mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-05-09 07:36:09 +02:00
Compare commits
4 Commits
1036261ff6
...
c5420cedfa
Author | SHA1 | Date | |
---|---|---|---|
J-GainSec | c5420cedfa | ||
Swissky | 53d9014b2b | ||
Swissky | 43a8c6a037 | ||
J-GainSec | 4f4d7b3bf5 |
|
@ -0,0 +1,27 @@
|
|||
{% extends "base.html" %}
|
||||
|
||||
{% block content %}
|
||||
{{ super() }}
|
||||
<div class="social-container">
|
||||
<b>Share this content</b>
|
||||
<div class="a2a_kit a2a_kit_size_32 a2a_default_style">
|
||||
<a class="a2a_dd" href="https://www.addtoany.com/share"></a>
|
||||
<a class="a2a_button_x"></a>
|
||||
<a class="a2a_button_telegram"></a>
|
||||
<a class="a2a_button_linkedin"></a>
|
||||
<a class="a2a_button_email"></a>
|
||||
<a class="a2a_button_microsoft_teams"></a>
|
||||
</div>
|
||||
<br>
|
||||
<script async src="https://static.addtoany.com/menu/page.js"></script>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block styles %}
|
||||
{{ super() }}
|
||||
<style>
|
||||
.social-container {
|
||||
float: right;
|
||||
}
|
||||
</style>
|
||||
{% endblock %}
|
|
@ -21,6 +21,7 @@ jobs:
|
|||
git config --global user.name "Swk"
|
||||
git config --global pull.rebase false
|
||||
git submodule add https://github.com/swisskyrepo/PayloadsAllTheThings/ docs
|
||||
mv docs/.github/overrides .
|
||||
|
||||
- uses: actions/setup-python@v2
|
||||
with:
|
||||
|
|
|
@ -75,6 +75,7 @@ Use : https://github.com/ozguralp/gmapsapiscanner/
|
|||
|
||||
|
||||
Impact:
|
||||
|
||||
* Consuming the company's monthly quota or can over-bill with unauthorized usage of this service and do financial damage to the company
|
||||
* Conduct a denial of service attack specific to the service if any limitation of maximum bill control settings exist in the Google account
|
||||
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
# Regular Expression
|
||||
|
||||
> Regular Expression Denial of Service (ReDoS) is a type of attack that exploits the fact that certain regular expressions can take an extremely long time to process, causing applications or services to become unresponsive or crash.
|
||||
|
||||
|
||||
## Denial of Service - ReDoS
|
||||
|
||||
* [tjenkinson/redos-detector](https://github.com/tjenkinson/redos-detector) - A CLI and library which tests with certainty if a regex pattern is safe from ReDoS attacks. Supported in the browser, Node and Deno.
|
||||
* [doyensec/regexploit](https://github.com/doyensec/regexploit) - Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
|
||||
* [devina.io/redos-checker](https://devina.io/redos-checker) - Examine regular expressions for potential Denial of Service vulnerabilities
|
||||
|
||||
|
||||
### Evil Regex
|
||||
|
||||
Evil Regex contains:
|
||||
|
||||
* Grouping with repetition
|
||||
* Inside the repeated group:
|
||||
* Repetition
|
||||
* Alternation with overlapping
|
||||
|
||||
**Examples**
|
||||
|
||||
* `(a+)+`
|
||||
* `([a-zA-Z]+)*`
|
||||
* `(a|aa)+`
|
||||
* `(a|a?)+`
|
||||
* `(.*a){x}` for x \> 10
|
||||
|
||||
These regular expressions can be exploited with `aaaaaaaaaaaaaaaaaaaaaaaa!`
|
||||
|
||||
|
||||
## References
|
||||
|
||||
* [Regular expression Denial of Service - ReDoS - OWASP - Adar Weidman](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)
|
||||
* [OWASP Validation Regex Repository - OWASP](https://wiki.owasp.org/index.php/OWASP_Validation_Regex_Repository)
|
|
@ -80,7 +80,7 @@
|
|||
* `file.php%20`
|
||||
* `file.php%0d%0a.jpg`
|
||||
* `file.php%0a`
|
||||
* Right to Left Override (RTLO): `name.%E2%80%AEphp.jpg` will became `name.gpj.php`.
|
||||
* Right to Left Override (RTLO): `name.%E2%80%AEphp.jpg` will became `name.gpj.php`. - [Automated Script for RTLO](https://github.com/GainSec/RTLOify)
|
||||
* Slash: `file.php/`, `file.php.\`, `file.j\sp`, `file.j/sp`
|
||||
* Multiple special characters: `file.jsp/././././.`
|
||||
- Mime type, change `Content-Type : application/x-php` or `Content-Type : application/octet-stream` to `Content-Type : image/gif`
|
||||
|
@ -219,4 +219,4 @@ Upload the XML file to `$JETTY_BASE/webapps/`
|
|||
* [Jetty Features for Hacking Web Apps - September 15, 2022 - Mikhail Klyuchnikov](https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/)
|
||||
* [Inyección de código en imágenes subidas y tratadas con PHP-GD - Spanish Resource - hackplayers](https://www.hackplayers.com/2020/03/inyeccion-de-codigo-en-imagenes-php-gd.html)
|
||||
* [A New Vector For “Dirty” Arbitrary File Write to RCE - Doyensec - Maxence Schmitt and Lorenzo Stella](https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
|
||||
* [PHP Internals Book - THE .PHPT FILE STRUCTURE](https://www.phpinternalsbook.com/tests/phpt_file_structure.html)
|
||||
* [PHP Internals Book - THE .PHPT FILE STRUCTURE](https://www.phpinternalsbook.com/tests/phpt_file_structure.html)
|
||||
|
|
|
@ -11,6 +11,7 @@ edit_uri: blob/master/
|
|||
|
||||
theme:
|
||||
name: material
|
||||
custom_dir: overrides
|
||||
color_mode: auto
|
||||
user_color_mode_toggle: true
|
||||
icon:
|
||||
|
|
Loading…
Reference in New Issue