From e6f549f96e2894b6117c3d8e5348ee0193942546 Mon Sep 17 00:00:00 2001 From: HAHWUL Date: Wed, 20 Oct 2021 09:07:29 +0900 Subject: [PATCH 1/2] Add ZAP FileUpload AddOn to Tools --- Upload Insecure Files/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Upload Insecure Files/README.md b/Upload Insecure Files/README.md index 2e692e7..8275bdb 100644 --- a/Upload Insecure Files/README.md +++ b/Upload Insecure Files/README.md @@ -19,6 +19,7 @@ Uploaded files may pose a significant risk if not handled correctly. A remote at ## Tools - [Fuxploider](https://github.com/almandin/fuxploider) - [Burp> Upload Scanner](https://portswigger.net/bappstore/b2244cbb6953442cb3c82fa0a0d908fa) +- [ZAP> FileUpload AddOn](https://www.zaproxy.org/blog/2021-08-20-zap-fileupload-addon/) ## Exploits From b3442dd8b5245ccdf9ea40bdc01ad8973931638d Mon Sep 17 00:00:00 2001 From: HAHWUL Date: Sun, 1 May 2022 00:47:18 +0900 Subject: [PATCH 2/2] Add ZAP Addon in Tools --- SAML Injection/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SAML Injection/README.md b/SAML Injection/README.md index 2ba8dae..2b2b786 100644 --- a/SAML Injection/README.md +++ b/SAML Injection/README.md @@ -16,7 +16,7 @@ ## Tools - [SAML Raider - Burp Extension](https://github.com/SAMLRaider/SAMLRaider) - +- [SAML Support - ZAP Addon](https://www.zaproxy.org/docs/desktop/addons/saml-support/) ## Authentication Bypass @@ -197,4 +197,4 @@ Picture from [http://sso-attacks.org/XSLT_Attack](http://sso-attacks.org/XSLT_At - [Attacking SSO: Common SAML Vulnerabilities and Ways to Find Them - March 7th, 2017 - Jem Jensen](https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/) - [How to Hunt Bugs in SAML; a Methodology - Part I - @epi052](https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/) - [How to Hunt Bugs in SAML; a Methodology - Part II - @epi052](https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/) -- [How to Hunt Bugs in SAML; a Methodology - Part III - @epi052](https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/) \ No newline at end of file +- [How to Hunt Bugs in SAML; a Methodology - Part III - @epi052](https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/)