mirror of
https://github.com/HackTricks-wiki/hacktricks.git
synced 2025-10-10 18:36:50 +00:00
t1
This commit is contained in:
parent
3855a3d041
commit
ae1d2e8ee6
1
.github/pull_request_template.md
vendored
1
.github/pull_request_template.md
vendored
@ -8,3 +8,4 @@ Thank you for contributing to HackTricks!
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
name: Translator to IN (Hindi)
|
||||
name: Translator to HI (Hindi)
|
||||
|
||||
on:
|
||||
push:
|
||||
@ -10,7 +10,7 @@ on:
|
||||
- '.github/**'
|
||||
workflow_dispatch:
|
||||
|
||||
concurrency: in
|
||||
concurrency: hi
|
||||
|
||||
permissions:
|
||||
id-token: write
|
||||
@ -22,7 +22,7 @@ jobs:
|
||||
environment: prod
|
||||
env:
|
||||
LANGUAGE: Hindi
|
||||
BRANCH: in
|
||||
BRANCH: hi
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
@ -29,3 +29,4 @@ InfluxDB
|
||||
{{#include ./banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -3,3 +3,4 @@
|
||||
{{#include ./banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -757,3 +757,4 @@ Project Neto is a Python 3 package conceived to analyse and unravel hidden featu
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -101,3 +101,4 @@ browext-xss-example.md
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -113,3 +113,4 @@ However, tightening security measures often results in decreased flexibility and
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -118,3 +118,4 @@ Notably, the **`/html/bookmarks.html`** page is prone to framing, thus vulnerabl
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -242,3 +242,4 @@ Learn here about how to perform[ Cache Deceptions attacks abusing HTTP Request S
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -145,3 +145,4 @@ Cache: hit
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -52,3 +52,4 @@ Several cache servers will always cache a response if it's identified as static.
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -818,3 +818,4 @@ pc.createOffer().then((sdp)=>pc.setLocalDescription(sdp);
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -66,3 +66,4 @@ window.frames[0].document.head.appendChild(script)
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -263,3 +263,4 @@ XS-Search are oriented to **exfiltrate cross-origin information** abusing **side
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -7,3 +7,4 @@
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -989,3 +989,4 @@ Check for more details in the [**original post**](https://github.blog/security/v
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -197,3 +197,4 @@ namespace DeserializationTests
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -89,3 +89,4 @@ As you can see in this very basic example, the "vulnerability" here appears beca
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -5,3 +5,4 @@
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -214,3 +214,4 @@ Check for [further information here](<https://github.com/carlospolop/hacktricks/
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -201,3 +201,4 @@ Make your payload execute something like the following:
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -8,3 +8,4 @@ Check the posts:
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -231,3 +231,4 @@ You can find more gadgets here: [https://deadcode.me/blog/2016/09/02/Blind-Java-
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -462,3 +462,4 @@ In this [**writeup**](https://intrigus.org/research/2022/07/18/google-ctf-2022-l
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -394,3 +394,4 @@ To reduce the risk of prototype pollution, the strategies listed below can be em
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -116,3 +116,4 @@ Check this writeup: [https://blog.huli.tw/2022/05/02/en/intigriti-revenge-challe
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -127,3 +127,4 @@ You could definitely use it in a bug **chain** to exploit a **prototype pollutio
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -731,3 +731,4 @@ In [**this commit**](https://github.com/nodejs/node/commit/0313102aaabb49f78156c
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -70,3 +70,4 @@ I needed to **call this deserialization twice**. In my testing, the first time t
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -157,3 +157,4 @@ cat /tmp/example_yaml
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -24,3 +24,4 @@ When sending in a body some values not hashabled like an array they will be adde
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -419,3 +419,4 @@ It's possible to brute-force the defined classes and at some point poison the cl
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -691,3 +691,4 @@ If you include any of the files `/usr/bin/phar`, `/usr/bin/phar7`, `/usr/bin/pha
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -43,3 +43,4 @@ For more information check the description of the Race Condition and the CTF in
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -101,3 +101,4 @@ It looks like by default Nginx supports **512 parallel connections** at the same
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -54,3 +54,4 @@ if **name** == "**main**": print('\[DEBUG] Creating requests session') requests\
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
@ -265,3 +265,4 @@ function find_vals($init_val) {
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -59,3 +59,4 @@ print('[x] Something went wrong, please try again')
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -64,3 +64,4 @@ if __name__ == "__main__":
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -34,3 +34,4 @@ For GNU/Linux systems, the randomness in temporary file naming is robust, render
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -76,3 +76,4 @@ php vuln.php
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -39,3 +39,4 @@ Another writeup in [https://spyclub.tech/2018/12/21/one-line-and-return-of-one-l
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -329,3 +329,4 @@ More information in: [https://medium.com/swlh/polyglot-files-a-hackers-best-frie
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -7,3 +7,4 @@
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -300,3 +300,4 @@ There should be a pattern (with the size of a used block). So, knowing how are a
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -9,3 +9,4 @@ And for more information, you can check this presentation: [https://speakerdeck.
