This update brings significant new content, including dedicated pages for new vulnerability classes, fresh exploitation techniques for existing topics, and numerous quality-of-life improvements across the knowledge base.
π New Vulnerability Pages
- External Variable Modification: Complete new section covering PHP
extract()function vulnerabilities, variable pollution, and security implications - Reverse Proxy Misconfigurations: Covering common Nginx misconfigurations.
π Enhanced Sections
-
Command Injection:
- Added worstfit technique for argument injection
- Enhanced with fullwidth character bypass methods
-
CSV Injection:
- New Google Sheets exploitation section
- Added formulas like IMPORTXML, IMPORTRANGE for data exfiltration
- Enhanced with remote resource access techniques
-
File Inclusion:
- New lightyear tool for blind file read primitives
- Enhanced PHP filter exploitation techniques
-
Headless Browser:
- New CVE exploitation section
- Enhanced debugging port security implications
- Added insecure flags and PDF rendering attack vectors
-
Java Deserialization:
- Comprehensive JSON deserialization section (Jackson etc)
- Enhanced with multiple attack vectors and exploitation techniques
-
SQL Injection:
- New PDO Prepared Statements section
π Bug Fixes & Corrections
- Fixed numerous formatting inconsistencies
- Corrected broken internal links
- Updated deprecated tool references
- Standardized code block formatting
- Standardized bullet points and list formatting across all sections
- Automated markdown linting detection now runs on all pull requests and commits.
π What's Changed
- csv injection: google sheets formulas by @noraj in #759
- Update YOUTUBE.md by @Tednoob17 in #765
- Add missing -r flag for xxe excel file rebuilding with zip command by @sehraramiz in #768
- Fix extra parentheses in MySQL Injection.md by @DoongPark in #769
- FIX broken link by @Diebbo in #772
- Add support for
||(concatenation) operator in PostgreSQL for time based SQL injection by @florianamette in #779 - Update README.md by @stenzzor in #781
πNew Contributors
- @Tednoob17 made their first contribution in #765
- @sehraramiz made their first contribution in #768
- @DoongPark made their first contribution in #769
- @Diebbo made their first contribution in #772
- @florianamette made their first contribution in #779
- @stenzzor made their first contribution in #781
Full Changelog: 4.1...4.2