mirror of
https://github.com/qazbnm456/awesome-web-security.git
synced 2024-10-01 03:15:46 -04:00
add prototype pollution related stuff
This commit is contained in:
parent
a359fa9a9e
commit
2a2f35d1eb
@ -22,6 +22,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
|
||||
- [Introduction](#intro)
|
||||
- [Tips](#tips)
|
||||
- [XSS](#xss---cross-site-scripting)
|
||||
- [Prototype Pollution](#prototype-pollution)
|
||||
- [CSV Injection](#csv-injection)
|
||||
- [SQL Injection](#sql-injection)
|
||||
- [Command Injection](#command-injection)
|
||||
@ -148,6 +149,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
|
||||
- [payloadbox/xss-payload-list](https://github.com/payloadbox/xss-payload-list) - Written by [@payloadbox](https://github.com/payloadbox).
|
||||
- [PayloadsAllTheThings - XSS Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection) - Written by [@swisskyrepo](https://github.com/swisskyrepo).
|
||||
|
||||
<a name="prototype-pollution"></a>
|
||||
### Prototype Pollution
|
||||
|
||||
- [Prototype pollution attack in NodeJS application](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf) - Written by [@HoLyVieR](https://github.com/HoLyVieR).
|
||||
|
||||
<a name="csv-injection"></a>
|
||||
### CSV Injection
|
||||
|
||||
@ -489,7 +495,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
|
||||
### Others
|
||||
|
||||
- [How I hacked Google’s bug tracking system itself for $15,600 in bounties](https://medium.com/free-code-camp/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) - Written by [@alex.birsan](https://medium.com/@alex.birsan).
|
||||
- [Some Tricks From My Secret Group](https://www.leavesongs.com/SHARE/some-tricks-from-my-secret-group.html) - Written by [PHITHON](https://www.leavesongs.com/).
|
||||
- [Some Tricks From My Secret Group](https://www.leavesongs.com/SHARE/some-tricks-from-my-secret-group.html) - Written by [phithon](https://www.leavesongs.com/).
|
||||
- [Inducing DNS Leaks in Onion Web Services](https://github.com/epidemics-scepticism/writing/blob/master/onion-dns-leaks.md) - Written by [@epidemics-scepticism](https://github.com/epidemics-scepticism).
|
||||
- [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html) - Written by [@signalchaos](https://twitter.com/signalchaos).
|
||||
|
||||
|
13
README-zh.md
13
README-zh.md
@ -22,6 +22,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
|
||||
- [Introduction](#intro)
|
||||
- [Tips](#tips)
|
||||
- [XSS](#xss---cross-site-scripting)
|
||||
- [Prototype Pollution](#prototype-pollution)
|
||||
- [CSV Injection](#csv-injection)
|
||||
- [SQL Injection](#sql-injection)
|
||||
- [Command Injection](#command-injection)
|
||||
@ -159,6 +160,12 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
|
||||
- [payloadbox/xss-payload-list](https://github.com/payloadbox/xss-payload-list) - Written by [@payloadbox](https://github.com/payloadbox).
|
||||
- [PayloadsAllTheThings - XSS Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection) - Written by [@swisskyrepo](https://github.com/swisskyrepo).
|
||||
|
||||
<a name="prototype-pollution"></a>
|
||||
### Prototype Pollution
|
||||
|
||||
- [Prototype pollution attack in NodeJS application](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf) - Written by [@HoLyVieR](https://github.com/HoLyVieR).
|
||||
- [深入理解 JavaScript Prototype 污染攻击](https://www.leavesongs.com/PENETRATION/javascript-prototype-pollution-attack.html) - Written by [phithon](https://www.leavesongs.com/).
|
||||
|
||||
<a name="csv-injection"></a>
|
||||
### CSV Injection
|
||||
|
||||
@ -420,7 +427,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
|
||||
- [Weblogic 反序列化漏洞(CVE-2018-2628)漫谈](https://paper.seebug.org/584/) - Written by Badcode@知道创宇404实验室.
|
||||
- [What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.](https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) - Written by [@breenmachine](https://twitter.com/@breenmachine).
|
||||
- [Exploiting Node.js deserialization bug for Remote Code Execution](https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/) - Written by [OpSecX](https://opsecx.com/index.php/author/ajinabraham/).
|
||||
- [eval长度限制绕过 && PHP5.6新特性](https://www.leavesongs.com/PHP/bypass-eval-length-restrict.html) - Written by [PHITHON](https://www.leavesongs.com/).
|
||||
- [eval长度限制绕过 && PHP5.6新特性](https://www.leavesongs.com/PHP/bypass-eval-length-restrict.html) - Written by [phithon](https://www.leavesongs.com/).
