From 0913e8c3bd3ea27e3f5ac3e3a274041d31a6eb80 Mon Sep 17 00:00:00 2001 From: tkmk <109408590@qq.com> Date: Tue, 19 Mar 2019 20:18:06 +0800 Subject: [PATCH] Fix changed urls --- CSRF Injection/README.md | 2 +- Insecure Deserialization/PHP.md | 2 +- SQL Injection/README.md | 12 ++++++------ Server Side Request Forgery/README.md | 4 ++-- Server Side Template Injection/README.md | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/CSRF Injection/README.md b/CSRF Injection/README.md index 6d3d56e..c6bc4f0 100644 --- a/CSRF Injection/README.md +++ b/CSRF Injection/README.md @@ -10,7 +10,7 @@ ## Methodology -![CSRF_cheatsheet](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CSRF%20injection/Images/CSRF-CheatSheet.png?raw=true) +![CSRF_cheatsheet](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CSRF%20Injection/Images/CSRF-CheatSheet.png?raw=true) ## Payloads diff --git a/Insecure Deserialization/PHP.md b/Insecure Deserialization/PHP.md index 883acf9..bd82447 100644 --- a/Insecure Deserialization/PHP.md +++ b/Insecure Deserialization/PHP.md @@ -8,7 +8,7 @@ The following magic methods will help you for a PHP Object injection * __destruct() when an object is deleted. * __toString() when an object is converted to a string. -Also you should check the `Wrapper Phar://` in [File Inclusion - Path Traversal](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal#wrapper-phar) which use a PHP object injection. +Also you should check the `Wrapper Phar://` in [File Inclusion](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion#wrapper-phar) which use a PHP object injection. ## __wakeup in the unserialize function diff --git a/SQL Injection/README.md b/SQL Injection/README.md index 5fe5773..842b136 100644 --- a/SQL Injection/README.md +++ b/SQL Injection/README.md @@ -10,12 +10,12 @@ Attempting to manipulate SQL queries may have goals including: ## Summary -* [CheatSheet MSSQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/MSSQL%20Injection.md) -* [CheatSheet MySQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/MySQL%20Injection.md) -* [CheatSheet OracleSQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/OracleSQL%20Injection.md) -* [CheatSheet PostgreSQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/PostgreSQL%20Injection.md) -* [CheatSheet SQLite Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/SQLite%20Injection.md) -* [CheatSheet Cassandra Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/Cassandra%20Injection.md) +* [CheatSheet MSSQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MSSQL%20Injection.md) +* [CheatSheet MySQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MySQL%20Injection.md) +* [CheatSheet OracleSQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/OracleSQL%20Injection.md) +* [CheatSheet PostgreSQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md) +* [CheatSheet SQLite Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/SQLite%20Injection.md) +* [CheatSheet Cassandra Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/Cassandra%20Injection.md) * [Entry point detection](#entry-point-detection) * [DBMS Identification](#dbms-identification) * [SQL injection using SQLmap](#sql-injection-using-sqlmap) diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md index a6fdb81..b48ff94 100644 --- a/Server Side Request Forgery/README.md +++ b/Server Side Request Forgery/README.md @@ -176,7 +176,7 @@ http://127.1.1.1:80:\@@127.2.2.2:80/ http://127.1.1.1:80#\@127.2.2.2:80/ ``` -![https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/Images/SSRF_Parser.png](https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/Images/WeakParser.jpg) +![https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/Images/SSRF_Parser.png](https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20Injection/Images/WeakParser.jpg) ## SSRF exploitation via URL Scheme @@ -198,7 +198,7 @@ ssrf.php?url=http://127.0.0.1:80 ssrf.php?url=http://127.0.0.1:443 ``` -![SSRF stream](https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20injection/Images/SSRF_stream.png) +![SSRF stream](https://github.com/swisskyrepo/PayloadsAllTheThings/raw/master/SSRF%20Injection/Images/SSRF_stream.png) The following URL scheme can be used to probe the network diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md index 7cd6d5b..fe292e9 100644 --- a/Server Side Template Injection/README.md +++ b/Server Side Template Injection/README.md @@ -49,7 +49,7 @@ python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment ## Methodology -![SSTI cheatsheet workflow](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20injections/Images/serverside.png?raw=true) +![SSTI cheatsheet workflow](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Images/serverside.png?raw=true) ## Ruby