From 759654f83848fef926beb057e85ccb2990f359b0 Mon Sep 17 00:00:00 2001 From: Glenn Ten Cate Date: Fri, 15 Sep 2023 16:47:02 +0000 Subject: [PATCH] GITBOOK-52: change request with no subject merged in GitBook --- README (1).md | 41 ++ README.md | 3 +- SUMMARY.md | 543 +++++++++--------- auth-bypass-1/README.md | 2 + auth-bypass-2/README.md | 2 + auth-bypass-3/README.md | 2 + auth-bypass-simple/README.md | 2 + auth-bypass/README.md | 2 + .../README.md | 2 + client-side-restriction-bypass/README.md | 2 + client-side-template-injection-csti/README.md | 2 + command-injection-2-cmd-2/README.md | 2 + command-injection-3-cmd-3/README.md | 2 + command-injection-4-cmd-4/README.md | 2 + .../python-command-injection-4-cmd-4.md | 2 + command-injection-blind-cmd-blind/README.md | 2 + command-injection-cmd/README.md | 2 + content-security-policy-csp/README.md | 2 + cors-exploitation/README.md | 2 + credentials-guessing-2/README.md | 2 + credentials-guessing/README.md | 2 + .../README.md | 2 + .../README.md | 2 + cross-site-scripting-dom-xss-dom/README.md | 2 + cross-site-scripting-href-xss-href/README.md | 2 + .../README.md | 2 + cross-site-scripting-xss/README.md | 2 + csrf-samesite/README.md | 2 + csrf-weak/README.md | 2 + csrf/README.md | 2 + css-injection-cssi/README.md | 2 + deserialisation-java-des-java/README.md | 2 + .../README.md | 2 + deserialisation-pickle-des-pickle/README.md | 2 + deserialisation-yaml-des-yaml/README.md | 2 + dos-regex/README.md | 2 + exposed-docker-daemon/README.md | 2 + file-upload/README.md | 2 + formula-injection/README.md | 2 + graphql-dos/README.md | 2 + graphql-idor/README.md | 2 + graphql-injections/README.md | 2 + graphql-introspection/README.md | 2 + .../nodejs-graphql-introspection.md | 2 + graphql-mutations/README.md | 2 + .../README.md | 2 + .../python-httponly-session-hijacking-xss.md | 2 + httponly-session-hijacking-xss/README.md | 2 + information-leakeage-in-comments/README.md | 2 + information-leakeage-in-metadata/README.md | 2 + .../README.md | 2 + jwt-null/README.md | 2 + jwt-secret/README.md | 2 + lab-template/static/img/logo (1).svg | 121 ++++ lab-template/static/img/logo (2).svg | 121 ++++ lab-template/static/img/logo (3).svg | 121 ++++ ldap-injection-harder/README.md | 2 + ldap-injection/README.md | 2 + local-file-inclusion-1-lfi-1/README.md | 2 + local-file-inclusion-2-lfi-2/README.md | 2 + local-file-inclusion-3-lfi-3/README.md | 2 + md/NodeJs/Auth-Bypass-2.md | 24 +- parameter-binding/README.md | 2 + prototype-pollution/README.md | 2 + race-condition-file-write/README.md | 2 + race-condition/README.md | 2 + ratelimiting-brute-force-login/README.md | 2 + remote-file-inclusion-rfi/README.md | 2 + right-to-left-override-rtlo/README.md | 2 + server-side-request-forgery-ssrf/README.md | 2 + server-side-template-injection-ssti/README.md | 2 + session-hijacking-xss/README.md | 2 + session-management-1/README.md | 2 + session-puzzling/README.md | 2 + sqli-blind/README.md | 2 + sqli-like/README.md | 2 + sqli-login-bypass/README.md | 2 + sqli-union/README.md | 2 + tls-downgrade/README.md | 2 + untrusted-sources-xssi/README.md | 2 + url-redirection-harder-2/README.md | 2 + url-redirection-harder/README.md | 2 + url-redirection/README.md | 2 + websocket-message-manipulation/README.md | 2 + xml-external-entity-xxe/README.md | 2 + 85 files changed, 842 insertions(+), 288 deletions(-) create mode 100644 README (1).md create mode 100644 auth-bypass-1/README.md create mode 100644 auth-bypass-2/README.md create mode 100644 auth-bypass-3/README.md create mode 100644 auth-bypass-simple/README.md create mode 100644 auth-bypass/README.md create mode 100644 client-side-restriction-bypass-harder/README.md create mode 100644 client-side-restriction-bypass/README.md create mode 100644 client-side-template-injection-csti/README.md create mode 100644 command-injection-2-cmd-2/README.md create mode 100644 command-injection-3-cmd-3/README.md create mode 100644 command-injection-4-cmd-4/README.md create mode 100644 command-injection-4-cmd-4/python-command-injection-4-cmd-4.md create mode 100644 command-injection-blind-cmd-blind/README.md create mode 100644 command-injection-cmd/README.md create mode 100644 content-security-policy-csp/README.md create mode 100644 cors-exploitation/README.md create mode 100644 credentials-guessing-2/README.md create mode 100644 credentials-guessing/README.md create mode 100644 cross-site-scripting-attribute-xss-attribute/README.md create mode 100644 cross-site-scripting-dom-2-xss-dom-2/README.md create mode 100644 cross-site-scripting-dom-xss-dom/README.md create mode 100644 cross-site-scripting-href-xss-href/README.md create mode 100644 cross-site-scripting-stored-xss-stored/README.md create mode 100644 cross-site-scripting-xss/README.md create mode 100644 csrf-samesite/README.md create mode 100644 csrf-weak/README.md create mode 100644 csrf/README.md create mode 100644 css-injection-cssi/README.md create mode 100644 deserialisation-java-des-java/README.md create mode 100644 deserialisation-pickle-2-des-pickle-2/README.md create mode 100644 deserialisation-pickle-des-pickle/README.md create mode 100644 deserialisation-yaml-des-yaml/README.md create mode 100644 dos-regex/README.md create mode 100644 exposed-docker-daemon/README.md create mode 100644 file-upload/README.md create mode 100644 formula-injection/README.md create mode 100644 graphql-dos/README.md create mode 100644 graphql-idor/README.md create mode 100644 graphql-injections/README.md create mode 100644 graphql-introspection/README.md create mode 100644 graphql-introspection/nodejs-graphql-introspection.md create mode 100644 graphql-mutations/README.md create mode 100644 host-header-injection-authentication-bypass/README.md create mode 100644 host-header-injection-authentication-bypass/python-httponly-session-hijacking-xss.md create mode 100644 httponly-session-hijacking-xss/README.md create mode 100644 information-leakeage-in-comments/README.md create mode 100644 information-leakeage-in-metadata/README.md create mode 100644 insecure-direct-object-references-idor/README.md create mode 100644 jwt-null/README.md create mode 100644 jwt-secret/README.md create mode 100644 lab-template/static/img/logo (1).svg create mode 100644 lab-template/static/img/logo (2).svg create mode 100644 lab-template/static/img/logo (3).svg create mode 100644 ldap-injection-harder/README.md create mode 100644 ldap-injection/README.md create mode 100644 local-file-inclusion-1-lfi-1/README.md create mode 100644 local-file-inclusion-2-lfi-2/README.md create mode 100644 local-file-inclusion-3-lfi-3/README.md create mode 100644 parameter-binding/README.md create mode 100644 prototype-pollution/README.md create mode 100644 race-condition-file-write/README.md create mode 100644 race-condition/README.md create mode 100644 ratelimiting-brute-force-login/README.md create mode 100644 remote-file-inclusion-rfi/README.md create mode 100644 right-to-left-override-rtlo/README.md create mode 100644 server-side-request-forgery-ssrf/README.md create mode 100644 server-side-template-injection-ssti/README.md create mode 100644 session-hijacking-xss/README.md create mode 100644 session-management-1/README.md create mode 100644 session-puzzling/README.md create mode 100644 sqli-blind/README.md create mode 100644 sqli-like/README.md create mode 100644 sqli-login-bypass/README.md create mode 100644 sqli-union/README.md create mode 100644 tls-downgrade/README.md create mode 100644 untrusted-sources-xssi/README.md create mode 100644 url-redirection-harder-2/README.md create mode 100644 url-redirection-harder/README.md create mode 100644 url-redirection/README.md create mode 100644 websocket-message-manipulation/README.md create mode 100644 xml-external-entity-xxe/README.md diff --git a/README (1).md b/README (1).md new file mode 100644 index 0000000000..4e1afc6595 --- /dev/null +++ b/README (1).md @@ -0,0 +1,41 @@ +# Introduction + +![OWASP security knowledge framework](./python/CSRF-weak/static/img/logo.svg) + +Here we find all the labs and write-ups for the security knowledge framework!