Notas
  • Introduction
  • Active Directory
    • BloodHound
    • Bypassing
    • Enumeration
    • Groups
    • Methodology
    • Msfvenom
    • Pivoting
    • Privesc
  • CMS
    • Jenkins
    • wordpress
  • CVEs
    • CVE-2017-0199
    • CVE-2019-1414
    • CVE-2021-42287
    • CVE-2021-44228
  • Common Ports
    • DNS - 53
    • LDAP - 389
    • MSSQL - 1433
    • NFS - 2049
    • RPC - 135
    • SMB - 445
    • VNC - 5900
    • ftp-21
    • kerberos-88
    • msrpc-5722
    • mysql-3306
    • rdp-3389
    • redis-6379
    • smtp-25
    • snmp-161
    • squid-3128
    • winrm-5985
  • EXTRA
    • BruteForce
    • Criptography
    • Extra
    • Fuzzing
    • Mounts
    • RevShells
  • Pentesting Android
    • Basic
  • Pentesting Web
    • IIS
    • LFI
    • OWASP TOP 10
    • Padding Oracle Attack
    • SSRF
    • SSTI
    • XSS
  • Pivoting
    • Remote Port Fowarding
    • Remote commands
  • SQLi
    • Conditional-based
    • Enumeration
    • Error-based
    • SQLite
    • Time-based
  • linux
    • Escalada
    • common-vulns
    • docker-breakout
    • ip-tables
    • port-forwarding
    • port-knocking
    • privesc
    • reversing
    • samba
  • scripting
    • Bash
    • PHP
    • Powershell
    • Python
Powered by GitBook
On this page
  1. Pentesting Web

SSRF

Abuso de la cabecera Location en PHP + Inyección SQL por

<?php
   head("Location: http://127.0.0.1:3000/api/v1/users/search?q=);
?>
PreviousPadding Oracle AttackNextSSTI

Last updated 1 year ago