Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

RCE ATTACKS AND TECHNIQUES

  • Remote Command or OS Command Injection Basics
  • Blind RCE Injection
  • RCE Techniques and Cheat Sheet
  • Bypassing RCE Filter

JSON HIJACKING

  • JSON Hijacking Basics
  • JSON Hijacking Demo

LESSER KNOWN XSS VARIANTS

  • mXSS or mutation XSS
  • rPO XSS or Relative Path Overwrite XSS

SERVER SIDE INCLUDES INJECTION (SSI INJECTION)

  • Server Side Includes Injection Basics
  • Server Side Includes Injection Demo

SERVER SIDE REQUEST FORGERY (SSRF)

  • Server Side Request Forgery Basics
  • Exploiting an SSRF Vulnerability

REFLECTED FILE DOWNLOAD (RFD)

  • Reflected File Download (RFD) Theory
  • RFD Attack Explained (12:00)

ABUSING WINDOW.OPENER PROPERTY

  • Abusing JavaScript's window.opener property Theory
  • Phishing by abusing window.opener property

SAME ORIGIN METHOD EXECUTION (SOME)

  • Same Origin Method Execution Introduction
  • Same Origin Policy (SOP)
  • SOME Attack with Flash Callback explained
  • SOME Attack with Flash Callback Demo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.