Fix name - Part 1

This commit is contained in:
Swissky 2019-03-07 00:07:14 +01:00
parent ee334f981e
commit 21d1fe7eee
328 changed files with 199 additions and 1 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 27 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 68 KiB

View File

@ -0,0 +1,33 @@
# Vulnerability Title
> Vulnerability description - reference
Tools:
- [Tool name - description](https://example.com)
## Summary
* [Something](#something)
* [Something](#something)
* [Subentry 1](#sub1)
* [Subentry 2](#sub2)
## Something
Quick explanation
```powershell
Exploit
```
Abhay Bhargav
https://twitter.com/abhaybhargav/status/1080034019230842880
@abhaybhargav
1 janv.
Protip: When bughunting a #AWS #Lambda function, remember that the metadata objects are env-vars. Escalate privs after RCE with envvars. In this screenshot have a function that's vulnerable to a deserialization vuln (RCE) through which I have dumped the envvars with secrets
## References
- [Blog title - Author, Date](https://example.com)

Binary file not shown.

View File

@ -0,0 +1,35 @@
# Vulnerability Title
> Vulnerability description - reference
Tools:
- [Tool name - description](https://example.com)
## Summary
* [Something](#something)
* [Something](#something)
* [Subentry 1](#sub1)
* [Subentry 2](#sub2)
## Something
Quick explanation
```powershell
Exploit
```
## References
- [OneLogin authentication bypass on WordPress sites via XMLRPC in Uber](https://hackerone.com/reports/138869) by Jouko Pynnönen (jouko)
- [2FA PayPal Bypass](https://henryhoggard.co.uk/blog/Paypal-2FA-Bypass) by henryhoggard
- [SAML Bug in Github worth 15000](http://www.economyofmechanism.com/github-saml.html)
- [Authentication bypass on Airbnb via OAuth tokens theft](https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/)
- [Uber Login CSRF + Open Redirect -> Account Takeover at Uber](http://ngailong.com/uber-login-csrf-open-redirect-account-takeover/)
- [Administrative Panel Access](http://c0rni3sm.blogspot.hk/2017/08/accidentally-typo-to-bypass.html?m=1) by c0rni3sm
- [Uber Bug Bounty: Gaining Access To An Internal Chat System](http://blog.mish.re/index.php/2017/09/06/uber-bug-bounty-gaining-access-to-an-internal-chat-system/) by mishre
- [Flickr Oauth Misconfiguration](https://mishresec.wordpress.com/2017/10/12/yahoo-bug-bounty-exploiting-oauth-misconfiguration-to-takeover-flickr-accounts/) by mishre
- [Slack SAML authentication bypass](http://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html) by Antonio Sanso
- [Shopify admin authentication bypass using partners.shopify.com](https://hackerone.com/reports/270981) by uzsunny

View File

@ -0,0 +1,38 @@
# Vulnerability Title
> Vulnerability description - reference
Tools:
- [Tool name - description](https://example.com)
## Summary
* [Something](#something)
* [Something](#something)
* [Subentry 1](#sub1)
* [Subentry 2](#sub2)
## Something
Quick explanation
```powershell
Exploit
```
## References
- [Web Authentication Endpoint Credentials Brute-Force Vulnerability](https://hackerone.com/reports/127844) by Arne Swinnen
- [InstaBrute: Two Ways to Brute-force Instagram Account Credentials](https://www.arneswinnen.net/2016/05/instabrute-two-ways-to-brute-force-instagram-account-credentials/) by Arne Swinnen
- [How I Could Compromise 4% (Locked) Instagram Accounts](https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/) by Arne Swinnen
- [Possibility to brute force invite codes in riders.uber.com](https://hackerone.com/reports/125505) by r0t
- [Brute-Forcing invite codes in partners.uber.com](https://hackerone.com/reports/144616) by Efkan Gökbaş (mefkan)
- [How I could have hacked all Facebook accounts](http://www.anandpraka.sh/2016/03/how-i-could-have-hacked-your-facebook.html) by Anand Prakash
- [Facebook Account Take Over by using SMS verification code, not accessible by now, may get update from author later](http://arunsureshkumar.me/index.php/2016/04/24/facebook-account-take-over/) by Arun Sureshkumar
- [SQL injection in Wordpress Plugin Huge IT Video Gallery in Uber](https://hackerone.com/reports/125932) by glc
- [SQL Injection on sctrack.email.uber.com.cn](https://hackerone.com/reports/150156) by Orange Tsai
- [Yahoo Root Access SQL Injection tw.yahoo.com](http://buer.haus/2015/01/15/yahoo-root-access-sql-injection-tw-yahoo-com/) by Brett Buerhaus
- [Multiple vulnerabilities in a WordPress plugin at drive.uber.com](https://hackerone.com/reports/135288) by Abood Nour (syndr0me)
- [GitHub Enterprise SQL Injection](http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html) by Orange
- [Yahoo SQL Injection to Remote Code Exection to Root Privilege](http://www.sec-down.com/wordpress/?p=494) by Ebrahim Hegazy

View File

@ -0,0 +1,29 @@
# Vulnerability Title
> Vulnerability description - reference
Tools:
- [Tool name - description](https://example.com)
## Summary
* [Something](#something)
* [Something](#something)
* [Subentry 1](#sub1)
* [Subentry 2](#sub2)
## Something
Quick explanation
```powershell
Exploit
```
## References
- [How I Could Steal Money from Instagram, Google and Microsoft](https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/) by Arne Swinnen
- [How I could have removed all your Facebook notes](http://www.anandpraka.sh/2015/12/summary-this-blog-post-is-about.html)
- [Facebook - bypass ads account's roles vulnerability 2015](http://blog.darabi.me/2015/03/facebook-bypass-ads-account-roles.html) by POUYA DARABI
- [Uber Ride for Free](http://www.anandpraka.sh/2017/03/how-anyone-could-have-used-uber-to-ride.html) by anand praka

View File

@ -0,0 +1,28 @@
# Vulnerability Title
> Vulnerability description - reference
Tools:
- [Tool name - description](https://example.com)
## Summary
* [Something](#something)
* [Something](#something)
* [Subentry 1](#sub1)
* [Subentry 2](#sub2)
## Something
Quick explanation
```powershell
Exploit
```
## References
- [Race conditions on Facebook, DigitalOcean and others (fixed)](http://josipfranjkovic.blogspot.hk/2015/04/race-conditions-on-facebook.html) by Josip Franjković
- [Race Conditions in Popular reports feature in HackerOne](https://hackerone.com/reports/146845) by Fábio Pires (shmoo)
- [Hacking Starbuck for unlimited money](https://sakurity.com/blog/2015/05/21/starbucks.html) by Egor Homakov

9
FIX_BuildPDF/build.sh Normal file
View File

@ -0,0 +1,9 @@
# GitPrint from Payload
find . -name "*.md" | sed "s/\.\///g" | sort | xargs -I{} wget --content-disposition "https://gitprint.com/swisskyrepo/PayloadsAllTheThings/blob/master/"{}"?download"
pdfjoin *.pdf
# NOTE :
# check for 502 errors from gitprint
# XSS and Mimikatz don't work with Gitprint ;.

View File

Before

Width:  |  Height:  |  Size: 393 KiB

After

Width:  |  Height:  |  Size: 393 KiB

Some files were not shown because too many files have changed in this diff Show More