Xhoenix
80707e805b
added bypass techniques
2024-07-25 11:57:43 +05:30
Xhoenix
1a475b6e1d
added bypass techniques
2024-07-15 11:58:02 +05:30
Horlad
b521dedb24
Adding r3dir tool to SSRF README.md
2024-06-27 17:01:41 +02:00
Horlad
4cf17a3fab
Update SSRF with redirect examples using r3dir README.md
2024-06-27 16:57:45 +02:00
Alexandre ZANNI
8e05a2dd2a
XSS in SVG: more examples + nesting
2024-06-19 14:54:19 +02:00
isacaya
ca3ab6eb95
Add a few XSS filter bypass cases
2024-06-19 04:21:24 +09:00
Swissky
314e4da963
SSRF DNS AXFR + LFI PHAR payloads + LFI iconv
2024-06-16 21:17:42 +02:00
Swissky
7e4a38a1a5
Merge pull request #725 from masquerad3r/master
...
Create port_swigger_xss_cheatsheet_event_handlers.txt
2024-06-06 17:52:33 +02:00
masquerad3r
eca067dd7e
Create port_swigger_xss_cheatsheet_event_handlers.txt
...
Updated list of event handlers taken from https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#event-handlers .
Useful when the context of reflection is an HTML attribute and one quickly wants to check which attributes are reflected unfiltered by the target application.
2024-06-06 10:46:13 +02:00
Swissky
c34a2bac15
WAF bypass moved to a separate page
2024-06-03 09:55:29 +02:00
Swissky
2e73069238
XSS Tel URI
2024-06-03 09:37:24 +02:00
Swissky
6d3fef0df3
Merge pull request #723 from cydave/master
...
Add additional XSS payload in email addresses RFC5322
2024-06-02 11:25:45 +02:00
Swissky
cb69cecd11
Merge pull request #721 from MarkCyber/master
...
DBMS Identification Via Error
2024-06-02 11:23:13 +02:00
Swissky
25c94f809a
Uniqid + reset-tolkien and sandwich attack
2024-05-31 16:31:23 +02:00
dave
fcf69f8226
Add additional XSS payload in email addresses RFC5322
2024-05-31 13:27:32 +02:00
Swissky
b5251a673f
XSLT payloads + Headless Browser
2024-05-31 00:07:21 +02:00
Swissky
ded1d95735
ASP Cookieless + ReDOS backtrack
2024-05-29 23:23:51 +02:00
Swissky
67adf75bc2
CSP updates + Indirect Prompt Injection
2024-05-29 15:32:58 +02:00
Mark
c3af630e1d
Update README.md
2024-05-26 10:40:54 -04:00
Mark
867f243100
Update README.md
2024-05-26 10:32:01 -04:00
Swissky
f723bcbf8a
Merge pull request #718 from idealphase/master
...
Update Ruby.md
2024-05-05 13:08:50 +02:00
Swissky
670b301b1c
Merge pull request #717 from nojanath/master
...
Fix link to SecLists/content-type.txt
2024-05-05 13:07:57 +02:00
idealphase
33d9e24bed
Update Ruby.md
...
Change from the invalid 404 URL to the valid one. (https://pentesterlab.com/exercises/ruby_ugadget/course )
2024-05-05 16:16:36 +07:00
Jonathan Thompson
7a68102a3c
Fix link to SecLists/content-type.txt
2024-05-04 11:12:54 -07:00
Swissky
53d9014b2b
Regular Expression ReDoS
2024-04-25 17:37:16 +02:00
Swissky
43a8c6a037
Adding socials buttons
2024-04-24 22:02:04 +02:00
Swissky
b245d3cbdd
Mkdocs accessibility and search improvement
2024-04-15 21:20:02 +02:00
Swissky
293723d49d
Merge pull request #712 from bsysop/patch-4
...
Adding "Hetzner Cloud" to the Summary
2024-04-05 18:55:52 +02:00
bsysop
dc461f170e
Adding "Hetzner Cloud" to the Summary
2024-04-05 11:55:54 -03:00
Swissky
9571306b9f
Merge pull request #711 from bsysop/patch-3
...
Adding Hetzner Cloud Metadata URL
2024-04-05 15:53:05 +02:00
bsysop
3c9fdec3da
Adding Hetzner Cloud Metadata URL
...
https://docs.hetzner.cloud/#server-metadata
2024-04-04 23:43:34 -03:00
Swissky
80dda8beeb
Merge pull request #710 from mohnad-0b/patch-1
...
Update SQLite Injection.md
2024-04-03 18:15:31 +02:00
Swissky
8ef458db2a
Merge pull request #708 from xplo1t-sec/master
...
bypass techniques added
2024-04-03 18:15:03 +02:00
mohnad banat
d834abe43c
Update SQLite Injection.md
...
Since sqlite version 3.33.0, sqlite_schema has been replaced by sqlite_master.
2024-04-01 20:46:09 +03:00
Swissky
b19dc0626a
CICD - Mkdocs fixed the fonts problem
2024-03-31 16:03:48 +02:00
Swissky
55afcb12fb
Removing social plugins from Mkdocs
2024-03-30 13:20:56 +01:00
Swissky
9cabd995fb
Merge pull request #709 from mpgn/master
...
switch to nxc as cme is archived
2024-03-29 22:36:26 +01:00
mpgn
0d98284034
switch to nxc as cme is archived
2024-03-29 21:22:18 +00:00
xplo1t-sec
033982dc30
bypass techniques added
2024-03-09 21:46:33 +05:30
Swissky
dd2b68b70e
PHP Deserialization + API keys table typo
2024-02-18 15:29:21 +01:00
Swissky
97cfeee270
Tools Update
2024-01-21 21:39:23 +01:00
Swissky
12c6531ad2
README - Update links to Internal All The Things
2024-01-12 16:18:36 +01:00
Swissky
c852118ec8
Web Cache Deception + phpt file format
2024-01-11 12:20:25 +01:00
Swissky
4b77292aeb
Merge pull request #704 from therealtoastycat/patch-1
...
Adding reverse shell payload for OGNL
2024-01-05 15:45:19 +01:00
ToastyCat
05f441accf
Update Reverse Shell Cheatsheet.md
...
adding details
2024-01-05 10:25:39 +01:00
Swissky
c6f96f7b2a
Merge pull request #703 from Aftab700/JSON-Prototype-Pollution
...
adding the payload for Polluting the prototype via the `constructor` property in JSON input
2024-01-05 10:24:16 +01:00
Swissky
f96c1e4356
Merge pull request #701 from Vunnm/patch-1
...
specify condition to perform Angular JS Injection
2024-01-05 10:23:50 +01:00
ToastyCat
3d9363fdc9
Adding reverse shell payload for OGNL
2024-01-05 09:50:43 +01:00
Aftab Sama
08063f0830
adding the payload for Polluting the prototype via the constructor
property in JSON input
...
Somtimes `__proto__` property may not work, so adding the payload for Polluting the prototype via the `constructor` property in JSON input
2024-01-03 17:24:28 +05:30
Vunnm
27d19813f8
specify condition to perform Angular JS Injection
...
Indicate that ng-app in a root element is needed to inject Angular JS template. Injecting below payload without a root element with ng-app will not result in a successful injection
2023-12-28 13:30:49 +01:00