OSWE-Prep An OSWE Guide
WriteUps https://stacktrac3.co/oswe-review-awae-course/
https://github.com/wetw0rk/AWAE-PREP]
https://forum.hackthebox.eu/discussion/2646/oswe-exam-review-2020-notes-gifts-inside
https://www.linkedin.com/pulse/lets-get-oswe-certificate-part-i-recon-istv%25C3%25A1n-b%25C3%25B6hm/
https://donavan.sg/blog/index.php/2020/03/14/the-awae-oswe-journey-a-review/
https://medium.com/@fasthm00/the-state-of-oswe-c68150210fe4
https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/
https://github.com/deletehead/awae_oswe_prep
https://github.com/M507/AWAE-Preparation
https://www.vesiluoma.com/offensive-security-web-expert-oswe-advanced-web-attacks-and-exploitation/
https://blog.bousalman.com/oswe-review/
https://www.youtube.com/playlist?list=PLwvifWoWyqwqkmJ3ieTG6uXUSuid95L33
https://hub.schellman.com/blog/oswe-review-and-exam-preparation-guide
https://medium.com/@it_band/how-i-passed-the-oswe-exam-3de88bdbad2c
https://www.reddit.com/r/OSWE/comments/bsods2/i_just_passed_the_oswe_exam_amaa_about_the_exam/
https://nethemba.com/are-you-preparing-for-oswe-or-oscp-certification/
https://kishanchoudhary.com/OSWE/Journey/OSWE.html
Remote Code Execution https://shells.systems/
https://medium.com/@corneacristian/top-25-rce-bug-bounty-reports-bc9555cca7bc
https://github.com/shawnmckinney/remote-code-execution-sample
https://www.gosecure.net/blog/2019/07/03/java-remote-code-execution-potpourri/
https://labs.bishopfox.com/tech-blog/2015/08/coldfusion-bomb-a-chain-reaction-from-xss-to-rce
https://voidsec.com/tabletopia-from-xss-to-rce/
https://blog.ripstech.com/2019/magento-rce-via-xss/
https://medium.com/@knownsec404team/the-analysis-of-mybb-18-20-from-stored-xss-to-rce-7234d7cc0e72
https://sarthaksaini.com/2019/awae/xss-rce.html
https://s0md3v.github.io/xss-to-rce/
https://anotherhackerblog.com/exploiting-file-uploads-pt-2/
https://labs.bishopfox.com/advisories/openemr-5-0-16-remote-code-execution-cross-site-scripting
https://zero.lol/2019-05-13-xss-to-rce/
https://lwierzbicki.github.io/2020/06/10/from-file-upload-to-rce.html
https://www.corben.io/atlassian-crowd-rce/
https://rebraws.github.io/ATutor/
https://github.com/fuzzlove/ATutor-2.2.4-Language-Exploit
https://underdefense.com/n-day-exploit-development-and-upgrade-to-rce/
https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/
https://www.exploit-db.com/exploits/39534
https://www.exploit-db.com/exploits/39524
https://ssd-disclosure.com/ssd-advisory-auth-bypass-and-rce-in-infinite-wp-admin-panel/
https://github.com/kacperszurek/exploits/blob/master/GitList/gitlist_unauthenticated_rce.py
https://medium.com/cisco-amp-technology/remote-code-execution-for-java-developers-84adb8e23652
https://github.com/pwntester/SpringBreaker
File Upload Vulnerability https://www.slideshare.net/HackIT-ukraine/15-technique-to-exploit-file-upload-pages-ebrahim-hegazy
https://medium.com/@519udhaya/unrestricted-file-upload-vulnerability-bba4491a08da
https://book.hacktricks.xyz/pentesting-web/file-upload
https://www.exploit-db.com/exploits/48978
Auth Bypass https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/
https://packetstormsecurity.com/files/157563/ATutor-LMS-2.2.4-Weak-Password-Reset-Hash.html
https://ssd-disclosure.com/ssd-advisory-auth-bypass-and-rce-in-infinite-wp-admin-panel/
Deserialisation https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/
https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
https://gist.github.com/DiabloHorn/8630948d953386d2ed575e17f8635ee7
https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html
https://deadcode.me/blog/2016/09/18/Blind-Java-Deserialization-Part-II.html
http://slightlyrandombrokenthoughts.blogspot.com/2010/08/breaking-defensive-serialization.html
https://speakerdeck.com/pwntester/attacking-net-serialization?slide=8
https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html
https://brandur.org/fragments/gadgets-and-chains
https://notsosecure.com/remote-code-execution-via-php-unserialize/
https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_WP.pdf
https://www.youtube.com/watch?v=t-zVC-CxYjw&ab_channel=OWASP
https://pentest-tools.com/blog/exploit-dotnetnuke-cookie-deserialization/
https://book.hacktricks.xyz/pentesting-web/deserialization
https://rhinosecuritylabs.com/research/java-deserializationusing-ysoserial/
https://blog.jamesotten.com/post/applications-manager-rce/
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet#ysoserial
https://gist.github.com/pwntester/72f76441901c91b25ee7922df5a8a9e4
https://medium.com/@frycos/yet-another-net-deserialization-35f6ce048df7
https://speakerdeck.com/pwntester/attacking-net-serialization?slide=12
