Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-infosec
Personal infosec awesome list. Highly subjective by nature.
https://github.com/spekulatius/awesome-infosec
Last synced: 6 days ago
JSON representation
-
Bugs
-
Font Files
- `CVE-2024-25082` - Similar to previous one, but in archives of compressed WOFF (ZLIB-based) / WOFF2 (Brotli-based) fonts.
- `CVE-2024-4367` - Glyph rendering in Mozilla's PDF.js leads to JavaScript Execution [`Codean Labs`](https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/).
- Fonts are still a Helvetica of a Problem - Canva Dev-blog covering:
- `CVE-2023-45139` - XXE via generating a subset from a font,
- `CVE-2024-25081` - Command-injection via filenames in subfonts,
- Fonts are still a Helvetica of a Problem - Canva Dev-blog covering:
- `CVE-2023-45139` - XXE via generating a subset from a font,
- `CVE-2024-25081` - Command-injection via filenames in subfonts,
- `CVE-2024-25082` - Similar to previous one, but in archives of compressed WOFF (ZLIB-based) / WOFF2 (Brotli-based) fonts.
- `CVE-2024-4367` - Glyph rendering in Mozilla's PDF.js leads to JavaScript Execution [`Codean Labs`](https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/).
-
Request Smuggling
- `#771666` - Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on `api.zomato.com` `2020-01-10`.
- HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference talk by James Kettle ([@albinowax](https://twitter.com/albinowax)) of PortSwigger `2019-11-16`.
- `#771666` - Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on `api.zomato.com` `2020-01-10`.
- HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference talk by James Kettle ([@albinowax](https://twitter.com/albinowax)) of PortSwigger `2019-11-16`.
- `#737140` - CL.TE-based request smuggling on Slack `2019-11-14`.
- `#737140` - CL.TE-based request smuggling on Slack `2019-11-14`.
- HTTP Desync Attacks: Request Smuggling Reborn - `2019-08-07`.
- HTTP Desync Attacks: Request Smuggling Reborn - `2019-08-07`.
- defparam/smuggler - An HTTP Request Smuggling / Desync testing tool `Python 3`.
- defparam/smuggler - An HTTP Request Smuggling / Desync testing tool `Python 3`.
-
Deserialization
- Insecure Deserialization Detection in Python - Project work by Aneesh Verma discussing deserialization issues `2023-05`.
- Insecure Deserialization Detection in Python - Project work by Aneesh Verma discussing deserialization issues `2023-05`.
- frohoff/ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
- Universal Deserialisation Gadget for Ruby 2.x-3.x - `2021-01-07`.
- Ruby Deserialization - Ruby 2.x Universal RCE Deserialization Gadget Chain `2018-11-08`.
- ambionics/phpggc - PHPGGC is a library of PHP `unserialize()`-payloads along with a tool to generate them, from command line or programmatically.
- ambionics/phpggc - PHPGGC is a library of PHP `unserialize()`-payloads along with a tool to generate them, from command line or programmatically.
- Finding a POP chain on a common Symfony bundle - Detailed, step-by-step bash-driven analysis of a Symfony bundle [`Part 2`](https://www.synacktiv.com/en/publications/finding-a-pop-chain-on-a-common-symfony-bundle-part-2) `2023-09-12`.
- Finding a POP chain on a common Symfony bundle - Detailed, step-by-step bash-driven analysis of a Symfony bundle [`Part 2`](https://www.synacktiv.com/en/publications/finding-a-pop-chain-on-a-common-symfony-bundle-part-2) `2023-09-12`.
- Code Reuse Attacks in PHP: Automated POP Chain Generation - Using static analytics to automatically identify POP chains in various PHP frameworks.
- Code Reuse Attacks in PHP: Automated POP Chain Generation - Using static analytics to automatically identify POP chains in various PHP frameworks.
- frohoff/ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
- Universal Deserialisation Gadget for Ruby 2.x-3.x - `2021-01-07`.
- Ruby Deserialization - Ruby 2.x Universal RCE Deserialization Gadget Chain `2018-11-08`.
-
Archives: ZipSlip/TarSlip and others
- `CVE-2023-40477` - code execution via crafted .rar in vulnerable WinRAR versions prior to 6.23 [`PoC (unverified)`](https://github.com/b1tg/CVE-2023-38831-winrar-exploit) `2023-08-17`.
