Commit Graph

529 Commits

Author SHA1 Message Date
Alexandre ZANNI
e3604c01d7
XXE: tools description + more tools 2019-11-04 01:58:15 +01:00
Swissky
3585b1f00f
Merge pull request #120 from cydave/patch-1
Fix awk snippet
2019-11-03 17:54:52 +01:00
Dave
775d10c256
Fix awk snippet
A small typo in the awk one-liner prevents successful execution of the command.

```
awk: cmd. line:1: warning: remote host and port information (10.0.0.1>, 4242) invalid: Name or service not known
awk: cmd. line:1: fatal: can't open two way pipe `/inet/tcp/0/10.0.0.1>/4242' for input/output (No such file or directory)
```

This commit fixes this :)
2019-11-03 16:07:16 +00:00
Swissky
952b3c0369
Merge pull request #119 from Hi15358/master
Updated Insecure Deserialization/Java.md and Created Zip Slip in Upload Insecure Files
2019-10-30 09:05:22 +01:00
Hi15358
83569c6142
Update and rename ReadMe.txt to README.md 2019-10-30 12:07:50 +08:00
Hi15358
5fec4f7c21
Update Java.md 2019-10-30 11:36:09 +08:00
Hi15358
5f31044ae3
Create ReadMe.txt 2019-10-30 11:24:56 +08:00
Hi15358
bd121bfccb
Delete Readme 2019-10-30 11:24:35 +08:00
Hi15358
b36e5262bd
Create Readme 2019-10-30 11:19:52 +08:00
Hi15358
757e1c107e
Merge pull request #2 from swisskyrepo/master
Update
2019-10-30 11:18:36 +08:00
Swissky
069463fe14
Merge pull request #117 from Reelix/patch-1
Added an alternate possible Found condition to POST
2019-10-29 21:06:35 +01:00
Swissky
535ad5baaa
Merge pull request #118 from cydave/cydave-patch-1
Fix lua reverse shell quote issue
2019-10-29 21:06:07 +01:00
Dave
6b22d53257
Fix lua reverse shell quote issue
The single quotes around `io.popen` prevented the one-liner to be executed.
This change should fix that :)
2019-10-29 19:31:07 +00:00
Reelix
694e9e4dbd
Added an alternate possible Found condition to POST 2019-10-29 21:11:56 +02:00
Swissky
55d1731897
Merge pull request #116 from nizam0906/master
Added More Updates in SQL Injection
2019-10-29 17:11:28 +01:00
nizam0906
d41e0d33bd
Added Summary in Hibernate Query Language Injection 2019-10-29 19:47:42 +05:30
nizam0906
4d94e553b9
Added Summary in Cassandra Injection 2019-10-29 19:42:49 +05:30
nizam0906
fe8c7be2fb
Fixed Broken Links in SQL injection README.md 2019-10-29 19:33:09 +05:30
nizam0906
a69c2acb7d
Added Summary in SQLite Injection 2019-10-29 19:22:49 +05:30
nizam0906
4b1f7e629d
Fixed Broken Links in PostgreSQL Injection 2019-10-29 19:06:41 +05:30
nizam0906
20d6599772
Added Summary 2019-10-29 18:57:33 +05:30
nizam0906
ca59b1d217
Fixed Broken Links in MSSQL Injection
Fixed Broken Links in MSSQL Injection
2019-10-29 18:44:28 +05:30
nizam0906
a33dce0d60
Fixed Broken Links 2019-10-29 18:25:00 +05:30
nizam0906
7d6fab92fa
Update Detect columns number
Using SELECT * FROM SOME_EXISTING_TABLE Error Based
2019-10-29 18:11:58 +05:30
nizam0906
614e8a97b9
Updated Detect columns number
Detect columns number using LIMIT INTO Error Based
2019-10-29 16:48:11 +05:30
nizam0906
f81f9440b8
Added More Ways to Detect columns number
using order by or group by
using order by or group by error based
using UNION SELECT Error Based
2019-10-29 16:32:22 +05:30
