dhaval17 / Awsome Security Write Ups And Pocs

Awesome Security Write-Ups and POCs

A curated list of delightful writeups and POCs

Not mine not yours, It's everyone's. Feel free to contribute.

Submitting new resource :

Please read the Contribution Doc

Content

1. Cross Site Scripting - XSS
2. Cross Site Request Frogery - CSRF
3. Server Side Request Frogery - SSRF
4. Application/Business Logic
5. SQL Injection - SQLi
6. InDirect Object Reference - IDOR
7. Code Execution
8. Reverse Engineering
9. DNS Related
10. Brute-force
11. Subdomain Takeover
12. Open URL Redirection
13. Research Papers
14. Miscellaneous

Resource

Blogs/Write ups

Cross Site Scripting - XSS

1. XSS that existed at accounts.google.com - @kinugawamasato
2. admin.google.com Reflected Cross-Site Scripting (XSS) - @bbuerhaus - Vulnerable continue parameter, https://admin.google.com/mrzioto.com/ServiceNotAllowed?service=grandcentral&continue=javascript:alert(document.cookie);//
3. XSS-es in Google Caja - @SecurityMB
4. Content Types and XSS: Facebook Studio - @fin1te - Client-side validation for content-type, Which then enables to pass HTML/Javascript to execute XSS
5. Facebook XSS via Cross-Origin Resource Sharing - @mattaustin
6. Stored XSS at Parse - Dhaval - No URL validation, Thus allowing javascript:alert(1) in URL parameter leading to XSS
7. XSS in OAuth flow of Paypal - Dhaval
8. Reflected XSS through AngularJS sandbox bypass...McDonald - @finnwea
9. Coming across an XSS vulnerability at Google sites is wrong I expected - ikuta_T
10. Hacking Google for fun and profit - Manish Bhattacharya
11. Unpatched (0day) jQuery Mobile XSS - EDUARDO VELA
12. Reflected XSS in Etsy - Harry M Gertos
13. Sleeping stored Google XSS Awakens a $5000 Bounty - Patrik Fehrenbach
14. admin.google.com Reflected Cross-Site Scripting (XSS) - Brett Buerhaus
15. Stored XSS at exchange.onavo.com - Dhaval
16. Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF - Brett Buerhaus
17. How I found a $5,000 Google Maps XSS - Marin Moulinier

Cross Origin Resource Sharing Exploitation

1. Think Outside the Scope: Advanced CORS Exploitation Techniques - Sandh0t

Cross Site Request Frogery - CSRF

1. Messenger.com Site-Wide CSRF - @fin1te
2. How I bypassed Facebook CSRF once again! - Pouya Darabi

Server Side Request Frogery - SSRF

1. SSRF at Facebook Update Subscription Menu - Dhaval
2. Ok Google, Give Me All Your Internal DNS Information - Julien Ahrens
3. How anyone could have used Uber to ride for free! -

Application/Business Logic

1. Facebook Simple Technical Bug worth 7500$ - Ashish Padelkar
2. How I Could Steal Money from Instagram, Google and Microsoft - Arne Swinnen

SQL Injection - SQLi

1. Popping a shell on the Oculus developer portal - Bitquark
2. SQLi + XXE + File path traversal Deutsche Telekom - Ibrahim M. El-Sayed
3. GitHub Enterprise SQL Injection - Orange Tsai

InDirect Object Reference - IDOR

1. Facebook Vulnerability - Delete Any Video on Facebook - Dan Melamed
2. Confirming new email/mobile number bug in Facebook - Lokesh Kumar
3. How I hacked 62.5 million Zomato Users - Anand Prakash - Anand Prakash

Code Execution

1. Facebook’s ImageTragick Story - @4lemon
2. WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass - Kacper Szurek
3. 0day writeup: XXE in uber.com - Vladimir Ivanov
4. Command injection which got me "6000$" from #Google - S Venkatesh
5. Airbnb – Ruby on Rails String Interpolation led to Remote Code Execution - Ben Sadeghipour Brett Buerhaus 6.GitHub Enterprise Remote Code Execution - Markus Fenske
6. Escaping from Restricted Shell and Gaining Root Access - Mehmet Ince
7. GitHub Enterprise Remote Code Execution

Reverse Engineering

1. Unfolding obfuscated code with Reven (part 1)
2. Unfolding obfuscated code with Reven (part 2)
3. Three roads lead to Rome - Luke Viruswalker

DNS Related

1. Hijacking Broken Nameservers to Compromise Your Target - @IAmMandatory
2. That (.) Which Made The Difference - Dhaval
3. Domain Fronting Via Cloudfront Alternate Domains - Vincent Yiu

Brute-force

1. How I could have hacked all Facebook accounts - Anand Prakash

Subdomain Takeover

1. Hijacking tons of Instapage expired users Domains & Subdomains - @emgeekboy
2. The story of EV-SSL, AWS and trailing dot domains - Detectify

Open URL Redirection

1. How I discovered a 1000$ open redirect in Facebook - Yassine Aboukir
2. Facebook Whitehat Vulnerability for 2013: Open Redirection in Facebook Mobile - Prakhar Prasad
3. Dropbox Team Website Open Redirection - Prakhar Prasad
4. Bypassing SoundCloud’s protection for open redirections - strukt93

Research Papers

1. The Complete Guide to CORS (In)Security - Davide Danelon

Miscellaneous

1. Combining host header injection and lax host parsing serving malicious data - Detectify
2. Compromising Apache Tomcat via JMX access - NCC Group UK
3. Facebook's Bug - Unauthorized access to credit/prepaid card details - Pranav Hivarekar
4. Constructing an XSS vector, using no letters - Charles Neill
5. Order Facebook Friends by Facebook Recruiting Technical Coefficient - Philippe Harewood
6. Web Cache Deception Attack - Omer Gil
7. Hacking Slack using postMessage and WebSocket - Frans Rosén
8. Stealing Messenger.com Login Nonces - Stephen Sclafani
9. Escaping a Python sandbox with a memory corruption bug - Gabe Pike
10. Uploading web.config for Fun and Profit 2 - Soroush Dalili

Extras

1. Everything you need to know about HTTP security headers
2. Helmet JS
3. GitHub's post-CSP journey - Patrick Toomey
4. CORS — a guided tour - Martin Splitt

Credits

Categories

• LtR101: Web Application Testing Methodologies - Andy

Stargazers over time