This website requires JavaScript.
3fd2f8c481
Headless Browser + JSON Jackson
2025-07-02 22:23:13 +02:00
aaf6bdf394
Merge pull request #779 from florianamette/patch-1
2025-05-22 22:32:26 +02:00
eca827005a
Update Generic_TimeBased.txt
2025-05-22 11:44:06 +02:00
bb8cab1ea3
Update Source Code Management Links
2025-05-10 22:04:38 +02:00
bd264beebc
Update NoSQL.txt
2025-04-21 16:59:08 +07:00
8ac78d12fa
enhancement: clarified and expanded details on Second-Order SQL Injection.
2025-04-11 02:11:53 +05:30
7eb75cead5
SQLmap Custom Tamper and Preprocess Scripts
2025-04-09 11:14:37 +02:00
5bc06fee7c
2025-04-04 Add Detecting Web Cache Deception Content
2025-04-04 00:20:27 +08:00
8379e65ce0
NoSQL injection WAF
2025-04-01 20:22:10 +02:00
f344fa50a6
Fix typo 2
2025-03-27 11:24:46 +01:00
ab7e7390dc
Fix broken links
2025-03-27 11:16:36 +01:00
f3be75a4da
Markdown Linting - Improving rules
2025-03-26 22:51:26 +01:00
2611dd1ba3
Markdown Linting - SQL, Juggling, XSLT, XSS, Zip
2025-03-26 20:53:03 +01:00
bad860d79d
Markdown Linting - SSI, SSRF, SSTI
2025-03-26 17:49:42 +01:00
6963d1a21c
Markdown Linting - Mass Assignment, NoSQL, OAuth, Redirect
2025-03-26 17:06:01 +01:00
5f244f4437
Markdown Linting - Source Code, JWT, RMI, LDAP, LaTeX
2025-03-26 16:48:22 +01:00
d174593b4f
Markdown Linting - Parameters, Browsers, Deserialization Randomness
2025-03-26 16:33:07 +01:00
e03cdfff14
Markdown Linting - CSV, CVE, DBS, LFI, GWT, GraphQL
2025-03-26 16:22:53 +01:00
e6eb436eb1
Markdown Linting - CORS, CRLF, CSPT, CSRF, Command Injection
2025-03-24 16:52:42 +01:00
9465e12b76
Markdown Linting - API, Business Logic, Clickjacking
2025-03-24 16:16:58 +01:00
48d8dc5578
Markdown Linting - Methodology
2025-03-24 16:00:54 +01:00
e25a025e13
DB2 Command Execution with QSYS2.QCMDEXC
2025-03-24 15:42:22 +01:00
bc6efd695b
Prompt Injection Update
2025-03-17 19:50:19 +01:00
04d498aa3f
XXE - Fix typo
2025-03-17 17:02:00 +01:00
df8c196567
Merge pull request #772 from Diebbo/patch-1
2025-03-13 10:49:21 +01:00
bc4eb6dcb5
Update README.md
2025-03-13 09:53:28 +01:00
64b36854a7
External Variable Modification
2025-03-07 12:15:00 +01:00
0e93caed81
Merge pull request #769 from DoongPark/fix-parentheses
2025-02-19 21:08:47 +01:00
37046977fd
Fix misplaced parentheses in MySQL Injection.md
2025-02-20 00:48:45 +09:00
dd946bedc0
Merge pull request #768 from sehraramiz/sehraramiz-patch-xxe-1
2025-02-18 21:49:42 +01:00
ad13a3c9e0
Add missing -r flag for xxe excel file rebuilding with zip command -r flag is needed to include sub directories in the final archive
2025-02-16 12:56:20 +03:30
7e64eda3bf
Merge pull request #765 from Tednoob17/master
2025-02-09 21:37:19 +01:00
0f30c6b846
Update YOUTUBE.md - Fix markdown style
2025-02-09 21:27:49 +01:00
662622afa4
Merge pull request #759 from noraj/patch-1
2025-02-09 21:01:24 +01:00
c3c4b7987b
PHP tricks and webshells
2025-02-09 20:24:21 +01:00
df7e940df1
Update YOUTUBE.md
2025-02-04 18:33:15 +01:00
fb349a5737
UUID_TO_BIN SQLi Error Based
2025-01-25 11:49:15 +01:00
4f7201d9aa
Lightyear tool - PHP wrappers
2025-01-22 16:38:16 +01:00
ddad93a1d2
System prompt + Arg injection + Disclaimer
2025-01-14 22:26:29 +01:00
0aaad269e2
csv injection: google sheets formulas
2024-12-04 17:11:36 +01:00
38716075f0
Books update
2024-12-01 12:52:11 +01:00
e42edaab74
Learning and Socials updates
2024-12-01 12:18:45 +01:00
32d9f7550d
XPATH + XSS + XXE + XSLT
2024-11-30 21:14:51 +01:00
8c09568cb2
Regex + SSRF
2024-11-30 19:48:32 +01:00
8b27a177c2
Indirect Prompt Injection
2024-11-29 23:39:17 +01:00
29f46934ac
NoSQL + Open Redirect
2024-11-29 22:08:58 +01:00
6795bee1c4
LDAP + LaTeX + Management Interface
2024-11-29 18:09:59 +01:00
801aecb2ba
GraphQL + HPP
2024-11-29 13:49:54 +01:00
e6466b4cf9
LFI/RFI pages
2024-11-29 11:52:51 +01:00
a16f8a6de1
Path Traversal + CSV Injection
2024-11-28 21:36:01 +01:00
57f7c8ddad
ViewState Java
2024-11-27 15:29:33 +01:00