Swissky
b7fdf8aa3f
Merge pull request #106 from Hi15358/master
Update Reverse Shell Cheatsheet.md and Directory Traversal
2019-10-29 10:14:07 +01:00
Hi15358
34d8853728
Merge pull request #1 from Hi15358/patch-1
Patch 1
2019-10-29 16:30:58 +08:00
Hi15358
bb7e6b7cd0
Update README.md 2019-10-29 16:23:39 +08:00
Swissky
377aad4061
Merge pull request #115 from nizam0906/master
Added List Database Administrator Accounts
2019-10-29 08:36:01 +01:00
Swissky
b25694239b
Merge pull request #114 from noraj/patch-1
XXE: add XXEinjector
2019-10-29 08:35:31 +01:00
nizam0906
bb2c247160
Added List Database Administrator Accounts
SELECT datname FROM pg_database
2019-10-29 10:32:39 +05:30
Alexandre ZANNI
52119907f6
add XXEinjector 2019-10-29 00:41:04 +01:00
Swissky
5094ef8b10 XXE in XLSX 2019-10-28 20:46:19 +01:00
Swissky
534d46d0e4
Merge pull request #113 from Q5Ca/patch-1
Add bypass WAF no equal using BETWEEN
2019-10-28 18:21:26 +01:00
Swissky
be3ef08d19
Merge pull request #112 from nizam0906/master
Added More PostgreSQL Injection Queries And Blind XSS endpoint
2019-10-28 18:20:54 +01:00
duongdpt
135af74acd
Update README.md
Add bypass waf using BETWEEN
2019-10-28 22:26:28 +07:00
nizam0906
ab341cff38
Updated Blind XSS endpoint
* User Agent
* Comment Box
2019-10-28 16:51:36 +05:30
nizam0906
3dcd4425a8
Added more PostgreSQL Injection Queries
* PostgreSQL version
* PostgreSQL Current User
* PostgreSQL List Users
* PostgreSQL List Password Hashes
* PostgreSQL List Privileges
* PostgreSQL database name
* PostgreSQL List databases
* PostgreSQL List tables
* PostgreSQL List columns
* PostgreSQL Stacked query
2019-10-28 16:26:49 +05:30
Swissky
56ec623412
Merge pull request #111 from noraj/patch-1
XPATH: add tools
2019-10-26 21:46:18 +02:00
Swissky
68f1a17b57
Merge pull request #110 from nizam0906/master
Update PostgreSQL Injection.md
2019-10-26 21:44:25 +02:00
Alexandre ZANNI
525429c0d8
XPATH: add tools 2019-10-26 16:43:36 +02:00
nizam0906
f35ace93cf
Update PostgreSQL Injection.md
Updated PostgreSQL Error Based injections
2019-10-26 18:07:14 +05:30
Swissky
882eec0566
Merge pull request #109 from nizam0906/master
Added 3 yahoo jsonp endpoints
2019-10-26 11:39:57 +02:00
nizam0906
aef5bb864a
Update jsonp_endpoint.txt
Added 3 yahoo jsonp endpoints
* https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?cb=alert(1337)
* https://mempf.yahoo.co.jp/offer?position=h&callback=alert(1337)
* https://suggest-shop.yahooapis.jp/Shopping/Suggest/V1/suggester?callback=alert(1)//&appid=dj0zaiZpPVkwMDJ1RHlqOEdwdCZzPWNvbnN1bWVyc2VjcmV0Jng9M2Y-
2019-10-25 22:27:16 +05:30
Swissky
32c18fdf56
Merge pull request #108 from nizam0906/master
Added 6 MYSQL DIOS
2019-10-25 17:04:57 +02:00
nizam0906
5b59da70f7
Update MySQL Injection.md
Added 6 MYSQL DIOS
* Zen
* Zen WAF
* ~tr0jAn WAF
* ~tr0jAn Benchmark
* N1Z4M
* sharik
2019-10-25 18:11:11 +05:30
Swissky
88f020381d Out of band XPATH 2019-10-22 23:06:35 +02:00
Swissky
3464611c00
Merge pull request #107 from noraj/patch-1
fix TOC links
2019-10-22 21:41:28 +02:00
Alexandre ZANNI
c6b5bbab2b
fix TOC links 2019-10-22 20:26:04 +02:00