XXE Cheat Sheet - SecurityIdiots
Just another article bring together the tips and tricks to find/exploit XXE and bypass it.
Hi, I'm Khan.
Security Engineer, Bug Bounty Hunter
I spend a lot of time programming and breaking the applications logic.
Read more about me
Different Contexts for XSS execution
Here we will learn, different types of contexts where XSS may reflect. How to deal with them and how we can balance the injection.
XSS exploitation part 1
Finally, we are finished with basics of javascript for XSS and here we are with the first part of XSS exploitation.
Basics of Javascript for XSS - final
In this post we will finally finish up our requirements of Javascript for XSS, from our next post we will bang with XSS..
Basics of Javascript for XSS part 2
In this post we will cover some other requirements a attacker need to understand about Javascript for advanced XSS exploitation.
XSS Series by Securityidiots
Securityidiots is back with its all amazing tutorials, Monter maini is gonna cover basics to advanced XSS in this series.
Bypass Addslashes using Multibyte Character
I beleive this tutorial is nother unique or new as compared to some other tutorials on Securityidiots. Tutorial related to Addslash bypass can be found easily
MSSQL practical Second Order Exploitation
MSSQL out of band exploitation, very useful while you are not able to extract that data in all those old ways, here we are with a awesome fucking new way ;)
Oracle SQL Injection and DIOS Query
Here is a complete tutorial on how to injection in oracle based website, along with into to oracle DIOS.
MSSQL Second Order Exploitation
MSSQL Insert Query injection and Second order Exploitation tutorial with video...
Bypass Sucuri WebSite Firewall(WAF)
In this tutorial we'll bypass the latest WAF Sucuri. Which is becoming a pain in the ass to many Inj3ct0rs
Guide to WAF Bypass by SecurityIdiots
Heres one of the most requested tutorial yet, Lets start learning and exploring WAF techniques and bypasses.
One Payload to Inject them all - MultiQuery Injection
Multi Query injection, one of my favorites. Heres a little explanation on it and why its different from Routed SQLi
XPATH Injection : Iterating through element and Entities
Learn how to test XPATHi and confirm it, Inject and extract the data from XML using XPATHi
Shell the web - Methods of a Ninja
Learn what securities developers use against shell uploading and how can we bypass those securities to get our shell over that website.
MSSQL Error Based Injection
Many times you fall into a situation when Union doesnt work so herez basics of how to use error based MSSQL injection, and what are the conditions need to be met for an error based SQLi
Routed SQL Injection
Security Idiots is up with some of the most tricky parts of SQL injection, brace yourself to have some more fun with SQL injection.
Step By Step MSSQL Union Based Injection
A complete series on MSSQL Injection for those who are still not really comfortable with MSSQL Injection
Hand Guide To Local File Inclusion(LFI)
Guide to Local File Inclusion. Learn how to shell website using LFI and other Bypass tricks
Manual Inj3ct0rs Guide to recognize database
Learn how to recognize the database used by the application even when you can not see any kind of errors. Handy guide for manual SQL injectors.
MSSQL DIOS (Dump in One Shot)
Explanation on MS SQL Dump in one shot query.
DIOS the SQL Injectors Weapon (Upgraded)
Learn some more about DIOS and check out the other complete new flavors of SQLi DUMP In One Shot.
Steal IP Address using Image
Steal IP address of victim using an image, the same trick can be used with SQLi and XSS also.
DIOS (Dump in One Shot) Explained Part 2
Here we will learn Some more advanced tricks to use with our DIOS and make it a complete query to work with
Basics XPATH Injection
This is our first tutorial where will will be discussing how can we inject into XPATH queries with live example and scenario to make it easy to understand.
DIOS (Dump in One Shot) Explained
Most of the Inj3ct0rs are using DIOS but very few actually know how it is working or how can they change it to get the required output. so here is a tutorial which will help you on that
Basics of XPATH for XPATH Injection 1
In this tutorial we will understand the basics of XPATH and its all the relations and terms used in XPATH to better understand how to inject into XPATH queries
Basics of XPATH for XPATH Injection 2
In this tutorial we will understand the basics of XPATH Queries and then also start with the basics of XPATH injection
Union Based Oracle Injection
After all of our tutorials on injecting into MySQL database this tutorial concentrates on the basics of injecting in Oracle database
Group By and Order by SQL injection
Here we will learn how can an attacker inject into Order by and group by clause to extract the data using SQL injection