fixin some readme

Web_Exploits/SQLi/README.md

@@ -0,0 +1,24 @@
+# SQL Injections
+
+* A SQL query  search can be easily manipulated and assume that a SQL query search is a reliable command. This means  that SQL searches are capable of passing, unnoticed, by access control mechanisms. 
+* Using methods of diverting standard authentication and by checking the authorization credentials, you can gain access to important information stored in a database. 
+
+## Examples
+
+* A parameter passed for a name of a user:
+
+```
+SELECT * FROM users WHERE
+name="$name";
+```
+
+In this case, the attacker just needs to introduce a true logical expression like ```1=1```:
+
+```
+SELECT * FROM users WHERE 1=1;
+```
+So that the **WHERE** clause is always executed, which means that it will return the values that match to all users.
+
+Nowadays it is estimated that less than 5% of the websites have this vulnerability.
+
+

Web_Exploits/SQLi/README.md~

@@ -0,0 +1,119 @@
+# Web Exploits
+
+[My list of common web vulnerabilits.](http://bt3gl.github.io/a-list-of-common-web-vulnerabilities.html)
+
+## OS Command Injection
+
+---
+
+## SQLi
+
+- Brute force password
+- Timed SQLi
+- Cookie force brute
+
+
+--- 
+## PHP Shells
+
+- php primer
+- xor
+- exploits
+
+----
+
+## Scanners
+
+- heartbleed
+
+
+-----
+## User ID
+- cookie auth
+- user id
+
+----
+
+## Other Resources
+
+#### When we have a Website/IP Address:
+
+- Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com.
+
+- We brute force the subdomains, for example, with [subbrute.py]. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains.
+
+- Use the command ```dig``` or ```ping``` in Linux to find the IP  address of the website.
+
+- *wgetting* the entire website with something like ```wget -e robots=off --tries=40 -r -H -l 4 <WEBSITE>```.
+
+- Check the *robot.txt* file for hidden folders.
+
+- Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).
+
+
+-----
+
+## URLs
+
+#### Octal
+
+- Example: http://017700000001 --> 127.0.0.1
+
+- For example 206.191.158.50:
+
+((206 * 256 + 191) * 256 + 158 ) * 256 + 50 = 3468664370.
+
+Now, there is a further step that can make this address even more obscure. You can add to this dword number, any multiple of the quantity 4294967296 (2564) 
+
+
+#### Great @
+
+-Everything between "http://" and "@" is completely irrelevant
+
+```
+http://doesn'tmatter@www.google.org
+http://!$^&*()_+`-={}|[]:;@www.google.com
+```
+
+- @ symbol can be represented by its hex code %40 
+- dots are %2e
+
+
+
+----
+
+## HTTP
+
+The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers):
+- User-Agent: browser version information
+- Host: URL hostanme
+- Accept: supported MIME documents( such as text/plain or audio/MPEG)
+- Accept-Language: supported language codes
+- Referer: originating page for the request
+
+The headers are terminated with a single empty line, which may be followerd by any payload the client wishes to pass to the server (the lenght should be specified with the Content-Length header). The  payload is usually browser data, but there is no requirements.
+
+
+
+-----
+## Tools
+
+- [Burp Suite]
+- [FireBug] in Firefox
+
+
+
+
+
+-----------------
+[FireBug]: http://getfirebug.com/
+[Burp Suite]: http://portswigger.net/burp/
+[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
+[karmadecay]: http://karmadecay.com/
+[tineye]:  https://www.tineye.com/
+[images.google.com]: https://images.google.com/?gws_rd=ssl
+[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
+[subbrute.py]: https://github.com/SparkleHearts/subbrute
+[pnginfo]: http://www.stillhq.com/pngtools/
+[namechk]: http://namechk.com
+