Commit Graph

66 Commits

Author SHA1 Message Date
Alexandre ZANNI
c7a292c19d
XSS using base64 encoded href data in a link 2019-01-10 18:24:43 +01:00
Swissky
ea0bddc18a Windows RCE wildcard + XSS UI redressing 2019-01-08 20:49:05 +01:00
Swissky
2e3aef1a19 Shell IPv6 + Sandbox credential 2019-01-07 18:15:45 +01:00
Swissky
8b39647de6 AWS S3 and Open redirect rewritten 2018-12-29 13:05:29 +01:00
Swissky
82d4ff6c1d References added based on @ngalongc bug-bounty-references 2018-12-25 16:10:15 +01:00
Swissky
c25af52316 Blind XSS Angular JS 2018-12-24 15:09:43 +01:00
Swissky
a6475a19d9 Adding references sectio 2018-12-24 15:02:50 +01:00
Swissky
b4aff1a826 Architecture - Files/Intruder/Images and README + template 2018-12-23 00:45:45 +01:00
Swissky
928a454531 Blind XSS endpoint + SSRF Google + Nmap subdomains 2018-11-25 15:44:17 +01:00
Swissky
565b40d177 reGeorg + Meterpreter socks + S3 trick name 2018-11-24 13:49:08 +01:00
Swissky
a0f8e846fa Blind XSS - XSS Hunter, Sleepy Puppy etc 2018-11-18 15:37:01 +01:00
omer citak
081df9b24d
add new attack patterns from Daniel miessler
https://github.com/danielmiessler/SecLists/edit/master/Fuzzing/Polyglots/XSS-Polyglots.txt
new attack patterns: line 1, 2, 3.
2018-11-16 14:45:51 +03:00
Swissky
af9abc6592 More CVE - RCE : Jenkins, JBoss, WebLogic, WebSphere 2018-11-15 23:13:08 +01:00
Swissky
ddfdc51e68 Credit fix - WAF bypass 2018-11-09 12:43:30 +01:00
Swissky
86db6b7f6f Polyglot XSS from @filedescriptor's Polyglot Challenge 2018-10-31 23:41:11 +01:00
Swissky
4b7fe437a5 LDAP userPassword attribute 2018-10-31 22:34:10 +01:00
Swissky
add00c7357 JWT JSON Web Token + SSI files 2018-10-29 22:22:10 +01:00
Swissky
f1eefd2722 Script Docker RCE 2018-10-18 17:32:01 +02:00
Swissky
cce0444245 SQL injection - Intruders payloads 2018-09-21 18:44:32 +02:00
Swissky
2a080f82e6 Cassandra SQL + XSS MD + PHP Type Juggling 2018-09-10 20:40:43 +02:00
Swissky
90f4c3634e PDF JS 2018-09-06 20:28:30 +02:00
Swissky
64e577b650 CSP bypass fix link 2018-09-01 15:38:57 +02:00
Swissky
fe52b32af8 XSS CSP Bypass + PostgreSQL read/write 2018-09-01 15:36:33 +02:00
Swissky
c38adaded3 CVE Apache Struts + XSS in Python Notebook 2018-08-28 18:48:26 +02:00
Swissky
0c707c4188 ImageTragick v2 + Angular 1.6+ XSS 2018-08-22 21:42:25 +02:00
Swissky
cfbe1a4469 SSRF Docker & Kubernetes 2018-08-19 16:32:26 +02:00
Swissky
e11339e669 Markdown formatting - Part 3 2018-08-13 13:07:37 +02:00
Swissky
b87e14a0ed Markdown formatting - Part 2 2018-08-13 12:01:13 +02:00
Swissky
65654f81a4 Markdown formatting update 2018-08-12 23:30:22 +02:00
Swissky
177c12cb79 Multiple update in READMEs + RCE tricks 2018-08-12 00:17:58 +02:00
Swissky
644724396f LaTeX display code + XSS location alternative 2018-08-01 21:19:18 +02:00
Isopach
8e26277407
Update README.md
Correct misspelling
2018-07-31 18:02:38 +09:00
Swissky
4a0fc27578 XSS Colors highlighting + JS code eval 2018-06-27 20:00:17 +02:00
Swissky
e6b5dfa3de Fix README broken links 2018-03-25 23:51:22 +02:00
Swissky
d1f6e8397d Refactoring XSS 0/? 2018-03-23 13:53:53 +01:00
Swissky
30019235f8 SQLmap tips + Active Directory attacks + SQLite injections 2018-03-12 09:17:31 +01:00
Swissky
70f38d5678 Payloads - Quick fix 2018-02-23 13:48:51 +01:00
Swissky
b87c3fd7ff Traversal Dir + NoSQL major updates + small addons 2018-02-15 23:27:42 +01:00
Swissky
3793d91fd4 Mimikatz + Credential Windows + XXE update 2017-12-06 20:40:29 +01:00
Swissky
fea88a5738 SVG XSS + SSRF enclosed alphanumerics 2017-11-19 14:01:36 +01:00
Swissky
edd5f3601f File inclusion - more intruders 2017-10-21 16:48:17 +02:00
Swissky
1ca215d5d7 Multiple update - LFI/RCE via phpinfo, Struts2 v2 2017-09-13 23:55:29 +02:00
Rakesh Mane
6e42b617cc Update README.md 2017-08-07 21:22:36 +05:30
Swissky
dad26ce5e5 More Burp Intruder file - SQLi + Path traversal + XSS 2017-08-06 01:12:41 +02:00
Swissky
af48fc1ed4 More intruders folder - for BurpSuite 2017-07-30 13:42:32 +02:00
Swissky
8a3693855f XSS Intruder + Eicar + SSRF http://0 2017-07-30 13:17:00 +02:00
Swissky
064467ecfc SSTI + XSS Flash 2017-07-16 16:30:08 +02:00
Swissky
94470a2544 More payloads for XSS/SQL/LFI/Upload and XXE 2017-06-04 17:22:26 +02:00
Swissky
eecfc69c08 XSS Payload - bypass document blacklisted keyword 2017-03-02 17:39:15 +01:00
Swissky
23f00b55d5 Update SQL injection with Information.schema alternatives 2017-02-06 09:50:13 +01:00