Swissky
7f1823efbe
Fix character matching for '>' and its URL entity encoding from @CaoZnZZ
2023-10-10 13:56:57 +02:00
Swissky
dd7525dc8f
Merge pull request #630 from mtausig/patch-2
...
Add documentation for PDF JS PoC
2023-10-10 12:57:44 +02:00
Swissky
a95f11b32e
Merge pull request #662 from Vunnm/master-1
...
Add JSON simple with form
2023-10-10 12:10:59 +02:00
Swissky
103f41898b
Merge pull request #663 from cfpadok/develop
...
feat: add cognito-scanner tool for AWS pentest
2023-10-09 23:19:43 +02:00
Swissky
12e56724f1
Merge pull request #678 from aadi1011/master
...
Added Clickjacking Technique
2023-10-09 21:11:54 +02:00
Swissky
19f138d4ad
Update README.md
2023-10-09 20:52:28 +02:00
Aadith Sukumar
a90cb7f2c7
Clickjacking Challenge
2023-10-09 11:38:37 +05:30
Aadith Sukumar
5115ac95e8
Improved References
...
Added Author names to references as requested in the CONTRIBUTING.md file.
2023-10-09 10:40:05 +05:30
Aadith Sukumar
2b54b5034f
Fixed Anchor in Summary
2023-10-09 09:42:20 +05:30
Aadith Sukumar
ce4affc79b
Update and rename Clickjacking.md to README.md
2023-10-09 09:40:28 +05:30
Aadith Sukumar
ad93bb5e22
Merge branch 'swisskyrepo:master' into master
2023-10-08 23:51:36 +05:30
Aadith Sukumar
bd42625b32
Create Clickjacking.md
...
Added a directory to discuss clickjacking attacks
2023-10-08 23:50:58 +05:30
Swissky
a71a793648
Merge pull request #676 from dahalsharad/add-wcd-exploit-description-and-image
...
added Web Cache Deception exploit, description and demonstrative image
2023-10-08 19:10:05 +02:00
sharad
37a4f8c977
added wcd exploit description and demonstrative image
2023-10-04 22:54:37 +05:45
Swissky
892c68e6e7
PEAR_Config example
2023-10-02 17:12:36 +02:00
Swissky
837f220264
LFI with pearcmd.php
2023-10-02 12:52:10 +02:00
Swissky
55edc9fc74
Fix MySQL duplicate cheatsheet
2023-10-01 12:45:12 +02:00
Swissky
d142587f28
Race Condition WIP + AD asreproast/kerberoasting
2023-10-01 12:42:20 +02:00
Swissky
a0475a2f45
Merge pull request #675 from nuts7/kerberoast-without-preauth
...
Add Kerberoasting w/o domain account
2023-09-30 18:51:19 +02:00
Swissky
485103e9bb
IDOR Numeric, Hash, Wildcard and PRNG
2023-09-25 14:15:48 +02:00
Swissky
84569e18e4
Merge pull request #674 from eltociear/patch-1
...
Fix typo in README.md
2023-09-22 14:50:49 +02:00
nuts7
0cea24cfcb
Add Kerberoasting w/o domain account
...
This commit add a Kerberoasting technique without domain account/credentials just a user without pre-authentication (AS_REP Roastable)
2023-09-22 13:38:28 +02:00
Ikko Eltociear Ashimine
2aaeac91f8
Fix typo in README.md
...
appropiate -> appropriate
2023-09-22 00:11:33 +09:00
Swissky
83f1af0af0
Command injection update
2023-09-21 13:09:57 +02:00
Swissky
e9fb4f100c
Google Web Toolkit
2023-09-19 09:58:22 +02:00
Swissky
59640ba51a
MYSQL Wide byte injection (GBK)
2023-09-14 10:53:37 +02:00
Swissky
64a6e3eb04
Merge pull request #672 from manesec/master
...
Add MYSQL Wide byte injection
2023-09-14 10:25:12 +02:00
Mane
811d71026f
Update MySQL Injection.md
...
fix typo
2023-09-13 08:33:03 -07:00
Mane
9574af9dd1
Update MySQL Injection.md
...
Add MYSQL Wide byte injection, it can test in Sqli-labs Less-32
2023-09-13 08:13:36 -07:00
Swissky
ed7c3a4e0c
Merge pull request #671 from Thy-GoD/patch-1
...
Add automatic shell upgrade via rustcat.
2023-09-09 10:50:33 +02:00
Thigh_GoD
c7549916b8
Update Reverse Shell Cheatsheet.md
...
Added small quality adjustment.
2023-09-09 03:51:35 +08:00
Thigh_GoD
cf9b9bf70c
Update Reverse Shell Cheatsheet.md
...
Added in automatic shell upgrade via rustcat.
2023-09-08 21:15:54 +08:00
Swissky
f9a2880ad5
Recover Public Key From Signed JWTs
2023-09-04 11:37:15 +02:00
Swissky
c030379871
Merge pull request #670 from superboy-zjc/master
...
Update Lodash SSTI
2023-09-03 17:30:52 +02:00
Swissky
a0c14e5299
SQL injections - WAF bypass
2023-09-03 14:26:03 +02:00
2h0ng
34da0e2708
Update Lodash SSTI
...
Update Lodash SSTI
2023-09-02 21:24:59 -04:00
Swissky
7752ff806f
ASPNET Cookieless Bypass
2023-09-02 23:01:10 +02:00
Swissky
e879ca42a3
Merge pull request #668 from sethsec-bf/patch-1
...
Added CloudFox and CloudFoxable
2023-08-31 10:37:38 +02:00
Seth Art
339a51cd0d
Added CloudFox and CloudFoxable
2023-08-30 14:11:11 -04:00
Swissky
53ec79abd0
Initial Access Cheatsheet
2023-08-26 22:01:45 +02:00
Swissky
930044d7c1
Merge pull request #666 from dwisiswant0/feat/ssrf-add-tool
...
feat(SSRF): add tool
2023-08-26 12:50:56 +02:00
Swissky
9db39952e7
Merge pull request #667 from PakCyberbot/master-1
...
Update SQLite Injection.md
2023-08-26 12:50:06 +02:00
Pak Cyberbot
d5922f421c
Update SQLite Injection.md
...
Column names of the specified table can be more easily extracted in a better output.
Tested during the CTF
2023-08-25 15:24:52 +05:00
Dwi Siswanto
63379b9291
feat(SSRF): add tool
2023-08-25 16:34:45 +07:00
Swissky
b0dfcfd438
Hidden Parameters
2023-08-24 22:15:11 +02:00
Swissky
e2e2da74ce
Merge pull request #664 from ScriptSathi/master
...
feat: Add Rust reverse shell for unix
2023-08-22 18:04:31 +02:00
Tristan D'audibert
aea130a1ac
Add Rust reverse shell for unix
2023-08-21 17:50:11 +02:00
cfgs
538a7b024b
feat: add cognito-scanner tool for AWS pentest
2023-08-08 10:41:54 +02:00
Vunnm
273da9e1b5
Add JSON simple with form
...
Add JSON simple paylaod with autosubmit form. Using autosubmit form instead of AJax, allow to bypass some protection like the Standard Enhanced Tracking Protection in Firfefox, which will refuse to send cookie with cross-site Ajax request (tested with Firefox 115.0.2esr),.
2023-08-05 14:39:33 +02:00
Swissky
d642e97d8d
Merge pull request #661 from emmanuel-ferdman/wip
...
fix: broken link on AWS Amazon Bucket S3 page
2023-07-26 14:20:27 +02:00