\ +These labs are correlated to knowledge-base id's which are on their place\ +again correlated to security controls such as from the ASVS or NIST, etc. + +The labs are all downloadable from the following Github repository: + +{% hint style="info" %} +[SKF Labs repo](https://github.com/Security-Knowledge-Framework/Labs) +{% endhint %} + +The images can also be found on the skf docker hub. These skf-labs images are automatically pushed to the docker registry on each commit to the Github repository. + +## Useful tools + +First thing we need to do is to be able to investigate the requests that are being made by the labs/applications. We do this by setting up our intercepting proxy so we can gain more understanding of the application under test. + +{% hint style="info" %} +Burp suite:\ +[https://portswigger.net/burp/communitydownload](https://portswigger.net/burp/communitydownload) +{% endhint %} + +{% hint style="info" %} +ZAP: For the latest features we want to advise to use the Weekly build of ZAP. This is using the latest and greatest improvements + Libraries [https://www.zaproxy.org/download/#weekly](https://www.zaproxy.org/download/#weekly) +{% endhint %} + +## How to add a Lab & write-up + +When you want to contribute and add your own labs then please make sure you use the styling template in one of the lab challenges. We think its really important to have one look and feel and for able to merge your lab its required to use the SKF template. You can copy this from any of the labs we currently already have. + +For adding the write-up for the lab we advice to create a copy of on existing write-up and work from there or use the template.md file as a base. You can store all your images in .gitbook/assets/ and also make sure you correlate your lab to one of the knowledge base item identifier in SKF. When you completed the lab and the write-up you only have to add it to the SUMMARY.md file and you are ready to create your Pull Request. + +After the pull request you can find your nice styled write-up here: [https://skf.gitbook.io/asvs-write-ups/](https://skf.gitbook.io/asvs-write-ups/) + +## Deploying SKF Lab's from your terminal + +You can now deploy skf-lab from your terminal, with [joyghoshs/skf-cli](https://github.com/joyghoshs/skf-cli), you don't need to setup server if you don't want to with skf-cli you can deploy lab with security knowledge frameworks own api, if you want you can also search and deploy lab using skf-cli. + diff --git a/README.md b/README.md index 4e1afc6595..37f4cc2c5e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Introduction -![OWASP security knowledge framework](./python/CSRF-weak/static/img/logo.svg) +![security knowledge framework](python/CSRF-weak/static/img/logo.svg) Here we find all the labs and write-ups for the security knowledge framework!\ These labs are correlated to knowledge-base id's which are on their place\ @@ -38,4 +38,3 @@ After the pull request you can find your nice styled write-up here: [https://skf ## Deploying SKF Lab's from your terminal You can now deploy skf-lab from your terminal, with [joyghoshs/skf-cli](https://github.com/joyghoshs/skf-cli), you don't need to setup server if you don't want to with skf-cli you can deploy lab with security knowledge frameworks own api, if you want you can also search and deploy lab using skf-cli. - diff --git a/SUMMARY.md b/SUMMARY.md index e6f7d4f0ef..10a6a47a2e 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -1,274 +1,273 @@ # Table of contents -- [Introduction](README.md) -- Auth Bypass - - [Python - Auth Bypass](./md/Python/Auth-Bypass.md) - - [NodeJS - Auth Bypass](./md/NodeJs/Auth-Bypass.md) -- Auth Bypass - 1 - - [Python - Auth Bypass - 1](./md/Python/Auth-bypass-1.md) - - [NodeJS - Auth Bypass - 1](./md/NodeJs/Auth-Bypass-1.md) - - [Java - Auth Bypass - 1](./md/Java/Auth-Bypass-1.md) -- Auth Bypass - 2 - - [Python - Auth Bypass - 2](./md/Python/Auth-bypass-2.md) - - [NodeJS - Auth Bypass - 2](./md/NodeJs/Auth-Bypass-2.md) - - [Java - Auth Bypass - 2](./md/Java/Auth-Bypass-2.md) -- Auth-bypass - 3 - - [Python - Auth-bypass - 3](./md/Python/Auth-bypass-3.md) - - [NodeJS - Auth-bypass - 3](./md/NodeJs/Auth-Bypass-3.md) - - [Java - Auth-bypass - 3](./md/Java/Auth-Bypass-3.md) -- Auth-bypass - Simple - - [Python - Auth-bypass - Simple](./md/Python/Auth-Bypass-simple.md) - - [NodeJS - Auth-bypass - Simple](./md/NodeJs/Auth-Bypass-simple.md) - - [Java - Auth-bypass - Simple](./md/Java/Auth-Bypass-simple.md) -- Client Side Restriction Bypass - - [Python - Client Side Restriction Bypass](./md/Python/client-side-restriction-bypass.md) - - [NodeJS - Client Side Restriction Bypass](./md/NodeJs/Client-side-restriction-bypass.md) - - [Java - Client Side Restriction Bypass](./md/Java/Client-side-restriction-bypass.md) -- Client Side Restriction Bypass - Harder - - [Python - Client Side Restriction Bypass - Harder](./md/Python/client-side-restriction-bypass-2.md) - - [NodeJS - Client Side Restriction Bypass - Harder](./md/NodeJs/Client-side-restriction-bypass-2.md) - - [Java - Client Side Restriction Bypass - Harder](./md/Java/Client-side-restriction-bypass-2.md) -- Client Side Template Injection (CSTI) - - [Python - Client Side Template Injection (CSTI)](./md/Python/client-side-template-injection.md) - - [NodeJS - Client Side Template Injection (CSTI)](./md/NodeJs/CSTI.md) - - [Java - Client Side Template Injection (CSTI)](./md/Java/client-side-template-injection.md) -- Command Injection (CMD) - - [Python - Command Injection (CMD)](./md/Python/cmd-injection-1.md) - - [NodeJS - Command Injection (CMD)](./md/NodeJs/CMD.md) - - [Java - Command Injection (CMD)](./md/Java/CMD.md) -- Command Injection 2 (CMD-2) - - [Python - Command Injection 2 (CMD-2)](./md/Python/cmd-injection-2.md) - - [NodeJS - Command Injection 2 (CMD-2)](./md/NodeJs/CMD2.md) - - [Java - Command Injection 2 (CMD-2)](./md/Java/CMD2.md) -- Command Injection 3 (CMD-3) - - [Python - Command Injection 3 (CMD-3)](./md/Python/command-injection3.md) - - [Java - Command Injection 3 (CMD-3)](./md/Java/CMD3.md) -- Command Injection 4 (CMD-4) - - [Python - Command Injection 4 (CMD-4)](./md/Python/CMD4.md) - - [NodeJS - Command Injection 4 (CMD-4)](./md/NodeJs/CMD4.md) - - [Java - Command Injection 4 (CMD-4)](./md/Java/CMD4.md) -- Command Injection Blind (CMD-Blind) - - [Python - Command Injection Blind (CMD-Blind)](./md/Python/blind-cmd-injection-1.md) - - [NodeJS - Command Injection Blind (CMD-Blind)](./md/NodeJs/CMD-blind.md) - - [Java - Command Injection Blind (CMD-Blind)](./md/Java/CMD-Blind.md) -- Content-Security-Policy (CSP) - - [Python - Content-Security-Policy (CSP)](./md/Python/content-security-policy.md) - - [NodeJS - Content-Security-Policy (CSP)](./md/NodeJs/CSP.md) - - [Java - Content-Security-Policy (CSP)](./md/Java/CSP.md) -- CORS exploitation - - [Python - CORS exploitation](./md/Python/cors-exploitation.md) - - [Java - CORS exploitation](./md/Java/CORS.md) -- Credentials Guessing - - [Python - Credentials Guessing](./md/Python/credentials-guessing-1.md) - - [NodeJS - Credentials Guessing](./md/NodeJs/Credentials-Guessing-1.md) - - [Java - Credentials Guessing](./md/Java/Credentials-Guessing-1.md) -- Credentials Guessing - 2 - - [Python - Credentials Guessing - 2](./md/Python/credentials-guessing-2.md) - - [NodeJS - Credentials Guessing - 2](./md/NodeJs/Credentials-Guessing-2.md) - - [Java - Credentials Guessing - 2](./md/Java/Credentials-Guessing-2.md) -- Cross Site Scripting (XSS) - - [Python - XSS](./md/Python/cross-site-scripting.md) - - [NodeJS - XSS](./md/NodeJs/XSS.md) - - [Java - XSS](./md/Java/XSS.md) -- Cross Site Scripting - Attribute (XSS-Attribute) - - [Python - XSS-Attribute](./md/Python/cross-site-scripting-attribute.md) - - [NodeJS - XSS-Attribute](./md/NodeJs/XSS-attribute.md) -- Cross Site Scripting - href (XSS-href) - - [Python - XSS-href](./md/Python/cross-site-scripting-href.md) - - [NodeJS - XSS-href](./md/NodeJs/XSS-url.md) - - [Java - XSS-href](./md/Java/XSS-url.md) -- Cross Site Scripting - DOM (XSS-DOM) - - [Python - XSS-DOM](./md/Python/XSS-DOM.md) - - [NodeJS - XSS-DOM](./md/NodeJs/XSS-DOM.md) - - [Java - XSS-DOM](./md/Java/XSS-DOM.md) -- Cross Site Scripting - DOM-2 (XSS-DOM-2) - - [Python - XSS-DOM-2](./md/Python/XSS-DOM-2.md) - - [NodeJS - XSS-DOM-2](./md/NodeJs/XSS-DOM-2.md) - - [Java - XSS-DOM-2](./md/Java/XSS-DOM-2.md) -- Cross Site Scripting - Stored (XSS-Stored) - - [Java - XSS-Stored](./md/Java/XSS-Stored.md) -- CSRF - - [Python - CSRF](./md/Python/csrf.md) - - [NodeJS - CSRF](./md/NodeJs/CSRF.md) - - [Java - CSRF](./md/Java/CSRF.md) -- CSRF - Samesite - - [Python - CSRF-SameSite](./md/Python/csrf-samesite.md) - - [NodeJS - CSRF-SameSite](./md/NodeJs/CSRF-samesite.md) - - [Java - CSRF-SameSite](./md/Java/CSRF-Samesite.md) -- CSRF - Weak - - [Python - CSRF-Weak](./md/Python/CSRF-weak.md) - - [NodeJS - CSRF-Weak](./md/NodeJs/CSRF-weak.md) - - [Java - CSRF-Weak](./md/Java/CSRF-weak.md) -- CSS Injection (CSSI) - - [Python - CSS Injection (CSSI)](./md/Python/CSSI.md) - - [NodeJS - CSS Injection (CSSI)](./md/NodeJs/CSSI.md) - - [Java - CSS Injection (CSSI)](./md/Java/CSSI.md) -- Deserialisation Java (DES-Java) - - [Java - Deserialisation Java (DES-Java)](./md/Java/DES-JAVA.md) -- Deserialisation Yaml (DES-Yaml) - - [Python - Deserialisation Yaml (DES-Yaml)](./md/Python/deserialisation-yaml.md) -- Deserialisation Pickle (DES-Pickle) - - [Python - Deserialisation Pickle (DES-Pickle)](./md/Python/DES-Pickle-1.md) -- Deserialisation Pickle 2 (DES-Pickle-2) - - [Python - Deserialisation Pickle 2 (DES-Pickle-2)](./md/Python/DES-Pickle-2.md) -- DoS Regex - - [Python - DoS Regex](./md/Python/dos-regex.md) - - [NodeJS - DoS Regex](./md/NodeJs/DOS-Regex.md) - - [Java - DoS Regex](./md/Java/DOS-Regex.md) -- File upload - - [Python - File-Upload](./md/Python/file-upload.md) - - [NodeJS - File-Upload](./md/NodeJs/File-upload.md) - - [Java - File-Upload](./md/Java/File-upload.md) -- Formula Injection - - [Python - Formula Injection](./md/Python/formula-injection.md) - - [NodeJS - Formula Injection](./md/NodeJs/Formula-Injection.md) - - [Java - Formula Injection](./md/Java/Formula-Injection.md) -- GraphQL DOS - - [Python - GraphQL DOS](./md/Python/Graphql-dos.md) -- GraphQL IDOR - - [Python - GraphQL IDOR](./md/Python/Graphql-idor.md) - - [NodeJS - GraphQL IDOR](./md/NodeJs/GraphQL-IDOR.md) - - [Java - GraphQL IDOR](./md/Java/GraphQL-IDOR.md) -- GraphQL Injections - - [Python - GraphQL Injections](./md/Python/Graphql-injections.md) - - [NodeJS - GraphQL Injections](./md/NodeJs/GraphQL-Injection.md) - - [Java - GraphQL Injections](./md/Java/GraphQL-Injection.md) -- GraphQL Introspection - - [Python - GraphQL Introspection](./md/Python/Graphql-introspection.md) - - [NodeJS - GraphQL Introspection](./md/NodeJs/GraphQL-Introspection.md) - - [Java - GraphQL Introspection](./md/Java/GraphQL-Introspections.md) -- GraphQL Mutations - - [Python - GraphQL Mutations](./md/Python/Graphql-mutations.md) - - [NodeJS - GraphQL Mutations](./md/NodeJs/GraphQL-Mutations.md) - - [Java - GraphQL Mutations](./md/Java/GraphQL-Mutations.md) -- Host Header Injection (Authentication Bypass) - - [Python - HttpOnly Session Hijacking XSS](./md/Python/Host-Header-Authentication-Bypass) -- HttpOnly Session Hijacking XSS - - [Python - HttpOnly Session Hijacking XSS](./md/Python/HttpOnly-Session-hijacking-xss.md) - - [NodeJS - HttpOnly Session Hijacking XSS](./md/NodeJs/Session-hijacking-XSS.md) - - [Java - HttpOnly Session Hijacking XSS](./md/Java/Session-hijacking-XSS.md) -- Information Leakeage in Comments - - [Python - Information Leakeage in Comments](./md/Python/information-leakeage-comments.md) - - [NodeJS - Information Leakeage in Comments](./md/NodeJs/Info-leakage-comments.md) - - [Java - Information Leakeage in Comments](./md/Java/Info-leakage-comments.md) -- Information Leakeage in Metadata - - [Python - Information Leakeage in Metadata](./md/Python/information-leakeage-metadata.md) - - [NodeJS - Information Leakeage in Metadata](./md/NodeJs/Info-leakage-metadata.md) - - [Java - Information Leakeage in Metadata](./md/Java/Info-leakage-metadata.md) -- Insecure Direct Object References (IDOR) - - [Python - Insecure Direct Object References (IDOR)](./md/Python/insecure-direct-object-references.md) - - [NodeJS - Insecure Direct Object References (IDOR)](./md/NodeJs/IDOR.md) - - [Java - Insecure Direct Object References (IDOR)](./md/Java/IDOR.md) -- JWT Null - - [Python - JWT Null](./md/Python/jwt-null.md) - - [NodeJS - JWT Null](./md/NodeJs/JWT-null.md) - - [Java - JWT Null](./md/Java/JWT-null.md) -- JWT Secret - - [Python - JWT Secret](./md/Python/jwt-secret.md) - - [NodeJS - JWT Secret](./md/NodeJs/JWT-secret.md) - - [Java - JWT Secret](./md/Java/JWT-secret.md) -- Ldap Injection - - [Python - Ldap Injection](./md/Python/Ldap.md) - - [NodeJS - Ldap Injection](./md/NodeJs/Ldap.md) - - [Java - Ldap Injection](./md/Java/Ldap.md) -- Ldap Injection - harder - - [Python - Ldap Injection - harder](./md/Python/Ldap-harder.md) - - [NodeJS - Ldap Injection - harder](./md/NodeJs/Ldap-harder.md) - - [Java - Ldap Injection - harder](./md/Java/Ldap-harder.md) -- Local File Inclusion 1 (LFI-1) - - [Python - Local File Inclusion 1 (LFI-1)](./md/Python/LFI-1.md) - - [NodeJS - Local File Inclusion 1 (LFI-1)](./md/NodeJs/LFI.md) - - [Java - Local File Inclusion 1 (LFI-1)](./md/Java/LFI.md) -- Local File Inclusion 2 (LFI-2) - - [Python - Local File Inclusion 2 (LFI-2)](./md/Python/LFI-2.md) - - [NodeJS - Local File Inclusion 2 (LFI-2)](./md/NodeJs/LFI-2.md) - - [Java - Local File Inclusion 2 (LFI-2)](./md/Java/LFI-2.md) -- Local File Inclusion 3 (LFI-3) - - [Python - Local File Inclusion 3 (LFI-3)](./md/Python/LFI-3.md) - - [NodeJS - Local File Inclusion 3 (LFI-3)](./md/NodeJs/LFI-3.md) - - [Java - Local File Inclusion 3 (LFI-3)](./md/Java/LFI-3.md) -- Parameter Binding - - [Ruby - Parameter Binding](./md/Python/parameter-binding.md) - - [NodeJS - Parameter Binding](./md/NodeJs/ParameterBinding.md) - - [Java - Parameter Binding](./md/Java/Parameter-Binding.md) -- Prototype Pollution - - [NodeJS - Prototype Pollution](./md/NodeJs/Prototype-Pollution.md) -- Race Condition - - [Python - Race Condition](./md/Python/race-condition.md) - - [NodeJS - Race Condition](./md/NodeJs/RaceCondition.md) - - [Java - Race Condition](./md/Java/RaceCondition.md) -- Race Condition File-Write - - [Python - Race Condition File-Write](./md/Python/RaceCondition-File-Write.md) - - [NodeJS - Race Condition File-Write](./md/NodeJs/RaceCondition-File-Write.md) - - [Java - Race Condition File-Write](./md/Java/RaceCondition-File-Write.md) -- Ratelimiting (Brute-force login) - - [Python - Ratelimiting](./md/Python/ratelimiting.md) - - [NodeJS - Ratelimiting](./md/NodeJs/Ratelimiting.md) - - [Java - Ratelimiting](./md/Java/Ratelimiting.md) -- Remote File Inclusion (RFI) - - [Python - Remote File Inclusion (RFI)](./md/Python/remote-file-inclusion.md) - - [NodeJS - Remote File Inclusion (RFI)](./md/NodeJs/RFI.md) - - [Java - Remote File Inclusion (RFI)](./md/Java/RFI.md) -- Right To Left Override (RTLO) - - [Python - Right To Left Override (RTLO)](./md/Python/right-to-left-override.md) - - [NodeJS - Right To Left Override (RTLO)](./md/NodeJs/RTLO.md) - - [Java - Right To Left Override (RTLO)](./md/Java/RTLO.md) -- Server Side Request Forgery (SSRF) - - [Python - Server Side Request Forgery (SSRF)](./md/Python/server-side-request-forgery.md) - - [NodeJS - Server Side Request Forgery (SSRF)]() - - [Java - Server Side Request Forgery (SSRF)]() -- Server Side Template Injection (SSTI) - - [Python - Server Side Template Injection (SSTI)](./md/Python/server-side-template-injection.md) - - [Java - Server Side Template Injection (SSTI)](./md/Java/SSTI.md) -- Session Hijacking XSS - - [Python - HttpOnly Session Hijacking XSS](./md/Python/HttpOnly-Session-hijacking-xss.md) - - [NodeJS - HttpOnly Session Hijacking XSS](./md/NodeJs/Session-hijacking-XSS.md) - - [Java - HttpOnly Session Hijacking XSS](./md/Java/Session-hijacking-XSS.md) -- Session Puzzling - - [Python - Session Puzzling](./md/Python/session-puzzling.md) - - [NodeJS - Session Puzzling](./md/NodeJs/Session-Puzzling.md) - - [Java - Session Puzzling](./md/Java/SessionPuzzling.md) -- Session Management 1 - - [Python - Session Management 1](./md/Python/Session-Management-1.md) -- SQLI (Union) - - [Python - SQLI (Union)](./md/Python/sqli-union-select.md) - - [NodeJS - SQLI (Union)](./md/NodeJs/SQLI.md) - - [Java - SQLI (Union)](./md/Java/SQLI.md) -- SQLI Login Bypass - - [Python - Login Bypass](./md/Python/SQLI-login-bypass.md) -- SQLI (Like) - - [Python - SQLI (Like)](./md/Python/sqli-like.md) - - [NodeJS - SQLI (Like)](./md/NodeJs/SQLI-like.md) - - [Java - SQLI (Like)](./md/Java/SQLI-like.md) -- SQLI (Blind) - - [Python - SQLI (Blind)](./md/Python/sqli-blind.md) - - [NodeJS - SQLI (Blind)](./md/NodeJs/SQLI-blind.md) - - [Java - SQLI (Blind)](./md/Java/SQLI-blind.md) -- TLS Downgrade - - [Python - TLS Downgrade](./md/Python/tls-downgrade.md) -- Untrusted Sources (XSSI) - - [Python - Untrusted Sources (XSSI)](./md/Python/include-files-from-untrusted-sources-js.md) - - [NodeJS - Untrusted Sources (XSSI)](./md/NodeJs/Untrusted-sources-js.md) - - [Java - Untrusted Sources (XSSI)](./md/Java/Untrusted-sources-js.md) -- URL Redirection - - [Python - URL Redirection](./md/Python/open-redirect.md) - - [NodeJS - URL Redirection](./md/NodeJs/Url-redirection.md) - - [Java - URL Redirection](./md/Java/Url-redirection.md) -- URL Redirection - Harder - - [Python - URL Redirection - Harder](./md/Python/open-redirect-hard.md) - - [NodeJS - URL Redirection - Harder](./md/NodeJs/Url-redirection-harder.md) - - [Java - URL Redirection - Harder](./md/Java/Url-redirection-harder.md) -- URL Redirection - Harder-2 - - [Python - URL Redirection - Harder-2](./md/Python/open-redirect-harder-2.md) - - [NodeJS - URL Redirection - Harder-2](./md/NodeJs/Url-redirection-harder2.md) - - [Java - URL Redirection - Harder-2](./md/Java/url-redirection-harder-2.md) -- WebSocket Message Manipulation - - [Python - WebSocket Message Manipulation](./md/Python/WebSocket-Message-Manipulation.md) -- XML External Entity (XXE) - - [Python - XXE](./md/Python/xxe.md) - - [NodeJS - XXE](./md/NodeJs/XXE.md) - - [Java - XXE](./md/Java/XXE.md) -- Exposed docker daemon - - [Python - Exposed docker daemon](./md/Python/exposed-docker.md) - -- [template item](template.md) +* [Introduction](README.md) +* [Auth Bypass](auth-bypass/README.md) + * [Python - Auth Bypass](md/Python/Auth-Bypass.md) + * [NodeJS - Auth Bypass](md/NodeJs/Auth-Bypass.md) +* [Auth Bypass - 1](auth-bypass-1/README.md) + * [Python - Auth Bypass - 1](md/Python/Auth-bypass-1.md) + * [NodeJS - Auth Bypass - 1](md/NodeJs/Auth-Bypass-1.md) + * [Java - Auth Bypass - 1](md/Java/Auth-Bypass-1.md) +* [Auth Bypass - 2](auth-bypass-2/README.md) + * [Python - Auth Bypass - 2](md/Python/Auth-bypass-2.md) + * [NodeJS - Auth Bypass - 2](md/NodeJs/Auth-Bypass-2.md) + * [Java - Auth Bypass - 2](md/Java/Auth-Bypass-2.md) +* [Auth-bypass - 3](auth-bypass-3/README.md) + * [Python - Auth-bypass - 3](md/Python/Auth-bypass-3.md) + * [NodeJS - Auth-bypass - 3](md/NodeJs/Auth-Bypass-3.md) + * [Java - Auth-bypass - 3](md/Java/Auth-Bypass-3.md) +* [Auth-bypass - Simple](auth-bypass-simple/README.md) + * [Python - Auth-bypass - Simple](md/Python/Auth-Bypass-simple.md) + * [NodeJS - Auth-bypass - Simple](md/NodeJs/Auth-Bypass-simple.md) + * [Java - Auth-bypass - Simple](md/Java/Auth-Bypass-simple.md) +* [Client Side Restriction Bypass](client-side-restriction-bypass/README.md) + * [Python - Client Side Restriction Bypass](md/Python/client-side-restriction-bypass.md) + * [NodeJS - Client Side Restriction Bypass](md/NodeJs/Client-side-restriction-bypass.md) + * [Java - Client Side Restriction Bypass](md/Java/Client-side-restriction-bypass.md) +* [Client Side Restriction Bypass - Harder](client-side-restriction-bypass-harder/README.md) + * [Python - Client Side Restriction Bypass - Harder](md/Python/client-side-restriction-bypass-2.md) + * [NodeJS - Client Side Restriction Bypass - Harder](md/NodeJs/Client-side-restriction-bypass-2.md) + * [Java - Client Side Restriction Bypass - Harder](md/Java/Client-side-restriction-bypass-2.md) +* [Client Side Template Injection (CSTI)](client-side-template-injection-csti/README.md) + * [Python - Client Side Template Injection (CSTI)](md/Python/client-side-template-injection.md) + * [NodeJS - Client Side Template Injection (CSTI)](md/NodeJs/CSTI.md) + * [Java - Client Side Template Injection (CSTI)](md/Java/client-side-template-injection.md) +* [Command Injection (CMD)](command-injection-cmd/README.md) + * [Python - Command Injection (CMD)](md/Python/cmd-injection-1.md) + * [NodeJS - Command Injection (CMD)](md/NodeJs/CMD.md) + * [Java - Command Injection (CMD)](md/Java/CMD.md) +* [Command Injection 2 (CMD-2)](command-injection-2-cmd-2/README.md) + * [Python - Command Injection 2 (CMD-2)](md/Python/cmd-injection-2.md) + * [NodeJS - Command Injection 2 (CMD-2)](md/NodeJs/CMD2.md) + * [Java - Command Injection 2 (CMD-2)](md/Java/CMD2.md) +* [Command Injection 3 (CMD-3)](command-injection-3-cmd-3/README.md) + * [Python - Command Injection 3 (CMD-3)](md/Python/command-injection3.md) + * [Java - Command Injection 3 (CMD-3)](md/Java/CMD3.md) +* [Command Injection 4 (CMD-4)](command-injection-4-cmd-4/README.md) + * [Python - Command Injection 4 (CMD-4)](command-injection-4-cmd-4/python-command-injection-4-cmd-4.md) + * [NodeJS - Command Injection 4 (CMD-4)](md/NodeJs/CMD4.md) + * [Java - Command Injection 4 (CMD-4)](md/Java/CMD4.md) +* [Command Injection Blind (CMD-Blind)](command-injection-blind-cmd-blind/README.md) + * [Python - Command Injection Blind (CMD-Blind)](md/Python/blind-cmd-injection-1.md) + * [NodeJS - Command Injection Blind (CMD-Blind)](md/NodeJs/CMD-blind.md) + * [Java - Command Injection Blind (CMD-Blind)](md/Java/CMD-Blind.md) +* [Content-Security-Policy (CSP)](content-security-policy-csp/README.md) + * [Python - Content-Security-Policy (CSP)](md/Python/content-security-policy.md) + * [NodeJS - Content-Security-Policy (CSP)](md/NodeJs/CSP.md) + * [Java - Content-Security-Policy (CSP)](md/Java/CSP.md) +* [CORS exploitation](cors-exploitation/README.md) + * [Python - CORS exploitation](md/Python/cors-exploitation.md) + * [Java - CORS exploitation](md/Java/CORS.md) +* [Credentials Guessing](credentials-guessing/README.md) + * [Python - Credentials Guessing](md/Python/credentials-guessing-1.md) + * [NodeJS - Credentials Guessing](md/NodeJs/Credentials-Guessing-1.md) + * [Java - Credentials Guessing](md/Java/Credentials-Guessing-1.md) +* [Credentials Guessing - 2](credentials-guessing-2/README.md) + * [Python - Credentials Guessing - 2](md/Python/credentials-guessing-2.md) + * [NodeJS - Credentials Guessing - 2](md/NodeJs/Credentials-Guessing-2.md) + * [Java - Credentials Guessing - 2](md/Java/Credentials-Guessing-2.md) +* [Cross Site Scripting (XSS)](cross-site-scripting-xss/README.md) + * [Python - XSS](md/Python/cross-site-scripting.md) + * [NodeJS - XSS](md/NodeJs/XSS.md) + * [Java - XSS](md/Java/XSS.md) +* [Cross Site Scripting - Attribute (XSS-Attribute)](cross-site-scripting-attribute-xss-attribute/README.md) + * [Python - XSS-Attribute](md/Python/cross-site-scripting-attribute.md) + * [NodeJS - XSS-Attribute](md/NodeJs/XSS-attribute.md) +* [Cross Site Scripting - href (XSS-href)](cross-site-scripting-href-xss-href/README.md) + * [Python - XSS-href](md/Python/cross-site-scripting-href.md) + * [NodeJS - XSS-href](md/NodeJs/XSS-url.md) + * [Java - XSS-href](md/Java/XSS-url.md) +* [Cross Site Scripting - DOM (XSS-DOM)](cross-site-scripting-dom-xss-dom/README.md) + * [Python - XSS-DOM](md/Python/XSS-DOM.md) + * [NodeJS - XSS-DOM](md/NodeJs/XSS-DOM.md) + * [Java - XSS-DOM](md/Java/XSS-DOM.md) +* [Cross Site Scripting - DOM-2 (XSS-DOM-2)](cross-site-scripting-dom-2-xss-dom-2/README.md) + * [Python - XSS-DOM-2](md/Python/XSS-DOM-2.md) + * [NodeJS - XSS-DOM-2](md/NodeJs/XSS-DOM-2.md) + * [Java - XSS-DOM-2](md/Java/XSS-DOM-2.md) +* [Cross Site Scripting - Stored (XSS-Stored)](cross-site-scripting-stored-xss-stored/README.md) + * [Java - XSS-Stored](md/Java/XSS-Stored.md) +* [CSRF](csrf/README.md) + * [Python - CSRF](md/Python/csrf.md) + * [NodeJS - CSRF](md/NodeJs/CSRF.md) + * [Java - CSRF](md/Java/CSRF.md) +* [CSRF - Samesite](csrf-samesite/README.md) + * [Python - CSRF-SameSite](md/Python/csrf-samesite.md) + * [NodeJS - CSRF-SameSite](md/NodeJs/CSRF-samesite.md) + * [Java - CSRF-SameSite](md/Java/CSRF-Samesite.md) +* [CSRF - Weak](csrf-weak/README.md) + * [Python - CSRF-Weak](md/Python/CSRF-weak.md) + * [NodeJS - CSRF-Weak](md/NodeJs/CSRF-weak.md) + * [Java - CSRF-Weak](md/Java/CSRF-weak.md) +* [CSS Injection (CSSI)](css-injection-cssi/README.md) + * [Python - CSS Injection (CSSI)](md/Python/CSSI.md) + * [NodeJS - CSS Injection (CSSI)](md/NodeJs/CSSI.md) + * [Java - CSS Injection (CSSI)](md/Java/CSSI.md) +* [Deserialisation Java (DES-Java)](deserialisation-java-des-java/README.md) + * [Java - Deserialisation Java (DES-Java)](md/Java/DES-JAVA.md) +* [Deserialisation Yaml (DES-Yaml)](deserialisation-yaml-des-yaml/README.md) + * [Python - Deserialisation Yaml (DES-Yaml)](md/Python/deserialisation-yaml.md) +* [Deserialisation Pickle (DES-Pickle)](deserialisation-pickle-des-pickle/README.md) + * [Python - Deserialisation Pickle (DES-Pickle)](md/Python/DES-Pickle-1.md) +* [Deserialisation Pickle 2 (DES-Pickle-2)](deserialisation-pickle-2-des-pickle-2/README.md) + * [Python - Deserialisation Pickle 2 (DES-Pickle-2)](md/Python/DES-Pickle-2.md) +* [DoS Regex](dos-regex/README.md) + * [Python - DoS Regex](md/Python/dos-regex.md) + * [NodeJS - DoS Regex](md/NodeJs/DOS-Regex.md) + * [Java - DoS Regex](md/Java/DOS-Regex.md) +* [File upload](file-upload/README.md) + * [Python - File-Upload](md/Python/file-upload.md) + * [NodeJS - File-Upload](md/NodeJs/File-upload.md) + * [Java - File-Upload](md/Java/File-upload.md) +* [Formula Injection](formula-injection/README.md) + * [Python - Formula Injection](md/Python/formula-injection.md) + * [NodeJS - Formula Injection](md/NodeJs/Formula-Injection.md) + * [Java - Formula Injection](md/Java/Formula-Injection.md) +* [GraphQL DOS](graphql-dos/README.md) + * [Python - GraphQL DOS](md/Python/Graphql-dos.md) +* [GraphQL IDOR](graphql-idor/README.md) + * [Python - GraphQL IDOR](md/Python/Graphql-idor.md) + * [NodeJS - GraphQL IDOR](md/NodeJs/GraphQL-IDOR.md) + * [Java - GraphQL IDOR](md/Java/GraphQL-IDOR.md) +* [GraphQL Injections](graphql-injections/README.md) + * [Python - GraphQL Injections](md/Python/Graphql-injections.md) + * [NodeJS - GraphQL Injections](md/NodeJs/GraphQL-Injection.md) + * [Java - GraphQL Injections](md/Java/GraphQL-Injection.md) +* [GraphQL Introspection](graphql-introspection/README.md) + * [Python - GraphQL Introspection](md/Python/Graphql-introspection.md) + * [NodeJS - GraphQL Introspection](graphql-introspection/nodejs-graphql-introspection.md) + * [Java - GraphQL Introspection](md/Java/GraphQL-Introspections.md) +* [GraphQL Mutations](graphql-mutations/README.md) + * [Python - GraphQL Mutations](md/Python/Graphql-mutations.md) + * [NodeJS - GraphQL Mutations](md/NodeJs/GraphQL-Mutations.md) + * [Java - GraphQL Mutations](md/Java/GraphQL-Mutations.md) +* [Host Header Injection (Authentication Bypass)](host-header-injection-authentication-bypass/README.md) + * [Python - HttpOnly Session Hijacking XSS](host-header-injection-authentication-bypass/python-httponly-session-hijacking-xss.md) +* [HttpOnly Session Hijacking XSS](httponly-session-hijacking-xss/README.md) + * [Python - HttpOnly Session Hijacking XSS](md/Python/HttpOnly-Session-hijacking-xss.md) + * [NodeJS - HttpOnly Session Hijacking XSS](md/NodeJs/Session-hijacking-XSS.md) + * [Java - HttpOnly Session Hijacking XSS](md/Java/Session-hijacking-XSS.md) +* [Information Leakeage in Comments](information-leakeage-in-comments/README.md) + * [Python - Information Leakeage in Comments](md/Python/information-leakeage-comments.md) + * [NodeJS - Information Leakeage in Comments](md/NodeJs/Info-leakage-comments.md) + * [Java - Information Leakeage in Comments](md/Java/Info-leakage-comments.md) +* [Information Leakeage in Metadata](information-leakeage-in-metadata/README.md) + * [Python - Information Leakeage in Metadata](md/Python/information-leakeage-metadata.md) + * [NodeJS - Information Leakeage in Metadata](md/NodeJs/Info-leakage-metadata.md) + * [Java - Information Leakeage in Metadata](md/Java/Info-leakage-metadata.md) +* [Insecure Direct Object References (IDOR)](insecure-direct-object-references-idor/README.md) + * [Python - Insecure Direct Object References (IDOR)](md/Python/insecure-direct-object-references.md) + * [NodeJS - Insecure Direct Object References (IDOR)](md/NodeJs/IDOR.md) + * [Java - Insecure Direct Object References (IDOR)](md/Java/IDOR.md) +* [JWT Null](jwt-null/README.md) + * [Python - JWT Null](md/Python/jwt-null.md) + * [NodeJS - JWT Null](md/NodeJs/JWT-null.md) + * [Java - JWT Null](md/Java/JWT-null.md) +* [JWT Secret](jwt-secret/README.md) + * [Python - JWT Secret](md/Python/jwt-secret.md) + * [NodeJS - JWT Secret](md/NodeJs/JWT-secret.md) + * [Java - JWT Secret](md/Java/JWT-secret.md) +* [Ldap Injection](ldap-injection/README.md) + * [Python - Ldap Injection](md/Python/Ldap.md) + * [NodeJS - Ldap Injection](md/NodeJs/Ldap.md) + * [Java - Ldap Injection](md/Java/Ldap.md) +* [Ldap Injection - harder](ldap-injection-harder/README.md) + * [Python - Ldap Injection - harder](md/Python/Ldap-harder.md) + * [NodeJS - Ldap Injection - harder](md/NodeJs/Ldap-harder.md) + * [Java - Ldap Injection - harder](md/Java/Ldap-harder.md) +* [Local File Inclusion 1 (LFI-1)](local-file-inclusion-1-lfi-1/README.md) + * [Python - Local File Inclusion 1 (LFI-1)](md/Python/LFI-1.md) + * [NodeJS - Local File Inclusion 1 (LFI-1)](md/NodeJs/LFI.md) + * [Java - Local File Inclusion 1 (LFI-1)](md/Java/LFI.md) +* [Local File Inclusion 2 (LFI-2)](local-file-inclusion-2-lfi-2/README.md) + * [Python - Local File Inclusion 2 (LFI-2)](md/Python/LFI-2.md) + * [NodeJS - Local File Inclusion 2 (LFI-2)](md/NodeJs/LFI-2.md) + * [Java - Local File Inclusion 2 (LFI-2)](md/Java/LFI-2.md) +* [Local File Inclusion 3 (LFI-3)](local-file-inclusion-3-lfi-3/README.md) + * [Python - Local File Inclusion 3 (LFI-3)](md/Python/LFI-3.md) + * [NodeJS - Local File Inclusion 3 (LFI-3)](md/NodeJs/LFI-3.md) + * [Java - Local File Inclusion 3 (LFI-3)](md/Java/LFI-3.md) +* [Parameter Binding](parameter-binding/README.md) + * [Ruby - Parameter Binding](md/Python/parameter-binding.md) + * [NodeJS - Parameter Binding](md/NodeJs/ParameterBinding.md) + * [Java - Parameter Binding](md/Java/Parameter-Binding.md) +* [Prototype Pollution](prototype-pollution/README.md) + * [NodeJS - Prototype Pollution](md/NodeJs/Prototype-Pollution.md) +* [Race Condition](race-condition/README.md) + * [Python - Race Condition](md/Python/race-condition.md) + * [NodeJS - Race Condition](md/NodeJs/RaceCondition.md) + * [Java - Race Condition](md/Java/RaceCondition.md) +* [Race Condition File-Write](race-condition-file-write/README.md) + * [Python - Race Condition File-Write](md/Python/RaceCondition-File-Write.md) + * [NodeJS - Race Condition File-Write](md/NodeJs/RaceCondition-File-Write.md) + * [Java - Race Condition File-Write](md/Java/RaceCondition-File-Write.md) +* [Ratelimiting (Brute-force login)](ratelimiting-brute-force-login/README.md) + * [Python - Ratelimiting](md/Python/ratelimiting.md) + * [NodeJS - Ratelimiting](md/NodeJs/Ratelimiting.md) + * [Java - Ratelimiting](md/Java/Ratelimiting.md) +* [Remote File Inclusion (RFI)](remote-file-inclusion-rfi/README.md) + * [Python - Remote File Inclusion (RFI)](md/Python/remote-file-inclusion.md) + * [NodeJS - Remote File Inclusion (RFI)](md/NodeJs/RFI.md) + * [Java - Remote File Inclusion (RFI)](md/Java/RFI.md) +* [Right To Left Override (RTLO)](right-to-left-override-rtlo/README.md) + * [Python - Right To Left Override (RTLO)](md/Python/right-to-left-override.md) + * [NodeJS - Right To Left Override (RTLO)](md/NodeJs/RTLO.md) + * [Java - Right To Left Override (RTLO)](md/Java/RTLO.md) +* [Server Side Request Forgery (SSRF)](server-side-request-forgery-ssrf/README.md) + * [Python - Server Side Request Forgery (SSRF)](md/Python/server-side-request-forgery.md) + * [NodeJS - Server Side Request Forgery (SSRF)]() + * +* [Server Side Template Injection (SSTI)](server-side-template-injection-ssti/README.md) + * [Python - Server Side Template Injection (SSTI)](md/Python/server-side-template-injection.md) + * [Java - Server Side Template Injection (SSTI)](md/Java/SSTI.md) +* [Session Hijacking