Commit Graph

1218 Commits

Author SHA1 Message Date
Swissky
a322dc2da9
Merge pull request #200 from denandz/master
Added Postgres SQLi information on xml helpers and file read/write
2020-05-05 15:14:39 +02:00
DoI
5aad5795d2 minor spelling fix 2020-05-05 15:15:50 +12:00
DoI
53db029d4e Added additional info to the Postgres SQLi page 2020-05-05 15:10:44 +12:00
Swissky
a4b987d46b
Merge pull request #198 from joker2a/patch-1
Update Linux - Privilege Escalation.md
2020-05-04 12:09:35 +02:00
joker2a
32b83da302
Update Linux - Privilege Escalation.md
Add new privesc for (Centos/Redhat)
Writable /etc/sysconfig/network-scripts/
2020-05-04 11:44:24 +02:00
Swissky
5c7e67b05d
Merge pull request #197 from guanicoe/patch-2
Update Windows - Privilege Escalation.md
2020-05-03 23:17:05 +02:00
guanicoe
1fc8b57c85
Update Windows - Privilege Escalation.md
added Get-Process to list processes
2020-05-03 21:11:01 +00:00
Swissky
5163ef902c XSS Google Scholar Payload + Skeleton Key Persistence 2020-05-03 16:28:17 +02:00
Swissky
e9b296adb3 DoyenSec Payloads XSS Google Scholar 2020-05-02 14:31:33 +02:00
Swissky
da5dc1299e MSSQL Trusted Link 2020-05-01 12:06:18 +02:00
Swissky
008cbcf9fc
Merge pull request #196 from idealphase/master
Adding Execute code using SSTI for ERB engine in SSTI vulnerability payload
2020-04-30 12:30:40 +02:00
idealphase
712e3b93f6
Sorting like basic injection part 2020-04-30 17:15:31 +07:00
idealphase
7f1fb32980
Adding Execute code using SSTI for ERB engine. 2020-04-30 17:13:58 +07:00
Swissky
04899355ad Magic Hashes + SQL fuzz 2020-04-26 21:43:42 +02:00
Swissky
879ead1558
Merge pull request #193 from pascalschulz/patch-1
added Hacksplained's YT channel
2020-04-23 13:27:27 +02:00
Pascal Schulz
bdf06d4183
added Hacksplained's YT channel 2020-04-23 13:11:51 +02:00
Swissky
02ec624732
Merge pull request #192 from thibaudrobin/master
Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process
2020-04-22 16:11:41 +02:00
Th1b4ud
7c8e9ac4ce Typo 2020-04-22 16:01:49 +02:00
Th1b4ud
14d03b96a1 Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process - Summary 2020-04-22 16:00:31 +02:00
Th1b4ud
2e507a2b2f Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process 2020-04-22 15:55:10 +02:00
Swissky
298da2d4e4
Merge pull request #191 from drakang4/patch-1
Fix typo
2020-04-22 09:59:31 +02:00
Heeryong Kang
c2b8018617
fix typo 2020-04-22 16:09:18 +09:00
Swissky
bf73393921
Merge pull request #188 from bohdansec/master
Update Cloudflare XSS bypasses
2020-04-21 23:57:06 +02:00
bohdansec
c4af354d8f
Update Cloudflare XSS bypasses
Add 3 bypasses by Bohdan Korzhynskyi. Update twitter
2020-04-22 00:51:36 +03:00
bohdansec
2615968e96
Merge pull request #1 from swisskyrepo/master
Update
2020-04-22 00:12:54 +03:00
Swissky
735b0d2277
Merge pull request #187 from thibaudrobin/patch-2
Alternative TTY method with /usr/bin/script
2020-04-21 23:12:26 +02:00
Th1b4ud
2740600a6b
Alternative TTY method with /usr/bin/script 2020-04-21 19:21:51 +02:00
Swissky
eaac0e748e Fix issue #185 2020-04-21 11:31:18 +02:00
Swissky
c8c4a6e8a9 Fix issue #185 2020-04-21 11:26:49 +02:00
Swissky
89f906f7a8 Fix issue - C reverse shell 2020-04-21 11:17:39 +02:00
Swissky
95fed140ec Fix - SSTI Payloads 2020-04-21 11:13:19 +02:00
Swissky
0de5cb7123
Merge pull request #186 from Techbrunch/patch-6
Add insomnia to GraphQL list of tools
2020-04-21 10:56:59 +02:00
Techbrunch
ade039c1bc
Add insomnia to GraphQL list of tools 2020-04-21 10:49:47 +02:00
Swissky
1d8414c703 ASP.NET Razor SSTI 2020-04-18 21:18:22 +02:00
Swissky
af6760ef7a RoadRecon + JSON None refs 2020-04-17 16:34:51 +02:00
chiv
7e7f5e7628 Added SSTI RCE bypass payload for Jinja2 2020-04-13 18:48:43 +01:00
chiv
cc3b05017d Added a new RCE payload to Jinja2 SSTI bypasses 2020-04-13 18:44:16 +01:00
Swissky
44e676ea70
Merge pull request #182 from thibaudrobin/patch-1
Add others shell on reverse shell cheatsheet
2020-04-13 19:42:58 +02:00
Swissky
a19fd013fb
Merge pull request #181 from SecGus/master
Added RCE SSTI Jinja2 Bypass payload developed by SecGus (chivato)
2020-04-13 19:42:14 +02:00
Th1b4ud
29194a8ef1
Add others shell on reverse shell cheatsheet
Add others shell on reverse shell cheatsheet
2020-04-13 19:06:01 +02:00
Swissky
bc8dd0b784
Merge pull request #180 from mindfuckup/master
Added: Other CORS Misconfigurations
2020-04-12 17:51:52 +02:00
Emanuel Duss
54e3887077 Added PortSwigger Web Security Academy CORS Link 2020-04-12 15:12:34 +02:00
Emanuel Duss
3e5b367224 Added CORS Exploit when wildcard origin is allowed 2020-04-12 15:06:28 +02:00
Emanuel Duss
f120024c6b Added CORS exploitation with strict trusted origin whitelist using XSS 2020-04-12 14:57:04 +02:00
Emanuel Duss
48fcdeb7ca Some clarification in the exploit code 2020-04-12 14:38:52 +02:00
Emanuel Duss
4537555714 Added: CORS Misconfiguration with Null Origin allowed 2020-04-12 14:30:16 +02:00
Swissky
dd42b44011
Merge pull request #179 from mindfuckup/master
Added: Cross-Site WebSocket Hijacking (CSWSH)
2020-04-11 18:26:22 +02:00
Emanuel Duss
930a3a0d8c Added: Cross-Site WebSocket Hijacking (CSWSH) 2020-04-11 16:24:32 +02:00
Swissky
89e49b676d
Merge pull request #178 from Techbrunch/patch-4
Create web.web.config
2020-04-08 19:26:31 +02:00
Techbrunch
5902da38e4
Create web.web.config
Source: https://gist.github.com/gazcbm/ea7206fbbad83f62080e0bbbeda77d9c
2020-04-08 19:14:30 +02:00