mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-05-31 08:46:27 +02:00
Compare commits
4 Commits
52ee755ff2
...
776305a187
Author | SHA1 | Date | |
---|---|---|---|
n3rada | 776305a187 | ||
Swissky | 53d9014b2b | ||
Swissky | 43a8c6a037 | ||
n3rada | d658aa026a |
|
@ -0,0 +1,27 @@
|
||||||
|
{% extends "base.html" %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
{{ super() }}
|
||||||
|
<div class="social-container">
|
||||||
|
<b>Share this content</b>
|
||||||
|
<div class="a2a_kit a2a_kit_size_32 a2a_default_style">
|
||||||
|
<a class="a2a_dd" href="https://www.addtoany.com/share"></a>
|
||||||
|
<a class="a2a_button_x"></a>
|
||||||
|
<a class="a2a_button_telegram"></a>
|
||||||
|
<a class="a2a_button_linkedin"></a>
|
||||||
|
<a class="a2a_button_email"></a>
|
||||||
|
<a class="a2a_button_microsoft_teams"></a>
|
||||||
|
</div>
|
||||||
|
<br>
|
||||||
|
<script async src="https://static.addtoany.com/menu/page.js"></script>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block styles %}
|
||||||
|
{{ super() }}
|
||||||
|
<style>
|
||||||
|
.social-container {
|
||||||
|
float: right;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
{% endblock %}
|
|
@ -21,6 +21,7 @@ jobs:
|
||||||
git config --global user.name "Swk"
|
git config --global user.name "Swk"
|
||||||
git config --global pull.rebase false
|
git config --global pull.rebase false
|
||||||
git submodule add https://github.com/swisskyrepo/PayloadsAllTheThings/ docs
|
git submodule add https://github.com/swisskyrepo/PayloadsAllTheThings/ docs
|
||||||
|
mv docs/.github/overrides .
|
||||||
|
|
||||||
- uses: actions/setup-python@v2
|
- uses: actions/setup-python@v2
|
||||||
with:
|
with:
|
||||||
|
|
|
@ -75,6 +75,7 @@ Use : https://github.com/ozguralp/gmapsapiscanner/
|
||||||
|
|
||||||
|
|
||||||
Impact:
|
Impact:
|
||||||
|
|
||||||
* Consuming the company's monthly quota or can over-bill with unauthorized usage of this service and do financial damage to the company
|
* Consuming the company's monthly quota or can over-bill with unauthorized usage of this service and do financial damage to the company
|
||||||
* Conduct a denial of service attack specific to the service if any limitation of maximum bill control settings exist in the Google account
|
* Conduct a denial of service attack specific to the service if any limitation of maximum bill control settings exist in the Google account
|
||||||
|
|
||||||
|
|
|
@ -151,6 +151,14 @@ When `allow_url_include` and `allow_url_fopen` are set to `Off`. It is still pos
|
||||||
|
|
||||||
## LFI / RFI using wrappers
|
## LFI / RFI using wrappers
|
||||||
|
|
||||||
|
### Wrapper file://
|
||||||
|
It is possible to use the [`file://`]([url](https://www.php.net/manual/en/wrappers.file.php)) wrapper in order to read file inside allowed paths (if `open_basedir` restriction in effect).
|
||||||
|
|
||||||
|
```shell
|
||||||
|
http://example.com/index.php?filename=file://localhost/var/www/html/secured_extranet/panel/security.php
|
||||||
|
```
|
||||||
|
Note that using `localhost` above bypasses `file:///` filtering.
|
||||||
|
|
||||||
### Wrapper php://filter
|
### Wrapper php://filter
|
||||||
|
|
||||||
The part "`php://filter`" is case insensitive
|
The part "`php://filter`" is case insensitive
|
||||||
|
@ -623,4 +631,4 @@ If SSH is active check which user is being used `/proc/self/status` and `/etc/pa
|
||||||
* [PHP FILTERS CHAIN: WHAT IS IT AND HOW TO USE IT - Rémi Matasse - 18/10/2022](https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html)
|
* [PHP FILTERS CHAIN: WHAT IS IT AND HOW TO USE IT - Rémi Matasse - 18/10/2022](https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html)
|
||||||
* [PHP FILTER CHAINS: FILE READ FROM ERROR-BASED ORACLE - Rémi Matasse - 21/03/2023](https://www.synacktiv.com/en/publications/php-filter-chains-file-read-from-error-based-oracle.html)
|
* [PHP FILTER CHAINS: FILE READ FROM ERROR-BASED ORACLE - Rémi Matasse - 21/03/2023](https://www.synacktiv.com/en/publications/php-filter-chains-file-read-from-error-based-oracle.html)
|
||||||
* [One Line PHP: From Genesis to Ragnarök - Ginoah, Bookgin](https://hackmd.io/@ginoah/phpInclude#/)
|
* [One Line PHP: From Genesis to Ragnarök - Ginoah, Bookgin](https://hackmd.io/@ginoah/phpInclude#/)
|
||||||
* [Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix - Charles Fol - 11 December, 2023](https://www.ambionics.io/blog/wrapwrap-php-filters-suffix)
|
* [Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix - Charles Fol - 11 December, 2023](https://www.ambionics.io/blog/wrapwrap-php-filters-suffix)
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
# Regular Expression
|
||||||
|
|
||||||
|
> Regular Expression Denial of Service (ReDoS) is a type of attack that exploits the fact that certain regular expressions can take an extremely long time to process, causing applications or services to become unresponsive or crash.
|
||||||
|
|
||||||
|
|
||||||
|
## Denial of Service - ReDoS
|
||||||
|
|
||||||
|
* [tjenkinson/redos-detector](https://github.com/tjenkinson/redos-detector) - A CLI and library which tests with certainty if a regex pattern is safe from ReDoS attacks. Supported in the browser, Node and Deno.
|
||||||
|
* [doyensec/regexploit](https://github.com/doyensec/regexploit) - Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
|
||||||
|
* [devina.io/redos-checker](https://devina.io/redos-checker) - Examine regular expressions for potential Denial of Service vulnerabilities
|
||||||
|
|
||||||
|
|
||||||
|
### Evil Regex
|
||||||
|
|
||||||
|
Evil Regex contains:
|
||||||
|
|
||||||
|
* Grouping with repetition
|
||||||
|
* Inside the repeated group:
|
||||||
|
* Repetition
|
||||||
|
* Alternation with overlapping
|
||||||
|
|
||||||
|
**Examples**
|
||||||
|
|
||||||
|
* `(a+)+`
|
||||||
|
* `([a-zA-Z]+)*`
|
||||||
|
* `(a|aa)+`
|
||||||
|
* `(a|a?)+`
|
||||||
|
* `(.*a){x}` for x \> 10
|
||||||
|
|
||||||
|
These regular expressions can be exploited with `aaaaaaaaaaaaaaaaaaaaaaaa!`
|
||||||
|
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
* [Regular expression Denial of Service - ReDoS - OWASP - Adar Weidman](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)
|
||||||
|
* [OWASP Validation Regex Repository - OWASP](https://wiki.owasp.org/index.php/OWASP_Validation_Regex_Repository)
|
|
@ -11,6 +11,7 @@ edit_uri: blob/master/
|
||||||
|
|
||||||
theme:
|
theme:
|
||||||
name: material
|
name: material
|
||||||
|
custom_dir: overrides
|
||||||
color_mode: auto
|
color_mode: auto
|
||||||
user_color_mode_toggle: true
|
user_color_mode_toggle: true
|
||||||
icon:
|
icon:
|
||||||
|
|
Loading…
Reference in New Issue