Normalize Titles

This commit is contained in:
Swissky 2022-10-12 12:13:55 +02:00
parent d88e32aaae
commit 6dd5c18b45
18 changed files with 31 additions and 21 deletions

View File

@ -1,8 +1,8 @@
# CRLF # Carriage Return Line Feed
>The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in todays popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line. > The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in todays popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line.
>A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL. > A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
## Summary ## Summary

View File

@ -1,4 +1,4 @@
# CSV Injection (Formula Injection) # CSV Injection
Many web applications allow the user to download content such as templates for invoices or user settings to a CSV file. Many users choose to open the CSV file in either Excel, Libre Office or Open Office. When a web application does not properly validate the contents of the CSV file, it could lead to contents of a cell or many cells being executed. Many web applications allow the user to download content such as templates for invoices or user settings to a CSV file. Many users choose to open the CSV file in either Excel, Libre Office or Open Office. When a web application does not properly validate the contents of the CSV file, it could lead to contents of a cell or many cells being executed.

View File

@ -3,6 +3,10 @@
## Tools ## Tools
- [Trickest CVE Repository - Automated collection of CVEs and PoC's](https://github.com/trickest/cve) - [Trickest CVE Repository - Automated collection of CVEs and PoC's](https://github.com/trickest/cve)
- [Nuclei Templates - Community curated list of templates for the nuclei engine to find security vulnerabilities in applications](https://github.com/projectdiscovery/nuclei-templates)
- [Metasploit Framework](https://github.com/rapid7/metasploit-framework)
- [CVE Details - The ultimate security vulnerability datasource](https://www.cvedetails.com)
## Big CVEs in the last 5 years. ## Big CVEs in the last 5 years.

View File

@ -1,4 +1,4 @@
# Directory traversal # Directory Traversal
> A directory or path traversal consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs. > A directory or path traversal consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.

View File

@ -1,4 +1,4 @@
# GraphQL injection # GraphQL Injection
> GraphQL is a query language for APIs and a runtime for fulfilling those queries with existing data. A GraphQL service is created by defining types and fields on those types, then providing functions for each field on each type > GraphQL is a query language for APIs and a runtime for fulfilling those queries with existing data. A GraphQL service is created by defining types and fields on those types, then providing functions for each field on each type

View File

@ -1,4 +1,4 @@
# Node # Node Deserialization
## Summary ## Summary

View File

@ -1,4 +1,4 @@
# PHP Object injection # PHP Deserialization
PHP Object Injection is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context. The vulnerability occurs when user-supplied input is not properly sanitized before being passed to the unserialize() PHP function. Since PHP allows object serialization, attackers could pass ad-hoc serialized strings to a vulnerable unserialize() call, resulting in an arbitrary PHP object(s) injection into the application scope. PHP Object Injection is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context. The vulnerability occurs when user-supplied input is not properly sanitized before being passed to the unserialize() PHP function. Since PHP allows object serialization, attackers could pass ad-hoc serialized strings to a vulnerable unserialize() call, resulting in an arbitrary PHP object(s) injection into the application scope.

View File

@ -1,4 +1,4 @@
# Insecure management interface # Insecure Management Interface
## Springboot-Actuator ## Springboot-Actuator

View File

@ -1,4 +1,4 @@
# Insecure source code management # Insecure Source Code Management
* [Git](#git) * [Git](#git)
+ [Example](#example) + [Example](#example)

View File

@ -1,4 +1,4 @@
# LDAP injection # LDAP Injection
> LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements using a local proxy. > LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements using a local proxy.

View File

@ -1,4 +1,4 @@
# NoSQL injection # NoSQL Injection
> NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren't using the traditional SQL syntax. > NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren't using the traditional SQL syntax.

View File

@ -1,4 +1,4 @@
# OAuth # OAuth Misconfiguration
## Summary ## Summary

View File

@ -1,4 +1,4 @@
# SQL injection # SQL Injection
> A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. > A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.

View File

@ -1,4 +1,4 @@
# Templates Injections # Server Side Template Injection
> Template injection allows an attacker to include template code into an existing (or not) template. A template engine makes designing HTML pages easier by using static template files which at runtime replaces variables/placeholders with actual values in the HTML pages > Template injection allows an attacker to include template code into an existing (or not) template. A template engine makes designing HTML pages easier by using static template files which at runtime replaces variables/placeholders with actual values in the HTML pages

View File

@ -1,4 +1,4 @@
# Upload # Upload Insecure Files
> Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code. > Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code.

View File

@ -1,4 +1,4 @@
# Web Cache Deception Attack # Web Cache Deception
## Tools ## Tools

View File

@ -1,17 +1,23 @@
# Web Sockets Attacks # Web Sockets
> The WebSocket protocol allows a bidirectional and full-duplex communication between a client and a server > The WebSocket protocol allows a bidirectional and full-duplex communication between a client and a server
## Summary ## Summary
* [Tools](#tools) * [Tools](#tools)
* [Using ws-harness.py](#using-ws-harness-py) * [Exploit](#exploit)
* [Using ws-harness.py](#using-ws-harness-py)
* [Cross-Site WebSocket Hijacking (CSWSH)](#cross-site-websocket-hijacking-cswsh)
* [Labs](#labs)
* [References](#references)
## Tools ## Tools
* [ws-harness.py](https://gist.githubusercontent.com/mfowl/ae5bc17f986d4fcc2023738127b06138/raw/e8e82467ade45998d46cef355fd9b57182c3e269/ws.harness.py) * [ws-harness.py](https://gist.githubusercontent.com/mfowl/ae5bc17f986d4fcc2023738127b06138/raw/e8e82467ade45998d46cef355fd9b57182c3e269/ws.harness.py)
## Using ws-harness.py ## Exploit
### Using ws-harness.py
Start ws-harness to listen on a web-socket, and specify a message template to send to the endpoint. Start ws-harness to listen on a web-socket, and specify a message template to send to the endpoint.

View File

@ -1,4 +1,4 @@
# XPATH injection # XPATH Injection
> XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. > XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents.