web-app-pentest
Learn Web Application Penetration Testing
web-application-vulnerabilities
Using Burp to Test for the OWASP Top Ten
Burp methodology for web app pentest
Blind Command Injection Testing with Burp Collaborator
advanced sqli
database and sql basics for hackers:
Others techniques:
command injection/remote command execution and code injection/remote code execution:
https://security.stackexchange.com/questions/168327/difference-between-code-injection-command-injection-and-remote-code-execution https://clouddocs.f5.com/training/community/waf/html/class2/module1/lab4.html
https://www.netsparker.com/blog/web-security/remote-code-evaluation-execution/
RCE on spring : https://blog.gdssecurity.com/labs/2017/7/17/cve-2017-4971-remote-code-execution-vulnerability-in-the-spr.html
- CRLF:
https://www.acunetix.com/websitesecurity/crlf-injection/
- LFI to Code Execuion:
https://resources.infosecinstitute.com/local-file-inclusion-code-execution/
- XML External Entity:
https://depthsecurity.com/blog/exploitation-xml-external-entity-xxe-injection
https://hdivsecurity.com/owasp-xml-external-entities-xxe
http://gotowebsecurity.com/xml-injection/
https://pentestmag.com/exploiting-the-entity-xme-xml-external-entity-injection/
https://www.blackhillsinfosec.com/xml-external-entity-beyond-etcpasswd-fun-profit/
- Server Side Template Injection :
https://www.we45.com/blog/server-side-template-injection-a-crash-course-
- Java Deserialization:
node-serialize: https://blog.websecurify.com/2017/02/hacking-node-serialize.html
jBoss : https://trustfoundry.net/exploiting-java-deserialization-on-jboss/
Static Analysis of Client-Side JavaScript for pen testers and bug bounty hunters