Heino Sass Hallik
6e24f79ece
Update nosql-injection.md
2024-02-28 19:41:06 +02:00
CPol
384266bfd1
GITBOOK-4259: change request with no subject merged in GitBook
2024-02-25 22:26:40 +00:00
chiyochichi
1858528b0e
csti meow
...
awkward af
2024-02-25 11:17:54 +02:00
chiyochichi
882371226a
clean up ad
...
i would remove that section entirely ngl
2024-02-25 11:09:32 +02:00
CPol
0b2f6c9edb
GITBOOK-4256: change request with no subject merged in GitBook
2024-02-23 15:56:05 +00:00
CPol
fc13d7264a
GITBOOK-4255: change request with no subject merged in GitBook
2024-02-23 15:34:31 +00:00
CPol
eff83f8dcf
GITBOOK-4251: change request with no subject merged in GitBook
2024-02-18 14:18:26 +00:00
İbrahim Taha İstikbal
24842fb635
Update adding another tool to the list for subdomain takeover checkers
2024-02-15 13:00:59 +03:00
Carlos Polop
116e3864db
a
2024-02-09 18:55:27 +01:00
Carlos Polop
e65a322118
a
2024-02-09 08:15:24 +01:00
Carlos Polop
a268747dc2
A
2024-02-09 08:14:36 +01:00
Carlos Polop
7aaa08ff92
a
2024-02-09 01:38:08 +01:00
Carlos Polop
245b50b5a0
a
2024-02-08 22:36:35 +01:00
Carlos Polop
da6aaca1c2
a
2024-02-08 22:36:15 +01:00
Carlos Polop
10a3b640d6
a
2024-02-08 04:08:28 +01:00
Carlos Polop
06a639f4af
a
2024-02-07 05:05:50 +01:00
Carlos Polop
47cd62fb61
a
2024-02-06 15:12:47 +01:00
Carlos Polop
5c23ce2893
a
2024-02-06 04:10:38 +01:00
Carlos Polop
aaa94e960b
a
2024-02-06 04:10:27 +01:00
Carlos Polop
77e7b548a3
a
2024-02-05 21:00:40 +01:00
Carlos Polop
797ab87ac5
a
2024-02-05 03:29:11 +01:00
Carlos Polop
a01ea62620
a
2024-02-05 03:28:59 +01:00
Carlos Polop
7cc077db55
a
2024-02-04 17:10:29 +01:00
Carlos Polop
213f0fc6f6
a
2024-02-03 17:02:14 +01:00
Carlos Polop
968100037a
a
2024-02-03 15:45:32 +01:00
Carlos Polop
04ccc172f4
fix
2024-02-03 13:22:53 +01:00
Carlos Polop
d92d12b939
Merge pull request #789 from Solracs/master
...
Closes #788 fixing a minor typo
2024-02-01 23:19:07 +01:00
CPol
f00afc243f
GITBOOK-4241: change request with no subject merged in GitBook
2024-01-22 12:24:45 +00:00
SolracS
cb82298159
Closes #788 fixing a minor typo
2024-01-18 07:55:32 +01:00
Carlos Polop
a086c07146
Merge pull request #754 from ChrisPritchard/patch-1
...
Update nosql-injection.md with fixed brute force script
2024-01-14 23:47:35 +01:00
CPol
25a3848ed2
GITBOOK-4235: change request with no subject merged in GitBook
2024-01-14 00:09:21 +00:00
Carlos Polop
37bb97ea8e
pentest-tools
2024-01-11 14:23:18 +01:00
Carlos Polop
d258cb8b62
Merge pull request #780 from sys0wn/patch-1
...
Improve confusing explanation in race-condition page
2024-01-11 01:10:54 +01:00
Carlos Polop
defc06c1da
Merge pull request #778 from vladko312/patch-1
...
