https://alvinsmith.gitbook.io/progressive-oscp/untitled/vulnversity-privilege-escalation
[Unit]
Description=roooooooooot
[Service]
Type=simple
Jounior Z. rev1nsane
rev1nsane
/ Privilege Escalation.md
Created
December 1, 2021 03:21
— forked from A1vinSmith/Privilege Escalation.md
Privilege Escalation: Systemctl (Misconfigured Permissions — sudo/SUID)
rev1nsane
/ WAHH_Task_Checklist.md
Created
February 1, 2020 20:47
— forked from jhaddix/Testing_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
rev1nsane
/ csrf_jwt_redirect_leak.md
Created
May 23, 2019 07:23
— forked from stefanocoding/csrf_jwt_redirect_leak.md
An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.
- There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
- User loads https://example.com/?code=VALUE
- Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header
x-csrf-tokenset to the CSRF token for the session of the userGET /verify/VALUE HTTP/1.1 Host: example.com
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ | |
| * | |
| 0 | |
| 00 | |
| 0-0 | |
| 000 | |
| 0000 | |
| 00000 |