mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Challenges added for CRLF, Command Injection, File Inclusion
This commit is contained in:
parent
0a5ecc407c
commit
118924f291
@ -11,7 +11,7 @@
|
|||||||
* [Add a cookie](#add-a-cookie)
|
* [Add a cookie](#add-a-cookie)
|
||||||
* [Add a cookie - XSS Bypass](#add-a-cookie---xss-bypass)
|
* [Add a cookie - XSS Bypass](#add-a-cookie---xss-bypass)
|
||||||
* [Write HTML](#write-html)
|
* [Write HTML](#write-html)
|
||||||
* [Filter Bypass](#filter-bypass)
|
* [Filter Bypass](#filter-bypass)
|
||||||
* [Labs](#labs)
|
* [Labs](#labs)
|
||||||
* [References](#references)
|
* [References](#references)
|
||||||
|
|
||||||
@ -97,7 +97,7 @@ Content-Length: 34
|
|||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## Filter Bypass
|
### Filter Bypass
|
||||||
|
|
||||||
Using UTF-8 encoding
|
Using UTF-8 encoding
|
||||||
|
|
||||||
@ -116,6 +116,7 @@ Remainder:
|
|||||||
## Labs
|
## Labs
|
||||||
|
|
||||||
* [PortSwigger - HTTP/2 request splitting via CRLF injection](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-splitting-via-crlf-injection)
|
* [PortSwigger - HTTP/2 request splitting via CRLF injection](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-splitting-via-crlf-injection)
|
||||||
|
* [Root Me - CRLF](https://www.root-me.org/en/Challenges/Web-Server/CRLF)
|
||||||
|
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
@ -423,7 +423,10 @@ In Unix-like command-line interfaces, the `--` symbol is used to signify the end
|
|||||||
* [PortSwigger - Blind OS command injection with output redirection](https://portswigger.net/web-security/os-command-injection/lab-blind-output-redirection)
|
* [PortSwigger - Blind OS command injection with output redirection](https://portswigger.net/web-security/os-command-injection/lab-blind-output-redirection)
|
||||||
* [PortSwigger - Blind OS command injection with out-of-band interaction](https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band)
|
* [PortSwigger - Blind OS command injection with out-of-band interaction](https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band)
|
||||||
* [PortSwigger - Blind OS command injection with out-of-band data exfiltration](https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band-data-exfiltration)
|
* [PortSwigger - Blind OS command injection with out-of-band data exfiltration](https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band-data-exfiltration)
|
||||||
|
* [Root Me - PHP - Command injection](https://www.root-me.org/en/Challenges/Web-Server/PHP-Command-injection)
|
||||||
|
* [Root Me - Command injection - Filter bypass](https://www.root-me.org/en/Challenges/Web-Server/Command-injection-Filter-bypass)
|
||||||
|
* [Root Me - PHP - assert()](https://www.root-me.org/en/Challenges/Web-Server/PHP-assert)
|
||||||
|
* [Root Me - PHP - preg_replace()](https://www.root-me.org/en/Challenges/Web-Server/PHP-preg_replace)
|
||||||
|
|
||||||
### Challenge
|
### Challenge
|
||||||
|
|
||||||
|
@ -41,6 +41,7 @@
|
|||||||
- [LFI to RCE via PHP sessions](#lfi-to-rce-via-php-sessions)
|
- [LFI to RCE via PHP sessions](#lfi-to-rce-via-php-sessions)
|
||||||
- [LFI to RCE via PHP PEARCMD](#lfi-to-rce-via-php-pearcmd)
|
- [LFI to RCE via PHP PEARCMD](#lfi-to-rce-via-php-pearcmd)
|
||||||
- [LFI to RCE via credentials files](#lfi-to-rce-via-credentials-files)
|
- [LFI to RCE via credentials files](#lfi-to-rce-via-credentials-files)
|
||||||
|
- [Labs](#labs)
|
||||||
- [References](#references)
|
- [References](#references)
|
||||||
|
|
||||||
|
|
||||||
@ -661,6 +662,14 @@ Another way to gain SSH access to a Linux machine through LFI is by reading the
|
|||||||
If SSH is active check which user is being used `/proc/self/status` and `/etc/passwd` and try to access `/<HOME>/.ssh/id_rsa`.
|
If SSH is active check which user is being used `/proc/self/status` and `/etc/passwd` and try to access `/<HOME>/.ssh/id_rsa`.
|
||||||
|
|
||||||
|
|
||||||
|
## Labs
|
||||||
|
|
||||||
|
* [Root Me - Local File Inclusion](https://www.root-me.org/en/Challenges/Web-Server/Local-File-Inclusion)
|
||||||
|
* [Root Me - Local File Inclusion - Double encoding](https://www.root-me.org/en/Challenges/Web-Server/Local-File-Inclusion-Double-encoding)
|
||||||
|
* [Root Me - Remote File Inclusion](https://www.root-me.org/en/Challenges/Web-Server/Remote-File-Inclusion)
|
||||||
|
* [Root Me - PHP - Filters](https://www.root-me.org/en/Challenges/Web-Server/PHP-Filters)
|
||||||
|
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
* [Baby^H Master PHP 2017 - Orange Tsai (@orangetw) - Dec 5, 2021](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017)
|
* [Baby^H Master PHP 2017 - Orange Tsai (@orangetw) - Dec 5, 2021](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017)
|
||||||
|
@ -22,8 +22,8 @@
|
|||||||
- [JSON list based batching](#json-list-based-batching)
|
- [JSON list based batching](#json-list-based-batching)
|
||||||
- [Query name based batching](#query-name-based-batching)
|
- [Query name based batching](#query-name-based-batching)
|
||||||
- [Injections](#injections)
|
- [Injections](#injections)
|
||||||
- [NOSQL injection](#nosql-injection)
|
- [NOSQL injection](#nosql-injection)
|
||||||
- [SQL injection](#sql-injection)
|
- [SQL injection](#sql-injection)
|
||||||
- [Labs](#labs)
|
- [Labs](#labs)
|
||||||
- [References](#references)
|
- [References](#references)
|
||||||
|
|
||||||
|
@ -144,7 +144,8 @@ The exploitation phase is the following:
|
|||||||
|
|
||||||
## Labs
|
## Labs
|
||||||
|
|
||||||
* [Root Me - PHP - type juggling](https://www.root-me.org/en/Challenges/Web-Server/PHP-type-juggling)
|
* [Root Me - PHP - Type Juggling](https://www.root-me.org/en/Challenges/Web-Server/PHP-type-juggling)
|
||||||
|
* [Root Me - PHP - Loose Comparison](https://www.root-me.org/en/Challenges/Web-Server/PHP-Loose-Comparison)
|
||||||
|
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
Loading…
Reference in New Issue
Block a user