Swissky
|
b8c803717a
|
WDAC Policy Removal + SSRF domains
|
2023-05-31 14:18:25 +02:00 |
|
Swissky
|
514ac98dac
|
SSRF + XSS details + XXE BOM
|
2022-12-13 22:29:20 +01:00 |
|
Fabian S. Varon Valencia
|
3822c27634
|
update old url's
|
2022-10-26 20:36:15 -05:00 |
|
Deep Dhakate
|
a670a26eea
|
Update
|
2022-10-02 06:13:01 +00:00 |
|
Swissky
|
fb7f10eab8
|
Merge pull request #485 from ajdumanhug/master
SSRF: Don't encode entire IP
|
2022-09-06 23:15:20 +02:00 |
|
Swissky
|
8d609b1460
|
Update README.md
|
2022-09-06 23:15:12 +02:00 |
|
Tasos T
|
023a3c38e3
|
Added information on 307 and 308 redirects
|
2022-05-19 12:55:11 +03:00 |
|
Swissky
|
b0d05faded
|
TruffleHog examples + Cortex XDR disable
|
2022-04-14 09:42:15 +02:00 |
|
Aj Dumanhug
|
3c441669d8
|
Update README.md
|
2022-03-13 01:30:37 +08:00 |
|
Swissky
|
21b3a0630f
|
Update README.md
|
2021-11-09 13:57:09 +01:00 |
|
Techbrunch
|
a614525b70
|
Replace xip.io by nip.io
xip.io appears to be dead
|
2021-11-09 11:15:44 +01:00 |
|
Swissky
|
c957271453
|
SSRF PDF PhantomJS
|
2021-09-08 12:49:32 +02:00 |
|
clem9669
|
f4053576f4
|
Update SSRF
Adding octal techniques for SSRF.
DEFCON video: https://www.youtube.com/watch?v=_o1RPJAe4kU
|
2021-08-06 15:55:55 +00:00 |
|
Aj Dumanhug
|
78e8bcf136
|
Add AWS SSRF Bypasses
|
2021-06-16 23:42:50 +08:00 |
|
Swissky
|
bd2166027e
|
GMSA Password + Dart Reverse Shell
|
2021-03-24 12:44:35 +01:00 |
|
Swissky
|
8d31b7240b
|
Office Attacks
|
2021-02-21 20:17:57 +01:00 |
|
PwnL0rd
|
bde7fc738c
|
added link in the reference section
|
2020-11-08 12:00:35 +05:30 |
|
security-is-myth
|
f3066722ee
|
update SSRF/README.md with java payloads
|
2020-11-07 22:07:18 +05:30 |
|
security-is-myth
|
08bc3acb05
|
update SSRF/README.md with java payloads
|
2020-11-07 22:03:02 +05:30 |
|
Robbie
|
e8fccb6dd2
|
Update README.md
added 169.254.169.254 decimal
|
2020-10-31 20:19:27 +00:00 |
|
Alex Lauerman
|
d5c1f39c0f
|
Added DNS Rebinding
|
2020-06-21 16:31:16 -05:00 |
|
Alex Lauerman
|
c39c904c9a
|
Moved bypasses under the bypasses section
|
2020-06-21 16:27:32 -05:00 |
|
Alex Lauerman
|
6d37ad9e2e
|
Improved Clarity of ssrf redirect
|
2020-06-21 16:19:15 -05:00 |
|
Swissky
|
ecf29c2cbe
|
Active Directory - Mitigations
|
2020-06-18 11:55:48 +02:00 |
|
bsysop
|
24981f945f
|
metadata.nicob.net not long resolve to metadata IP
```
$ dig +short metadata.nicob.net
...
```
Not resolving
|
2020-06-14 12:08:25 -03:00 |
|
Swissky
|
71ddb449ce
|
Windows Persistence
|
2020-06-01 21:37:32 +02:00 |
|
Swissky
|
4ca5e71c2f
|
Bind shell cheatsheet (Fix #194)
|
2020-05-24 14:09:46 +02:00 |
|
John
|
a5d220d599
|
Added SSRF bypass details
|
2020-05-13 12:19:36 -04:00 |
|
Techbrunch
|
3abf2aff2a
|
Update AWS SSRF tips
Added http://instance-data
|
2020-03-11 15:20:51 +01:00 |
|
Swissky
|
71171fa78b
|
SSRF exploiting WSGI
|
2020-01-05 22:11:28 +01:00 |
|
mikesiegel
|
e024afc9f7
|
Added anti-SSRF header bypass for GCP.
|
2019-12-31 15:11:58 +00:00 |
|
mikesiegel
|
7aa2761e3e
|
Added anti-SSRF header bypass for GCP. Similar technique works on Azure and AWS I'm guessing.
|
2019-12-31 15:07:20 +00:00 |
|
Alexandre ZANNI
|
54c94e0398
|
add ref for docker SSRF
|
2019-11-03 23:50:58 +01:00 |
|
Alexandre ZANNI
|
c6b5bbab2b
|
fix TOC links
|
2019-10-22 20:26:04 +02:00 |
|
Swissky
|
7159a3ded3
|
RODC dcsync note + Dumping AD Domain summary
|
2019-10-18 00:07:09 +02:00 |
|
Swissky
|
8eae039a28
|
netdoc:// wrapper for Java SSRF
|
2019-10-17 21:13:04 +02:00 |
|
Swissky
|
05b3e13098
|
SSRF for ECS
|
2019-10-12 13:30:52 +02:00 |
|
Swissky
|
357658371f
|
SSRF URL for Google Cloud
|
2019-10-06 20:59:58 +02:00 |
|
Swissky
|
5455c30ec7
|
Juicy Potato + XXE update
|
2019-09-08 19:44:51 +02:00 |
|
Swissky
|
b6697d8595
|
SSRF SVG + Windows Token getsystem
|
2019-08-15 18:21:06 +02:00 |
|
Swissky
|
05054af343
|
JWT RS256 to HS256 using pubkey to generate a signature
|
2019-07-10 20:58:50 +02:00 |
|
Swissky
|
144b3827ab
|
MS14-068 + /etc/security/opasswd
|
2019-06-29 17:55:13 +02:00 |
|
Swissky
|
9be62677b6
|
Add root user + PHP null byte version
|
2019-06-24 00:21:39 +02:00 |
|
Swissky
|
9c2e63818f
|
XSS without parenthesis, semi-colon + Lontara
|
2019-05-15 21:55:17 +02:00 |
|
Swissky
|
bab04f8587
|
Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp
|
2019-05-12 21:34:09 +02:00 |
|
Swissky
|
5bb27ee889
|
SSRF Google Cloud - add ssh key
|
2019-04-22 11:35:07 +02:00 |
|
Swissky
|
4d3ee90eec
|
Command injection rewritten
|
2019-04-21 19:50:50 +02:00 |
|
Swissky
|
81f93a19c2
|
SSRF AWS Elastic Beanstak
|
2019-04-21 18:51:32 +02:00 |
|
Swissky
|
49b9d0aff7
|
MSQL UDF sys_exec + SSRF IP: 127.1 and 127.0.1
|
2019-04-20 20:23:40 +02:00 |
|
Swissky
|
b8e74fe0ba
|
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
|
2019-04-14 19:48:36 +02:00 |
|