Commit graph

1227 commits

Author SHA1 Message Date
CPol
2572c94842
GITBOOK-4306: No subject 2024-04-10 13:29:30 +00:00
Carlos Polop
35b3c7ccfe a 2024-04-08 00:51:34 +02:00
Carlos Polop
4b64ce2de1 w 2024-04-08 00:37:55 +02:00
CPol
c55d66804a
GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00
Ruby Perez
f8739577fd
Update cookie-tossing.md 2024-04-03 16:33:05 -04:00
HackTricks
a622a82063
Merge pull request #830 from manesec/master
Add more SSTI and jwt example
2024-04-01 17:59:47 +02:00
CPol
31e7f071f5
GITBOOK-4288: change request with no subject merged in GitBook 2024-03-29 18:55:33 +00:00
Mane
e07c0f6d07
Update hacking-jwt-json-web-tokens.md
Reference https://asecuritysite.com/encryption/ecd5
2024-03-28 16:12:09 +08:00
Mane
0954fe38a8
Update jinja2-ssti.md
# Reference

https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/

https://ctftime.org/writeup/33605
2024-03-28 15:48:56 +08:00
Carlos Polop
61e2eb2350 a 2024-03-26 15:56:40 +01:00
HackTricks
f0ee6d12a9
Merge pull request #823 from auk0x01/master
Fixed a Typo in pentesting-web/content-security-policy-csp-bypass
2024-03-26 08:54:31 +01:00
HackTricks
e280afd70d
Merge pull request #822 from JamTester/patch-1
Update README.md
2024-03-26 08:54:17 +01:00
CPol
aaeb94937c
GITBOOK-4278: change request with no subject merged in GitBook 2024-03-25 01:41:12 +00:00
HackTricks
3baeb86096
Merge pull request #814 from omranisecurity/patch-1
Add CorsOne to the list of CORS misconfiguration tools
2024-03-25 01:42:13 +01:00
CPol
2bba39459f
GITBOOK-4276: change request with no subject merged in GitBook 2024-03-24 11:49:57 +00:00
Carlos Polop
72f1bc0eec a 2024-03-24 12:46:48 +01:00
CPol
b9f92897b2
GITBOOK-4275: change request with no subject merged in GitBook 2024-03-17 20:38:19 +00:00
CPol
5b120932f3
GITBOOK-4274: change request with no subject merged in GitBook 2024-03-17 14:42:04 +00:00
Adnan Ullah Khan (auk0x01)
34242e846e
Update README.md 2024-03-17 08:35:21 +05:00
CPol
34d9baeb61
GITBOOK-4273: change request with no subject merged in GitBook 2024-03-16 12:05:32 +00:00
CPol
a1302164ce
GITBOOK-4272: change request with no subject merged in GitBook 2024-03-16 09:56:27 +00:00
Jason Sawyer
279655b64f
Update README.md
Fixed Syntax errors.
2024-03-16 16:54:56 +11:00
CPol
c283d05dce
GITBOOK-4271: change request with no subject merged in GitBook 2024-03-15 22:20:35 +00:00
CPol
43ccbd4ee9
GITBOOK-4270: change request with no subject merged in GitBook 2024-03-15 22:07:01 +00:00
Carlos Polop
1fcb0ae066 a 2024-03-15 00:01:13 +01:00
CPol
66b5cedb26
GITBOOK-4268: change request with no subject merged in GitBook 2024-03-14 22:39:10 +00:00
CPol
cab1150952
GITBOOK-4267: change request with no subject merged in GitBook 2024-03-11 12:57:43 +00:00
HackTricks
c61db4fcd3
Merge pull request #802 from chiyochichi/patch-1
minor phrasing mistakes
2024-03-10 14:28:25 +01:00
Carlos Polop
944eaa12c9 up 2024-03-09 14:02:01 +01:00
CPol
8ff32d8f1d
GITBOOK-4266: change request with no subject merged in GitBook 2024-03-09 12:57:16 +00:00
Mohammad Reza Omrani
cec89bcb37
Update cors-bypass.md
Add CorsOne to the list of tools
2024-03-04 23:51:59 +03:30
CPol
5c7e8adeca
GITBOOK-4263: change request with no subject merged in GitBook 2024-03-03 13:55:18 +00:00
Heino Sass Hallik
6e24f79ece
Update nosql-injection.md 2024-02-28 19:41:06 +02:00
CPol
384266bfd1
GITBOOK-4259: change request with no subject merged in GitBook 2024-02-25 22:26:40 +00:00
chiyochichi
1858528b0e
csti meow
awkward af
2024-02-25 11:17:54 +02:00
chiyochichi
882371226a
clean up ad
i would remove that section entirely ngl