XSS](session-hijacking-xss/README.md) + * + * + * +* [Session Puzzling](session-puzzling/README.md) + * [Python - Session Puzzling](md/Python/session-puzzling.md) + * [NodeJS - Session Puzzling](md/NodeJs/Session-Puzzling.md) + * [Java - Session Puzzling](md/Java/SessionPuzzling.md) +* [Session Management 1](session-management-1/README.md) + * [Python - Session Management 1](md/Python/Session-Management-1.md) +* [SQLI (Union)](sqli-union/README.md) + * [Python - SQLI (Union)](md/Python/sqli-union-select.md) + * [NodeJS - SQLI (Union)](md/NodeJs/SQLI.md) + * [Java - SQLI (Union)](md/Java/SQLI.md) +* [SQLI Login Bypass](sqli-login-bypass/README.md) + * [Python - Login Bypass](md/Python/SQLI-login-bypass.md) +* [SQLI (Like)](sqli-like/README.md) + * [Python - SQLI (Like)](md/Python/sqli-like.md) + * [NodeJS - SQLI (Like)](md/NodeJs/SQLI-like.md) + * [Java - SQLI (Like)](md/Java/SQLI-like.md) +* [SQLI (Blind)](sqli-blind/README.md) + * [Python - SQLI (Blind)](md/Python/sqli-blind.md) + * [NodeJS - SQLI (Blind)](md/NodeJs/SQLI-blind.md) + * [Java - SQLI (Blind)](md/Java/SQLI-blind.md) +* [TLS Downgrade](tls-downgrade/README.md) + * [Python - TLS Downgrade](md/Python/tls-downgrade.md) +* [Untrusted Sources (XSSI)](untrusted-sources-xssi/README.md) + * [Python - Untrusted Sources (XSSI)](md/Python/include-files-from-untrusted-sources-js.md) + * [NodeJS - Untrusted Sources (XSSI)](md/NodeJs/Untrusted-sources-js.md) + * [Java - Untrusted Sources (XSSI)](md/Java/Untrusted-sources-js.md) +* [URL Redirection](url-redirection/README.md) + * [Python - URL Redirection](md/Python/open-redirect.md) + * [NodeJS - URL Redirection](md/NodeJs/Url-redirection.md) + * [Java - URL Redirection](md/Java/Url-redirection.md) +* [URL Redirection - Harder](url-redirection-harder/README.md) + * [Python - URL Redirection - Harder](md/Python/open-redirect-hard.md) + * [NodeJS - URL Redirection - Harder](md/NodeJs/Url-redirection-harder.md) + * [Java - URL Redirection - Harder](md/Java/Url-redirection-harder.md) +* [URL Redirection - Harder-2](url-redirection-harder-2/README.md) + * [Python - URL Redirection - Harder-2](md/Python/open-redirect-harder-2.md) + * [NodeJS - URL Redirection - Harder-2](md/NodeJs/Url-redirection-harder2.md) + * [Java - URL Redirection - Harder-2](md/Java/url-redirection-harder-2.md) +* [WebSocket Message Manipulation](websocket-message-manipulation/README.md) + * [Python - WebSocket Message Manipulation](md/Python/WebSocket-Message-Manipulation.md) +* [XML External Entity (XXE)](xml-external-entity-xxe/README.md) + * [Python - XXE](md/Python/xxe.md) + * [NodeJS - XXE](md/NodeJs/XXE.md) + * [Java - XXE](md/Java/XXE.md) +* [Exposed docker daemon](exposed-docker-daemon/README.md) + * [Python - Exposed docker daemon](md/Python/exposed-docker.md) +* [template item](template.md) diff --git a/auth-bypass-1/README.md b/auth-bypass-1/README.md new file mode 100644 index 0000000000..620b711856 --- /dev/null +++ b/auth-bypass-1/README.md @@ -0,0 +1,2 @@ +# Auth Bypass - 1 + diff --git a/auth-bypass-2/README.md b/auth-bypass-2/README.md new file mode 100644 index 0000000000..4e25cd4cd4 --- /dev/null +++ b/auth-bypass-2/README.md @@ -0,0 +1,2 @@ +# Auth Bypass - 2 + diff --git a/auth-bypass-3/README.md b/auth-bypass-3/README.md new file mode 100644 index 0000000000..379bd31be2 --- /dev/null +++ b/auth-bypass-3/README.md @@ -0,0 +1,2 @@ +# Auth-bypass - 3 + diff --git a/auth-bypass-simple/README.md b/auth-bypass-simple/README.md new file mode 100644 index 0000000000..5a5cf57f5e --- /dev/null +++ b/auth-bypass-simple/README.md @@ -0,0 +1,2 @@ +# Auth-bypass - Simple + diff --git a/auth-bypass/README.md b/auth-bypass/README.md new file mode 100644 index 0000000000..494d2d3e48 --- /dev/null +++ b/auth-bypass/README.md @@ -0,0 +1,2 @@ +# Auth Bypass + diff --git a/client-side-restriction-bypass-harder/README.md b/client-side-restriction-bypass-harder/README.md new file mode 100644 index 0000000000..99da9bd987 --- /dev/null +++ b/client-side-restriction-bypass-harder/README.md @@ -0,0 +1,2 @@ +# Client Side Restriction Bypass - Harder + diff --git a/client-side-restriction-bypass/README.md b/client-side-restriction-bypass/README.md new file mode 100644 index 0000000000..b7a0f425a0 --- /dev/null +++ b/client-side-restriction-bypass/README.md @@ -0,0 +1,2 @@ +# Client Side Restriction Bypass + diff --git a/client-side-template-injection-csti/README.md b/client-side-template-injection-csti/README.md new file mode 100644 index 0000000000..98d545ac85 --- /dev/null +++ b/client-side-template-injection-csti/README.md @@ -0,0 +1,2 @@ +# Client Side Template Injection (CSTI) + diff --git a/command-injection-2-cmd-2/README.md b/command-injection-2-cmd-2/README.md new file mode 100644 index 0000000000..440dc247a2 --- /dev/null +++ b/command-injection-2-cmd-2/README.md @@ -0,0 +1,2 @@ +# Command Injection 2 (CMD-2) + diff --git a/command-injection-3-cmd-3/README.md b/command-injection-3-cmd-3/README.md new file mode 100644 index 0000000000..6e22fe7aec --- /dev/null +++ b/command-injection-3-cmd-3/README.md @@ -0,0 +1,2 @@ +# Command Injection 3 (CMD-3) + diff --git a/command-injection-4-cmd-4/README.md b/command-injection-4-cmd-4/README.md new file mode 100644 index 0000000000..43f044da3c --- /dev/null +++ b/command-injection-4-cmd-4/README.md @@ -0,0 +1,2 @@ +# Command Injection 4 (CMD-4) + diff --git a/command-injection-4-cmd-4/python-command-injection-4-cmd-4.md b/command-injection-4-cmd-4/python-command-injection-4-cmd-4.md new file mode 100644 index 0000000000..dda2f258f8 --- /dev/null +++ b/command-injection-4-cmd-4/python-command-injection-4-cmd-4.md @@ -0,0 +1,2 @@ +# Python - Command Injection 4 (CMD-4) + diff --git a/command-injection-blind-cmd-blind/README.md b/command-injection-blind-cmd-blind/README.md new file mode 100644 index 0000000000..b9bc2dfa3a --- /dev/null +++ b/command-injection-blind-cmd-blind/README.md @@ -0,0 +1,2 @@ +# Command Injection Blind (CMD-Blind) + diff --git a/command-injection-cmd/README.md b/command-injection-cmd/README.md new file mode 100644 index 0000000000..ca9353c3f2 --- /dev/null +++ b/command-injection-cmd/README.md @@ -0,0 +1,2 @@ +# Command Injection (CMD) + diff --git a/content-security-policy-csp/README.md b/content-security-policy-csp/README.md new file mode 100644 index 0000000000..a0db1ac9f5 --- /dev/null +++ b/content-security-policy-csp/README.md @@ -0,0 +1,2 @@ +# Content-Security-Policy (CSP) + diff --git a/cors-exploitation/README.md b/cors-exploitation/README.md new file mode 100644 index 0000000000..5158498776 --- /dev/null +++ b/cors-exploitation/README.md @@ -0,0 +1,2 @@ +# CORS exploitation + diff --git a/credentials-guessing-2/README.md b/credentials-guessing-2/README.md new file mode 100644 index 0000000000..7478846d7f --- /dev/null +++ b/credentials-guessing-2/README.md @@ -0,0 +1,2 @@ +# Credentials Guessing - 2 + diff --git a/credentials-guessing/README.md b/credentials-guessing/README.md new file mode 100644 index 0000000000..d0cb65b3c9 --- /dev/null +++ b/credentials-guessing/README.md @@ -0,0 +1,2 @@ +# Credentials Guessing + diff --git a/cross-site-scripting-attribute-xss-attribute/README.md b/cross-site-scripting-attribute-xss-attribute/README.md new file mode 100644 index 0000000000..f7345ffc81 --- /dev/null +++ b/cross-site-scripting-attribute-xss-attribute/README.md @@ -0,0 +1,2 @@ +# Cross Site Scripting - Attribute (XSS-Attribute) + diff --git a/cross-site-scripting-dom-2-xss-dom-2/README.md b/cross-site-scripting-dom-2-xss-dom-2/README.md new file mode 100644 index 0000000000..3f10e68129 --- /dev/null +++ b/cross-site-scripting-dom-2-xss-dom-2/README.md @@ -0,0 +1,2 @@ +# Cross Site Scripting - DOM-2 (XSS-DOM-2) + diff --git a/cross-site-scripting-dom-xss-dom/README.md b/cross-site-scripting-dom-xss-dom/README.md new file mode 100644 index 0000000000..6e3f0e0c50 --- /dev/null +++ b/cross-site-scripting-dom-xss-dom/README.md @@ -0,0 +1,2 @@ +# Cross Site Scripting - DOM (XSS-DOM) + diff --git a/cross-site-scripting-href-xss-href/README.md b/cross-site-scripting-href-xss-href/README.md new file mode 100644 index 0000000000..fc64ad2004 --- /dev/null +++ b/cross-site-scripting-href-xss-href/README.md @@ -0,0 +1,2 @@ +# Cross Site Scripting - href (XSS-href) + diff --git a/cross-site-scripting-stored-xss-stored/README.md b/cross-site-scripting-stored-xss-stored/README.md new file mode 100644 index 0000000000..946e74a6f8 --- /dev/null +++ b/cross-site-scripting-stored-xss-stored/README.md @@ -0,0 +1,2 @@ +# Cross Site Scripting - Stored (XSS-Stored) + diff --git a/cross-site-scripting-xss/README.md b/cross-site-scripting-xss/README.md new file mode 100644 index 0000000000..228bfe183b --- /dev/null +++ b/cross-site-scripting-xss/README.md @@ -0,0 +1,2 @@ +# Cross Site Scripting (XSS) + diff --git a/csrf-samesite/README.md b/csrf-samesite/README.md new file mode 100644 index 0000000000..484927290f --- /dev/null +++ b/csrf-samesite/README.md @@ -0,0 +1,2 @@ +# CSRF - Samesite + diff --git a/csrf-weak/README.md b/csrf-weak/README.md new file mode 100644 index 0000000000..455ab40290 --- /dev/null +++ b/csrf-weak/README.md @@ -0,0 +1,2 @@ +# CSRF - Weak + diff --git a/csrf/README.md b/csrf/README.md new file mode 100644 index 0000000000..56b1178293 --- /dev/null +++ b/csrf/README.md @@ -0,0 +1,2 @@ +# CSRF + diff --git a/css-injection-cssi/README.md b/css-injection-cssi/README.md new file mode 100644 index 0000000000..8388d3d4e9 --- /dev/null +++ b/css-injection-cssi/README.md @@ -0,0 +1,2 @@ +# CSS Injection (CSSI) + diff --git a/deserialisation-java-des-java/README.md b/deserialisation-java-des-java/README.md new file mode 100644 index 0000000000..e85bd74cea --- /dev/null +++ b/deserialisation-java-des-java/README.md @@ -0,0 +1,2 @@ +# Deserialisation Java (DES-Java) + diff --git a/deserialisation-pickle-2-des-pickle-2/README.md b/deserialisation-pickle-2-des-pickle-2/README.md new file mode 100644 index 0000000000..b9c21d4b8a --- /dev/null +++ b/deserialisation-pickle-2-des-pickle-2/README.md @@ -0,0 +1,2 @@ +# Deserialisation Pickle 2 (DES-Pickle-2) + diff --git a/deserialisation-pickle-des-pickle/README.md b/deserialisation-pickle-des-pickle/README.md new file mode 100644 index 0000000000..f356be5cfb --- /dev/null +++ b/deserialisation-pickle-des-pickle/README.md @@ -0,0 +1,2 @@ +# Deserialisation Pickle (DES-Pickle) + diff --git a/deserialisation-yaml-des-yaml/README.md b/deserialisation-yaml-des-yaml/README.md new file mode 100644 index 0000000000..e2fd9a5f55 --- /dev/null +++ b/deserialisation-yaml-des-yaml/README.md @@ -0,0 +1,2 @@ +# Deserialisation Yaml (DES-Yaml) + diff --git a/dos-regex/README.md b/dos-regex/README.md new file mode 100644 index 0000000000..5b50105994 --- /dev/null +++ b/dos-regex/README.md @@ -0,0 +1,2 @@ +# DoS Regex + diff --git a/exposed-docker-daemon/README.md b/exposed-docker-daemon/README.md new file mode 100644 index 0000000000..5974049046 --- /dev/null +++ b/exposed-docker-daemon/README.md @@ -0,0 +1,2 @@ +# Exposed docker daemon + diff --git a/file-upload/README.md b/file-upload/README.md new file mode 100644 index 0000000000..d0a12e17cd --- /dev/null +++ b/file-upload/README.md @@ -0,0 +1,2 @@ +# File upload + diff --git a/formula-injection/README.md b/formula-injection/README.md new file mode 100644 index 0000000000..b4146376ff --- /dev/null +++ b/formula-injection/README.md @@ -0,0 +1,2 @@ +# Formula Injection + diff --git a/graphql-dos/README.md b/graphql-dos/README.md new file mode 100644 index 0000000000..cec229d660 --- /dev/null +++ b/graphql-dos/README.md @@ -0,0 +1,2 @@ +# GraphQL DOS + diff --git a/graphql-idor/README.md b/graphql-idor/README.md new file mode 100644 index 0000000000..3672d91600 --- /dev/null +++ b/graphql-idor/README.md @@ -0,0 +1,2 @@ +# GraphQL IDOR + diff --git a/graphql-injections/README.md b/graphql-injections/README.md new file mode 100644 index 0000000000..31986a6177 --- /dev/null +++ b/graphql-injections/README.md @@ -0,0 +1,2 @@ +# GraphQL Injections + diff --git a/graphql-introspection/README.md b/graphql-introspection/README.md new file mode 100644 index 0000000000..a39aafe902 --- /dev/null +++ b/graphql-introspection/README.md @@ -0,0 +1,2 @@ +# GraphQL Introspection + diff --git a/graphql-introspection/nodejs-graphql-introspection.md b/graphql-introspection/nodejs-graphql-introspection.md new file mode 100644 index 0000000000..a277730c19 --- /dev/null +++ b/graphql-introspection/nodejs-graphql-introspection.md @@ -0,0 +1,2 @@ +# NodeJS - GraphQL Introspection + diff --git a/graphql-mutations/README.md b/graphql-mutations/README.md new file mode 100644 index 0000000000..97a2566153 --- /dev/null +++ b/graphql-mutations/README.md @@ -0,0 +1,2 @@ +# GraphQL Mutations + diff --git a/host-header-injection-authentication-bypass/README.md b/host-header-injection-authentication-bypass/README.md new file mode 100644 index 0000000000..ddefefbd73 --- /dev/null +++ b/host-header-injection-authentication-bypass/README.md @@ -0,0 +1,2 @@ +# Host Header Injection (Authentication Bypass) + diff --git a/host-header-injection-authentication-bypass/python-httponly-session-hijacking-xss.md b/host-header-injection-authentication-bypass/python-httponly-session-hijacking-xss.md new file mode 100644 index 0000000000..e69e4774a3 --- /dev/null +++ b/host-header-injection-authentication-bypass/python-httponly-session-hijacking-xss.md @@ -0,0 +1,2 @@ +# Python - HttpOnly Session Hijacking XSS + diff --git a/httponly-session-hijacking-xss/README.md b/httponly-session-hijacking-xss/README.md new file mode 100644 index 0000000000..fc377d9c8c --- /dev/null +++ b/httponly-session-hijacking-xss/README.md @@ -0,0 +1,2 @@ +# HttpOnly Session Hijacking XSS + diff --git a/information-leakeage-in-comments/README.md b/information-leakeage-in-comments/README.md new file mode 100644 index 0000000000..5d487cebed --- /dev/null +++ b/information-leakeage-in-comments/README.md @@ -0,0 +1,2 @@ +# Information Leakeage in Comments + diff --git a/information-leakeage-in-metadata/README.md b/information-leakeage-in-metadata/README.md new file mode 100644 index 0000000000..354ae6399c --- /dev/null +++ b/information-leakeage-in-metadata/README.md @@ -0,0 +1,2 @@ +# Information Leakeage in Metadata + diff --git a/insecure-direct-object-references-idor/README.md b/insecure-direct-object-references-idor/README.md new file mode 100644 index 0000000000..20ab1c75b5 --- /dev/null +++ b/insecure-direct-object-references-idor/README.md @@ -0,0 +1,2 @@ +# Insecure Direct Object References (IDOR) + diff --git a/jwt-null/README.md b/jwt-null/README.md new file mode 100644 index 0000000000..455cb4fe9d --- /dev/null +++ b/jwt-null/README.md @@ -0,0 +1,2 @@ +# JWT Null + diff --git a/jwt-secret/README.md b/jwt-secret/README.md new file mode 100644 index 0000000000..5531d6d64a --- /dev/null +++ b/jwt-secret/README.md @@ -0,0 +1,2 @@ +# JWT Secret + diff --git a/lab-template/static/img/logo (1).svg b/lab-template/static/img/logo (1).svg new file mode 100644 index 0000000000..7017518ad5 --- /dev/null +++ b/lab-template/static/img/logo (1).svg @@ -0,0 +1,121 @@ + + + + + + + + + + + diff --git a/lab-template/static/img/logo (2).svg b/lab-template/static/img/logo (2).svg new file mode 100644 index 0000000000..7017518ad5 --- /dev/null +++ b/lab-template/static/img/logo (2).svg @@ -0,0 +1,121 @@ + + + + + + + + + + + diff --git a/lab-template/static/img/logo (3).svg b/lab-template/static/img/logo (3).svg new file mode 100644 index 0000000000..7017518ad5 --- /dev/null +++ b/lab-template/static/img/logo (3).svg @@ -0,0 +1,121 @@ + + + + + + + + + + + diff --git a/ldap-injection-harder/README.md b/ldap-injection-harder/README.md new file mode 100644 index 0000000000..44e313c5d7 --- /dev/null +++ b/ldap-injection-harder/README.md @@ -0,0 +1,2 @@ +# Ldap Injection - harder + diff --git a/ldap-injection/README.md b/ldap-injection/README.md new file mode 100644 index 0000000000..803e9f52c0 --- /dev/null +++ b/ldap-injection/README.md @@ -0,0 +1,2 @@ +# Ldap Injection + diff --git a/local-file-inclusion-1-lfi-1/README.md b/local-file-inclusion-1-lfi-1/README.md new file mode 100644 index 0000000000..2e7f97488e --- /dev/null +++ b/local-file-inclusion-1-lfi-1/README.md @@ -0,0 +1,2 @@ +# Local File Inclusion 1 (LFI-1) + diff --git a/local-file-inclusion-2-lfi-2/README.md b/local-file-inclusion-2-lfi-2/README.md