Commit graph

353 commits

Author SHA1 Message Date
Swissky
82d4ff6c1d References added based on @ngalongc bug-bounty-references 2018-12-25 16:10:15 +01:00
Swissky
b9efdb52d3 Linux - PrivEsc - First draft 2018-12-25 15:51:11 +01:00
Swissky
38c3bfbd9f Windows Priv Esc - Unquoted Path, Password looting and Powershell version 2018-12-25 15:19:45 +01:00
Swissky
cdc3b5e080 XXE references + summary 2018-12-25 12:08:32 +01:00
Swissky
c25af52316 Blind XSS Angular JS 2018-12-24 15:09:43 +01:00
Swissky
a6475a19d9 Adding references sectio 2018-12-24 15:02:50 +01:00
Swissky
9c529535a5 CSRF - Fix image 2018-12-24 14:17:49 +01:00
Swissky
9c878f9b09 CSRF - First draft 2018-12-24 14:14:51 +01:00
Swissky
b4aff1a826 Architecture - Files/Intruder/Images and README + template 2018-12-23 00:45:45 +01:00
Swissky
e096d10a30
Merge pull request #34 from Fisjkars/master
Add Springboot actuator intruder
2018-12-18 14:03:22 +01:00
Maxime Escourbiac
b59e24312e
Update Springboot readme 2018-12-18 11:18:50 +01:00
Fisjkars
5b7a3a95d3 Add Springboot Actuator management interface
new file:   Insecure management interface/README.md
	new file:   Insecure management interface/intruders/springboot_actuator.txt
2018-12-18 11:05:15 +01:00
Swissky
69c1d601fa Kerberoasting + SQLmap write SSH key 2018-12-15 00:51:33 +01:00
Swissky
8403068681
Merge pull request #32 from Meatballs1/Meatballs1-patch-1
Busybox httpd.conf file upload payload
2018-12-14 10:25:04 +03:00
Meatballs1
20c6bb2299
Update httpd.conf 2018-12-14 00:03:50 +00:00
Meatballs1
1d6b34ace5
Create README.md 2018-12-14 00:02:58 +00:00
Meatballs1
f1fec1c952
Create shellymcshellface.sh 2018-12-13 23:58:24 +00:00
Meatballs1
1e4e04831b
Create httpd.conf 2018-12-13 23:56:10 +00:00
Swissky
68325c8b98 Insecure deserialization Python 2018-11-27 23:04:17 +01:00
Swissky
c8d7575ba3 Minor edit in deserialization PHP and type juggling 2018-11-26 23:35:43 +01:00
Swissky
521d61d956 Attacks details + Summary JWT + XXE adjustments 2018-11-26 00:25:06 +01:00
Swissky
928a454531 Blind XSS endpoint + SSRF Google + Nmap subdomains 2018-11-25 15:44:17 +01:00
Swissky
b34cff5a74 XXE in docx, pptx, .. : Open XML files 2018-11-24 15:50:43 +01:00
Swissky
1225a9a23d Metasploit Cheatsheet 2018-11-24 15:32:44 +01:00
Swissky
565b40d177 reGeorg + Meterpreter socks + S3 trick name 2018-11-24 13:49:08 +01:00
Swissky
0309a2efbd
Merge pull request #30 from m-veljkovic/master
Update README.md
2018-11-19 14:01:44 +01:00
Milan Veljkovic
59d0020c86
Update README.md 2018-11-19 12:45:01 +01:00
Swissky
a0f8e846fa Blind XSS - XSS Hunter, Sleepy Puppy etc 2018-11-18 15:37:01 +01:00
Swissky
fd99da6c06 Insecure source code - harvesting secrets 2018-11-18 14:12:05 +01:00
Swissky
5c1d025b03 README - CVE update 2018-11-18 13:40:47 +01:00
Swissky
7096b813ec Insecure direct object references - IDOR 2018-11-17 17:08:46 +01:00
Swissky
182db99e13 Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2018-11-17 14:41:40 +01:00
Swissky
3522d9a674 Files JPEG -> JPG + Tag v2 2018-11-17 14:40:12 +01:00
Swissky
133518a78b
Merge pull request #28 from om3rcitak/patch-1
add new attack patterns from Daniel miessler
2018-11-16 13:49:35 +01:00
omer citak
081df9b24d
add new attack patterns from Daniel miessler
https://github.com/danielmiessler/SecLists/edit/master/Fuzzing/Polyglots/XSS-Polyglots.txt
new attack patterns: line 1, 2, 3.
2018-11-16 14:45:51 +03:00
Swissky
af9abc6592 More CVE - RCE : Jenkins, JBoss, WebLogic, WebSphere 2018-11-15 23:13:08 +01:00
Swissky
15fe34052b Ruby Deserialization 2018-11-13 23:38:40 +01:00
Swissky
d181ff4e79 Deserialization - merging Java, PHP 2018-11-13 23:25:18 +01:00
Swissky
ddfdc51e68 Credit fix - WAF bypass 2018-11-09 12:43:30 +01:00
Swissky
1b2ee3e67a Subdomain enumeration - New Aquatone (Go) 2018-11-05 13:45:52 +01:00
Swissky
6bcb43e39c LDAP fix typo + LDAP attributes + LFI filter chaining 2018-11-02 13:50:56 +01:00
Swissky
86db6b7f6f Polyglot XSS from @filedescriptor's Polyglot Challenge 2018-10-31 23:41:11 +01:00
Swissky
4b7fe437a5 LDAP userPassword attribute 2018-10-31 22:34:10 +01:00
Swissky
add00c7357 JWT JSON Web Token + SSI files 2018-10-29 22:22:10 +01:00
Swissky
7b919e4492 AWS cp files and grant access with ACL 2018-10-20 17:03:13 +02:00
Swissky
f1eefd2722 Script Docker RCE 2018-10-18 17:32:01 +02:00
Swissky
f8019e2234
Merge pull request #27 from timwis/patch-1
Remove gender-specific pronoun for attacker
2018-10-11 09:09:42 +02:00
Tim Wisniewski
4f6841ed17
Remove gender-specific pronoun for attacker
Wouldn't want anyone to think they can't grow up to be an attacker too! :)
2018-10-10 23:54:18 -04:00
Swissky
ea1c3a7ccb
Merge pull request #26 from Techbrunch/patch-1
Add Rancher Metadata Service
2018-10-08 23:02:35 +02:00
Techbrunch
78103d13a1
Add Rancher Metadata Service 2018-10-08 21:46:57 +02:00