2024-02-25 11:09:32 +02:00
CPol
0b2f6c9edb
GITBOOK-4256: change request with no subject merged in GitBook 2024-02-23 15:56:05 +00:00
CPol
fc13d7264a
GITBOOK-4255: change request with no subject merged in GitBook 2024-02-23 15:34:31 +00:00
CPol
eff83f8dcf
GITBOOK-4251: change request with no subject merged in GitBook 2024-02-18 14:18:26 +00:00
İbrahim Taha İstikbal
24842fb635
Update adding another tool to the list for subdomain takeover checkers 2024-02-15 13:00:59 +03:00
Carlos Polop
116e3864db a 2024-02-09 18:55:27 +01:00
Carlos Polop
e65a322118 a 2024-02-09 08:15:24 +01:00
Carlos Polop
a268747dc2 A 2024-02-09 08:14:36 +01:00
Carlos Polop
7aaa08ff92 a 2024-02-09 01:38:08 +01:00
Carlos Polop
245b50b5a0 a 2024-02-08 22:36:35 +01:00
Carlos Polop
da6aaca1c2 a 2024-02-08 22:36:15 +01:00
Carlos Polop
10a3b640d6 a 2024-02-08 04:08:28 +01:00
Carlos Polop
06a639f4af a 2024-02-07 05:05:50 +01:00
Carlos Polop
47cd62fb61 a 2024-02-06 15:12:47 +01:00
Carlos Polop
5c23ce2893 a 2024-02-06 04:10:38 +01:00
Carlos Polop
aaa94e960b a 2024-02-06 04:10:27 +01:00
Carlos Polop
77e7b548a3 a 2024-02-05 21:00:40 +01:00
Carlos Polop
797ab87ac5 a 2024-02-05 03:29:11 +01:00
Carlos Polop
a01ea62620 a 2024-02-05 03:28:59 +01:00
Carlos Polop
7cc077db55 a 2024-02-04 17:10:29 +01:00
Carlos Polop
213f0fc6f6 a 2024-02-03 17:02:14 +01:00
Carlos Polop
968100037a a 2024-02-03 15:45:32 +01:00
Carlos Polop
04ccc172f4 fix 2024-02-03 13:22:53 +01:00
Carlos Polop
d92d12b939
Merge pull request #789 from Solracs/master
Closes #788 fixing a minor typo
2024-02-01 23:19:07 +01:00
CPol
f00afc243f
GITBOOK-4241: change request with no subject merged in GitBook 2024-01-22 12:24:45 +00:00
SolracS
cb82298159
Closes #788 fixing a minor typo 2024-01-18 07:55:32 +01:00
Carlos Polop
a086c07146
Merge pull request #754 from ChrisPritchard/patch-1
Update nosql-injection.md with fixed brute force script
2024-01-14 23:47:35 +01:00
CPol
25a3848ed2
GITBOOK-4235: change request with no subject merged in GitBook 2024-01-14 00:09:21 +00:00
Carlos Polop
37bb97ea8e pentest-tools 2024-01-11 14:23:18 +01:00
Carlos Polop
d258cb8b62
Merge pull request #780 from sys0wn/patch-1
Improve confusing explanation in race-condition page
2024-01-11 01:10:54 +01:00
Carlos Polop
defc06c1da
Merge pull request #778 from vladko312/patch-1
Added SSTImap tool and Twig payloads
2024-01-10 23:11:04 +01:00
sys0wn
b368673a7b
Update race-condition.md 2024-01-10 15:44:39 +01:00
Carlos Polop
734fec77eb arte 2024-01-10 11:22:19 +01:00
Carlos Polop
b045c000b2 Merge branch 'master' of github.com:carlospolop/hacktricks 2024-01-10 11:21:56 +01:00
Carlos Polop
f0b5bcb9d2 arte 2024-01-10 11:21:44 +01:00
CPol
bdb5a4b010
GITBOOK-4230: change request with no subject merged in GitBook 2024-01-10 00:59:55 +00:00
Carlos Polop
4d6eff6732 arte 2024-01-08 12:25:42 +01:00
Vladislav Korchagin
843e7a2d22
Merge pull request #1 from vladko312/master
a
2024-01-07 22:41:05 +03:00
Vladislav Korchagin
ab550dc115
Update README.md 2024-01-07 22:40:00 +03:00
Vladislav Korchagin
e06db461f7
Update README.md 2024-01-07 22:34:43 +03:00
Vladislav Korchagin
e4f58422e0
Update README.md 2024-01-07 09:40:59 +03:00
Carlos Polop
8bfb4b4cf5
Update nosql-injection.md 2024-01-04 10:08:44 +01:00
Carlos Polop
4734c06b2b
Merge pull request #774 from manesec/master
Update nosql-injection.md
2024-01-04 10:06:52 +01:00
Carlos Polop
c2d34d11b4 arte 2024-01-02 19:28:27 +01:00
Carlos Polop
eb2c94454c arte 2024-01-01 18:15:42 +01:00
Carlos Polop
036c0be886 arte 2024-01-01 18:15:10 +01:00
Mane
c6692d99a8
Update nosql-injection.md
add nodeJS App with Mongo

