mirror of
https://github.com/HackTricks-wiki/hacktricks.git
synced 2025-10-10 18:36:50 +00:00
translate 1
This commit is contained in:
Carlos Polop
parent
c98e8b0b09
commit
6d64e83ab5
@ -756,3 +756,4 @@ Project Neto is a Python 3 package conceived to analyse and unravel hidden featu
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -100,3 +100,4 @@ browext-xss-example.md
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -112,3 +112,4 @@ However, tightening security measures often results in decreased flexibility and
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -117,3 +117,4 @@ Notably, the **`/html/bookmarks.html`** page is prone to framing, thus vulnerabl
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -256,3 +256,4 @@ Get Access Today:
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -144,3 +144,4 @@ Cache: hit
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -51,3 +51,4 @@ Several cache servers will always cache a response if it's identified as static.
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -862,3 +862,4 @@ Stay informed with the newest bug bounties launching and crucial platform update
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -65,3 +65,4 @@ window.frames[0].document.head.appendChild(script)
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -262,3 +262,4 @@ XS-Search are oriented to **exfiltrate cross-origin information** abusing **side
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -6,3 +6,4 @@
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -978,3 +978,4 @@ Check for more details in the [**original post**](https://github.blog/security/v
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -196,3 +196,4 @@ namespace DeserializationTests
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -88,3 +88,4 @@ As you can see in this very basic example, the "vulnerability" here appears beca
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -4,3 +4,4 @@
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -221,3 +221,4 @@ Check for [further information here](<https://github.com/carlospolop/hacktricks/
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -200,3 +200,4 @@ Make your payload execute something like the following:
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -7,3 +7,4 @@ Check the posts:
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -230,3 +230,4 @@ You can find more gadgets here: [https://deadcode.me/blog/2016/09/02/Blind-Java-
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -461,3 +461,4 @@ In this [**writeup**](https://intrigus.org/research/2022/07/18/google-ctf-2022-l
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -393,3 +393,4 @@ To reduce the risk of prototype pollution, the strategies listed below can be em
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -115,3 +115,4 @@ Check this writeup: [https://blog.huli.tw/2022/05/02/en/intigriti-revenge-challe
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -126,3 +126,4 @@ You could definitely use it in a bug **chain** to exploit a **prototype pollutio
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -729,3 +729,5 @@ In [**this commit**](https://github.com/nodejs/node/commit/0313102aaabb49f78156c
|
||||
- [https://portswigger.net/research/server-side-prototype-pollution](https://portswigger.net/research/server-side-prototype-pollution)
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -69,3 +69,4 @@ I needed to **call this deserialization twice**. In my testing, the first time t
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -156,3 +156,4 @@ cat /tmp/example_yaml
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -418,3 +418,4 @@ It's possible to brute-force the defined classes and at some point poison the cl
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -735,3 +735,4 @@ Stay informed with the newest bug bounties launching and crucial platform update
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -42,3 +42,4 @@ For more information check the description of the Race Condition and the CTF in
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -100,3 +100,4 @@ It looks like by default Nginx supports **512 parallel connections** at the same
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -53,3 +53,4 @@ if **name** == "**main**": print('\[DEBUG] Creating requests session') requests\
|
||||
|
||||
```
|
||||
|
||||
|
||||
|
||||
@ -274,3 +274,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -72,3 +72,4 @@ print('[x] Something went wrong, please try again')
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -63,3 +63,4 @@ if __name__ == "__main__":
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -33,3 +33,4 @@ For GNU/Linux systems, the randomness in temporary file naming is robust, render
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -83,3 +83,4 @@ php vuln.php
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -38,3 +38,4 @@ Another writeup in [https://spyclub.tech/2018/12/21/one-line-and-return-of-one-l
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -338,3 +338,4 @@ If you are interested in **hacking career** and hack the unhackable - **we are h
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -6,3 +6,4 @@
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -299,3 +299,4 @@ There should be a pattern (with the size of a used block). So, knowing how are a
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -8,3 +8,4 @@ And for more information, you can check this presentation: [https://speakerdeck.
