Mirrors/bugbounty-cheatsheet
2
0
Fork 0
mirror of https://github.com/EdOverflow/bugbounty-cheatsheet.git synced 2024-11-22 02:53:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #20 from streaak/master

Browse source 
Update recon.md
This commit is contained in:
EdOverflow 2017-10-05 20:12:49 +02:00 committed by GitHub
commit f9385c7181
3 changed files with 39 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
cheatsheets/lfi.md
View file

@ -35,3 +35,10 @@ _Steps to reproduce_
5. Play the uploaded AVI via the target site. If successful, your desired file will be disclosed within the video.
Alternative scripts exist which may generate different HLS formats or lead to the desired file being disclosed in a different manner.
**Blogs**
* http://pastie.org/840199
* http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
* http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
* http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
* http://www.digininja.org/blog/when_all_you_can_do_is_read.php

7
cheatsheets/recon.md
View file

@ -21,3 +21,10 @@ This runs [Sublist3r](https://github.com/aboul3la/Sublist3r) on a list of domain
```
apktool d app.apk; cd app;mkdir collection; find . -name \*.smali -exec sh -c "cp {} collection/\$(head /dev/urandom | md5 | cut -d' ' -f1).smali" \;; linkfinder -i 'collection/*.smali' -o cli
```
# [Aquatone](https://github.com/michenriksen/aquatone/) One-liner
```
$"aquatone-discover -d $1 && aquatone-scan -d $1 --ports huge && aquatone-takeover -d $1 && aquatone-gather -d $1" >> aqua.sh
$./aqua.sh domain.com
```

26
cheatsheets/sqli.md
View file

@ -12,4 +12,28 @@ Final example:
```sql
444/**/OR/**/MID(CURRENT_USER,1,1)/**/LIKE/**/"p"/**/#
```
```
**Blogs**
* http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
* http://isc.sans.edu/diary.html?storyid=9397
* http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
* http://www.evilsql.com/main/index.php
* http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
* http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
* http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
* http://sqlzoo.net/hack/
* http://www.sqlteam.com/article/sql-server-versions
* http://www.krazl.com/blog/?p=3
* http://www.owasp.org/index.php/Testing_for_MS_Access
* http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
* http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
* http://www.youtube.com/watch?v=WkHkryIoLD0
* http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
* http://vimeo.com/3418947
* http://sla.ckers.org/forum/read.php?24,33903
* http://websec.files.wordpress.com/2010/11/sqli2.pdf
* http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
* http://ha.ckers.org/sqlinjection/
* http://lab.mediaservice.net/notes_more.php?id=MSSQL