Alexandre ZANNI
|
c7a292c19d
|
XSS using base64 encoded href data in a link
|
2019-01-10 18:24:43 +01:00 |
|
Swissky
|
ea0bddc18a
|
Windows RCE wildcard + XSS UI redressing
|
2019-01-08 20:49:05 +01:00 |
|
Swissky
|
2e3aef1a19
|
Shell IPv6 + Sandbox credential
|
2019-01-07 18:15:45 +01:00 |
|
Swissky
|
8b39647de6
|
AWS S3 and Open redirect rewritten
|
2018-12-29 13:05:29 +01:00 |
|
Swissky
|
67c644a300
|
Directory traversal / File inclusion rewritten
|
2018-12-28 00:27:15 +01:00 |
|
Swissky
|
e480c9358d
|
SQL wildcard '_' + CSV injection reverse shell
|
2018-12-26 01:02:17 +01:00 |
|
Swissky
|
bd97c0be86
|
README update + Typo fix in Active Directory
|
2018-12-25 20:41:43 +01:00 |
|
Swissky
|
d57d59eca7
|
NTLMv2 hash capturing, cracking, replaying
|
2018-12-25 20:35:39 +01:00 |
|
Swissky
|
d5478d1fd6
|
AWS Pacu and sections + Kerberoasting details
|
2018-12-25 19:38:37 +01:00 |
|
Swissky
|
82d4ff6c1d
|
References added based on @ngalongc bug-bounty-references
|
2018-12-25 16:10:15 +01:00 |
|
Swissky
|
b9efdb52d3
|
Linux - PrivEsc - First draft
|
2018-12-25 15:51:11 +01:00 |
|
Swissky
|
38c3bfbd9f
|
Windows Priv Esc - Unquoted Path, Password looting and Powershell version
|
2018-12-25 15:19:45 +01:00 |
|
Swissky
|
cdc3b5e080
|
XXE references + summary
|
2018-12-25 12:08:32 +01:00 |
|
Swissky
|
c25af52316
|
Blind XSS Angular JS
|
2018-12-24 15:09:43 +01:00 |
|
Swissky
|
a6475a19d9
|
Adding references sectio
|
2018-12-24 15:02:50 +01:00 |
|
Swissky
|
9c529535a5
|
CSRF - Fix image
|
2018-12-24 14:17:49 +01:00 |
|
Swissky
|
9c878f9b09
|
CSRF - First draft
|
2018-12-24 14:14:51 +01:00 |
|
Swissky
|
b4aff1a826
|
Architecture - Files/Intruder/Images and README + template
|
2018-12-23 00:45:45 +01:00 |
|
Swissky
|
e096d10a30
|
Merge pull request #34 from Fisjkars/master
Add Springboot actuator intruder
|
2018-12-18 14:03:22 +01:00 |
|
Maxime Escourbiac
|
b59e24312e
|
Update Springboot readme
|
2018-12-18 11:18:50 +01:00 |
|
Fisjkars
|
5b7a3a95d3
|
Add Springboot Actuator management interface
new file: Insecure management interface/README.md
new file: Insecure management interface/intruders/springboot_actuator.txt
|
2018-12-18 11:05:15 +01:00 |
|
Swissky
|
69c1d601fa
|
Kerberoasting + SQLmap write SSH key
|
2018-12-15 00:51:33 +01:00 |
|
Swissky
|
8403068681
|
Merge pull request #32 from Meatballs1/Meatballs1-patch-1
Busybox httpd.conf file upload payload
|
2018-12-14 10:25:04 +03:00 |
|
Meatballs1
|
20c6bb2299
|
Update httpd.conf
|
2018-12-14 00:03:50 +00:00 |
|
Meatballs1
|
1d6b34ace5
|
Create README.md
|
2018-12-14 00:02:58 +00:00 |
|
Meatballs1
|
f1fec1c952
|
Create shellymcshellface.sh
|
2018-12-13 23:58:24 +00:00 |
|
Meatballs1
|
1e4e04831b
|
Create httpd.conf
|
2018-12-13 23:56:10 +00:00 |
|
Swissky
|
68325c8b98
|
Insecure deserialization Python
|
2018-11-27 23:04:17 +01:00 |
|
Swissky
|
c8d7575ba3
|
Minor edit in deserialization PHP and type juggling
|
2018-11-26 23:35:43 +01:00 |
|
Swissky
|
521d61d956
|
Attacks details + Summary JWT + XXE adjustments
|
2018-11-26 00:25:06 +01:00 |
|
Swissky
|
928a454531
|
Blind XSS endpoint + SSRF Google + Nmap subdomains
|
2018-11-25 15:44:17 +01:00 |
|
Swissky
|
b34cff5a74
|
XXE in docx, pptx, .. : Open XML files
|
2018-11-24 15:50:43 +01:00 |
|
Swissky
|
1225a9a23d
|
Metasploit Cheatsheet
|
2018-11-24 15:32:44 +01:00 |
|
Swissky
|
565b40d177
|
reGeorg + Meterpreter socks + S3 trick name
|
2018-11-24 13:49:08 +01:00 |
|
Swissky
|
0309a2efbd
|
Merge pull request #30 from m-veljkovic/master
Update README.md
|
2018-11-19 14:01:44 +01:00 |
|
Milan Veljkovic
|
59d0020c86
|
Update README.md
|
2018-11-19 12:45:01 +01:00 |
|
Swissky
|
a0f8e846fa
|
Blind XSS - XSS Hunter, Sleepy Puppy etc
|
2018-11-18 15:37:01 +01:00 |
|
Swissky
|
fd99da6c06
|
Insecure source code - harvesting secrets
|
2018-11-18 14:12:05 +01:00 |
|
Swissky
|
5c1d025b03
|
README - CVE update
|
2018-11-18 13:40:47 +01:00 |
|
Swissky
|
7096b813ec
|
Insecure direct object references - IDOR
|
2018-11-17 17:08:46 +01:00 |
|
Swissky
|
182db99e13
|
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
|
2018-11-17 14:41:40 +01:00 |
|
Swissky
|
3522d9a674
|
Files JPEG -> JPG + Tag v2
|
2018-11-17 14:40:12 +01:00 |
|
Swissky
|
133518a78b
|
Merge pull request #28 from om3rcitak/patch-1
add new attack patterns from Daniel miessler
|
2018-11-16 13:49:35 +01:00 |
|
omer citak
|
081df9b24d
|
add new attack patterns from Daniel miessler
https://github.com/danielmiessler/SecLists/edit/master/Fuzzing/Polyglots/XSS-Polyglots.txt
new attack patterns: line 1, 2, 3.
|
2018-11-16 14:45:51 +03:00 |
|
Swissky
|
af9abc6592
|
More CVE - RCE : Jenkins, JBoss, WebLogic, WebSphere
|
2018-11-15 23:13:08 +01:00 |
|
Swissky
|
15fe34052b
|
Ruby Deserialization
|
2018-11-13 23:38:40 +01:00 |
|
Swissky
|
d181ff4e79
|
Deserialization - merging Java, PHP
|
2018-11-13 23:25:18 +01:00 |
|
Swissky
|
ddfdc51e68
|
Credit fix - WAF bypass
|
2018-11-09 12:43:30 +01:00 |
|
Swissky
|
1b2ee3e67a
|
Subdomain enumeration - New Aquatone (Go)
|
2018-11-05 13:45:52 +01:00 |
|
Swissky
|
6bcb43e39c
|
LDAP fix typo + LDAP attributes + LFI filter chaining
|
2018-11-02 13:50:56 +01:00 |
|