Adam Muntner
|
e25608f9fa
|
Merge pull request #161 from elnerd/patch-4
Added TRACK method to http-methods
|
2017-01-15 15:25:42 -05:00 |
|
Adam Muntner
|
abe819f21c
|
Merge pull request #160 from sempf/patch-1
Create json version of debug params
|
2017-01-15 15:24:01 -05:00 |
|
Adam Muntner
|
fa3e68b231
|
Merge pull request #155 from elnerd/patch-3
Patch 3 - added h2-h6 tags
|
2017-01-15 15:23:14 -05:00 |
|
Adam Muntner
|
715977900d
|
Merge pull request #159 from merttasci/patch-1
added 2 style context XSS attacks for LESS
|
2017-01-15 15:22:34 -05:00 |
|
Adam Muntner
|
1e6472ea75
|
Merge pull request #154 from elnerd/patch-2
Create html_attributes.txt
|
2017-01-15 15:21:35 -05:00 |
|
Adam Muntner
|
7b3433f960
|
Merge pull request #147 from GuiOm/master
Add HTML event attributes
|
2017-01-15 15:21:19 -05:00 |
|
El Nerdo
|
9cd7e5a2d0
|
Added TRACK method to http-methods
According to https://www.owasp.org/index.php/Cross_Site_Tracing - the TRACK method is IIS specific variant of TRACE.
|
2016-12-19 11:38:35 +01:00 |
|
Bill Sempf
|
02f6aa2687
|
Create json version of debug params
I like this for AJAXy sites.
|
2016-12-15 10:25:54 -05:00 |
|
Adam Muntner
|
6e3e71822b
|
Delete command-execution-cheatsheat-unix.txt
|
2016-11-15 16:31:53 -05:00 |
|
Mert Tasci
|
6724d78102
|
added 2 style context XSS attacks for LESS
cc: https://twitter.com/merttasci_/status/786878767604043776
|
2016-10-19 14:12:27 +03:00 |
|
Adam Muntner
|
71407d12e0
|
Create README.md
|
2016-10-17 09:06:26 -04:00 |
|
Adam Muntner
|
a07e0fea2f
|
from https://github.com/attackercan/
https://github.com/attackercan/regexp-security-cheatsheet
|
2016-10-17 09:01:36 -04:00 |
|
Adam Muntner
|
22fe7c4b1a
|
Delete README.rb
|
2016-10-17 08:54:04 -04:00 |
|
Adam Muntner
|
e3a9f305b7
|
Update README.rb
|
2016-10-17 08:52:48 -04:00 |
|
Adam Muntner
|
e5b926eadd
|
Update README.rb
|
2016-10-17 08:52:08 -04:00 |
|
Adam Muntner
|
db8c767952
|
Create README.rb
|
2016-10-17 08:51:50 -04:00 |
|
Adam Muntner
|
c4d8de6c78
|
Add PNG IDAT chunk webshell link & cleanup
|
2016-10-16 20:24:55 -04:00 |
|
Adam Muntner
|
837c737b28
|
Tiny php remote os commanding backdoor
Example usage:
http://host/?c=id
|
2016-10-16 15:47:43 -04:00 |
|
Adam Muntner
|
89c59e7d74
|
Update arbitrary redirect docs
|
2016-10-12 03:44:16 -04:00 |
|
Adam Muntner
|
e951c9f277
|
doc page 1.0 for open redirect patterns
|
2016-10-12 03:22:12 -04:00 |
|
Adam Muntner
|
05c9d033fb
|
Arbitrary redirect injection template
|
2016-10-12 02:36:00 -04:00 |
|
Adam Muntner
|
a3768fd2a4
|
Open redirct injection tests
|
2016-10-12 02:12:47 -04:00 |
|
Adam Muntner
|
aaeaf2fbc4
|
Open redirect tests
|
2016-10-12 02:12:10 -04:00 |
|
Adam Muntner
|
55bb18a030
|
Open redirect url patterns
|
2016-10-12 02:08:10 -04:00 |
|
Adam Muntner
|
f38bb3e0df
|
Creating redirection template, more patterns otw
|
2016-10-12 01:42:23 -04:00 |
|
