Commit Graph

1893 Commits

Author SHA1 Message Date
Swissky
5556f6ff79 MSI Installer - PrivEsc 2023-10-11 21:03:47 +02:00
Swissky
7f1823efbe Fix character matching for '>' and its URL entity encoding from @CaoZnZZ 2023-10-10 13:56:57 +02:00
Swissky
dd7525dc8f
Merge pull request #630 from mtausig/patch-2
Add documentation for PDF JS PoC
2023-10-10 12:57:44 +02:00
Swissky
a95f11b32e
Merge pull request #662 from Vunnm/master-1
Add JSON simple with form
2023-10-10 12:10:59 +02:00
Swissky
103f41898b
Merge pull request #663 from cfpadok/develop
feat: add cognito-scanner tool for AWS pentest
2023-10-09 23:19:43 +02:00
Swissky
12e56724f1
Merge pull request #678 from aadi1011/master
Added Clickjacking Technique
2023-10-09 21:11:54 +02:00
Swissky
19f138d4ad
Update README.md 2023-10-09 20:52:28 +02:00
Aadith Sukumar
a90cb7f2c7
Clickjacking Challenge 2023-10-09 11:38:37 +05:30
Aadith Sukumar
5115ac95e8
Improved References
Added Author names to references as requested in the CONTRIBUTING.md file.
2023-10-09 10:40:05 +05:30
Aadith Sukumar
2b54b5034f
Fixed Anchor in Summary 2023-10-09 09:42:20 +05:30
Aadith Sukumar
ce4affc79b
Update and rename Clickjacking.md to README.md 2023-10-09 09:40:28 +05:30
Aadith Sukumar
ad93bb5e22
Merge branch 'swisskyrepo:master' into master 2023-10-08 23:51:36 +05:30
Aadith Sukumar
bd42625b32
Create Clickjacking.md
Added a directory to discuss clickjacking attacks
2023-10-08 23:50:58 +05:30
Swissky
a71a793648
Merge pull request #676 from dahalsharad/add-wcd-exploit-description-and-image
added Web Cache Deception exploit, description and demonstrative image
2023-10-08 19:10:05 +02:00
sharad
37a4f8c977 added wcd exploit description and demonstrative image 2023-10-04 22:54:37 +05:45
Swissky
892c68e6e7 PEAR_Config example 2023-10-02 17:12:36 +02:00
Swissky
837f220264 LFI with pearcmd.php 2023-10-02 12:52:10 +02:00
Swissky
55edc9fc74 Fix MySQL duplicate cheatsheet 2023-10-01 12:45:12 +02:00
Swissky
d142587f28 Race Condition WIP + AD asreproast/kerberoasting 2023-10-01 12:42:20 +02:00
Swissky
a0475a2f45
Merge pull request #675 from nuts7/kerberoast-without-preauth
Add Kerberoasting w/o domain account
2023-09-30 18:51:19 +02:00
Swissky
485103e9bb IDOR Numeric, Hash, Wildcard and PRNG 2023-09-25 14:15:48 +02:00
Swissky
84569e18e4
Merge pull request #674 from eltociear/patch-1
Fix typo in README.md
2023-09-22 14:50:49 +02:00
nuts7
0cea24cfcb Add Kerberoasting w/o domain account
This commit add a Kerberoasting technique without domain account/credentials just a user without pre-authentication (AS_REP Roastable)
2023-09-22 13:38:28 +02:00
Ikko Eltociear Ashimine
2aaeac91f8
Fix typo in README.md
appropiate -> appropriate
2023-09-22 00:11:33 +09:00
Swissky
83f1af0af0 Command injection update 2023-09-21 13:09:57 +02:00
Swissky
e9fb4f100c Google Web Toolkit 2023-09-19 09:58:22 +02:00
Swissky
59640ba51a MYSQL Wide byte injection (GBK) 2023-09-14 10:53:37 +02:00
Swissky
64a6e3eb04
Merge pull request #672 from manesec/master
Add MYSQL Wide byte injection
2023-09-14 10:25:12 +02:00
Mane
811d71026f
Update MySQL Injection.md
fix typo
2023-09-13 08:33:03 -07:00
Mane
9574af9dd1
Update MySQL Injection.md
Add MYSQL Wide byte injection, it can test in Sqli-labs Less-32
2023-09-13 08:13:36 -07:00
Swissky
ed7c3a4e0c
Merge pull request #671 from Thy-GoD/patch-1
Add automatic shell upgrade via rustcat.
2023-09-09 10:50:33 +02:00
Thigh_GoD
c7549916b8
Update Reverse Shell Cheatsheet.md
Added small quality adjustment.
2023-09-09 03:51:35 +08:00
Thigh_GoD
cf9b9bf70c
Update Reverse Shell Cheatsheet.md
Added in automatic shell upgrade via rustcat.
2023-09-08 21:15:54 +08:00
Swissky
f9a2880ad5 Recover Public Key From Signed JWTs 2023-09-04 11:37:15 +02:00
Swissky
c030379871
Merge pull request #670 from superboy-zjc/master
Update Lodash SSTI
2023-09-03 17:30:52 +02:00
Swissky
a0c14e5299 SQL injections - WAF bypass 2023-09-03 14:26:03 +02:00
2h0ng
34da0e2708
Update Lodash SSTI
Update Lodash SSTI
2023-09-02 21:24:59 -04:00
Swissky
7752ff806f ASPNET Cookieless Bypass 2023-09-02 23:01:10 +02:00
Swissky
e879ca42a3
Merge pull request #668 from sethsec-bf/patch-1
Added CloudFox and CloudFoxable
2023-08-31 10:37:38 +02:00
Seth Art
339a51cd0d
Added CloudFox and CloudFoxable 2023-08-30 14:11:11 -04:00
Swissky
53ec79abd0 Initial Access Cheatsheet 2023-08-26 22:01:45 +02:00
Swissky
930044d7c1
Merge pull request #666 from dwisiswant0/feat/ssrf-add-tool
feat(SSRF): add tool
2023-08-26 12:50:56 +02:00
Swissky
9db39952e7
Merge pull request #667 from PakCyberbot/master-1
Update SQLite Injection.md
2023-08-26 12:50:06 +02:00
Pak Cyberbot
d5922f421c
Update SQLite Injection.md
Column names of the specified table can be more easily extracted in a better output.
Tested during the CTF
2023-08-25 15:24:52 +05:00
Dwi Siswanto
63379b9291
feat(SSRF): add tool 2023-08-25 16:34:45 +07:00
Swissky
b0dfcfd438 Hidden Parameters 2023-08-24 22:15:11 +02:00
Swissky
e2e2da74ce
Merge pull request #664 from ScriptSathi/master
feat: Add Rust reverse shell for unix
2023-08-22 18:04:31 +02:00
Tristan D'audibert
aea130a1ac Add Rust reverse shell for unix 2023-08-21 17:50:11 +02:00
cfgs
538a7b024b feat: add cognito-scanner tool for AWS pentest 2023-08-08 10:41:54 +02:00
Vunnm
273da9e1b5
Add JSON simple with form
Add JSON simple paylaod with autosubmit form. Using autosubmit form instead of AJax, allow to bypass some protection like the Standard Enhanced Tracking Protection in Firfefox, which will refuse to send cookie with  cross-site  Ajax request (tested with Firefox 115.0.2esr),.
2023-08-05 14:39:33 +02:00