Skip to content

spekulatius/awesome-infosec

Repository files navigation

Awesome InfoSec Awesome lint

Personal notes and awesome infosec stuff for a bash-focused workflow. Highly subjective selection by nature.

Contents

Orientation

Bugs

Archives: ZipSlip/TarSlip and others

CLI Applications

Image Libs: Converters, Resizers, etc. pp

Font Files

Request Smuggling

Tools

Deserialization

PHP

Python

Java

  • frohoff/ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Ruby

SQLi

URL Parsers

WYSIWYG Editors

  • CVE-2023-30943 - Moodle vulnerability allowing a remote user to send a specially crafted HTTP request and create arbitrary folders on the system using TinyMCE loaders 2023-05-11.
  • CVE-2011-4906 - Joomla 1.5.12 TinyMCE vulnerability leading to RCE (via Arbitrary File Upload) #778629 Exploit-DB.

XSS

XSS via data:-Attribute

  • #1444682 - XSS over data: at jamfpro.shopifycloud.com in outdated Swagger UI 2022-01-09.
  • #1276742 - Stored XSS in SVG file as data: url in rich text editor 2021-07-24.

Bug Chains

Multiple single vulnerabilities combined to create a more significant one.

Language-Level

PHP

Python

Secret Scanning

Docker