- `CVE-2023-32981` - Arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier using crafted archives as parameters [`GitHub Security Lab`](https://securitylab.github.com/advisories/GHSL-2023-058_GHSL-2023-059_Pipeline_Utility_Steps_Plugin/) `2023-05-16`.
- `CVE-2023-40477` - code execution via crafted .rar in vulnerable WinRAR versions prior to 6.23 [`PoC (unverified)`](https://github.com/b1tg/CVE-2023-38831-winrar-exploit) `2023-08-17`.
- `CVE-2023-32981` - Arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier using crafted archives as parameters [`GitHub Security Lab`](https://securitylab.github.com/advisories/GHSL-2023-058_GHSL-2023-059_Pipeline_Utility_Steps_Plugin/) `2023-05-16`.
- `#1914118` - [`PR`](https://github.com/github/securitylab/issues/728), [`Video`](https://www.youtube.com/watch?v=F95U912u7OQ) `2023-03-21`.
- `CVE-2022-3607` - ZipSlip Symlink variant allows to read any file within OctoPrint Box in [octoprint/octoprint](https://github.com/OctoPrint/OctoPrint) [`Fix`](https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e) `2022-08-24`.
- `#1914118` - [`PR`](https://github.com/github/securitylab/issues/728), [`Video`](https://www.youtube.com/watch?v=F95U912u7OQ) `2023-03-21`.
- `CVE-2022-3607` - ZipSlip Symlink variant allows to read any file within OctoPrint Box in [octoprint/octoprint](https://github.com/OctoPrint/OctoPrint) [`Fix`](https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e) `2022-08-24`.
-
CLI Applications
- Terminally Owned - 60 Years of Escaping - DEF CON 31 talk by David Leadbeater `2023`.
- Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - DEF CON 31 talk by STÖK `2023`.
- Plain Text? Really? - NDC Oslo 2021 talk by Dylan Beattie `2021`.
- Terminally Owned - 60 Years of Escaping - DEF CON 31 talk by David Leadbeater `2023`.
- Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - DEF CON 31 talk by STÖK `2023`.
- Plain Text? Really? - NDC Oslo 2021 talk by Dylan Beattie `2021`.
-
Image Libs: Converters, Resizers, etc. pp
- `CVE-2023-34153` - Command injection via `video:vsync` or `video:pixel-format` [`Fix`](https://github.com/ImageMagick/ImageMagick/issues/6338) `2023-05-30`.
- ImageMagick: The hidden vulnerability behind your online images - `2023-02-01`.
- `CVE-2022-44268` - Arbitrary File Read over ImageMagick [`#1858574`](https://hackerone.com/reports/1858574) [`alternative`](https://github.com/voidz0r/CVE-2022-44268).
- ImageMagick - Shell injection via PDF password - `2021-11-21`.
- `#1154542` - RCE in GitLab when removing metadata with ExifTool [Video](https://www.youtube.com/watch?v=PZ-H099IaWo) `2021-04-07`.
- `CVE-2021-32802` - HEIC image preview can be used to invoke Imagick [`#1261413`](https://hackerone.com/reports/1261413) `2020-07-14`.
- `CVE-2019-11932` - Double-free bug in WhatsApp turns to RCE [`BBRE`](https://www.youtube.com/watch?v=lplExF6djQ4) `2019-10-02`.
- `CVE-2023-34153` - Command injection via `video:vsync` or `video:pixel-format` [`Fix`](https://github.com/ImageMagick/ImageMagick/issues/6338) `2023-05-30`.
- ImageMagick: The hidden vulnerability behind your online images - `2023-02-01`.
- `CVE-2022-44268` - Arbitrary File Read over ImageMagick [`#1858574`](https://hackerone.com/reports/1858574) [`alternative`](https://github.com/voidz0r/CVE-2022-44268).
- `CVE-2016-3714` - "ImageTragick" Delegate Arbitrary Command Execution [`Exploit-DB`](https://www.exploit-db.com/exploits/39791).
- ImageMagick - Shell injection via PDF password - `2021-11-21`.