https://www.exploit-db.com/exploits/42756
https://research-labs.net/search/exploits/hpe-72-java-deserialization
https://nytrosecurity.com/2018/05/30/understanding-java-deserialization/
https://www.exploit-db.com/docs/english/44756-deserialization-vulnerability.pdf
http://www.pwntester.com/blog/2013/12/16/cve-2011-2894-deserialization-spring-rce/
https://blog.ripstech.com/tags/php-object-injection/
https://medium.com/bugbountywriteup/fireshell-ctf-2019-web-vice-writeup-2deee8d82556
SQL Injection https://www.exploit-db.com/papers/17073
https://github.com/blabla1337/skf-labs/blob/master/kbid-156-sqli-blind.md
https://cyberpanda.la/blog/laravel-sql-injections
http://blog.k3170makan.com/2012/01/bit-shifting-blind-injection-simplified.html
https://pulsesecurity.co.nz/articles/postgres-sqli
https://medium.com/@afinepl/postgresql-code-execution-udf-revisited-3b08412f47c1
https://www.infigo.hr/files/INFIGO-TD-2009-04_PostgreSQL_injection_ENG.pdf
https://medium.com/@ismailtasdelen/sql-injection-payload-list-b97656cfd66b
https://hydrasky.com/network-security/sql-injection-bypass-cheatsheet/
https://www.secjuice.com/advanced-sqli-waf-bypass/
https://www.exploit-db.com/papers/17934
https://medium.com/@infinitypaul/laravel-query-builder-security-8ce5e96233d9
https://www.websec.ca/kb/sql_injection
https://incogbyte.github.io/sqli_waf_bypass/
http://www.mannulinux.org/2015/03/blind-injection-exploitation-with.html
http://www.mannulinux.org/2018/03/erro-based-sql-injection-mysql.html
http://www.mannulinux.org/2020/09/sql-injection-filter-bypass-to-perform.html
https://blog.cobalt.io/a-pentesters-guide-to-sql-injection-sqli-16fd570c3532
https://www.exploit-db.com/exploits/46725
https://blog.pentesteracademy.com/postgresql-udf-command-execution-372f0c68cfed?gi=89e5578c5604
https://blog.pentesteracademy.com/postgresql-udf-command-execution-372f0c68cfed
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MySQL%20Injection.md
https://www.open-emr.org/wiki/images/1/11/Openemr_insecurity.pdf
https://www.postgresql.org/docs/8.0/xfunc-sql.html
https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/
https://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
https://medium.com/@notsoshant/a-not-so-blind-rce-with-sql-injection-13838026331e
https://www.redsiege.com/blog/2018/11/sqli-data-exfiltration-via-dns/
http://pentestmonkey.net/category/cheat-sheet/sql-injection
http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet
http://www.mannulinux.org/2020/04/exploiting-sql-injection-in-insert.html
https://github.com/21y4d/blindSQLi/blob/master/blindSQLi.py
https://github.com/Dionach/pgexec/blob/master/pg_exec.c
https://www.codeigniter.com/userguide3/database/queries.html#escaping-queries
Type Juggling https://dzone.com/articles/type-juggling-authentication-bypass-vulnerability
https://hackerone.com/reports/86022
https://www.alertlogic.com/blog/writing-exploits-for-exotic-bug-classes-php-type-juggling-d58/
https://labs.f-secure.com/archive/laravel-cookie-forgery-decryption-and-rce/
https://labs.f-secure.com/archive/wordpress-auth-cookie-forgery/
https://owasp.org/www-pdf-archive/PHPMagicTricks-TypeJuggling.pdf
https://docs.google.com/file/d/0ByaHyu9Ur1viWV9yZFVwS3dpQ2M/edit
http://turbochaos.blogspot.com/2013/08/exploiting-exotic-bugs-php-type-juggling.html
JS Injection https://howtonode.org/what-is-this
https://www.npmjs.com/package/safe-eval
https://capacitorset.github.io/mathjs/
https://riptutorial.com/javascript/example/32217/evaled-json-injection
https://pwnisher.gitlab.io/nodejs/sandbox/2019/02/21/sandboxing-nodejs-is-hard.html
https://blog.netspi.com/escape-nodejs-sandboxes/
https://humanwhocodes.com/blog/2013/06/25/eval-isnt-evil-just-misunderstood/
http://dfkaye.github.io/2014/03/14/javascript-eval-and-function-constructor/
https://portswigger.net/research/dom-based-angularjs-sandbox-escapes
https://nodejs.org/api/vm.html
https://nodejs.dev/learn/how-much-javascript-do-you-need-to-know-to-use-nodejs
https://nodejs.dev/learn/differences-between-nodejs-and-the-browser
https://blog.netspi.com/escape-nodejs-sandboxes/
https://ibreak.software/2016/08/nodejs-rce-and-a-simple-reverse-shell/
SSTI https://0day.work/jinja2-template-injection-filter-bypasses/
https://medium.com/@nyomanpradipta120/jinja2-ssti-filter-bypasses-a8d3eb7b000f
https://www.bitdefender.com/blog/consumer/avoid-malicious-files-double-extensions/
https://js.getwisdom.io/til-js-safely-reversing-unicode-strings/
https://eng.getwisdom.io/awesome-unicode/
https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/
https://codewhitesec.blogspot.com/2015/03/sh-or-getting-shell-environment-from.html