Swissky
|
8061cdd856
|
Merge pull request #92 from Techbrunch/patch-2
Add XXE payload inside SVG
|
2019-09-18 08:12:37 +02:00 |
|
Techbrunch
|
8822199f65
|
Add XXE payload inside SVG
Source: https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload
|
2019-09-17 16:23:14 +02:00 |
|
Swissky
|
a0917241ad
|
Pebble - Server Side Template Injection
|
2019-09-17 15:43:13 +02:00 |
|
Swissky
|
e6f94af721
|
Update FUNDING.yml with buymeacoffee
|
2019-09-13 17:49:47 +02:00 |
|
Swissky
|
742e3204d3
|
SharpPersist - Windows Persistence
|
2019-09-13 17:38:23 +02:00 |
|
Swissky
|
5455c30ec7
|
Juicy Potato + XXE update
|
2019-09-08 19:44:51 +02:00 |
|
Swissky
|
2b1900e046
|
PrivEsc - sudoers + Upload PHP
|
2019-09-02 12:36:40 +02:00 |
|
Swissky
|
3ca07aeb7a
|
Docker Privesc - Unix socket
|
2019-08-30 17:25:07 +02:00 |
|
Swissky
|
2a4c4f46b2
|
Merge pull request #88 from ricardojba/patch-1
Add Host/Split Unicode Normalization
|
2019-08-30 10:03:46 +02:00 |
|
Ricardo
|
0625e2aebf
|
Add Host/Split Unicode Normalization
Add Host/Split Exploitable Antipatterns in Unicode Normalization BH 2019 for filter bypass
|
2019-08-30 08:57:22 +01:00 |
|
Swissky
|
c6824e7aa9
|
Merge pull request #86 from JLLeitschuh/patch-1
Add XSS dot filter bypass with decimal IP
|
2019-08-29 20:12:51 +02:00 |
|
Swissky
|
da3bdc5f61
|
Merge pull request #87 from noraj/patch-1
add missing backtick
|
2019-08-29 10:31:47 +02:00 |
|
Alexandre ZANNI
|
72c54b5c1b
|
add missing backtick
|
2019-08-29 09:49:09 +02:00 |
|
Swissky
|
bb305d0183
|
Network Discovery - Masscan update
|
2019-08-29 01:08:26 +02:00 |
|
Jonathan Leitschuh
|
7b6c8d46aa
|
Add dot filter bypass with decimal IP
|
2019-08-28 13:56:55 -04:00 |
|
Swissky
|
6c161f26b2
|
JWT None alternative + MS15-051
|
2019-08-22 23:03:48 +02:00 |
|
Swissky
|
e0220d1f17
|
Merge pull request #85 from TH3xACE/patch-1
Update Linux - Privilege Escalation.md
|
2019-08-19 08:11:50 +02:00 |
|
David B
|
3fd0791c2a
|
Update Linux - Privilege Escalation.md
Adding a tool that helps with privilege escalation on linux through SUDO.
|
2019-08-19 00:55:30 +02:00 |
|
Swissky
|
8dffb59ac5
|
Pspy + Silver Ticket + MSSQL connect
|
2019-08-18 22:24:48 +02:00 |
|
Swissky
|
4a176615fe
|
CORS Misconfiguration
|
2019-08-18 12:08:51 +02:00 |
|
Swissky
|
b6697d8595
|
SSRF SVG + Windows Token getsystem
|
2019-08-15 18:21:06 +02:00 |
|
Swissky
|
9a8b2fee8e
|
Merge pull request #83 from noraj/patch-3
add XXE ftp tool
|
2019-08-06 18:06:38 +02:00 |
|
Alexandre ZANNI
|
66c9d945b7
|
Update README.md
|
2019-08-06 17:28:47 +02:00 |
|
Swissky
|
bd449e9cea
|
XSS PostMessage
|
2019-08-03 23:22:14 +02:00 |
|
Swissky
|
9b96c7692f
|
XSS onpointer*
|
2019-08-01 14:39:15 +02:00 |
|
Swissky
|
a331d87ffe
|
Better sponsoring method
|
2019-07-27 13:13:10 +02:00 |
|
Swissky
|
6baa446144
|
Directory Traversal CVE 2018 Spring
|
2019-07-27 13:02:16 +02:00 |
|
Swissky
|
98124178db
|
EoP - Juicy Potato
|
2019-07-26 15:29:34 +02:00 |
|
Swissky
|
657823a353
|
PTH Mitigation + Linux Smart Enumeration
|
2019-07-26 14:24:58 +02:00 |
|
Swissky
|
f6c0f226af
|
PXE boot attack
|
2019-07-25 14:08:32 +02:00 |
|
Swissky
|
859695e2be
|
Update PrivExchange based on chryzsh blog post
|
2019-07-24 14:10:58 +02:00 |
|
Swissky
|
a14b3af934
|
Active Directory - Resource Based Constrained Delegation
|
2019-07-22 21:45:50 +02:00 |
|
Swissky
|
0b9d76eb8e
|
HQL references
|
2019-07-19 19:34:23 +02:00 |
|
Swissky
|
45af613fd9
|
Active Directory - Unconstrained delegation
|
2019-07-17 23:17:35 +02:00 |
|
Swissky
|
3cce80cd53
|
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
|
2019-07-14 14:24:00 +02:00 |
|
Swissky
|
382bd9acec
|
Type Juggling - Another SHA 256
|
2019-07-14 14:23:20 +02:00 |
|
Swissky
|
ca331acba8
|
Merge pull request #79 from LewisArdern/patch-1
adding reference to blog
|
2019-07-13 00:11:10 +02:00 |
|
Lewis
|
dab064a583
|
adding reference to blog
|
2019-07-12 12:49:02 -07:00 |
|
Swissky
|
504caa3b50
|
SSTI by calling Popen without guessing the offset
|
2019-07-10 21:31:44 +02:00 |
|
Swissky
|
bdef021a6d
|
Magic Hashes SHA224 and SHA256
|
2019-07-10 21:26:24 +02:00 |
|
Swissky
|
05054af343
|
JWT RS256 to HS256 using pubkey to generate a signature
|
2019-07-10 20:58:50 +02:00 |
|
Swissky
|
6cecb8fa7a
|
GraphQL - Projection + Edges/Nodes
|
2019-07-05 21:34:04 +02:00 |
|
Swissky
|
f6564869f0
|
Fix typo in PHP Object injection
|
2019-07-05 18:42:42 +02:00 |
|
Swissky
|
13ba72f124
|
GraphQL + RDP Bruteforce + PostgreSQL RCE
|
2019-07-01 23:29:29 +02:00 |
|
Swissky
|
46780de750
|
PostgreSQL rewrite + LFI SSH
|
2019-06-29 19:23:34 +02:00 |
|
Swissky
|
144b3827ab
|
MS14-068 + /etc/security/opasswd
|
2019-06-29 17:55:13 +02:00 |
|
Swissky
|
3b85f1b6fc
|
UTF-8 encoding for File Inclusion
|
2019-06-29 11:20:17 +02:00 |
|
Swissky
|
b148a9c906
|
Merge pull request #76 from ElonSalfati/master
Added 2 working sql injection lines
|
2019-06-28 17:30:12 +02:00 |
|
Elon Salfati
|
a4411ae086
|
Added 2 working sql injection lines
|
2019-06-28 18:16:45 +03:00 |
|
Swissky
|
7dda79bfc1
|
ImageMagik Ghost Script + Typo git summary
|
2019-06-26 00:07:06 +02:00 |
|