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -23,3 +23,4 @@ Notice, that third party cookies pointing to a different domain won't be overwri
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -66,3 +66,4 @@ cookie-bomb.md
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -775,3 +775,4 @@ def handleResponse(req, interesting):
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -6,3 +6,4 @@
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -6,3 +6,4 @@
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -231,3 +231,4 @@ If you are interested in **hacking career** and hack the unhackable - **we are h
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -108,3 +108,4 @@ Pages usually redirects users after login, check if you can alter that redirect
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -829,3 +829,4 @@ Pass1234." and 1=0 union select "admin",sha("Pass1234.")#
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -280,3 +280,4 @@ Get Access Today:
|
||||
|
||||
{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=nosql-injection" %}
|
||||
|
||||
|
||||
|
||||
@ -240,3 +240,4 @@ If the platform you are testing is an OAuth provider [**read this to test for po
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -196,3 +196,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -332,3 +332,4 @@ By brute-forcing and potentially relationships it was possible to leak more data
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -234,3 +234,4 @@ Which might create inconsistences
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -18,3 +18,4 @@ It's possible to **add strings at the end the phone number** that could be used
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -244,3 +244,4 @@ javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembe
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -44,3 +44,4 @@ javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembe
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -238,3 +238,4 @@ For **more information**:
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -33,3 +33,4 @@ And in order to be precise and **send** that **postmessage** just **after** the
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -75,3 +75,4 @@ That **payload** will get the **identifier** and send a **XSS** it **back to the
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -85,3 +85,4 @@ The final solution by [**@terjanq**](https://twitter.com/terjanq) is the [**foll
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -32,3 +32,4 @@ This is specially useful in **postMessages** because if a page is sending sensit
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -233,3 +233,4 @@ data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+ #base64 encoding the javascri
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -411,3 +411,4 @@ Get Access Today:
|
||||
|
||||
{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=race-condition" %}
|
||||
|
||||
|
||||
|
||||
@ -72,3 +72,4 @@ Get Access Today:
|
||||
|
||||
{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=rate-limit-bypass" %}
|
||||
|
||||
|
||||
|
||||
@ -181,3 +181,4 @@ hacking-jwt-json-web-tokens.md
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -81,3 +81,4 @@ Regexp (a+)*$ took 723 milliseconds.
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -218,3 +218,4 @@ Stay informed with the newest bug bounties launching and crucial platform update
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -82,3 +82,4 @@ Prevention information are documented into the [HTML5 Cheat Sheet](https://cheat
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -305,3 +305,4 @@ with open("/home/fady/uberSAMLOIDAUTH") as urlList:
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -166,3 +166,4 @@ In conclusion, XML Signatures provide flexible ways to secure XML documents, wit
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -245,3 +245,4 @@ xslt-server-side-injection-extensible-stylesheet-language-transformations.md
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -572,3 +572,4 @@ This trick was taken from [https://secgroup.github.io/2017/01/03/33c3ctf-writeup
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -9,3 +9,4 @@ Check the following blogs:
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -194,3 +194,4 @@ Where **name\[i] is a .mdb filename** and **realTable is an existent table** wit
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -271,3 +271,4 @@ exec('sp_configure''xp_cmdshell'',''1''reconfigure')--
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -192,3 +192,4 @@ mysql> select version();
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -28,3 +28,4 @@ Automation of these processes can be facilitated by tools such as SQLMap, which
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -160,3 +160,4 @@ Another package I have used in the past with varied success is the [`GETCLOB()`
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -100,3 +100,4 @@ If you are interested in **hacking career** and hack the unhackable - **we are h
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -82,3 +82,4 @@ It's noted that **large objects may have ACLs** (Access Control Lists), potentia
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -8,3 +8,4 @@
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -110,3 +110,4 @@ SELECT testfunc();
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -120,3 +120,4 @@ select brute_force('127.0.0.1', '5432', 'postgres', 'postgres');
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -352,3 +352,4 @@ print(" drop function connect_back(text, integer);")
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -323,3 +323,4 @@ rce-with-postgresql-extensions.md
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -192,3 +192,4 @@ sqlmap -r r.txt -p id --not-string ridiculous --batch
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -238,3 +238,4 @@ Remember that **you can create your own tamper in python** and it's very simple.
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -78,3 +78,4 @@ sqlmap --tamper tamper.py -r login.txt -p email --second-req second.txt --proxy
|
||||
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -404,3 +404,4 @@ Get Access Today:
|
||||
|
||||
{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ssrf-server-side-request-forgery" %}
|
||||
|
||||
|
||||
|
||||
@ -658,3 +658,4 @@ Rancher's metadata can be accessed using:
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -6,3 +6,4 @@ Check **[https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/](https://blog.a
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -222,3 +222,4 @@ image from [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -1122,3 +1122,4 @@ If you think it could be useful, read:
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -249,3 +249,4 @@ Check [https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass/](https://h1pm
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -367,3 +367,4 @@ The request will be urlencoded by default according to the HTTP format, which ca
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -38,3 +38,4 @@ Once an scoped open proxy is discovered, it was possible to find valid targets b
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -51,3 +51,4 @@ Emoji lists:
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -105,3 +105,4 @@ The tool [**recollapse**](https://github.com/0xacb/recollapse) \*\*\*\* allows t
|
||||
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
@ -64,3 +64,4 @@ Imagine a web application that uses UUID v1 for generating password reset links.
|
||||
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user