Commit Graph

45 Commits

Author SHA1 Message Date
security-is-myth
f3066722ee update SSRF/README.md with java payloads 2020-11-07 22:07:18 +05:30
security-is-myth
08bc3acb05 update SSRF/README.md with java payloads 2020-11-07 22:03:02 +05:30
Robbie
e8fccb6dd2
Update README.md
added 169.254.169.254 decimal
2020-10-31 20:19:27 +00:00
Alex Lauerman
d5c1f39c0f
Added DNS Rebinding 2020-06-21 16:31:16 -05:00
Alex Lauerman
c39c904c9a
Moved bypasses under the bypasses section 2020-06-21 16:27:32 -05:00
Alex Lauerman
6d37ad9e2e
Improved Clarity of ssrf redirect 2020-06-21 16:19:15 -05:00
Swissky
ecf29c2cbe Active Directory - Mitigations 2020-06-18 11:55:48 +02:00
bsysop
24981f945f
metadata.nicob.net not long resolve to metadata IP
```
$ dig +short metadata.nicob.net
...
```

Not resolving
2020-06-14 12:08:25 -03:00
Swissky
71ddb449ce Windows Persistence 2020-06-01 21:37:32 +02:00
Swissky
4ca5e71c2f Bind shell cheatsheet (Fix #194) 2020-05-24 14:09:46 +02:00
John
a5d220d599 Added SSRF bypass details 2020-05-13 12:19:36 -04:00
Swissky
89f906f7a8 Fix issue - C reverse shell 2020-04-21 11:17:39 +02:00
Techbrunch
3abf2aff2a
Update AWS SSRF tips
Added http://instance-data
2020-03-11 15:20:51 +01:00
Swissky
71171fa78b SSRF exploiting WSGI 2020-01-05 22:11:28 +01:00
mikesiegel
e024afc9f7 Added anti-SSRF header bypass for GCP. 2019-12-31 15:11:58 +00:00
mikesiegel
7aa2761e3e Added anti-SSRF header bypass for GCP. Similar technique works on Azure and AWS I'm guessing. 2019-12-31 15:07:20 +00:00
Alexandre ZANNI
54c94e0398
add ref for docker SSRF 2019-11-03 23:50:58 +01:00
Alexandre ZANNI
c6b5bbab2b
fix TOC links 2019-10-22 20:26:04 +02:00
Swissky
7159a3ded3 RODC dcsync note + Dumping AD Domain summary 2019-10-18 00:07:09 +02:00
Swissky
8eae039a28 netdoc:// wrapper for Java SSRF 2019-10-17 21:13:04 +02:00
Swissky
05b3e13098 SSRF for ECS 2019-10-12 13:30:52 +02:00
Swissky
357658371f SSRF URL for Google Cloud 2019-10-06 20:59:58 +02:00
Swissky
5455c30ec7 Juicy Potato + XXE update 2019-09-08 19:44:51 +02:00
Swissky
b6697d8595 SSRF SVG + Windows Token getsystem 2019-08-15 18:21:06 +02:00
Swissky
05054af343 JWT RS256 to HS256 using pubkey to generate a signature 2019-07-10 20:58:50 +02:00
Swissky
144b3827ab MS14-068 + /etc/security/opasswd 2019-06-29 17:55:13 +02:00
Swissky
9be62677b6 Add root user + PHP null byte version 2019-06-24 00:21:39 +02:00
Swissky
9c2e63818f XSS without parenthesis, semi-colon + Lontara 2019-05-15 21:55:17 +02:00
Swissky
bab04f8587 Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp 2019-05-12 21:34:09 +02:00
Swissky
5bb27ee889 SSRF Google Cloud - add ssh key 2019-04-22 11:35:07 +02:00
Swissky
4d3ee90eec Command injection rewritten 2019-04-21 19:50:50 +02:00
Swissky
81f93a19c2 SSRF AWS Elastic Beanstak 2019-04-21 18:51:32 +02:00
Swissky
49b9d0aff7 MSQL UDF sys_exec + SSRF IP: 127.1 and 127.0.1 2019-04-20 20:23:40 +02:00
Swissky
b8e74fe0ba Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2019-04-14 19:48:36 +02:00
Swissky
c66197903f MYSQL Truncation attack + Windows search where 2019-04-14 19:46:34 +02:00
PwnFunction
4c6f9e21e9
Bypass using IPv6/IPv4 Address Embedding 2019-04-13 17:06:06 +05:30
Swissky
546ecd0e36 Linux Privesc - /etc/passwd writable 2019-04-07 23:40:36 +02:00
tkmk
0913e8c3bd Fix changed urls 2019-03-19 20:18:06 +08:00
Swissky
404afd1d71 Fix name's capitalization 2019-03-07 00:07:55 +01:00
Swissky
21d1fe7eee Fix name - Part 1 2019-03-07 00:07:14 +01:00
Dominic
c0b4381c13
Fix anchors in README.md 2019-03-06 09:22:05 -05:00
Swissky
450de2c90f Typo fix 2019-03-04 19:40:34 +01:00
cclauss
a3ee78fb80 Use print() function in both Python 2 and Python 3 2019-02-17 23:47:18 +01:00
Swissky
8c1c35789d SQLmap tamper update 2019-02-10 19:07:27 +01:00
Swissky
20bf52eb6a Bugfix 3 - removing the "-" in SSRF 2019-01-28 20:35:28 +01:00