|
||||
- [PHP垃圾回收机制UAF漏洞分析](http://www.freebuf.com/vuls/122938.html) - Written by [ph1re](http://www.freebuf.com/author/ph1re).
|
||||
- [DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE](https://www.ambionics.io/blog/drupal-services-module-rce) - Written by [Ambionics Security](https://www.ambionics.io/).
|
||||
- [How we exploited a remote code execution vulnerability in math.js](https://capacitorset.github.io/mathjs/) - Written by [@capacitorset](https://github.com/capacitorset).
|
||||
@ -526,8 +533,8 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
|
||||
|
||||
- [PHP代码审计中的一些Tips](http://zeroyu.xyz/2018/10/13/php-audit-tips/) - Written by [z3r0yu](http://zeroyu.xyz/).
|
||||
- [How I hacked Google’s bug tracking system itself for $15,600 in bounties](https://medium.com/free-code-camp/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) - Written by [@alex.birsan](https://medium.com/@alex.birsan).
|
||||
- [Some Tricks From My Secret Group](https://www.leavesongs.com/SHARE/some-tricks-from-my-secret-group.html) - Written by [PHITHON](https://www.leavesongs.com/).
|
||||
- [CTF比赛总是输?你还差点Tricks!](https://docs.google.com/presentation/d/1Cx0vI2Mzy0zwdTrgic3S3TwGMCpH-QhMUdHU1r3AYfI/edit#slide=id.g35f391192_065) - Written by [PHITHON](https://www.leavesongs.com/).
|
||||
- [Some Tricks From My Secret Group](https://www.leavesongs.com/SHARE/some-tricks-from-my-secret-group.html) - Written by [phithon](https://www.leavesongs.com/).
|
||||
- [CTF比赛总是输?你还差点Tricks!](https://docs.google.com/presentation/d/1Cx0vI2Mzy0zwdTrgic3S3TwGMCpH-QhMUdHU1r3AYfI/edit#slide=id.g35f391192_065) - Written by [phithon](https://www.leavesongs.com/).
|
||||
- [隱匿的攻擊之-Domain Fronting](https://evi1cg.me/archives/Domain_Fronting.html) - Written by [Evi1cg](https://evi1cg.me/).
|
||||
- [Inducing DNS Leaks in Onion Web Services](https://github.com/epidemics-scepticism/writing/blob/master/onion-dns-leaks.md) - Written by [@epidemics-scepticism](https://github.com/epidemics-scepticism).
|
||||
- [web狗要懂的内网端口转发](https://www.jianshu.com/p/735e8f1746f0) - Written by [\_阿烨_](https://www.jianshu.com/u/121bf0f6b3d2).
|
||||
|
@ -22,6 +22,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
|
||||
- [Introduction](#intro)
|
||||
- [Tips](#tips)
|
||||
- [XSS](#xss---cross-site-scripting)
|
||||
- [Prototype Pollution](#prototype-pollution)
|
||||
- [CSV Injection](#csv-injection)
|
||||
- [SQL Injection](#sql-injection)
|
||||
- [Command Injection](#command-injection)
|
||||
@ -146,6 +147,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
|
||||
- [payloadbox/xss-payload-list](https://github.com/payloadbox/xss-payload-list) - Written by [@payloadbox](https://github.com/payloadbox).
|
||||
- [PayloadsAllTheThings - XSS Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection) - Written by [@swisskyrepo](https://github.com/swisskyrepo).
|
||||
|
||||
<a name="prototype-pollution"></a>
|
||||
### Prototype Pollution
|
||||
|
||||
- [Prototype pollution attack in NodeJS application](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf) - Written by [@HoLyVieR](https://github.com/HoLyVieR).
|
||||
|
||||
<a name="csv-injection"></a>
|
||||
### CSV Injection
|
||||
|
||||
@ -485,7 +491,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
|
||||
### Others
|
||||
|
||||
- [How I hacked Google’s bug tracking system itself for $15,600 in bounties](https://medium.com/free-code-camp/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) - Written by [@alex.birsan](https://medium.com/@alex.birsan).
|
||||
- [Some Tricks From My Secret Group](https://www.leavesongs.com/SHARE/some-tricks-from-my-secret-group.html) - Written by [PHITHON](https://www.leavesongs.com/).
|
||||
- [Some Tricks From My Secret Group](https://www.leavesongs.com/SHARE/some-tricks-from-my-secret-group.html) - Written by [phithon](https://www.leavesongs.com/).
|
||||
- [Inducing DNS Leaks in Onion Web Services](https://github.com/epidemics-scepticism/writing/blob/master/onion-dns-leaks.md) - Written by [@epidemics-scepticism](https://github.com/epidemics-scepticism).
|
||||
- [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html) - Written by [@signalchaos](https://twitter.com/signalchaos).
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user