Added SSTImap tool and Twig payloads
2024-01-10 23:11:04 +01:00
sys0wn
b368673a7b
Update race-condition.md
2024-01-10 15:44:39 +01:00
Carlos Polop
734fec77eb
arte
2024-01-10 11:22:19 +01:00
Carlos Polop
b045c000b2
Merge branch 'master' of github.com:carlospolop/hacktricks
2024-01-10 11:21:56 +01:00
Carlos Polop
f0b5bcb9d2
arte
2024-01-10 11:21:44 +01:00
CPol
bdb5a4b010
GITBOOK-4230: change request with no subject merged in GitBook
2024-01-10 00:59:55 +00:00
Carlos Polop
4d6eff6732
arte
2024-01-08 12:25:42 +01:00
Vladislav Korchagin
843e7a2d22
Merge pull request #1 from vladko312/master
...
a
2024-01-07 22:41:05 +03:00
Vladislav Korchagin
ab550dc115
Update README.md
2024-01-07 22:40:00 +03:00
Vladislav Korchagin
e06db461f7
Update README.md
2024-01-07 22:34:43 +03:00
Vladislav Korchagin
e4f58422e0
Update README.md
2024-01-07 09:40:59 +03:00
Carlos Polop
8bfb4b4cf5
Update nosql-injection.md
2024-01-04 10:08:44 +01:00
Carlos Polop
4734c06b2b
Merge pull request #774 from manesec/master
...
Update nosql-injection.md
2024-01-04 10:06:52 +01:00
Carlos Polop
c2d34d11b4
arte
2024-01-02 19:28:27 +01:00
Carlos Polop
eb2c94454c
arte
2024-01-01 18:15:42 +01:00
Carlos Polop
036c0be886
arte
2024-01-01 18:15:10 +01:00
Mane
c6692d99a8
Update nosql-injection.md
...
add nodeJS App with Mongo
## Reference
https://nullsweep.com/a-nosql-injection-primer-with-mongo/
https://0xdf.gitlab.io/2023/01/14/htb-shoppy.html
https://youtu.be/AJc53DUdt1M?t=574
2023-12-31 07:29:39 -08:00
Carlos Polop
99ef9c4873
arte
2023-12-31 02:25:17 +01:00
Carlos Polop
f61bdeceae
arte
2023-12-31 02:24:39 +01:00
Sissel
0ebe0a09e1
Update README.md with fuff CTF case
...
Fuff addon of 1337UP LIVE CTF real application, with the nano ".save" trick.
https://askubuntu.com/questions/601985/what-are-save-files
2023-12-28 20:37:41 +01:00
CPol
08536c564d
GITBOOK-4222: change request with no subject merged in GitBook
2023-12-27 23:58:16 +00:00
CPol
da42a67a80
GITBOOK-4216: change request with no subject merged in GitBook
2023-12-26 00:45:07 +00:00
CPol
1d40265874
GITBOOK-4213: change request with no subject merged in GitBook
2023-12-25 17:29:41 +00:00
Carlos Polop
35857b706b
Merge pull request #766 from HackCommander/fix-broken-link-bypass-httponly-php-info
...
Fixed broken link in the section on to bypass HttpOnly flag during XSS exploitation.
2023-12-25 01:31:57 +01:00
CPol
f625f2b554
GITBOOK-4209: change request with no subject merged in GitBook
2023-12-24 19:15:37 +00:00
Carlos Polop
fe632e89bf
Merge pull request #762 from arall/patch-1
...
Update lfi2rce-via-phpinfo.md
2023-12-24 20:10:19 +01:00
Carlos Polop
0791ffe016
Merge pull request #761 from nxenon/master
...
add gRPC-Web Pentesting Methodology
2023-12-24 19:56:24 +01:00
Carlos Polop
2b9a7d1f69
Merge pull request #753 from NaxnN/patch-8
...
fix typo in deserialization/readme.md
2023-12-21 13:36:36 +01:00
HackCommander
e1246c8206
Fixed broken link in the section on to bypass HttpOnly flag during XSS exploitation.
2023-12-20 23:26:45 +01:00
Arall
ac10681235
Update lfi2rce-via-phpinfo.md
...
