Skip to content

Instantly share code, notes, and snippets.

@huijari

huijari/LesserKnownWebAttacks.md

Created March 18, 2017 03:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save huijari/48162ce8f120a64bdb229964d06f9075 to your computer and use it in GitHub Desktop.
Save huijari/48162ce8f120a64bdb229964d06f9075 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
LesserKnownWebAttacks.md

RCE ATTACKS AND TECHNIQUES

  • Remote Command or OS Command Injection Basics
  • Blind RCE Injection
  • RCE Techniques and Cheat Sheet
  • Bypassing RCE Filter

JSON HIJACKING

  • JSON Hijacking Basics
  • JSON Hijacking Demo

LESSER KNOWN XSS VARIANTS

  • mXSS or mutation XSS
  • rPO XSS or Relative Path Overwrite XSS

SERVER SIDE INCLUDES INJECTION (SSI INJECTION)

  • Server Side Includes Injection Basics
  • Server Side Includes Injection Demo

SERVER SIDE REQUEST FORGERY (SSRF)

  • Server Side Request Forgery Basics
  • Exploiting an SSRF Vulnerability

REFLECTED FILE DOWNLOAD (RFD)

  • Reflected File Download (RFD) Theory
  • RFD Attack Explained (12:00)

ABUSING WINDOW.OPENER PROPERTY

  • Abusing JavaScript's window.opener property Theory
  • Phishing by abusing window.opener property

SAME ORIGIN METHOD EXECUTION (SOME)

  • Same Origin Method Execution Introduction
  • Same Origin Policy (SOP)
  • SOME Attack with Flash Callback explained
  • SOME Attack with Flash Callback Demo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment