Update README.md
This commit is contained in:
parent
742e6f0755
commit
b248115a58
|
@ -0,0 +1 @@
|
||||||
|
.DS_store
|
55
README.md
55
README.md
|
@ -16,29 +16,72 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
|
||||||
|
|
||||||
## Menu
|
## Menu
|
||||||
|
|
||||||
- [Bypass](#bypass)
|
- [Resource](#resource)
|
||||||
- [CSP](#csp)
|
- [SQL Injection](#resource-sql-injection)
|
||||||
|
- [XML](#resource-xml)
|
||||||
|
- [Evasion](#evasion)
|
||||||
|
- [CSP](#evasion-csp)
|
||||||
|
- [Trick](#trick)
|
||||||
|
- [SQL Injection](#trick-sql-injection)
|
||||||
- [Tool](#tool)
|
- [Tool](#tool)
|
||||||
- [Code Generating](#code-generating)
|
- [Code Generating](#tool-code-generating)
|
||||||
- [Fuzzing](#fuzzing)
|
- [Fuzzing](#tool-fuzzing)
|
||||||
|
- [Detecting](#tool-detecting)
|
||||||
|
- [Blog](#blog)
|
||||||
|
- [Miscellaneous](#miscellaneous)
|
||||||
|
|
||||||
|
## Resource
|
||||||
|
|
||||||
## Bypass
|
<a name="resource-sql-injection"></a>
|
||||||
|
### SQL Injection
|
||||||
|
|
||||||
|
* [HQL for pentesters](http://blog.h3xstream.com/2014/02/hql-for-pentesters.html)
|
||||||
|
|
||||||
|
<a name="resource-xml"></a>
|
||||||
|
### XML
|
||||||
|
|
||||||
|
* [XML实体攻击 - 从内网探测到命令执行步步惊心](http://www.freebuf.com/video/49961.html), written by 张天琪.
|
||||||
|
|
||||||
|
## Evasion
|
||||||
|
|
||||||
|
<a name="evasion-csp"></a>
|
||||||
### CSP
|
### CSP
|
||||||
|
|
||||||
* [https://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-reflected-xss/](https://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-reflected-xss/), written by [Detectify Labs](https://labs.detectify.com/).
|
* [CSP: bypassing form-action with reflected XSS](https://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-reflected-xss/), written by [Detectify Labs](https://labs.detectify.com/).
|
||||||
|
|
||||||
|
## Trick
|
||||||
|
|
||||||
|
<a name="trick-sql-injection"></a>
|
||||||
|
### SQL Injection
|
||||||
|
|
||||||
|
* [屌智硬之mysql不用逗号注入](http://www.jinglingshu.org/?p=2220), written by [jinglingshu](http://www.jinglingshu.org/?p=2220).
|
||||||
|
* [见招拆招:绕过WAF继续SQL注入常用方法](http://www.freebuf.com/articles/web/36683.html), written by [mikey](http://www.freebuf.com/author/mikey).
|
||||||
|
|
||||||
## Tool
|
## Tool
|
||||||
|
|
||||||
|
<a name="tool-code-generating"></a>
|
||||||
### Code Generating
|
### Code Generating
|
||||||
|
|
||||||
* [VWGen](https://github.com/qazbnm456/VWGen) - Vulnerable Web applications Generator by [@qazbnm456](https://github.com/qazbnm456).
|
* [VWGen](https://github.com/qazbnm456/VWGen) - Vulnerable Web applications Generator by [@qazbnm456](https://github.com/qazbnm456).
|
||||||
|
|
||||||
|
<a name="tool-fuzzing"></a>
|
||||||
### Fuzzing
|
### Fuzzing
|
||||||
|
|
||||||
* [wfuzz](https://github.com/xmendez/wfuzz) - Web application bruteforcer by [@xmendez](https://github.com/xmendez).
|
* [wfuzz](https://github.com/xmendez/wfuzz) - Web application bruteforcer by [@xmendez](https://github.com/xmendez).
|
||||||
|
|
||||||
|
<a name="tool-detecting"></a>
|
||||||
|
### Detecting
|
||||||
|
|
||||||
|
* [sqlchop](https://github.com/chaitin/sqlchop/) - [DEPRECATED] A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis by [chaitin](http://chaitin.com).
|
||||||
|
|
||||||
|
## Blog
|
||||||
|
|
||||||
|
* [Broken Browser](https://www.brokenbrowser.com/) - Fun with Browser Vulnerabilities.
|
||||||
|
|
||||||
|
## Miscellaneous
|
||||||
|
|
||||||
|
* [如何正確的取得使用者 IP ?](http://devco.re/blog/2014/06/19/client-ip-detection/)
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0/)
|
[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0/)
|
||||||
|
|
Loading…
Reference in New Issue