Fix a 404 on the phpInfoLFI.py exploit link
2023-12-19 18:18:56 +01:00
M Amin Nasiri
c8a6851ba2
add gRPC-Web Pentesting Methodology
2023-12-19 13:07:27 +04:00
CPol
20b5224810
GITBOOK-4192: change request with no subject merged in GitBook
2023-12-16 13:28:14 +00:00
CPol
ef14d419ab
GITBOOK-4185: change request with no subject merged in GitBook
2023-12-11 10:10:20 +00:00
Christopher Pritchard
4b445305da
Update nosql-injection.md with fixed brute force script
...
Fixed login brute force script so it doesn't just find one username per starting letter - this royally boned me and I don't want anyone else to feel the pain.
2023-12-08 20:56:03 +13:00
KeoOp
1291831b76
fix typo in deserialization/readme.md
2023-12-07 13:41:51 +09:00
carlospolop
81005f76c9
hp
2023-12-04 16:57:41 +01:00
carlospolop
21ed9007c4
hackenproof
2023-12-04 16:45:05 +01:00
CPol
0a792c2576
GITBOOK-4178: change request with no subject merged in GitBook
2023-12-04 15:17:30 +00:00
CPol
f6cedd55e4
GITBOOK-4174: change request with no subject merged in GitBook
2023-12-04 09:33:43 +00:00
CPol
ae3c6e44b7
GITBOOK-4173: change request with no subject merged in GitBook
2023-12-04 09:24:40 +00:00
Maximilian Hildebrand
d3d3f4f47a
Added TInjA and the Template Injection Table
2023-12-03 13:14:19 +01:00
SidneyJob
76f93375d2
Fix mini spell mistake
2023-11-21 18:40:35 +03:00
CPol
04c2dccb6f
GITBOOK-4163: change request with no subject merged in GitBook
2023-11-09 15:12:11 +00:00
Carlos Polop
4c79f1cd10
Merge branch 'master' into master
2023-11-05 23:18:06 +01:00
CPol
f515ab26e7
GITBOOK-4149: change request with no subject merged in GitBook
2023-11-03 13:29:31 +00:00
CPol
a3ad24c9ea
GITBOOK-4148: change request with no subject merged in GitBook
2023-11-03 11:03:53 +00:00
CPol
233703a1b1
GITBOOK-4146: change request with no subject merged in GitBook
2023-11-02 16:52:21 +00:00
CPol
46d107852a
GITBOOK-4142: change request with no subject merged in GitBook
2023-10-27 16:04:24 +00:00
CPol
1015696215
GITBOOK-4141: change request with no subject merged in GitBook
2023-10-27 15:46:20 +00:00
Felipe Molina
306481ac24
Add new CSP bypasses through third-parties
2023-10-26 18:30:16 +01:00
Felipe Molina
548aed19f8
Add new CSP bypasses through third-parties
2023-10-26 18:20:03 +01:00
CPol
0272b33ab5
GITBOOK-4140: change request with no subject merged in GitBook
2023-10-26 14:15:46 +00:00
Felipe Molina
121d793ce0
Update CSP methods for third parties
2023-10-23 15:43:34 +01:00
CPol
0742844ba3
GITBOOK-4132: change request with no subject merged in GitBook
2023-10-16 21:06:07 +00:00
CPol
63857c0541
GITBOOK-4126: change request with no subject merged in GitBook
2023-10-15 16:45:54 +00:00
CPol
c383ffed62
GITBOOK-4125: change request with no subject merged in GitBook
2023-10-15 15:23:24 +00:00
CPol
6a5f71e401
GITBOOK-4121: change request with no subject merged in GitBook
2023-10-14 20:45:59 +00:00
Carlos Polop
d7f82e9005
Merge pull request #710 from kibatche/master
...
Update file-upload.md / Replace cStringIO by io
2023-10-11 23:27:32 +02:00
Carlos Polop
e5a76ef436
Merge pull request #708 from jiniljeil/patch-1
...
Fix typo in http-request-smuggling
2023-10-11 23:00:14 +02:00
CPol
aafdb7f10e
GITBOOK-4111: change request with no subject merged in GitBook
2023-10-05 14:47:43 +00:00
CPol
bce38a19cf
GITBOOK-4110: change request with no subject merged in GitBook
2023-10-05 10:00:26 +00:00
CPol
0cd8734cc5
GITBOOK-4104: change request with no subject merged in GitBook
2023-09-29 15:36:01 +00:00
CPol
261348bb2c
GITBOOK-4100: change request with no subject merged in GitBook
2023-09-28 15:09:34 +00:00
CPol
7d1cde6b91
GITBOOK-4096: change request with no subject merged in GitBook
2023-09-26 11:09:53 +00:00
kibatche
86f9653abf
Update file-upload.md / Replace cStringIO by io
...
Originally, I wrote the script for the little trick "Decompress with a different name" with the module "cStringIo". I don't remember why exactly, but when tested again at home to write about this stuff, I found that cStringIo is not present anymore on python3. It works with python2.7, but `io` is better because it works with both modules.
And, I wrote " we can reuse the previous script". That's not true haha !
I think this is better to keep consistency with your previous work, and have more compatibility with different python version.
Let me know if it's ok for you. Thanks !
2023-09-25 18:02:57 +02:00
CPol
afd72865a1
GITBOOK-4092: change request with no subject merged in GitBook
2023-09-24 09:51:34 +00:00
Jinil Kim
4e887c2998
Fix typo in http-request-smuggling
...
Fix typo from lentgh to length in pentesting-web/http-request-smuggling
2023-09-21 08:56:51 +09:00
Jinil Kim
2d9e6fd60c
Fix typo in http-request-smuggling
...
Fix typo from lenght to length
2023-09-21 08:45:08 +09:00
Jinil Kim
4154ac12e0
Fix typo in content-security-policy-csp-bypass
...
Fix typo from executa to execute
2023-09-17 22:40:55 +09:00
carlospolop
93b6df668e
trickest
2023-09-05 00:10:11 +02:00
carlospolop
987e1109d8
trickest
2023-09-03 17:41:02 +02:00
carlospolop
d308298b26
intruder
2023-09-03 01:51:32 +02:00
carlospolop
2463753c56
intruder
2023-09-03 01:48:41 +02:00
kibatche
79420b6a6b
add a detail about the null byte
2023-09-01 11:32:12 +02:00
kibatche
982b7cbbaf
added decompress with a different name section for file upload part.
2023-09-01 11:14:36 +02:00
Carlos Polop
97e15d0836
Update oracle-injection.md
2023-08-31 19:32:23 +02:00
Carlos Polop
d8c5b1519f
Update oracle-injection.md
2023-08-31 19:23:25 +02:00
Carlos Polop
715b9e57bb
Update mysql-ssrf.md
2023-08-31 19:22:39 +02:00
Carlos Polop
1d2514cce6
Update mssql-injection.md
2023-08-31 19:21:46 +02:00
CPol
de29299ee4
GITBOOK-4062: change request with no subject merged in GitBook
2023-08-31 17:11:43 +00:00
CPol
0de31f2383
GITBOOK-4061: change request with no subject merged in GitBook
2023-08-31 15:11:42 +00:00
CPol
749e1c091d
GITBOOK-4059: change request with no subject merged in GitBook
2023-08-30 09:07:26 +00:00
Carlos Polop
345f66d083
Merge pull request #697 from Alemmi/csp-bypass-webrtc
...
Add WebRTC leak
2023-08-29 21:02:57 +02:00
Carlos Polop
3babd90c7d
Merge pull request #689 from bl13pbl03p/master-1
...
Tiny spelling correction
2023-08-29 20:13:51 +02:00
Carlos Polop
5125eac7d1
Merge pull request #687 from 0x4bit/master
...
Update formula-doc-latex-injection.md
2023-08-29 19:53:28 +02:00
CPol
b5ff9ff583
GITBOOK-4056: change request with no subject merged in GitBook
2023-08-28 09:09:07 +00:00
CPol
9b67ad7b7f
GITBOOK-4055: change request with no subject merged in GitBook
2023-08-28 09:01:12 +00:00
Alessandro Mizzaro
391ca4ad7e
Add WebRTC leak
2023-08-27 21:27:30 +02:00
Carlos Polop
e981e7a1ba
Merge pull request #682 from Yogi-Codes/patch-1
...
