mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-04-24 00:55:01 +02:00
Fix name's capitalization
This commit is contained in:
Swissky
parent
21d1fe7eee
commit
404afd1d71
|
Before Width: | Height: | Size: 393 KiB After Width: | Height: | Size: 393 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 27 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 68 KiB |
|
|
@ -1,33 +0,0 @@
|
|||
# Vulnerability Title
|
||||
|
||||
> Vulnerability description - reference
|
||||
|
||||
Tools:
|
||||
|
||||
- [Tool name - description](https://example.com)
|
||||
|
||||
## Summary
|
||||
|
||||
* [Something](#something)
|
||||
* [Something](#something)
|
||||
* [Subentry 1](#sub1)
|
||||
* [Subentry 2](#sub2)
|
||||
|
||||
## Something
|
||||
|
||||
Quick explanation
|
||||
|
||||
```powershell
|
||||
Exploit
|
||||
```
|
||||
|
||||
Abhay Bhargav
|
||||
https://twitter.com/abhaybhargav/status/1080034019230842880
|
||||
|
||||
@abhaybhargav
|
||||
1 janv.
|
||||
Protip: When bughunting a #AWS #Lambda function, remember that the metadata objects are env-vars. Escalate privs after RCE with envvars. In this screenshot have a function that's vulnerable to a deserialization vuln (RCE) through which I have dumped the envvars with secrets
|
||||
|
||||
## References
|
||||
|
||||
- [Blog title - Author, Date](https://example.com)
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -1,35 +0,0 @@
|
|||
# Vulnerability Title
|
||||
|
||||
> Vulnerability description - reference
|
||||
|
||||
Tools:
|
||||
|
||||
- [Tool name - description](https://example.com)
|
||||
|
||||
## Summary
|
||||
|
||||
* [Something](#something)
|
||||
* [Something](#something)
|
||||
* [Subentry 1](#sub1)
|
||||
* [Subentry 2](#sub2)
|
||||
|
||||
## Something
|
||||
|
||||
Quick explanation
|
||||
|
||||
```powershell
|
||||
Exploit
|
||||
```
|
||||
|
||||
## References
|
||||
|
||||
- [OneLogin authentication bypass on WordPress sites via XMLRPC in Uber](https://hackerone.com/reports/138869) by Jouko Pynnönen (jouko)
|
||||
- [2FA PayPal Bypass](https://henryhoggard.co.uk/blog/Paypal-2FA-Bypass) by henryhoggard
|
||||
- [SAML Bug in Github worth 15000](http://www.economyofmechanism.com/github-saml.html)
|
||||
- [Authentication bypass on Airbnb via OAuth tokens theft](https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/)
|
||||
- [Uber Login CSRF + Open Redirect -> Account Takeover at Uber](http://ngailong.com/uber-login-csrf-open-redirect-account-takeover/)
|
||||
- [Administrative Panel Access](http://c0rni3sm.blogspot.hk/2017/08/accidentally-typo-to-bypass.html?m=1) by c0rni3sm
|
||||
- [Uber Bug Bounty: Gaining Access To An Internal Chat System](http://blog.mish.re/index.php/2017/09/06/uber-bug-bounty-gaining-access-to-an-internal-chat-system/) by mishre
|
||||
- [Flickr Oauth Misconfiguration](https://mishresec.wordpress.com/2017/10/12/yahoo-bug-bounty-exploiting-oauth-misconfiguration-to-takeover-flickr-accounts/) by mishre
|
||||
- [Slack SAML authentication bypass](http://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html) by Antonio Sanso
|
||||
- [Shopify admin authentication bypass using partners.shopify.com](https://hackerone.com/reports/270981) by uzsunny
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
# Vulnerability Title
|
||||
|
||||
> Vulnerability description - reference
|
||||
|
||||
Tools:
|
||||
|
||||
- [Tool name - description](https://example.com)
|
||||
|
||||
## Summary
|
||||
|
||||
* [Something](#something)
|
||||
* [Something](#something)
|
||||
* [Subentry 1](#sub1)
|
||||
* [Subentry 2](#sub2)
|
||||
|
||||
## Something
|
||||
|
||||
Quick explanation
|
||||
|
||||
```powershell
|
||||
Exploit
|
||||
```
|
||||
|
||||
## References
|
||||
|
||||
- [Web Authentication Endpoint Credentials Brute-Force Vulnerability](https://hackerone.com/reports/127844) by Arne Swinnen
|
||||
- [InstaBrute: Two Ways to Brute-force Instagram Account Credentials](https://www.arneswinnen.net/2016/05/instabrute-two-ways-to-brute-force-instagram-account-credentials/) by Arne Swinnen
|
||||
- [How I Could Compromise 4% (Locked) Instagram Accounts](https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/) by Arne Swinnen
|
||||
- [Possibility to brute force invite codes in riders.uber.com](https://hackerone.com/reports/125505) by r0t
|
||||
