ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-21 11:56:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

plocate and Azure AD updates

Browse Source
This commit is contained in:
Swissky 2023-12-01 22:21:05 +01:00
parent bb71d4ad14
commit 57703ed7ed
2 changed files with 16 additions and 1229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Directory Traversal/README.md
View File

@ -160,6 +160,7 @@ url:http://127.0.0.1:8080
/run/secrets/kubernetes.io/serviceaccount/certificate /run/secrets/kubernetes.io/serviceaccount/certificate
/var/run/secrets/kubernetes.io/serviceaccount /var/run/secrets/kubernetes.io/serviceaccount
/var/lib/mlocate/mlocate.db /var/lib/mlocate/mlocate.db
/var/lib/plocate/plocate.db
/var/lib/mlocate.db /var/lib/mlocate.db
``` ```
@ -214,6 +215,8 @@ The following log files are controllable and can be included with an evil payloa
/var/log/sshd.log /var/log/sshd.log
/var/log/mail /var/log/mail
``` ```
## Labs ## Labs
* [File path traversal, simple case](https://portswigger.net/web-security/file-path-traversal/lab-simple) * [File path traversal, simple case](https://portswigger.net/web-security/file-path-traversal/lab-simple)
@ -223,6 +226,7 @@ The following log files are controllable and can be included with an evil payloa
* [File path traversal, validation of start of path](https://portswigger.net/web-security/file-path-traversal/lab-validate-start-of-path) * [File path traversal, validation of start of path](https://portswigger.net/web-security/file-path-traversal/lab-validate-start-of-path)
* [File path traversal, validation of file extension with null byte bypass](https://portswigger.net/web-security/file-path-traversal/lab-validate-file-extension-null-byte-bypass) * [File path traversal, validation of file extension with null byte bypass](https://portswigger.net/web-security/file-path-traversal/lab-validate-file-extension-null-byte-bypass)
## References ## References
* [Path Traversal Cheat Sheet: Windows](https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/) * [Path Traversal Cheat Sheet: Windows](https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/)
@ -231,3 +235,4 @@ The following log files are controllable and can be included with an evil payloa
* [NGINX may be protecting your applications from traversal attacks without you even knowing](https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d?source=friends_link&sk=e9ddbadd61576f941be97e111e953381) * [NGINX may be protecting your applications from traversal attacks without you even knowing](https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d?source=friends_link&sk=e9ddbadd61576f941be97e111e953381)
* [Directory traversal - Portswigger](https://portswigger.net/web-security/file-path-traversal) * [Directory traversal - Portswigger](https://portswigger.net/web-security/file-path-traversal)
* [Cookieless ASPNET - Soroush Dalili](https://twitter.com/irsdl/status/1640390106312835072) * [Cookieless ASPNET - Soroush Dalili](https://twitter.com/irsdl/status/1640390106312835072)
* [EP 057 | Proc filesystem tricks & locatedb abuse with @_remsio_ & @_bluesheet - TheLaluka - 30 nov. 2023](https://youtu.be/YlZGJ28By8U)

1238
Methodology and Resources/Cloud - Azure Pentest.md
View File

File diff suppressed because it is too large Load Diff