đź“–
Documentation
  • Documentation - Ajin
  • RFID Course
  • MOBILE
    • Challenge + course
    • Android
      • Patch APK
      • Cheatsheet
      • Crash rĂ©gulier du tĂ©lĂ©phone et Early Instrumentation
      • Lien utile
      • Root
      • Configuration
        • Proxy
        • Installation des outils
          • Screen Viewer
          • Frida-Server
          • Jadx
      • Cours
      • Chiffrement
    • InsecureBankv2
      • Root Detection
    • IOS
      • Lien Interessant
      • Jailbreak
      • Configuration
        • VM
        • Proxy Burp
        • Configuration Proxy IOS
        • Installation certificat
        • Debugger GDB
        • Installation App
          • En mode root
          • En mode non root
      • TI IOS
        • PrĂ©ambule
        • CheatSheet
      • Outils
        • Screen viewer
        • Fridump
        • Flex tools
        • Objection
        • MobSF
        • Frida
        • Frida-ios-dump
        • Grapefruit
        • Filza
        • Flex tools
      • Notes en tout genre
      • DVIA TI
        • SpĂ©cification IOS
        • Local Data Storage
          • Plist
          • UserDefaults
          • Keychain
          • Coredata
          • Webkit
          • Realm
        • Jailbreak
          • Jailbreak Challenge
          • Prise de note
        • Runtime Manipulation
        • Anti Anti Hooking/Debugging
        • Binary protection
        • Touch/Face ID Bypass
        • Side Channel Data Leakage
          • Device Logs
          • App Screenshot
          • Pasteboard
          • Keystroke Logging
          • Cookie
        • IPC Issue
        • Broken Cryptography
        • Application patching
        • Network Layer Security
        • Sensitive information in Memory
        • Webviews
        • Lien utile
    • Writeup
    • Projeter VPN sur Mobile
    • Lien intĂ©ressant
  • Web
    • CWEE
      • XSS & CSRF
        • Tools
        • Cours
          • Introduction to Advanced CSRF & XSS Exploitation
            • Introduction to Advanced CSRF & XSS Exploitation
            • Lab warmup
          • CSRF Exploitation
            • Introduction to CSRF Exploitation
            • Same-Origin Policy & CORS
            • CORS Misconfigurations
            • Bypassing CSRF Tokens via CORS Misconfigurations
      • Injection attacks
        • XPATH injection
        • LDAP injection
          • Bypass Authentication
          • LDAP - Data Exfiltration & Blind Exploitation
          • Payloads
        • Introduction to PDF Generation Vulnerabilities
          • Exploitation of PDF Generation Vulnerabilities
      • Introduction to NoSQL Injection
        • Introduction
          • MongoDB Lab noSQL injection
        • Server-Side JavaScript Injection
          • Lab
      • Attacking Authentication Mechanisms
        • Introduction
        • JWT
    • Outils
      • Burp
      • SQLMap
      • WFuzz
      • Gitools
      • Venom
      • DefaultCreds
      • HedearExposer
      • TestSSL & SSLCompare
      • Ysoserial
    • SQLi
      • SQL Union Attack & Order by
      • SQL Bypass
      • SQL retrieve information database
    • Authentication vulnerabilities
      • Checklist Brute Force
      • Password Reset
    • Directory Traversal / Os command injection
    • Buisness Logique
    • Broken Access Control
    • File upload
    • SSRF
    • XXE
    • CSRF
      • Checklist
    • Insecure Deserialization
      • Checklist
    • Tools
  • API
    • DVWS
    • Methodologie
    • SSRF .NET
    • Outils
  • Audit de configuration
    • Ressource
  • Active directory
    • DĂ©finition
    • Configuration
      • Installation
  • Terminal
    • FZF
    • Oh my ZSH
    • Terminator
    • TMux
  • Environnement virtuel python
    • Pyenv
  • Cloud
    • Challenge Cloud
  • Audit de code
    • Ressource
  • Thick client
    • MĂ©thodologie
    • Architecture
    • Interaction GUI
    • Network
    • URLs
  • Mode Kiosque
    • Application mode kiosque
Powered by GitBook
On this page
  1. API

SSRF .NET

PreviousMethodologieNextOutils

Last updated 1 year ago

Regarder les fonctions weclient et httpwebrequest

https://stackoverflow.com/questions/65327459/mitigating-the-risk-of-server-side-request-forgery-when-downloading-files-with-t

pour os injection : https://stackoverflow.com/questions/3940576/exploitable-c-sharp-functions

LogoOS Command Injection in .NETSecureFlag Security Knowledge Base