Update hacking-jwt-json-web-tokens.md
2023-08-24 13:16:47 +02:00
CPol
9f7b965e16
GITBOOK-4048: change request with no subject merged in GitBook
2023-08-24 08:49:18 +00:00
CPol
7b95b4b0e9
GITBOOK-4044: change request with no subject merged in GitBook
2023-08-22 09:57:13 +00:00
CPol
036fa3c3a6
GITBOOK-4040: change request with no subject merged in GitBook
2023-08-16 09:26:10 +00:00
CPol
9047909444
GITBOOK-4038: change request with no subject merged in GitBook
2023-08-16 08:24:17 +00:00
CPol
554b95eac8
GITBOOK-4035: change request with no subject merged in GitBook
2023-08-16 04:32:29 +00:00
CPol
4c29b49ee0
GITBOOK-4034: change request with no subject merged in GitBook
2023-08-15 18:05:01 +00:00
CPol
fd47bcfc8d
GITBOOK-4031: change request with no subject merged in GitBook
2023-08-15 01:35:49 +00:00
bl13pbl03p
7a3295cc38
Tiny spelling correction
2023-08-11 16:14:36 +02:00
CPol
507d257f46
GITBOOK-4029: change request with no subject merged in GitBook
2023-08-09 16:54:14 +00:00
0x4bit
cf9b008f1b
Update formula-doc-latex-injection.md
...
Added wrapper hint from PayloadsAllTheThings
2023-08-08 14:24:42 +02:00
CPol
751055cd29
GITBOOK-4028: change request with no subject merged in GitBook
2023-08-08 08:05:16 +00:00
CPol
5f3d054d57
GITBOOK-4024: change request with no subject merged in GitBook
2023-08-02 15:09:22 +00:00
Yogi-Codes
4e9c9398d8
Update hacking-jwt-json-web-tokens.md
...
Just minor correction
2023-08-02 10:28:36 +05:30
CPol
d66ecb4cdd
GITBOOK-4021: change request with no subject merged in GitBook
2023-07-31 15:59:11 +00:00
CPol
84d05a4c74
GITBOOK-4018: change request with no subject merged in GitBook
2023-07-30 21:28:42 +00:00
CPol
0b9f09f1ce
GITBOOK-4016: change request with no subject merged in GitBook
2023-07-28 11:44:45 +00:00
matan h
3faa1a5e69
Add one example of pHp protocol cases and add my own base64 file extension bypass.
2023-07-20 10:40:33 +03:00
Carlos Polop
df038bd147
Merge pull request #673 from entr0pie/master
...
Fixed grammar on the "Manipualating Email Parameter" section of pentesting-web/reset-password
2023-07-19 13:20:43 +02:00
Carlos Polop
a1be5b4742
Merge pull request #667 from abhishekmorla/patch-1
...
Update oauth-to-account-takeover.md
2023-07-19 13:05:54 +02:00
Carlos Polop
73e07dbcbd
Merge pull request #669 from sAjibuu/patch-1
...
Update README.md
2023-07-19 13:05:03 +02:00
tandera
5126ce15d4
Fixed grammar on the "Manipualating Email Parameter" section
2023-07-15 23:29:21 -03:00
carlospolop
d84af2b1f5
hp
2023-07-14 17:03:41 +02:00
CPol
f51a325cb6
GITBOOK-4010: change request with no subject merged in GitBook
2023-07-14 13:56:11 +00:00
CPol
f11b4d1856
GITBOOK-4008: change request with no subject merged in GitBook
2023-07-13 09:57:55 +00:00
CPol
224ce0cf17
GITBOOK-4007: change request with no subject merged in GitBook
2023-07-11 13:23:18 +00:00
Sagiv
9f184d9633
Update README.md
2023-07-09 09:03:36 +03:00
Abhishek Morla
04d5d62ca6
Update oauth-to-account-takeover.md
...
clarifying the pre account takeover 2nd part
2023-07-08 09:21:28 +05:30
CPol
5626c2fdf6
GITBOOK-3993: change request with no subject merged in GitBook
2023-06-26 10:50:26 +00:00