new file mode 100644 index 0000000000..7055f6a9bd --- /dev/null +++ b/local-file-inclusion-2-lfi-2/README.md @@ -0,0 +1,2 @@ +# Local File Inclusion 2 (LFI-2) + diff --git a/local-file-inclusion-3-lfi-3/README.md b/local-file-inclusion-3-lfi-3/README.md new file mode 100644 index 0000000000..2695085740 --- /dev/null +++ b/local-file-inclusion-3-lfi-3/README.md @@ -0,0 +1,2 @@ +# Local File Inclusion 3 (LFI-3) + diff --git a/md/NodeJs/Auth-Bypass-2.md b/md/NodeJs/Auth-Bypass-2.md index 9487e7ce67..5b0a5d8d74 100644 --- a/md/NodeJs/Auth-Bypass-2.md +++ b/md/NodeJs/Auth-Bypass-2.md @@ -1,4 +1,4 @@ -# Authorization Bypass 2 +# NodeJS - Auth Bypass - 2 ## Running the app on Docker @@ -30,8 +30,7 @@ Lets start the application and register a new user ![](https://raw.githubusercontent.com/blabla1337/skf-labs/master/.gitbook/assets/python/Auth-Bypass-2/2.png) -Please note that (for convenience) your password will be reset if the user already exists. -Also note that the username and password are case sensitive. +Please note that (for convenience) your password will be reset if the user already exists. Also note that the username and password are case sensitive. Now that we have valid credentials, we can login: @@ -57,18 +56,16 @@ We can check whether it is a hash: it seems to be a sha1... -It is possible that the developer added a salt to the username and hashed the concatenated string -admin+some_salt --> maybe this is also the reason why we can't find with Google what the hash represents. +It is possible that the developer added a salt to the username and hashed the concatenated string admin+some\_salt -> maybe this is also the reason why we can't find with Google what the hash represents. The about page seem to contain a lot of text, maybe the salt is a typical word for this company that is also mentioned on that page… -Using cewel we can grab all the words from a page like this: -cewl -m 4 -w wordlist.txt -d 0 -v http://127.0.0.1:5000/about
--m 4: minimum word length is 4 characters
--w wordlist: write output to file ‘wordlist’
--d 0: follow links x times deep (0=stay on the same page)
--v: verbose (show what you are doing)
+Using cewel we can grab all the words from a page like this: cewl -m 4 -w wordlist.txt -d 0 -v http://127.0.0.1:5000/about\ +_-m 4: minimum word length is 4 characters_\ +_-w wordlist: write output to file ‘wordlist’_\ +_-d 0: follow links x times deep (0=stay on the same page)_\ +_-v: verbose (show what you are doing)_\ + Using a terminal window: @@ -86,8 +83,7 @@ Paste the content of the word list in the payload options and add the payload pr ![](https://raw.githubusercontent.com/blabla1337/skf-labs/master/.gitbook/assets/python/Auth-Bypass-2/11.png) -This will prefix the word 'admin' to each word from the list and calculate a sha1 of the concatenated string. -for example sha1(adminBank) +This will prefix the word 'admin' to each word from the list and calculate a sha1 of the concatenated string. for example sha1(adminBank) Start the attack diff --git a/parameter-binding/README.md b/parameter-binding/README.md new file mode 100644 index 0000000000..6acee0b3a8 --- /dev/null +++ b/parameter-binding/README.md @@ -0,0 +1,2 @@ +# Parameter Binding + diff --git a/prototype-pollution/README.md b/prototype-pollution/README.md new file mode 100644 index 0000000000..1053eed785 --- /dev/null +++ b/prototype-pollution/README.md @@ -0,0 +1,2 @@ +# Prototype Pollution + diff --git a/race-condition-file-write/README.md b/race-condition-file-write/README.md new file mode 100644 index 0000000000..2be9fd3c24 --- /dev/null +++ b/race-condition-file-write/README.md @@ -0,0 +1,2 @@ +# Race Condition File-Write + diff --git a/race-condition/README.md b/race-condition/README.md new file mode 100644 index 0000000000..aa1473c70f --- /dev/null +++ b/race-condition/README.md @@ -0,0 +1,2 @@ +# Race Condition + diff --git a/ratelimiting-brute-force-login/README.md b/ratelimiting-brute-force-login/README.md new file mode 100644 index 0000000000..b11699abbc --- /dev/null +++ b/ratelimiting-brute-force-login/README.md @@ -0,0 +1,2 @@ +# Ratelimiting (Brute-force login) + diff --git a/remote-file-inclusion-rfi/README.md b/remote-file-inclusion-rfi/README.md new file mode 100644 index 0000000000..007d38477d --- /dev/null +++ b/remote-file-inclusion-rfi/README.md @@ -0,0 +1,2 @@ +# Remote File Inclusion (RFI) + diff --git a/right-to-left-override-rtlo/README.md b/right-to-left-override-rtlo/README.md new file mode 100644 index 0000000000..2fc6d8828f --- /dev/null +++ b/right-to-left-override-rtlo/README.md @@ -0,0 +1,2 @@ +# Right To Left Override (RTLO) + diff --git a/server-side-request-forgery-ssrf/README.md b/server-side-request-forgery-ssrf/README.md new file mode 100644 index 0000000000..91a195cbbf --- /dev/null +++ b/server-side-request-forgery-ssrf/README.md @@ -0,0 +1,2 @@ +# Server Side Request Forgery (SSRF) + diff --git a/server-side-template-injection-ssti/README.md b/server-side-template-injection-ssti/README.md new file mode 100644 index 0000000000..dea9f5d6af --- /dev/null +++ b/server-side-template-injection-ssti/README.md @@ -0,0 +1,2 @@ +# Server Side Template Injection (SSTI) + diff --git a/session-hijacking-xss/README.md b/session-hijacking-xss/README.md new file mode 100644 index 0000000000..d304c1f720 --- /dev/null +++ b/session-hijacking-xss/README.md @@ -0,0 +1,2 @@ +# Session Hijacking XSS + diff --git a/session-management-1/README.md b/session-management-1/README.md new file mode 100644 index 0000000000..f00daec152 --- /dev/null +++ b/session-management-1/README.md @@ -0,0 +1,2 @@ +# Session Management 1 + diff --git a/session-puzzling/README.md b/session-puzzling/README.md new file mode 100644 index 0000000000..edaaf9427f --- /dev/null +++ b/session-puzzling/README.md @@ -0,0 +1,2 @@ +# Session Puzzling + diff --git a/sqli-blind/README.md b/sqli-blind/README.md new file mode 100644 index 0000000000..79867b755e --- /dev/null +++ b/sqli-blind/README.md @@ -0,0 +1,2 @@ +# SQLI (Blind) + diff --git a/sqli-like/README.md b/sqli-like/README.md new file mode 100644 index 0000000000..ab1356077b --- /dev/null +++ b/sqli-like/README.md @@ -0,0 +1,2 @@ +# SQLI (Like) + diff --git a/sqli-login-bypass/README.md b/sqli-login-bypass/README.md new file mode 100644 index 0000000000..c429599dc1 --- /dev/null +++ b/sqli-login-bypass/README.md @@ -0,0 +1,2 @@ +# SQLI Login Bypass + diff --git a/sqli-union/README.md b/sqli-union/README.md new file mode 100644 index 0000000000..6e95e16b69 --- /dev/null +++ b/sqli-union/README.md @@ -0,0 +1,2 @@ +# SQLI (Union) + diff --git a/tls-downgrade/README.md b/tls-downgrade/README.md new file mode 100644 index 0000000000..fe99c02d78 --- /dev/null +++ b/tls-downgrade/README.md @@ -0,0 +1,2 @@ +# TLS Downgrade + diff --git a/untrusted-sources-xssi/README.md b/untrusted-sources-xssi/README.md new file mode 100644 index 0000000000..75eee6f23d --- /dev/null +++ b/untrusted-sources-xssi/README.md @@ -0,0 +1,2 @@ +# Untrusted Sources (XSSI) + diff --git a/url-redirection-harder-2/README.md b/url-redirection-harder-2/README.md new file mode 100644 index 0000000000..5a2235b09c --- /dev/null +++ b/url-redirection-harder-2/README.md @@ -0,0 +1,2 @@ +# URL Redirection - Harder-2 + diff --git a/url-redirection-harder/README.md b/url-redirection-harder/README.md new file mode 100644 index 0000000000..7b58f6e707 --- /dev/null +++ b/url-redirection-harder/README.md @@ -0,0 +1,2 @@ +# URL Redirection - Harder + diff --git a/url-redirection/README.md b/url-redirection/README.md new file mode 100644 index 0000000000..f251b34bf8 --- /dev/null +++ b/url-redirection/README.md @@ -0,0 +1,2 @@ +# URL Redirection + diff --git a/websocket-message-manipulation/README.md b/websocket-message-manipulation/README.md new file mode 100644 index 0000000000..2d8087a151 --- /dev/null +++ b/websocket-message-manipulation/README.md @@ -0,0 +1,2 @@ +# WebSocket Message Manipulation + diff --git a/xml-external-entity-xxe/README.md b/xml-external-entity-xxe/README.md new file mode 100644 index 0000000000..390704e2fa --- /dev/null +++ b/xml-external-entity-xxe/README.md @@ -0,0 +1,2 @@ +# XML External Entity (XXE) +