Commit Graph

1500 Commits

Author SHA1 Message Date
Swissky
267713c0fb YAML Deserialization 2022-09-16 16:37:40 +02:00
Swissky
e677f07197
Merge pull request #539 from dhmosfunk/master
add a new tool for manually http request smuggling exploitation
2022-09-16 08:53:00 +02:00
Dhmos Funk
b4e7add674
add simple http smuggler generator for easiest manually exploitation 2022-09-16 02:30:57 +03:00
Dhmos Funk
d5aed653e8
Update README.md 2022-09-14 18:05:31 +03:00
Swissky
b8afbc8f92 Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2022-09-13 22:04:58 +02:00
Swissky
c7dd67986c Oracle SQL 2022-09-13 22:04:21 +02:00
Swissky
d32c48bad8
Merge pull request #538 from clem9669/master
XSS: Adding brutelogic polyglot
2022-09-13 15:03:34 +02:00
clem9669
88134256c8
Adding brutelogic polyglot
Adding brutelogic polyglot from blog post.
2022-09-13 11:58:10 +00:00
Swissky
0ca060c049
Merge pull request #537 from dhmosfunk/master
Update the Postgresql time based payloads for database,table,columns extract
2022-09-10 16:44:20 +02:00
Dhmos Funk
aa89a909d1
Update PostgreSQL Injection.md 2022-09-10 15:56:31 +03:00
Swissky
38fa931b84
Merge pull request #525 from mrThe/patch-1
Add boolean-error-based vector for the sqlite
2022-09-07 14:02:54 +02:00
Swissky
7663594118
Update SQLite Injection.md 2022-09-07 14:02:38 +02:00
Swissky
e11a37e6a2
Merge pull request #515 from vladko312/patch-1
Added a new SSTI tool
2022-09-07 14:01:09 +02:00
Swissky
d24e3f2d61
Merge pull request #497 from kz-cyber/xss/angular-xss-2
[update] Angular XSS payload
2022-09-07 00:34:29 +02:00
Swissky
b6e7210ee0
Merge pull request #501 from fantesykikachu/win-p3-revshell
Add Windows Python3 Reverse Shell
2022-09-06 23:23:50 +02:00
Swissky
86e8feca7c
Merge pull request #499 from p3n7a90n/NosqliPayloads
Added basic SSJI paylods
2022-09-06 23:17:12 +02:00
Swissky
26e9cb6dc1
Merge pull request #504 from MilyMilo/master
Add new ruby yaml gadget chain
2022-09-06 23:16:13 +02:00
Swissky
fb7f10eab8
Merge pull request #485 from ajdumanhug/master
SSRF: Don't encode entire IP
2022-09-06 23:15:20 +02:00
Swissky
8d609b1460
Update README.md 2022-09-06 23:15:12 +02:00
Swissky
84fa229a44
Merge pull request #463 from nismo-s13/master
Delete Parser & Curl < 7.54.png
2022-09-06 23:13:55 +02:00
Swissky
3e8ef29223
Merge pull request #536 from CravateRouge/patch-1
Update bloodyAD attacks
2022-09-06 19:32:21 +02:00
CravateRouge
dad7362da6
Update bloodyAD attacks 2022-09-06 19:13:34 +02:00
Swissky
191a72c57e Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2022-09-06 10:05:16 +02:00
Swissky
2be739ea4f Fixing TGS/ST 2022-09-06 10:03:49 +02:00
Swissky
bdc2d55dd9
Merge pull request #533 from 0xsyr0/patch-1
Quick fix for WSUS malicious patch
2022-09-04 20:54:17 +02:00
Swissky
9e2471a472 SCCM Network Account 2022-09-04 20:51:23 +02:00
Swissky
fae02107df Jetty RCE Credits 2022-09-04 14:24:16 +02:00
Swissky
4bc5f724b2 Moving learning resources into a specific folder 2022-09-03 16:17:23 +02:00
Swissky
811863501b ESC9 - No Security Extension 2022-09-03 12:07:24 +02:00
Swissky
b1c46228c2
Merge pull request #535 from Techbrunch/patch-11
Add Django Templates SSTI
2022-08-30 14:43:38 +02:00
Techbrunch
7850928d41
Add detection 2022-08-30 13:54:59 +02:00
Techbrunch
871b3bcaf2
Add Django Templates SSTI 2022-08-30 13:50:03 +02:00
0xsry0
343d63f79f
Quick fix for WSUS malicious patch
Not sure if it is deprecated but by tackling the box Outdated on HTB, the command didn't worked with two `&&`. To concatenate  `"net user WSUSDemo Password123! /add ` and `net localgroup administrators WSUSDemo /add\""`, the `^&` is required.
2022-08-24 09:10:55 +02:00
Swissky
fbd7517e04 LFI2RCE - Picture Compression - SOCKS5 CS 2022-08-21 16:38:54 +02:00
Swissky
e7af5aeb84
Merge pull request #532 from wlayzz/patch-2
Update java ssti
2022-08-19 16:25:00 +02:00
Wlayzz
961d935623
Update java ssti
fix little inattention
2022-08-19 16:22:39 +02:00
Swissky
b25f461b6e
Merge pull request #531 from wlayzz/patch-1
Update Java SSTI
2022-08-19 15:16:46 +02:00
Wlayzz
8d70f262ae
Update Java SSTI
Adding variable expressions alternative for java injection
2022-08-19 15:04:52 +02:00
Swissky
804920be62 Source Code Management 2022-08-18 10:43:01 +02:00
Swissky
abc78a6a67
Merge pull request #528 from denandz/patch-1
Add multipart/form-data CSRF technique
2022-08-17 14:24:34 +02:00
DoI
b3e6220da6
Add multipart/form-data CSRF technique 2022-08-17 09:29:05 +12:00
Swissky
6650c361e7 Capture a network trace with builtin tools 2022-08-15 15:02:29 +02:00
Swissky
55e05b4b17
Merge pull request #527 from natrajms/patch-2
Updating Reference section hyperlinks
2022-08-15 11:40:15 +02:00
Natraj Sangashetty
1bd82af11e
Updating Reference section hyperlinks 2022-08-15 11:15:33 +05:30
mr.The
f82efffbc7
Boolean error based* instead of just error based 2022-08-12 18:36:43 +03:00
mr.The
0d9a2354e5
Add error-based vector for the sqlite 2022-08-12 18:33:44 +03:00
Swissky
683167d4e9
Merge pull request #521 from mh4ckt3mh4ckt1c4s/ssti-detection
Add SSTI detection payload + related resource
2022-08-09 22:09:15 +02:00
Swissky
11271d9072 Jetty RCE 2022-08-09 22:06:55 +02:00
Swissky
fa849c00f2 Jetty RCE + Upload tricks 2022-08-09 22:05:45 +02:00
Swissky
919fee6320
Merge pull request #524 from its0x08/master
fix: Fix spelling
2022-08-09 14:05:19 +02:00