|
2021-09-18 20:03:12 +02:00 |
|
Podalirius
|
4c29079010
|
Update README.md
|
2021-08-26 20:50:19 +02:00 |
|
Swissky
|
7c06c9025e
|
Update README.md
|
2021-08-25 22:17:34 +02:00 |
|
Jeffrey Cap
|
9bde75b32d
|
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload
|
2021-08-23 14:41:40 -05:00 |
|
Podalirius
|
3bed3bccc8
|
Added context-free jinja2 payloads
Fixed a few typos and broken links
|
2021-07-27 19:20:36 +02:00 |
|
Jeremy Buis
|
6841fc21d2
|
Update README.md
Fixes a typo
|
2021-07-16 11:24:16 -04:00 |
|
Jeremy Buis
|
a0c08e4e87
|
Update README.md
Added Lessjs example PoC
|
2021-07-06 10:36:43 -04:00 |
|
Swissky
|
e3e3ca6ba2
|
Merge pull request #366 from mpgn/master
Update Smarty Template Injection
|
2021-05-20 18:08:20 +02:00 |
|
mpgn
|
367296c1f1
|
Update Smarty Template Injection
|
2021-05-20 16:42:51 +02:00 |
|
Swissky
|
8d31b7240b
|
Office Attacks
|
2021-02-21 20:17:57 +01:00 |
|
Swissky
|
6bcd2e8a6a
|
Update README.md
|
2021-01-31 21:51:53 +01:00 |
|
ムハンマド
|
89429f9c4f
|
SSTI Payload in Jinja2 - Arbitrary file read
|
2021-01-18 11:48:38 +03:00 |
|
akoul02
|
ed944a95af
|
Improved Jade payload
|
2020-10-31 18:02:29 +03:00 |
|
Vincent Gilles
|
0b90094002
|
Fix(Docs): Correcting typos on the repo
|
2020-10-17 22:52:35 +02:00 |
|
Swissky
|
b641131f27
|
SSTI - Pebble update
|
2020-10-17 12:25:50 +02:00 |
|
Swissky
|
75a0f34bdc
|
Merge pull request #236 from Techbrunch/patch-9
Update README.md
|
2020-08-19 16:30:32 +02:00 |
|
Techbrunch
|
502a8121b4
|
Update README.md
Add reference to debug tag for Jinja2
|
2020-08-19 14:46:43 +02:00 |
|
Techbrunch
|
76e6f7dc95
|
Update README.md
Add Handlebars payload
|
2020-08-19 14:20:18 +02:00 |
|
Swissky
|
2c935df34d
|
EL Injection - SSTI
|
2020-07-10 15:05:13 +02:00 |
|
meizjm3i
|
a987b8be9f
|
corrected a single quotation mark closure error
|
2020-05-29 18:35:22 +08:00 |
|
meizjm3i
|
7670e2c36c
|
Update ERB SSTI tips
|
2020-05-29 12:28:55 +08:00 |
|
idealphase
|
712e3b93f6
|
Sorting like basic injection part
|
2020-04-30 17:15:31 +07:00 |
|
idealphase
|
7f1fb32980
|
Adding Execute code using SSTI for ERB engine.
|
2020-04-30 17:13:58 +07:00 |
|
Swissky
|
89f906f7a8
|
Fix issue - C reverse shell
|
2020-04-21 11:17:39 +02:00 |
|
Swissky
|
95fed140ec
|
Fix - SSTI Payloads
|
2020-04-21 11:13:19 +02:00 |
|
Swissky
|
1d8414c703
|
ASP.NET Razor SSTI
|
2020-04-18 21:18:22 +02:00 |
|
Swissky
|
a19fd013fb
|
Merge pull request #181 from SecGus/master
Added RCE SSTI Jinja2 Bypass payload developed by SecGus (chivato)
|
2020-04-13 19:42:14 +02:00 |
|
chiv
|
7e7f5e7628
|
Added SSTI RCE bypass payload for Jinja2
|
2020-04-13 18:48:43 +01:00 |
|
chiv
|
cc3b05017d
|
Added a new RCE payload to Jinja2 SSTI bypasses
|
2020-04-13 18:44:16 +01:00 |
|
SakiiR SakiiR
|
38c273ff00
|
Added IFS (WAF bypass) to Symfony Twig RCE
|
2020-03-29 23:23:26 +02:00 |
|
SakiiR SakiiR
|
8b78c2fe71
|
Added filter(system) twig RCE
|
2020-03-29 23:19:27 +02:00 |
|
Swissky
|
268d85b4bf
|
Symfony SSTI Twig RCE
|
2020-03-29 22:34:26 +02:00 |
|
chiv
|
fe4bdb0df4
|
Improvement to the SSTI RCE
|
2020-03-09 18:19:33 +00:00 |
|
Swissky
|
bcb24c9866
|
Abusing Active Directory ACLs/ACEs
|
2019-12-30 14:22:10 +01:00 |
|
Swissky
|
6f4a28ef66
|
Slim RCE + CAP list
|
2019-12-05 23:06:53 +01:00 |
|
Alexandre ZANNI
|
6a398ca5c3
|
Ruby: add slim
|
2019-11-16 17:29:55 +01:00 |
|
Swissky
|
ed252df92e
|
krb5.keytab + credential use summary
|
2019-10-20 13:25:06 +02:00 |
|
Swissky
|
a0917241ad
|
Pebble - Server Side Template Injection
|
2019-09-17 15:43:13 +02:00 |
|
Swissky
|
45af613fd9
|
Active Directory - Unconstrained delegation
|
2019-07-17 23:17:35 +02:00 |
|
Swissky
|
382bd9acec
|
Type Juggling - Another SHA 256
|
2019-07-14 14:23:20 +02:00 |
|
Swissky
|
504caa3b50
|
SSTI by calling Popen without guessing the offset
|
2019-07-10 21:31:44 +02:00 |
|
Swissky
|
05054af343
|
JWT RS256 to HS256 using pubkey to generate a signature
|
2019-07-10 20:58:50 +02:00 |
|
Brendan Scarvell
|
601db0e188
|
Added freemarker PoC that doesn't require spaces or tags
|
2019-06-24 21:38:56 +10:00 |
|
Swissky
|
b4633bbb66
|
sudo_inject + SSTI FreeMarker + Lin PrivEsc passwords
|
2019-04-14 21:01:14 +02:00 |
|
Swissky
|
c66197903f
|
MYSQL Truncation attack + Windows search where
|
2019-04-14 19:46:34 +02:00 |
|
Swissky
|
90b182f10f
|
AD references - Blog Post + SSTI basic config item
|
2019-03-24 16:26:00 +01:00 |
|
tkmk
|
0913e8c3bd
|
Fix changed urls
|
2019-03-19 20:18:06 +08:00 |
|
Swissky
|
404afd1d71
|
Fix name's capitalization
|
2019-03-07 00:07:55 +01:00 |
|
Swissky
|
21d1fe7eee
|
Fix name - Part 1
|
2019-03-07 00:07:14 +01:00 |
|
Swissky
|
b9f2fe367c
|
Bugfix - Errors in stashed changes
|
2019-01-28 20:27:45 +01:00 |
|