Skip to content

Commit 57703ed

Browse files
swisskyreposwisskyrepo
committed
plocate and Azure AD updates
1 parent bb71d4a commit 57703ed

File tree

2 files changed

+16
-1229
lines changed

2 files changed

+16
-1229
lines changed

Directory Traversal/README.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,7 @@ url:http://127.0.0.1:8080
160160
/run/secrets/kubernetes.io/serviceaccount/certificate
161161
/var/run/secrets/kubernetes.io/serviceaccount
162162
/var/lib/mlocate/mlocate.db
163+
/var/lib/plocate/plocate.db
163164
/var/lib/mlocate.db
164165
```
165166

@@ -214,6 +215,8 @@ The following log files are controllable and can be included with an evil payloa
214215
/var/log/sshd.log
215216
/var/log/mail
216217
```
218+
219+
217220
## Labs
218221

219222
* [File path traversal, simple case](https://portswigger.net/web-security/file-path-traversal/lab-simple)
@@ -223,11 +226,13 @@ The following log files are controllable and can be included with an evil payloa
223226
* [File path traversal, validation of start of path](https://portswigger.net/web-security/file-path-traversal/lab-validate-start-of-path)
224227
* [File path traversal, validation of file extension with null byte bypass](https://portswigger.net/web-security/file-path-traversal/lab-validate-file-extension-null-byte-bypass)
225228

229+
226230
## References
227231

228232
* [Path Traversal Cheat Sheet: Windows](https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/)
229233
* [Directory traversal attack - Wikipedia](https://en.wikipedia.org/wiki/Directory_traversal_attack)
230234
* [CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - CWE Mitre - December 27, 2018](https://cwe.mitre.org/data/definitions/40.html)
231235
* [NGINX may be protecting your applications from traversal attacks without you even knowing](https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d?source=friends_link&sk=e9ddbadd61576f941be97e111e953381)
232236
* [Directory traversal - Portswigger](https://portswigger.net/web-security/file-path-traversal)
233-
* [Cookieless ASPNET - Soroush Dalili](https://twitter.com/irsdl/status/1640390106312835072)
237+
* [Cookieless ASPNET - Soroush Dalili](https://twitter.com/irsdl/status/1640390106312835072)
238+
* [EP 057 | Proc filesystem tricks & locatedb abuse with @_remsio_ & @_bluesheet - TheLaluka - 30 nov. 2023](https://youtu.be/YlZGJ28By8U)

0 commit comments

Comments
 (0)