- `#1154542` - RCE in GitLab when removing metadata with ExifTool [Video](https://www.youtube.com/watch?v=PZ-H099IaWo) `2021-04-07`.
- `CVE-2021-32802` - HEIC image preview can be used to invoke Imagick [`#1261413`](https://hackerone.com/reports/1261413) `2020-07-14`.
- `CVE-2019-11932` - Double-free bug in WhatsApp turns to RCE [`BBRE`](https://www.youtube.com/watch?v=lplExF6djQ4) `2019-10-02`.
- `CVE-2016-3714` - "ImageTragick" Delegate Arbitrary Command Execution [`Exploit-DB`](https://www.exploit-db.com/exploits/39791).
- ImageMagick: The hidden vulnerability behind your online images - `2023-02-01`.
-
SQLi
- payloadbox/sql-injection-payload-list - SQL Injection Payload List.
- payloadbox/sql-injection-payload-list - SQL Injection Payload List.
-
URL Parsers
- `RFC 3986` - Official RFC Uniform Resource Identifier (URI) `2005-01`.
- What Is a URL? - Dangers of inconsistent parsing of URLs `2023-04-30`.
- http-http-http-http-http-http-http - Daniel Stenberg, the author of curl, discusses URLs validation with examples `2022-09-08`.
- A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! - BlackHat talk by Orange Tsai discussing how different libs parse URLs [`Slides`](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf) `2017`.
- `RFC 3986` - Official RFC Uniform Resource Identifier (URI) `2005-01`.
- What Is a URL? - Dangers of inconsistent parsing of URLs `2023-04-30`.
- http-http-http-http-http-http-http - Daniel Stenberg, the author of curl, discusses URLs validation with examples `2022-09-08`.
- A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! - BlackHat talk by Orange Tsai discussing how different libs parse URLs [`Slides`](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf) `2017`.
-
WYSIWYG Editors
- `CVE-2023-30943` - Moodle vulnerability allowing a remote user to send a specially crafted HTTP request and create arbitrary folders on the system using TinyMCE loaders `2023-05-11`.
- `CVE-2011-4906` - Joomla 1.5.12 TinyMCE vulnerability leading to RCE (via Arbitrary File Upload) [`#778629`](https://hackerone.com/reports/778629) [`Exploit-DB`](https://www.exploit-db.com/exploits/10183).
- `CVE-2023-30943` - Moodle vulnerability allowing a remote user to send a specially crafted HTTP request and create arbitrary folders on the system using TinyMCE loaders `2023-05-11`.
- `CVE-2011-4906` - Joomla 1.5.12 TinyMCE vulnerability leading to RCE (via Arbitrary File Upload) [`#778629`](https://hackerone.com/reports/778629) [`Exploit-DB`](https://www.exploit-db.com/exploits/10183).
-
XSS
- OWASP: XSS Cheat Sheet - Filter Evasion Cheat Sheet by OWASP.
- Cross-site scripting (XSS) cheat sheet - XSS Cheat Sheet by Portswigger.
- AwesomeXSS - Awesome Page about XSS.
- Cross-site scripting contexts - Portswigger XSS context breakouts.
- Breaking XSS mitigations via Script Gadgets - Conference talk from 2017 explaining various CSP bypasses using Script Gadgets `2017`.
- OWASP: XSS Cheat Sheet - Filter Evasion Cheat Sheet by OWASP.
- Cross-site scripting (XSS) cheat sheet - XSS Cheat Sheet by Portswigger.
- AwesomeXSS - Awesome Page about XSS.
- Cross-site scripting contexts - Portswigger XSS context breakouts.
- Breaking XSS mitigations via Script Gadgets - Conference talk from 2017 explaining various CSP bypasses using Script Gadgets `2017`.
-
XSS via `data:`-Attribute
- `#1444682` - XSS over data: at `jamfpro.shopifycloud.com` in outdated Swagger UI `2022-01-09`.
- `#1276742` - Stored XSS in SVG file as `data:` url in rich text editor `2021-07-24`.
- `#1444682` - XSS over data: at `jamfpro.shopifycloud.com` in outdated Swagger UI `2022-01-09`.
- `#1276742` - Stored XSS in SVG file as `data:` url in rich text editor `2021-07-24`.
