Commit graph

2034 commits

Author SHA1 Message Date
Xhoenix
80707e805b
added bypass techniques 2024-07-25 11:57:43 +05:30
Xhoenix
1a475b6e1d
added bypass techniques 2024-07-15 11:58:02 +05:30
Horlad
b521dedb24
Adding r3dir tool to SSRF README.md 2024-06-27 17:01:41 +02:00
Horlad
4cf17a3fab
Update SSRF with redirect examples using r3dir README.md 2024-06-27 16:57:45 +02:00
Alexandre ZANNI
8e05a2dd2a
XSS in SVG: more examples + nesting 2024-06-19 14:54:19 +02:00
isacaya
ca3ab6eb95 Add a few XSS filter bypass cases 2024-06-19 04:21:24 +09:00
Swissky
314e4da963 SSRF DNS AXFR + LFI PHAR payloads + LFI iconv 2024-06-16 21:17:42 +02:00
Swissky
7e4a38a1a5
Merge pull request #725 from masquerad3r/master
Create port_swigger_xss_cheatsheet_event_handlers.txt
2024-06-06 17:52:33 +02:00
masquerad3r
eca067dd7e
Create port_swigger_xss_cheatsheet_event_handlers.txt
Updated list of event handlers taken from https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#event-handlers.

Useful when the context of reflection is an HTML attribute and one quickly wants to check which attributes are reflected unfiltered by the target application.
2024-06-06 10:46:13 +02:00
Swissky
c34a2bac15 WAF bypass moved to a separate page 2024-06-03 09:55:29 +02:00
Swissky
2e73069238 XSS Tel URI 2024-06-03 09:37:24 +02:00
Swissky
6d3fef0df3
Merge pull request #723 from cydave/master
Add additional XSS payload in email addresses RFC5322
2024-06-02 11:25:45 +02:00
Swissky
cb69cecd11
Merge pull request #721 from MarkCyber/master
DBMS Identification Via Error
2024-06-02 11:23:13 +02:00
Swissky
25c94f809a Uniqid + reset-tolkien and sandwich attack 2024-05-31 16:31:23 +02:00
dave
fcf69f8226 Add additional XSS payload in email addresses RFC5322 2024-05-31 13:27:32 +02:00
Swissky
b5251a673f XSLT payloads + Headless Browser 2024-05-31 00:07:21 +02:00
Swissky
ded1d95735 ASP Cookieless + ReDOS backtrack 2024-05-29 23:23:51 +02:00
Swissky
67adf75bc2 CSP updates + Indirect Prompt Injection 2024-05-29 15:32:58 +02:00
Mark
c3af630e1d
Update README.md 2024-05-26 10:40:54 -04:00
Mark
867f243100
Update README.md 2024-05-26 10:32:01 -04:00
Swissky
f723bcbf8a
Merge pull request #718 from idealphase/master
Update Ruby.md
2024-05-05 13:08:50 +02:00
Swissky
670b301b1c
Merge pull request #717 from nojanath/master
Fix link to SecLists/content-type.txt
2024-05-05 13:07:57 +02:00
idealphase
33d9e24bed
Update Ruby.md
Change from the invalid 404 URL to the valid one. (https://pentesterlab.com/exercises/ruby_ugadget/course)
2024-05-05 16:16:36 +07:00
Jonathan Thompson
7a68102a3c Fix link to SecLists/content-type.txt 2024-05-04 11:12:54 -07:00
Swissky
53d9014b2b Regular Expression ReDoS 2024-04-25 17:37:16 +02:00
Swissky
43a8c6a037 Adding socials buttons 2024-04-24 22:02:04 +02:00
Swissky
b245d3cbdd Mkdocs accessibility and search improvement 2024-04-15 21:20:02 +02:00
Swissky
293723d49d
Merge pull request #712 from bsysop/patch-4
Adding "Hetzner Cloud" to the Summary
2024-04-05 18:55:52 +02:00
bsysop
dc461f170e
Adding "Hetzner Cloud" to the Summary 2024-04-05 11:55:54 -03:00
Swissky
9571306b9f
Merge pull request #711 from bsysop/patch-3
Adding Hetzner Cloud Metadata URL
2024-04-05 15:53:05 +02:00
bsysop
3c9fdec3da
Adding Hetzner Cloud Metadata URL
https://docs.hetzner.cloud/#server-metadata
2024-04-04 23:43:34 -03:00
Swissky
80dda8beeb
Merge pull request #710 from mohnad-0b/patch-1
Update SQLite Injection.md
2024-04-03 18:15:31 +02:00
Swissky
8ef458db2a
Merge pull request #708 from xplo1t-sec/master
bypass techniques added
2024-04-03 18:15:03 +02:00
mohnad banat
d834abe43c
Update SQLite Injection.md
Since sqlite version 3.33.0, sqlite_schema has been replaced by sqlite_master.
2024-04-01 20:46:09 +03:00
Swissky
b19dc0626a CICD - Mkdocs fixed the fonts problem 2024-03-31 16:03:48 +02:00
Swissky
55afcb12fb Removing social plugins from Mkdocs 2024-03-30 13:20:56 +01:00
Swissky
9cabd995fb
Merge pull request #709 from mpgn/master
switch to nxc as cme is archived
2024-03-29 22:36:26 +01:00
mpgn
0d98284034 switch to nxc as cme is archived 2024-03-29 21:22:18 +00:00
xplo1t-sec
033982dc30 bypass techniques added 2024-03-09 21:46:33 +05:30
Swissky
dd2b68b70e PHP Deserialization + API keys table typo 2024-02-18 15:29:21 +01:00
Swissky
97cfeee270 Tools Update 2024-01-21 21:39:23 +01:00
Swissky
12c6531ad2 README - Update links to Internal All The Things 2024-01-12 16:18:36 +01:00
Swissky
c852118ec8 Web Cache Deception + phpt file format 2024-01-11 12:20:25 +01:00
Swissky
4b77292aeb
Merge pull request #704 from therealtoastycat/patch-1
Adding reverse shell payload for OGNL
2024-01-05 15:45:19 +01:00
ToastyCat
05f441accf
Update Reverse Shell Cheatsheet.md
adding details
2024-01-05 10:25:39 +01:00
Swissky
c6f96f7b2a
Merge pull request #703 from Aftab700/JSON-Prototype-Pollution
adding the payload for Polluting the prototype via the `constructor`  property in JSON input
2024-01-05 10:24:16 +01:00
Swissky
f96c1e4356
Merge pull request #701 from Vunnm/patch-1
specify condition to perform Angular JS Injection
2024-01-05 10:23:50 +01:00
ToastyCat
3d9363fdc9
Adding reverse shell payload for OGNL 2024-01-05 09:50:43 +01:00
Aftab Sama
08063f0830
adding the payload for Polluting the prototype via the constructor property in JSON input
Somtimes `__proto__` property may not work, so adding the payload for Polluting the prototype via the `constructor` property in JSON input
2024-01-03 17:24:28 +05:30
Vunnm
27d19813f8
specify condition to perform Angular JS Injection
Indicate that ng-app in a root element is needed to inject Angular JS template. Injecting below payload without a root element with ng-app will not result in a successful injection
2023-12-28 13:30:49 +01:00