0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [master] 6 pages modified

This commit is contained in:
CPol 2021-01-26 13:53:03 +00:00 committed by gitbook-bot
parent 750fc68f57
commit 40047625aa
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
4 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SUMMARY.md
View File

@ -300,8 +300,7 @@
## Pentesting Web
* [2FA/OTP Bypass](pentesting-web/2fa-bypass/README.md)
* [Regular expression Denial of Service - ReDoS](pentesting-web/2fa-bypass/regular-expression-denial-of-service-redos.md)
* [2FA/OTP Bypass](pentesting-web/2fa-bypass.md)
* [Abusing hop-by-hop headers](pentesting-web/abusing-hop-by-hop-headers.md)
* [Bypass Payment Process](pentesting-web/bypass-payment-process.md)
* [Captcha Bypass](pentesting-web/captcha-bypass.md)
@ -342,6 +341,7 @@
* [PostMessage Vulnerabilities](pentesting-web/postmessage-vulnerabilities.md)
* [Race Condition](pentesting-web/race-condition.md)
* [Rate Limit Bypass](pentesting-web/rate-limit-bypass.md)
* [Regular expression Denial of Service - ReDoS](pentesting-web/regular-expression-denial-of-service-redos.md)
* [SQL Injection](pentesting-web/sql-injection/README.md)
* [MSSQL Injection](pentesting-web/sql-injection/mssql-injection.md)
* [Oracle injection](pentesting-web/sql-injection/oracle-injection.md)

2
pentesting-web/2fa-bypass/README.md → pentesting-web/2fa-bypass.md
View File

@ -47,7 +47,7 @@ There is a rate limit but when you "resend the code" the same code is sent and t
#### Client side rate limit bypass
[Read this post.](../rate-limit-bypass.md)
[Read this post.](rate-limit-bypass.md)
#### Lack of rate limit in user's account

6
pentesting-web/2fa-bypass/regular-expression-denial-of-service-redos.md → pentesting-web/regular-expression-denial-of-service-redos.md
View File

@ -1,12 +1,12 @@
# Regular expression Denial of Service - ReDoS
**Copied from** [**https://owasp.org/www-community/attacks/Regular\_expression\_Denial\_of\_Service\_-\_ReDoS**](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)\*\*\*\*
## Introduction
**Copied from** [**https://owasp.org/www-community/attacks/Regular\_expression\_Denial\_of\_Service\_-\_ReDoS**](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)\*\*\*\*
The **Regular expression Denial of Service \(ReDoS\)** is a [Denial of Service](https://owasp.org/www-community/attacks/Denial_of_Service) attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly \(exponentially related to input size\). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time.
## Description
### Description
#### The problematic Regex naïve algorithm <a id="the-problematic-regex-na&#xEF;ve-algorithm"></a>

2
pentesting/pentesting-web/README.md
View File

@ -356,7 +356,7 @@ Check for this vulnerabilities:
## **User input Web Vulnerabilities list**
* \*\*\*\*[**2FA Bypass**](../../pentesting-web/2fa-bypass/)\*\*\*\*
* \*\*\*\*[**2FA Bypass**](../../pentesting-web/2fa-bypass.md)\*\*\*\*
* \*\*\*\*[**Captcha Bypass**](../../pentesting-web/captcha-bypass.md)\*\*\*\*
* \*\*\*\*[**Clickjacking**](../../pentesting-web/clickjacking.md)\*\*\*\*
* \*\*\*\*[**Client Side Template Injection \(CSTI\)**](../../pentesting-web/client-side-template-injection-csti.md)\*\*\*\*