-
-
Orientation
- roadmap.sh - Cyber-Security Roadmap.
- roadmap.sh - Cyber-Security Roadmap.
-
Bug Chains
-
XSS via `data:`-Attribute
- `#2089042` - ATO via self-XSS and cookie bridge (to switch to local domains: here `yelp.com` to `yelp.dk`). Includes setting additional cookies to break the cookie bridge. `2023-07-28`.
- `#2089042` - ATO via self-XSS and cookie bridge (to switch to local domains: here `yelp.com` to `yelp.dk`). Includes setting additional cookies to break the cookie bridge. `2023-07-28`.
- Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames - iframe, postMessage and XSS `2023-06-14`.
- A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… - a complex bug chain consisting of an insecure message event listener, a shoddy JSONP endpoint, a WAF bypass, DOM-based XSS on an out-of-scope subdomain, and a permissive CORS configuration `2023-05-05`.
- `#1032610` - Chaining requests to bypass a blacklist `2020-11-12`.
- WordPress Transposh: Exploiting a Blind SQL Injection via XSS - combining three CVEs using weak default config, using stored XSS, and blind SQL `2022-07-22`.
- CVE-2023-36844 and Friends: RCE in Juniper Devices - Utilising two bugs that would be near-useless in isolation and combining them to unauthenticated RCE [ComputerWeekly](https://www.computerweekly.com/news/366550532/Threat-actors-exploiting-unpatched-Juniper-Networks-devices) [`CVE-2023-36846`](https://nvd.nist.gov/vuln/detail/CVE-2023-36846) [`CVE-2023-36845`](https://nvd.nist.gov/vuln/detail/CVE-2023-36845) [`PoC`](https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844).
- Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames - iframe, postMessage and XSS `2023-06-14`.
- WordPress Transposh: Exploiting a Blind SQL Injection via XSS - combining three CVEs using weak default config, using stored XSS, and blind SQL `2022-07-22`.
- XXE-scape through the front door: circumventing the firewall with HTTP request smuggling - XML External Entity injection (XXE) vulnerability combined with request smuggling `2020-03-18`.
- A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… - a complex bug chain consisting of an insecure message event listener, a shoddy JSONP endpoint, a WAF bypass, DOM-based XSS on an out-of-scope subdomain, and a permissive CORS configuration `2023-05-05`.
- `#1032610` - Chaining requests to bypass a blacklist `2020-11-12`.
- XXE-scape through the front door: circumventing the firewall with HTTP request smuggling - XML External Entity injection (XXE) vulnerability combined with request smuggling `2020-03-18`.
-
-
Language-Level
-
PHP
- Type Juggling - Official PHP page.
- PHP Magic Tricks: Type Juggling - `2015`.
- PHP filters chain - What is it and how to use it `2022`.
- Type Juggling - Official PHP page.
- PHP Magic Tricks: Type Juggling - `2015`.
- PHP filters chain - What is it and how to use it `2022`.
- PHP Magic Tricks: Type Juggling - `2015`.
- PHP Magic Tricks: Type Juggling - `2015`.
- PHP Magic Tricks: Type Juggling - `2015`.
- PHP Magic Tricks: Type Juggling - `2015`.
-
Python
- Prototype Pollution in Python - `2023-01-04`.
- Prototype Pollution in Python - `2023-01-04`.
-
-
Secret Scanning
-
Docker
- Finding leaked secrets in your Docker image with a scanner - `2022-02-01`.
- Finding leaked secrets in your Docker image with a scanner - `2022-02-01`.
-
Programming Languages
Sub Categories
Keywords
payload
4
owasp-top-10
2
injection-payloads
2
injection-attacks
2
injection
2
hacking
2
bugbounty
2
attacker
2
vulnerability
2
serialization
2
poc
2
jvm
2
javadeser
2
java
2
gadget
2
exploit
2
deserialization
2
xss-payloads
2
xss-detection
2
xss-cheatsheet
2
xss
2
payload-list
2
websecurity
2
sql-injections
2
sql-injection-proof
2
sql-injection-payloads
2
sql-injection-filterer
2
sql-injection-exploitation
2
sql-injection-attacks
2
sql-injection-attack
2
sql-injection
2
sql-inject
2
security-research
2
payloads
2