9425cec068
Handlebars - Basic Injection
2024-11-25 18:42:36 +01:00
6bfad6a84d
SSTI - SpEL
2024-11-25 13:56:29 +01:00
35109b4154
CORS and CRLF updates
2024-11-24 13:44:55 +01:00
4e03772f4a
API Key rework
2024-11-18 18:26:58 +01:00
0108d01571
Edge Side Inclusion
2024-11-18 16:51:28 +01:00
98cfc9ce8c
XXE Error Based Local DTD
2024-11-18 12:41:35 +01:00
846706b87d
XXE on JSON Endpoints
2024-11-18 10:43:39 +01:00
9932059563
YAML Deserialization
2024-11-17 20:48:10 +01:00
b98f8ca587
DB2 Injection updates
2024-11-17 18:37:07 +01:00
3c5bab0338
SQL - File Manipulation and Error Based Injection
2024-11-16 18:49:01 +01:00
9a908a15d2
MSSQL, OracleSQL, PostgreSQL Substring Equivalent
2024-11-16 15:35:43 +01:00
67af38aa4e
SQL Injections - Updates for MSSQL, Oracle, PostgreSQL
2024-11-15 23:56:04 +01:00
f57d0813ca
SQL - MySQL Page Cleanup
2024-11-15 18:42:58 +01:00
cde11da0c7
SQL Injection - Methodology
2024-11-15 14:48:58 +01:00
8bc33f8bb7
Fix markdown style issues in Account Takeover
2024-11-13 15:30:33 +01:00
a6b3b9dd05
CONTRIBUTING page updates - adding rules
2024-11-13 14:24:09 +01:00
f333d48960
Fix invalid spaces indents
2024-11-13 14:08:26 +01:00
dc349c10c3
Update _template_vuln page
2024-11-13 13:39:19 +01:00
d6ce9cd317
Github Action - Markdown Linting for PR
2024-11-13 12:29:42 +01:00
118924f291
Challenges added for CRLF, Command Injection, File Inclusion
2024-11-12 19:01:34 +01:00
0a5ecc407c
Normalize page header for Web Socket, XSLT, XSS, XXE
2024-11-10 21:15:44 +01:00
48a4e5c95b
Normalize page header for SQLi, Upload, Cache Deception
2024-11-10 20:49:52 +01:00
a338b2f12a
Normalize page header for SSTI, SAML, SSI
2024-11-10 19:14:16 +01:00
1a3e605d64
Normalize page header for JWT, LDAP, LaTeX, OAuth, ORM
2024-11-10 15:28:12 +01:00
2304101657
Normalize page header for GraphQL, Deserialization, SCM
2024-11-10 14:37:48 +01:00
2deb20a6f1
Normalize page header for CSRF, DNS, DOS, Dependencies
2024-11-10 11:18:46 +01:00
d80f73a829
Normalize page header for API, CSPT, CORS, CSRF
2024-11-09 23:01:39 +01:00
c82cd6408a
Renaming Subdomain Enumeration to Web Attack Surface
2024-11-09 12:38:35 +01:00
70fb63a9bf
Merge pull request #756 from Fisjkars/patch-1
2024-11-08 22:20:45 +01:00
4f0e6334bd
References updated for XSS + page splitted in subcategories
2024-11-08 18:23:43 +01:00
5c60cd7b61
Add CVE-2023–5123 in CSPT2CSRF real world scenario
2024-11-08 15:09:08 +01:00
37641d2b9e
References updated for XPATH, XSLT, XXE, Web Socket
2024-11-07 23:50:30 +01:00
b2bb1df9a9
References addded for SQLi, Upload, SSTI, Type Juggling
2024-11-07 20:54:16 +01:00
ffa5ea764a
Merge pull request #755 from n3rada/patch-1
2024-11-07 18:42:46 +01:00
df8d4d7f27
References updated for SAML, SSI, SSRF
2024-11-07 18:31:21 +01:00
9ed40edfca
References updated for NoSQL, OAuth, ORM, Prompt, RegEx
2024-11-07 16:20:58 +01:00
a590290016
PostgreSQL privilege list update
2024-11-07 15:12:58 +01:00
b80b72d3a3
References updated for JWT, RMI, LDAP, LaTeX
2024-11-07 14:50:52 +01:00
ccffaa5019
References updated for IDOR, Radomness and SCM
2024-11-07 12:17:38 +01:00
7e390265a0
References added for GWT, GraphQL, HTTP, Headless
2024-11-06 23:32:18 +01:00
e47391b12b
References updated for Dom Clobbering, File Inclusion
2024-11-05 17:29:15 +01:00
e138308d3d
References updated for CORS CRLF CSV
2024-11-04 18:00:07 +01:00
4dc409d31e
References updated for API, Business, Clickjacking, CSPT, Command Injection
2024-11-04 16:35:24 +01:00
138fbd97f9
Account Takeover References
2024-11-03 21:22:14 +01:00
21dfd91180
SSTI references updates
2024-11-03 20:54:01 +01:00
51fe542992
nested_indent in mkdocs
2024-11-03 17:36:19 +01:00
ff88aa1f45
Fix nested lists
2024-11-03 17:10:52 +01:00
a5de8cf062
SQL injections references updates
2024-11-03 14:06:53 +01:00
944fe0db7b
SQLmap tips moved from SQL README to their own page
2024-11-02 22:47:30 +01:00
Swissky