swisskyrepo
|
eac421432a
|
File upload - merging old files
|
2019-02-15 16:00:50 +01:00 |
swisskyrepo
|
88d5af0b19
|
JWT - Payload detail
|
2019-02-11 14:04:38 +01:00 |
Swissky
|
bb0177916d
|
Merge pull request #40 from Bo0oM/patch-1
Fix fake xss
|
2019-02-11 10:05:31 +01:00 |
Anton Lopanitsyn
|
200a2d38d8
|
Fix fake xss
Actually, is not XSS.
Running scripts like <a href="data:text/html,<script>alert(location.origin)</script>">clickme</a> have location.origin "null".
|
2019-02-11 09:34:13 +03:00 |
Swissky
|
f2273f5cce
|
PrivExchange attack
|
2019-02-10 19:51:54 +01:00 |
Swissky
|
8c1c35789d
|
SQLmap tamper update
|
2019-02-10 19:07:27 +01:00 |
Swissky
|
1c37517bf3
|
.git/index file parsing + fix CSRF payload typo
|
2019-02-07 23:33:47 +01:00 |
Swissky
|
8ff2aa8aff
|
Merge pull request #39 from n3v4/master
Update exif_imagetype bypass
|
2019-02-07 14:01:43 +01:00 |
Vladislav Nechakhin
|
90db8b0f11
|
Update exif_imagetype bypass
|
2019-02-07 14:59:22 +07:00 |
Vladislav Nechakhin
|
7877647db1
|
Update exif_imagetype bypass
|
2019-02-07 14:51:03 +07:00 |
Swissky
|
357f8a69a8
|
Merge pull request #38 from n3v4/master
Add exif_imagetype bypass
|
2019-02-02 11:36:22 +01:00 |
Vladislav Nechakhin
|
b30ac4e5bb
|
Add exif_imagetype bypass
|
2019-02-02 17:29:04 +07:00 |
Swissky
|
ffde81e2c0
|
Merge pull request #37 from marcan2020/patch-1
Update MSSQL Command execution
|
2019-01-29 23:14:09 +01:00 |
marcan2020
|
7068cb6edc
|
Update MSSQL Command execution
|
2019-01-29 15:25:25 -05:00 |
Swissky
|
20bf52eb6a
|
Bugfix 3 - removing the "-" in SSRF
|
2019-01-28 20:35:28 +01:00 |
Swissky
|
1f502ce20d
|
Bugfix 2 - Fixing git mess
|
2019-01-28 20:32:43 +01:00 |
Swissky
|
b9f2fe367c
|
Bugfix - Errors in stashed changes
|
2019-01-28 20:27:45 +01:00 |
Swissky
|
cd2d76d538
|
Merge pull request #36 from ThunderSon/patch-1
fead: add powerless repo to the tools
|
2019-01-28 08:16:38 +01:00 |
ThunderSon
|
99857a714f
|
fead: add powerless repo to the tools
|
2019-01-27 20:13:06 +02:00 |
Swissky
|
e07a654080
|
Command injection renamed + sudo/doas privesc
|
2019-01-22 21:45:41 +01:00 |
Swissky
|
4db45a263a
|
MSSQL union based + Windows Runas
|
2019-01-20 16:41:46 +01:00 |
Swissky
|
22c82cb277
|
Merge pull request #35 from noraj/patch-1
XSS using base64 encoded href data in a link
|
2019-01-17 19:54:37 +01:00 |
Swissky
|
ab6535c6d9
|
Bugfix picture SSRF
|
2019-01-13 22:28:49 +01:00 |
Swissky
|
1547338f84
|
SSRF exploitation and minor rewritting
|
2019-01-13 22:27:11 +01:00 |
Swissky
|
3bcd3d1b3c
|
SUID & Capabilities
|
2019-01-13 22:05:39 +01:00 |
Swissky
|
0070ac5dc4
|
Phar PHP shell files
|
2019-01-10 22:36:30 +01:00 |
Alexandre ZANNI
|
c7a292c19d
|
XSS using base64 encoded href data in a link
|
2019-01-10 18:24:43 +01:00 |
Swissky
|
ea0bddc18a
|
Windows RCE wildcard + XSS UI redressing
|
2019-01-08 20:49:05 +01:00 |
Swissky
|
2e3aef1a19
|
Shell IPv6 + Sandbox credential
|
2019-01-07 18:15:45 +01:00 |
Swissky
|
8b39647de6
|
AWS S3 and Open redirect rewritten
|
2018-12-29 13:05:29 +01:00 |
Swissky
|
67c644a300
|
Directory traversal / File inclusion rewritten
|
2018-12-28 00:27:15 +01:00 |
Swissky
|
e480c9358d
|
SQL wildcard '_' + CSV injection reverse shell
|
2018-12-26 01:02:17 +01:00 |
Swissky
|
bd97c0be86
|
README update + Typo fix in Active Directory
|
2018-12-25 20:41:43 +01:00 |
Swissky
|
d57d59eca7
|
NTLMv2 hash capturing, cracking, replaying
|
2018-12-25 20:35:39 +01:00 |
Swissky
|
d5478d1fd6
|
AWS Pacu and sections + Kerberoasting details
|
2018-12-25 19:38:37 +01:00 |
Swissky
|
82d4ff6c1d
|
References added based on @ngalongc bug-bounty-references
|
2018-12-25 16:10:15 +01:00 |
Swissky
|
b9efdb52d3
|
Linux - PrivEsc - First draft
|
2018-12-25 15:51:11 +01:00 |
Swissky
|
38c3bfbd9f
|
Windows Priv Esc - Unquoted Path, Password looting and Powershell version
|
2018-12-25 15:19:45 +01:00 |
Swissky
|
cdc3b5e080
|
XXE references + summary
|
2018-12-25 12:08:32 +01:00 |
Swissky
|
c25af52316
|
Blind XSS Angular JS
|
2018-12-24 15:09:43 +01:00 |
Swissky
|
a6475a19d9
|
Adding references sectio
|
2018-12-24 15:02:50 +01:00 |
Swissky
|
9c529535a5
|
CSRF - Fix image
|
2018-12-24 14:17:49 +01:00 |
Swissky
|
9c878f9b09
|
CSRF - First draft
|
2018-12-24 14:14:51 +01:00 |
Swissky
|
b4aff1a826
|
Architecture - Files/Intruder/Images and README + template
|
2018-12-23 00:45:45 +01:00 |
Swissky
|
e096d10a30
|
Merge pull request #34 from Fisjkars/master
Add Springboot actuator intruder
|
2018-12-18 14:03:22 +01:00 |
Maxime Escourbiac
|
b59e24312e
|
Update Springboot readme
|
2018-12-18 11:18:50 +01:00 |
Fisjkars
|
5b7a3a95d3
|
Add Springboot Actuator management interface
new file: Insecure management interface/README.md
new file: Insecure management interface/intruders/springboot_actuator.txt
|
2018-12-18 11:05:15 +01:00 |
Swissky
|
69c1d601fa
|
Kerberoasting + SQLmap write SSH key
|
2018-12-15 00:51:33 +01:00 |
Swissky
|
8403068681
|
Merge pull request #32 from Meatballs1/Meatballs1-patch-1
Busybox httpd.conf file upload payload
|
2018-12-14 10:25:04 +03:00 |
Meatballs1
|
20c6bb2299
|
Update httpd.conf
|
2018-12-14 00:03:50 +00:00 |