Fix name - Part 1

FIX_AWS Amazon Lambda/README.md

@@ -0,0 +1,33 @@
+# Vulnerability Title
+
+> Vulnerability description - reference
+
+Tools:
+
+- [Tool name - description](https://example.com)
+
+## Summary
+
+* [Something](#something)
+* [Something](#something)
+  * [Subentry 1](#sub1)
+  * [Subentry 2](#sub2)
+
+## Something
+
+Quick explanation
+
+```powershell
+Exploit
+```
+
+Abhay Bhargav
+‏https://twitter.com/abhaybhargav/status/1080034019230842880
+
+@abhaybhargav
+  1 janv.
+Protip: When bughunting a #AWS #Lambda function, remember that the metadata objects are env-vars. Escalate privs after RCE with envvars. In this screenshot have a function that's vulnerable to a deserialization vuln (RCE) through which I have dumped the envvars with secrets
+
+## References
+
+- [Blog title - Author, Date](https://example.com)

FIX_BuildPDF/TODO/Authentication Bypass/README.md

@@ -0,0 +1,35 @@
+# Vulnerability Title
+
+> Vulnerability description - reference
+
+Tools:
+
+- [Tool name - description](https://example.com)
+
+## Summary
+
+* [Something](#something)
+* [Something](#something)
+  * [Subentry 1](#sub1)
+  * [Subentry 2](#sub2)
+
+## Something
+
+Quick explanation
+
+```powershell
+Exploit
+```
+
+## References
+
+- [OneLogin authentication bypass on WordPress sites via XMLRPC in Uber](https://hackerone.com/reports/138869) by Jouko Pynnönen (jouko)
+- [2FA PayPal Bypass](https://henryhoggard.co.uk/blog/Paypal-2FA-Bypass) by henryhoggard
+- [SAML Bug in Github worth 15000](http://www.economyofmechanism.com/github-saml.html)  
+- [Authentication bypass on Airbnb via OAuth tokens theft](https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/)
+- [Uber Login CSRF + Open Redirect -> Account Takeover at Uber](http://ngailong.com/uber-login-csrf-open-redirect-account-takeover/)
+- [Administrative Panel Access](http://c0rni3sm.blogspot.hk/2017/08/accidentally-typo-to-bypass.html?m=1) by c0rni3sm
+- [Uber Bug Bounty: Gaining Access To An Internal Chat System](http://blog.mish.re/index.php/2017/09/06/uber-bug-bounty-gaining-access-to-an-internal-chat-system/) by mishre
+- [Flickr Oauth Misconfiguration](https://mishresec.wordpress.com/2017/10/12/yahoo-bug-bounty-exploiting-oauth-misconfiguration-to-takeover-flickr-accounts/) by mishre
+- [Slack SAML authentication bypass](http://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html) by Antonio Sanso
+- [Shopify admin authentication bypass using partners.shopify.com](https://hackerone.com/reports/270981) by uzsunny

