offsec_WE

my learning case to prepare OSWE exam

work in progress...

• Atmail Mail Server Appliance Case Study (CVE-2012-2593)
  
• X-Cart Shopping Cart Case Study (CVE-2012-2570)
  
• SolarWinds Orion Case Study - (CVE-2012-2577)
  
• DELL SonicWall Scrutinizer Case Study - (CVE-2012-XXXX)
  
• SolarWinds Storage Manager 5.10 - (CVE-2012-2576)
  
• WhatsUp Gold 15.02 Case Study - (CVE-2012-2589)
  
• Symantec Web Gateway Blind SQLi- (CVE-2012-2574)
  
• AlienVault OSSIM - (CVE-2012-2594, CVE-2012-2599)
  
• PHPNuke CMS Case Study - CVE - 2010-XXXXX
  
• Symantec Web Gateway 5.0.3.18 RCE - CVE-2012-2953
  
• FreePBX Elastix Remote Code Execution - CVE - 2012-XXXX
  

another resource:

https://sarthaksaini.com/2019/awae/xss-rce.html
https://securitycafe.ro/2015/01/05/understanding-php-object-injection/
https://github.com/wetw0rk/AWAE-PREP
https://github.com/timip/OSWE
https://www.youtube.com/watch?v=Xfbu-pQ1tIc&list=PLwvifWoWyqwqkmJ3ieTG6uXUSuid95L33
https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#practices-application
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Deserialization_Cheat_Sheet.md
https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
https://techblog.mediaservice.net/2017/05/reliable-discovery-and-exploitation-of-java-deserialization-vulnerabilities/
https://www.acunetix.com/blog/web-security-zone/deserialization-vulnerabilities-attacking-deserialization-in-js/
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet