Skip to content
/ WDIR Public

Good resources about web security that I have read.

Notifications You must be signed in to change notification settings

gkhan496/WDIR

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 

Repository files navigation

23.07.2023

https://blog.doyensec.com/2023/07/18/streamlining-websocket-pentesting-with-wsrepl.html

Github

Awesome CTF Cheatsheet

Bug Bounty

Blog-Posts & Write-ups

CVE-2020-13379-Write-Up/Unauthenticated SSRF on Grafana

How I exploit the JSON CSRF with method override technique

Multiple Ways to Exploiting PUT Method

Arbitrary code execution on Facebook for Android through download feature

WRITE UP – GOOGLE BUG BOUNTY: XSS TO CLOUD SHELL INSTANCE TAKEOVER (RCE AS ROOT) – $5,000 USD

CVE-2020-16171: Exploiting Acronis Cyber Backup for Fun and Emails

The Powerful HTTP Request Smuggling 💪

Forcing Firefox to Execute XSS Payloads during 302 Redirects

Active Content Injection with SVG Files

Open redirect to a complete account takeover

Finding Hidden Files and Folders on IIS using BigQuery

We Hacked Apple for 3 Months: Here’s What We Found

NGINX may be protecting your applications from traversal attacks without you even knowing

Exploring SSTI In Flask/Jinja2

Exploring SSTI In Flask/Jinja2 Part II

SSTI With Jinja2

Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call

BugPoc LFI challenge Walkthrough

S2–016 (Apache Struts) Remote Code Execution Vulnerability

HTTP Host header attacks

File Upload XSS

Finding 0day to hack Apple

A Glossary of Blind SSRF Chains

Your Full Map To Github Recon And Leaks Exposure

Pentesting PostgreSQL with SQL Injections

Hidden OAuth attack vectors

Breaking GitHub Private Pages for $35k

Discovering GraphQL endpoints and SQLi vulnerabilities

GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution (CVE-2021-21425)

GHSL-2021-050: Unauthenticated abritrary file read in Jellyfin - CVE-2021-21402

http2smugl: HTTP2 request smuggling security testing tool

I Built a TV That Plays All of Your Private YouTube Videos

Facebook account takeover due to a bypass of allowed callback URLs in the OAuth flow

Facebook account takeover due to a wide platform bug in ajaxpipe responses

Regexploit: DoS-able Regular Expressions

Jackson Polymorphic Deserialization

DNS Based Out of Band Blind SQL injection in Oracle — Dumping data

Out-of-Band (OOB) SQL Injection

ExifTool CVE-2021-22204 - Arbitrary Code Execution

A tale of solving all the recent XSS challenges using chrome 1-day

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Angular And AngularJS For Pentesters - Part 1

Angular And AngularJS For Pentesters - Part 2

Web App Pen Testing in an Angular Context

Intro to the Content Security Policy (CSP)

How to Read an RFC

XSS - localStorage vs Cookies

Burp Suite Extensions: Rarely Utilized but Quite Useful

Burp Suite extensions that should get your attention!

SSRF in PDF Renderer using SVG

From Git Folder Disclosure to Remote Code Execution

XSS via postMessage in chat.mozilla.org

Arbitrary code execution on Facebook for Android through download feature

SSTI/Exploiting Go's template engine to get xss

Method Confusion In Go SSTIs Lead To File Read And RCE.

Finding and Exploiting Unintended Functionality in Main Web App APIs

Server Side Template Injection – on the example of Pebble

Handlebars template injection and RCE in a Shopify app

Hacking the Hackers: Leveraging an SSRF in HackerTarget

Unauthenticated Gitlab SSRF

Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)

Hackerone Reports

Insufficient validation on Digits bridge

Buffer overflow In hl.exe's

Arbitrary code execution in desktop client via OpenSSL config

Cross-account stored XSS at embedded charts

DOM XSS on duckduckgo.com search

Ability to generate shipping labels in another store orders

Full Read SSRF on Gitlab's Internal Grafana

Private list members disclosure via GraphQL

Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com

Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation

Open Redirect Leads to Account Takeover

Takeover an account that doesn't have a Shopify ID and more

Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO

HackerOne Jira integration plugin Leaked JWT to unauthorized jira users

Authorization Token on PlayStation Network Leaks via postMessage function

Access Token Smuggling from my.playstation.com via Referer Header

SSRF vulnerablity in app webhooks

Blind SSRF in Ticketing Integrations Jira webhooks leading to internal network enumeration and blind HTTP requests

Remote Code Execution in Slack desktop apps

RCE when removing metadata with ExifTool - CVE-2021-22204

SSRF на https://qiwi.com с помощью "Prerender HAR Capturer"

Tools

https://github.com/ReFirmLabs/binwalk

https://github.com/zaproxy/zaproxy

https://github.com/xmendez/wfuzz

https://github.com/thewhiteh4t/FinalRecon

https://github.com/sensepost/gowitness

https://github.com/aquasecurity/kube-hunter

https://github.com/zigoo0/JSONBee

https://github.com/httpie/httpie

https://github.com/lobuhi/byp4xx

https://github.com/filedescriptor/untrusted-types

https://github.com/internetwache/GitTools

https://github.com/sbp/gin

https://github.com/corkami/mitra

https://github.com/msrkp/PPScan

https://github.com/obheda12/GitDorker

https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet

https://github.com/Shopify/bugbounty-resources

https://github.com/arthaud/git-dumper

https://github.com/doyensec/inql

https://github.com/ffuf/pencode

https://github.com/projectdiscovery/interactsh

https://github.com/synacktiv/HopLa

https://github.com/ffuf/pencode

https://github.com/dwisiswant0/apkleaks

https://github.com/Lookyloo/lookyloo

https://github.com/doyensec/regexploit

https://github.com/p1g3/JSINFO-SCAN

https://github.com/swisskyrepo/GraphQLmap

https://github.com/stark0de/nginxpwner

https://github.com/nahamsec/recon_profile

https://github.com/gwen001/github-subdomains

https://github.com/tarunkant/Gopherus

https://github.com/0ang3el/websocket-smuggle

https://github.com/lc/230-OOB

https://github.com/nikitastupin/clairvoyance

Videos & Conferences

DEF CON Safe Mode Red Team Village - Ray Doyle - Weaponized XSS Moving Beyond Alert

XML Object Exfiltration - HackTheBox Cyber Apocalypse CTF "E. Tree"

Exploiting Tomcat with LFI & Container Privesc - "Tabby" HackTheBox

XSS a Paste Service - Pasteurize (web) Google CTF 2020

Practical Attacks Using HTTP Request Smuggling by @defparam #NahamCon2020

HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference

You've Got Pwned: Exploiting E-Mail Systems by @securinti #NahamCon2020!

JWT jku&x5u = ❤️ by @snyff #NahamCon2020

SMTP Access via SSRF in HackerTarget API

Books

Real-World Bug Hunting: A Field Guide to Web Hacking

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

Web Application Obfuscation (There is useful information but it's a very old book.)

The Tangled Web: A Guide to Securing Modern Web Applications (In Progress)

Academic/Conference Papers

The Perl Jam2

Breaking Parser Logic!

Security Evaluation on Amazon Web Services'REST API Authentication Protocol Signature Version 4

HTTP Request Smuggling

Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications

SWAP: Mitigating XSS attacks using a reverse proxy

DOM Based Cross Site Scripting or XSS of the Third Kind

Path sensitive static analysis of web applications for remote code execution vulnerability detection

PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications

A Study on Remote Code Execution Vulnerability in Web Applications

XML Schema, DTD, and Entity Attacks

A Privacy-Preserving Defense Mechanism against Request Forgery Attacks

Formal Analysis of the Kaminsky DNS Cache-Poisoning Attack Using Probabilistic Model Checking

A New WAF-Based Architecture for Protecting Web Applications Against CSRF Attacks in Malicious Environment

Flash security & Advanced CSRF

HTTP Strict Transport Security

XXE Attacks

Common Security Problems in the Code of Dynamic Web Applications

Known XML Vulnerabilities Are Still a Threat to Popular Parsers and Open Source Systems

Jackson Deserialization Vulnerabilities

Abusing Hidden Properties to Attack the Node.js Ecosystem

Welcome to the NetSPI SQL Injection Wiki! (In Progress)

A Study of Out-of-Band Structured Query Language Injection (In Progress)

Practical Web Cache Poisoning: Redefining 'Unexploitable

OAuth 2.0 Security Best Current Practice

Server-Side Template Injection: RCE for the modern webapp

Penetration Testing

The Open Source Security Testing Methodology Manuel (OSSTMM 3) (In Progress)

CheatSheet & Tips

OAUTH 2.0 Pentest

Admin Panel PWN

Android Application Penetration Testing Checklist

Releases

No releases published

Packages

No packages published