FIX_BuildPDF/TODO/Bruteforce/README.md

@@ -0,0 +1,38 @@
+# Vulnerability Title
+
+> Vulnerability description - reference
+
+Tools:
+
+- [Tool name - description](https://example.com)
+
+## Summary
+
+* [Something](#something)
+* [Something](#something)
+  * [Subentry 1](#sub1)
+  * [Subentry 2](#sub2)
+
+## Something
+
+Quick explanation
+
+```powershell
+Exploit
+```
+
+## References
+
+- [Web Authentication Endpoint Credentials Brute-Force Vulnerability](https://hackerone.com/reports/127844) by Arne Swinnen
+- [InstaBrute: Two Ways to Brute-force Instagram Account Credentials](https://www.arneswinnen.net/2016/05/instabrute-two-ways-to-brute-force-instagram-account-credentials/) by Arne Swinnen
+- [How I Could Compromise 4% (Locked) Instagram Accounts](https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/) by Arne Swinnen
+- [Possibility to brute force invite codes in riders.uber.com](https://hackerone.com/reports/125505) by r0t
+- [Brute-Forcing invite codes in partners.uber.com](https://hackerone.com/reports/144616) by Efkan Gökbaş (mefkan)
+- [How I could have hacked all Facebook accounts](http://www.anandpraka.sh/2016/03/how-i-could-have-hacked-your-facebook.html) by Anand Prakash
+- [Facebook Account Take Over by using SMS verification code, not accessible by now, may get update from author later](http://arunsureshkumar.me/index.php/2016/04/24/facebook-account-take-over/) by Arun Sureshkumar
+- [SQL injection in Wordpress Plugin Huge IT Video Gallery in Uber](https://hackerone.com/reports/125932) by glc
+- [SQL Injection on sctrack.email.uber.com.cn](https://hackerone.com/reports/150156) by Orange Tsai
+- [Yahoo – Root Access SQL Injection – tw.yahoo.com](http://buer.haus/2015/01/15/yahoo-root-access-sql-injection-tw-yahoo-com/) by Brett Buerhaus
+- [Multiple vulnerabilities in a WordPress plugin at drive.uber.com](https://hackerone.com/reports/135288) by Abood Nour (syndr0me)
+- [GitHub Enterprise SQL Injection](http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html) by Orange
+- [Yahoo SQL Injection to Remote Code Exection to Root Privilege](http://www.sec-down.com/wordpress/?p=494) by Ebrahim Hegazy

FIX_BuildPDF/TODO/Business Logic Flaw/README.md

@@ -0,0 +1,29 @@
+# Vulnerability Title
+
+> Vulnerability description - reference
+
+Tools:
+
+- [Tool name - description](https://example.com)
+
+## Summary
+
+* [Something](#something)
+* [Something](#something)
+  * [Subentry 1](#sub1)
+  * [Subentry 2](#sub2)
+
+## Something
+
+Quick explanation
+
+```powershell
+Exploit
+```
+
+## References
+
+- [How I Could Steal Money from Instagram, Google and Microsoft](https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/) by Arne Swinnen
+- [How I could have removed all your Facebook notes](http://www.anandpraka.sh/2015/12/summary-this-blog-post-is-about.html)
+- [Facebook - bypass ads account's roles vulnerability 2015](http://blog.darabi.me/2015/03/facebook-bypass-ads-account-roles.html) by POUYA DARABI
+- [Uber Ride for Free](http://www.anandpraka.sh/2017/03/how-anyone-could-have-used-uber-to-ride.html) by anand praka

FIX_BuildPDF/TODO/Race Condition/README.md

@@ -0,0 +1,28 @@
+# Vulnerability Title
+
+> Vulnerability description - reference
+
+Tools:
+
+- [Tool name - description](https://example.com)
+
+## Summary
+
+* [Something](#something)
+* [Something](#something)
+  * [Subentry 1](#sub1)
+  * [Subentry 2](#sub2)
+
+## Something
+
+Quick explanation
+
+```powershell
+Exploit
+```
+
+## References
+
+- [Race conditions on Facebook, DigitalOcean and others (fixed)](http://josipfranjkovic.blogspot.hk/2015/04/race-conditions-on-facebook.html) by Josip Franjković
+- [Race Conditions in Popular reports feature in HackerOne](https://hackerone.com/reports/146845) by Fábio Pires (shmoo)
+- [Hacking Starbuck for unlimited money](https://sakurity.com/blog/2015/05/21/starbucks.html) by Egor Homakov

FIX_BuildPDF/build.sh

@@ -0,0 +1,9 @@
+# GitPrint from Payload
+
+find .  -name "*.md" | sed "s/\.\///g" | sort | xargs -I{} wget --content-disposition "https://gitprint.com/swisskyrepo/PayloadsAllTheThings/blob/master/"{}"?download"
+pdfjoin *.pdf 
+
+
+# NOTE : 
+# check for 502 errors from gitprint
+# XSS and Mimikatz don't work with Gitprint ;.

FIX_Upload Insecure Files/CVE ZIP Symbolic Link/passwd

@@ -0,0 +1 @@
+/etc/passwd