Adam Muntner
|
69210d06f2
|
added redirector
|
2016-10-11 01:47:17 -04:00 |
|
Adam Muntner
|
48c40d2e54
|
Create shell-operators.txt
|
2016-10-11 01:44:27 -04:00 |
|
Adam Muntner
|
93d85fb2f0
|
Added more OS commanding patterns
|
2016-10-11 01:30:00 -04:00 |
|
Adam Muntner
|
a9e417d045
|
command-injection-template.txt is nicer, use it
|
2016-10-11 01:21:37 -04:00 |
|
Adam Muntner
|
0535bbd2fb
|
add link to webshell git repo
|
2016-10-10 03:44:24 -04:00 |
|
Adam Muntner
|
9e545e71b1
|
More patterns for separating shell commands
|
2016-10-06 10:27:50 -04:00 |
|
Adam Muntner
|
0bc1498c3d
|
Update patterns for separating shell commands
|
2016-10-06 10:20:43 -04:00 |
|
Adam Muntner
|
5dd4d67557
|
Template for generating OS Commanding tests
replace {cmd} with single value such as /usr/bin/id or a list of test values
|
2016-10-05 20:51:15 -04:00 |
|
Adam Muntner
|
984b37e742
|
Template for generating OS Commanding tests
Replacement string is {cmd}
|
2016-10-05 20:49:35 -04:00 |
|
Adam Muntner
|
ea7dd32b51
|
Patterns for separating shell commands
|
2016-10-05 20:34:28 -04:00 |
|
Adam Muntner
|
8bad923d65
|
reformat xterm examples
|
2016-10-04 09:13:29 -04:00 |
|
Adam Muntner
|
66f94cd903
|
update reverse shell one-liners & xterm examples
Thanks Bernardo Damele A. G http://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html
|
2016-10-04 09:11:57 -04:00 |
|
Adam Muntner
|
a9d9991944
|
os command execution cheatsheet cleanup
|
2016-10-04 08:38:44 -04:00 |
|
Adam Muntner
|
8645354266
|
os command execution cheatsheet cleanup
|
2016-10-04 08:37:43 -04:00 |
|
Adam Muntner
|
7e886d0d9d
|
shell commands without spaces, edits
|
2016-10-04 07:26:39 -04:00 |
|
Adam Muntner
|
b50de0d583
|
Add more remote cmd exec without spaces
|
2016-10-04 00:33:05 -04:00 |
|
Adam Muntner
|
8ed1ab4773
|
Add more remote cmd exec without spaces
technique from https://www.mailchannels.com/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ using $IFS
|
2016-10-04 00:32:00 -04:00 |
|
Adam Muntner
|
d1209f4b31
|
Update docs: remote command exec without spaces
|
2016-10-04 00:22:49 -04:00 |
|
Adam Muntner
|
1f4867321f
|
remove old header, replace with ""
|
2016-10-04 00:12:04 -04:00 |
|
Adam Muntner
|
a0b1672889
|
fixup
|
2016-10-04 00:05:28 -04:00 |
|
Adam Muntner
|
b41ed8173e
|
More command exec without spaces
Credits:
Joe Sylve
Daniel Frisch
|
2016-10-04 00:03:33 -04:00 |
|
Adam Muntner
|
0891bb84ec
|
Cmd injection without spaces
Thanks:
Andre Gironda
Ben Toews https://gist.github.com/btoews/3056269
Jon Oberheide https://jon.oberheide.org/blog/2008/09/04/bash-brace-expansion-cleverness/
|
2016-10-03 23:41:58 -04:00 |
|
Adam Muntner
|
c261b0955e
|
Update README.md
|
2016-10-01 22:01:36 -04:00 |
|
Adam Muntner
|
2663f4fbf5
|
Update README.md
|
2016-10-01 21:59:34 -04:00 |
|
Adam Muntner
|
8ef1593ba3
|
Update README.md
|
2016-09-26 23:02:23 -04:00 |
|