Challenges added for CRLF, Command Injection, File Inclusion

This commit is contained in:
Swissky 2024-11-12 19:01:34 +01:00
parent 0a5ecc407c
commit 118924f291
5 changed files with 20 additions and 6 deletions

View File

@ -11,7 +11,7 @@
* [Add a cookie](#add-a-cookie)
* [Add a cookie - XSS Bypass](#add-a-cookie---xss-bypass)
* [Write HTML](#write-html)
* [Filter Bypass](#filter-bypass)
* [Filter Bypass](#filter-bypass)
* [Labs](#labs)
* [References](#references)
@ -97,7 +97,7 @@ Content-Length: 34
```
## Filter Bypass
### Filter Bypass
Using UTF-8 encoding
@ -116,6 +116,7 @@ Remainder:
## Labs
* [PortSwigger - HTTP/2 request splitting via CRLF injection](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-splitting-via-crlf-injection)
* [Root Me - CRLF](https://www.root-me.org/en/Challenges/Web-Server/CRLF)
## References

View File

@ -423,7 +423,10 @@ In Unix-like command-line interfaces, the `--` symbol is used to signify the end
* [PortSwigger - Blind OS command injection with output redirection](https://portswigger.net/web-security/os-command-injection/lab-blind-output-redirection)
* [PortSwigger - Blind OS command injection with out-of-band interaction](https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band)
* [PortSwigger - Blind OS command injection with out-of-band data exfiltration](https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band-data-exfiltration)
* [Root Me - PHP - Command injection](https://www.root-me.org/en/Challenges/Web-Server/PHP-Command-injection)
* [Root Me - Command injection - Filter bypass](https://www.root-me.org/en/Challenges/Web-Server/Command-injection-Filter-bypass)
* [Root Me - PHP - assert()](https://www.root-me.org/en/Challenges/Web-Server/PHP-assert)
* [Root Me - PHP - preg_replace()](https://www.root-me.org/en/Challenges/Web-Server/PHP-preg_replace)
### Challenge

View File

@ -41,6 +41,7 @@
- [LFI to RCE via PHP sessions](#lfi-to-rce-via-php-sessions)
- [LFI to RCE via PHP PEARCMD](#lfi-to-rce-via-php-pearcmd)
- [LFI to RCE via credentials files](#lfi-to-rce-via-credentials-files)
- [Labs](#labs)
- [References](#references)
@ -661,6 +662,14 @@ Another way to gain SSH access to a Linux machine through LFI is by reading the
If SSH is active check which user is being used `/proc/self/status` and `/etc/passwd` and try to access `/<HOME>/.ssh/id_rsa`.
## Labs
* [Root Me - Local File Inclusion](https://www.root-me.org/en/Challenges/Web-Server/Local-File-Inclusion)
* [Root Me - Local File Inclusion - Double encoding](https://www.root-me.org/en/Challenges/Web-Server/Local-File-Inclusion-Double-encoding)
* [Root Me - Remote File Inclusion](https://www.root-me.org/en/Challenges/Web-Server/Remote-File-Inclusion)
* [Root Me - PHP - Filters](https://www.root-me.org/en/Challenges/Web-Server/PHP-Filters)
## References
* [Baby^H Master PHP 2017 - Orange Tsai (@orangetw) - Dec 5, 2021](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017)

View File

@ -144,7 +144,8 @@ The exploitation phase is the following:
## Labs
* [Root Me - PHP - type juggling](https://www.root-me.org/en/Challenges/Web-Server/PHP-type-juggling)
* [Root Me - PHP - Type Juggling](https://www.root-me.org/en/Challenges/Web-Server/PHP-type-juggling)
* [Root Me - PHP - Loose Comparison](https://www.root-me.org/en/Challenges/Web-Server/PHP-Loose-Comparison)
## References