bugbounty-cheatsheet
ssti-payloads
Our great sponsors
bugbounty-cheatsheet | ssti-payloads | |
---|---|---|
3 | 1 | |
5,561 | 560 | |
- | 4.5% | |
0.0 | 0.0 | |
8 months ago | about 1 year ago | |
Creative Commons Attribution Share Alike 4.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bugbounty-cheatsheet
ssti-payloads
-
There are some script for automate SSTI attacks?
I'm doing a hackthebox challenge where you need to exploit Flask with SSTI. I searched for some SSTI payloads and found a lot of options.
What are some alternatives?
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
sql-injection-payload-list - 🎯 SQL Injection Payload List
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
awesome-oneliner-bugbounty - A collection of awesome one-liner scripts especially for bug bounty tips.
command-injection-payload-list - 🎯 Command Injection Payload List
bounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
tplmap - NO LONGER MAINTAINED - a pentest tool to detect and exploit SSTI