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -24,3 +24,4 @@ Notice, that third party cookies pointing to a different domain won't be overwri
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -67,3 +67,4 @@ cookie-bomb.md
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -38,3 +38,4 @@ This issue can potentially be combined with [Host header attacks](https://portsw
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -762,3 +762,4 @@ def handleResponse(req, interesting):
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -7,3 +7,4 @@
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -7,3 +7,4 @@
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -132,3 +132,4 @@ Therefore, the **next request of the second victim** will be **receiving** as **
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -5,3 +5,4 @@
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -23,3 +23,4 @@ Ofc, the main limitations are that a **victim closing the tab or putting another
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -222,3 +222,4 @@ intitle:"phpLDAPadmin" inurl:cmd.php
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -99,3 +99,4 @@ Pages usually redirects users after login, check if you can alter that redirect
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -816,3 +816,4 @@ Pass1234." and 1=0 union select "admin",sha("Pass1234.")#
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -257,3 +257,4 @@ for u in get_usernames(""):
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -235,3 +235,4 @@ If the platform you are testing is an OAuth provider [**read this to test for po
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -187,3 +187,4 @@ exit;
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -333,3 +333,4 @@ By brute-forcing and potentially relationships it was possible to leak more data
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -229,3 +229,4 @@ Which might create inconsistences
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -19,3 +19,4 @@ It's possible to **add strings at the end the phone number** that could be used
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -245,3 +245,4 @@ javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembe
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -45,3 +45,4 @@ javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembe
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -239,3 +239,4 @@ For **more information**:
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -34,3 +34,4 @@ And in order to be precise and **send** that **postmessage** just **after** the
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -76,3 +76,4 @@ That **payload** will get the **identifier** and send a **XSS** it **back to the
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -86,3 +86,4 @@ The final solution by [**@terjanq**](https://twitter.com/terjanq) is the [**foll
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -33,3 +33,4 @@ This is specially useful in **postMessages** because if a page is sending sensit
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -228,3 +228,4 @@ data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+ #base64 encoding the javascri
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -396,3 +396,4 @@ In [**WS_RaceCondition_PoC**](https://github.com/redrays-io/WS_RaceCondition_PoC
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -57,3 +57,4 @@ Note that even if a rate limit is in place you should try to see if the response
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -182,3 +182,4 @@ hacking-jwt-json-web-tokens.md
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -82,3 +82,4 @@ Regexp (a+)*$ took 723 milliseconds.
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -189,3 +189,4 @@ uuid-insecurities.md
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -83,3 +83,4 @@ Prevention information are documented into the [HTML5 Cheat Sheet](https://cheat
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -306,3 +306,4 @@ with open("/home/fady/uberSAMLOIDAUTH") as urlList:
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -167,3 +167,4 @@ In conclusion, XML Signatures provide flexible ways to secure XML documents, wit
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -246,3 +246,4 @@ xslt-server-side-injection-extensible-stylesheet-language-transformations.md
|
||||
{{#include ../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -548,3 +548,4 @@ This trick was taken from [https://secgroup.github.io/2017/01/03/33c3ctf-writeup
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -10,3 +10,4 @@ Check the following blogs:
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -195,3 +195,4 @@ Where **name\[i] is a .mdb filename** and **realTable is an existent table** wit
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -272,3 +272,4 @@ exec('sp_configure''xp_cmdshell'',''1''reconfigure')--
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -184,3 +184,4 @@ mysql> select version();
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -29,3 +29,4 @@ Automation of these processes can be facilitated by tools such as SQLMap, which
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -161,3 +161,4 @@ Another package I have used in the past with varied success is the [`GETCLOB()`
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -91,3 +91,4 @@ SELECT $TAG$hacktricks$TAG$;
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -83,3 +83,4 @@ It's noted that **large objects may have ACLs** (Access Control Lists), potentia
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -9,3 +9,4 @@
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -111,3 +111,4 @@ SELECT testfunc();
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -121,3 +121,4 @@ select brute_force('127.0.0.1', '5432', 'postgres', 'postgres');
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -353,3 +353,4 @@ print(" drop function connect_back(text, integer);")
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -324,3 +324,4 @@ rce-with-postgresql-extensions.md
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -193,3 +193,4 @@ sqlmap -r r.txt -p id --not-string ridiculous --batch
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -225,3 +225,4 @@ Remember that **you can create your own tamper in python** and it's very simple.
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -79,3 +79,4 @@ sqlmap --tamper tamper.py -r login.txt -p email --second-req second.txt --proxy
|
||||
{{#include ../../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
@ -382,3 +382,4 @@ SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -659,3 +659,4 @@ Rancher's metadata can be accessed using:
|
||||
{{#include ../../banners/hacktricks-training.md}}
|
||||
|
||||
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user