## Reference

https://nullsweep.com/a-nosql-injection-primer-with-mongo/
https://0xdf.gitlab.io/2023/01/14/htb-shoppy.html
https://youtu.be/AJc53DUdt1M?t=574
2023-12-31 07:29:39 -08:00
Carlos Polop
99ef9c4873 arte 2023-12-31 02:25:17 +01:00
Carlos Polop
f61bdeceae arte 2023-12-31 02:24:39 +01:00
Sissel
0ebe0a09e1
Update README.md with fuff CTF case
Fuff addon of 1337UP LIVE CTF real application, with the nano ".save" trick.
https://askubuntu.com/questions/601985/what-are-save-files
2023-12-28 20:37:41 +01:00
CPol
08536c564d
GITBOOK-4222: change request with no subject merged in GitBook 2023-12-27 23:58:16 +00:00
CPol
da42a67a80
GITBOOK-4216: change request with no subject merged in GitBook 2023-12-26 00:45:07 +00:00
CPol
1d40265874
GITBOOK-4213: change request with no subject merged in GitBook 2023-12-25 17:29:41 +00:00
Carlos Polop
35857b706b
Merge pull request #766 from HackCommander/fix-broken-link-bypass-httponly-php-info
Fixed broken link in the section on to bypass HttpOnly flag during XSS exploitation.
2023-12-25 01:31:57 +01:00
CPol
f625f2b554
GITBOOK-4209: change request with no subject merged in GitBook 2023-12-24 19:15:37 +00:00
Carlos Polop
fe632e89bf
Merge pull request #762 from arall/patch-1
Update lfi2rce-via-phpinfo.md
2023-12-24 20:10:19 +01:00
Carlos Polop
0791ffe016
Merge pull request #761 from nxenon/master
add gRPC-Web Pentesting Methodology
2023-12-24 19:56:24 +01:00
Carlos Polop
2b9a7d1f69
Merge pull request #753 from NaxnN/patch-8
fix typo in deserialization/readme.md
2023-12-21 13:36:36 +01:00
HackCommander
e1246c8206 Fixed broken link in the section on to bypass HttpOnly flag during XSS exploitation. 2023-12-20 23:26:45 +01:00
Arall
ac10681235
Update lfi2rce-via-phpinfo.md
Fix a 404 on the phpInfoLFI.py exploit link
2023-12-19 18:18:56 +01:00
M Amin Nasiri
c8a6851ba2 add gRPC-Web Pentesting Methodology 2023-12-19 13:07:27 +04:00
CPol
20b5224810
GITBOOK-4192: change request with no subject merged in GitBook 2023-12-16 13:28:14 +00:00
CPol
ef14d419ab
GITBOOK-4185: change request with no subject merged in GitBook 2023-12-11 10:10:20 +00:00
Christopher Pritchard
4b445305da
Update nosql-injection.md with fixed brute force script
Fixed login brute force script so it doesn't just find one username per starting letter - this royally boned me and I don't want anyone else to feel the pain.
2023-12-08 20:56:03 +13:00
KeoOp
1291831b76
fix typo in deserialization/readme.md 2023-12-07 13:41:51 +09:00