- [Brute-Forcing invite codes in partners.uber.com](https://hackerone.com/reports/144616) by Efkan Gökbaş (mefkan)
|
||||
- [How I could have hacked all Facebook accounts](http://www.anandpraka.sh/2016/03/how-i-could-have-hacked-your-facebook.html) by Anand Prakash
|
||||
- [Facebook Account Take Over by using SMS verification code, not accessible by now, may get update from author later](http://arunsureshkumar.me/index.php/2016/04/24/facebook-account-take-over/) by Arun Sureshkumar
|
||||
- [SQL injection in Wordpress Plugin Huge IT Video Gallery in Uber](https://hackerone.com/reports/125932) by glc
|
||||
- [SQL Injection on sctrack.email.uber.com.cn](https://hackerone.com/reports/150156) by Orange Tsai
|
||||
- [Yahoo – Root Access SQL Injection – tw.yahoo.com](http://buer.haus/2015/01/15/yahoo-root-access-sql-injection-tw-yahoo-com/) by Brett Buerhaus
|
||||
- [Multiple vulnerabilities in a WordPress plugin at drive.uber.com](https://hackerone.com/reports/135288) by Abood Nour (syndr0me)
|
||||
- [GitHub Enterprise SQL Injection](http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html) by Orange
|
||||
- [Yahoo SQL Injection to Remote Code Exection to Root Privilege](http://www.sec-down.com/wordpress/?p=494) by Ebrahim Hegazy
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
# Vulnerability Title
|
||||
|
||||
> Vulnerability description - reference
|
||||
|
||||
Tools:
|
||||
|
||||
- [Tool name - description](https://example.com)
|
||||
|
||||
## Summary
|
||||
|
||||
* [Something](#something)
|
||||
* [Something](#something)
|
||||
* [Subentry 1](#sub1)
|
||||
* [Subentry 2](#sub2)
|
||||
|
||||
## Something
|
||||
|
||||
Quick explanation
|
||||
|
||||
```powershell
|
||||
Exploit
|
||||
```
|
||||
|
||||
## References
|
||||
|
||||
- [How I Could Steal Money from Instagram, Google and Microsoft](https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/) by Arne Swinnen
|
||||
- [How I could have removed all your Facebook notes](http://www.anandpraka.sh/2015/12/summary-this-blog-post-is-about.html)
|
||||
- [Facebook - bypass ads account's roles vulnerability 2015](http://blog.darabi.me/2015/03/facebook-bypass-ads-account-roles.html) by POUYA DARABI
|
||||
- [Uber Ride for Free](http://www.anandpraka.sh/2017/03/how-anyone-could-have-used-uber-to-ride.html) by anand praka
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
# Vulnerability Title
|
||||
|
||||
> Vulnerability description - reference
|
||||
|
||||
Tools:
|
||||
|
||||
- [Tool name - description](https://example.com)
|
||||
|
||||
## Summary
|
||||
|
||||
* [Something](#something)
|
||||
* [Something](#something)
|
||||
* [Subentry 1](#sub1)
|
||||
* [Subentry 2](#sub2)
|
||||
|
||||
## Something
|
||||
|
||||
Quick explanation
|
||||
|
||||
```powershell
|
||||
Exploit
|
||||
```
|
||||
|
||||
## References
|
||||
|
||||
- [Race conditions on Facebook, DigitalOcean and others (fixed)](http://josipfranjkovic.blogspot.hk/2015/04/race-conditions-on-facebook.html) by Josip Franjković
|
||||
- [Race Conditions in Popular reports feature in HackerOne](https://hackerone.com/reports/146845) by Fábio Pires (shmoo)
|
||||
- [Hacking Starbuck for unlimited money](https://sakurity.com/blog/2015/05/21/starbucks.html) by Egor Homakov
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# GitPrint from Payload
|
||||
|
||||
find . -name "*.md" | sed "s/\.\///g" | sort | xargs -I{} wget --content-disposition "https://gitprint.com/swisskyrepo/PayloadsAllTheThings/blob/master/"{}"?download"
|
||||
pdfjoin *.pdf
|
||||
|
||||
|
||||
# NOTE :
|
||||
# check for 502 errors from gitprint
|
||||
# XSS and Mimikatz don't work with Gitprint ;.
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -1,26 +0,0 @@
|
|||
# Vulnerability Title
|
||||
|
||||
> Vulnerability description - reference
|
||||
|
||||
Tools:
|
||||
|
||||
- [Tool name - description](https://example.com)
|
||||
|
||||
## Summary
|
||||
|
||||
* [Something](#something)
|
||||
* [Something](#something)
|
||||
* [Subentry 1](#sub1)
|
||||
* [Subentry 2](#sub2)
|
||||
|
||||
## Something
|
||||
|
||||
Quick explanation
|
||||
|
||||
```powershell
|
||||
Exploit
|
||||
```
|
||||
|
||||
## References
|
||||
|
||||
- [Blog title - Author, Date](https://example.com)
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue