Normalize Titles

michje · Oct 12, 2022 · 6dd5c18 · 6dd5c18
1 parent d88e32a
commit 6dd5c18
Show file tree

Hide file tree

Showing 18 changed files with 31 additions and 21 deletions.
diff --git a/CRLF Injection/README.md b/CRLF Injection/README.md
@@ -1,8 +1,8 @@
-# CRLF
+# Carriage Return Line Feed
 
->The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line.
+> The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line.
 
->A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
+> A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
 
 ## Summary
 

diff --git a/CSV Injection/README.md b/CSV Injection/README.md
@@ -1,4 +1,4 @@
-# CSV Injection (Formula Injection)
+# CSV Injection
 
 Many web applications allow the user to download content such as templates for invoices or user settings to a CSV file. Many users choose to open the CSV file in either Excel, Libre Office or Open Office. When a web application does not properly validate the contents of the CSV file, it could lead to contents of a cell or many cells being executed.
 

diff --git a/CVE Exploits/README.md b/CVE Exploits/README.md
@@ -3,6 +3,10 @@
 ## Tools
 
 - [Trickest CVE Repository - Automated collection of CVEs and PoC's](https://github.com/trickest/cve)
+- [Nuclei Templates - Community curated list of templates for the nuclei engine to find security vulnerabilities in applications](https://github.com/projectdiscovery/nuclei-templates)
+- [Metasploit Framework](https://github.com/rapid7/metasploit-framework)
+- [CVE Details - The ultimate security vulnerability datasource](https://www.cvedetails.com)
+
 
 ## Big CVEs in the last 5 years.
 

diff --git a/Directory Traversal/README.md b/Directory Traversal/README.md
@@ -1,4 +1,4 @@
-# Directory traversal
+# Directory Traversal
 
 > A directory or path traversal consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.
 

diff --git a/GraphQL Injection/README.md b/GraphQL Injection/README.md
@@ -1,4 +1,4 @@
-# GraphQL injection
+# GraphQL Injection
 
 > GraphQL is a query language for APIs and a runtime for fulfilling those queries with existing data. A GraphQL service is created by defining types and fields on those types, then providing functions for each field on each type
 

diff --git a/Insecure Deserialization/Node.md b/Insecure Deserialization/Node.md
@@ -1,4 +1,4 @@
-# Node
+# Node Deserialization
 
 ## Summary
 

diff --git a/Insecure Deserialization/PHP.md b/Insecure Deserialization/PHP.md
@@ -1,4 +1,4 @@
-# PHP Object injection
+# PHP Deserialization
 
 PHP Object Injection is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context. The vulnerability occurs when user-supplied input is not properly sanitized before being passed to the unserialize() PHP function. Since PHP allows object serialization, attackers could pass ad-hoc serialized strings to a vulnerable unserialize() call, resulting in an arbitrary PHP object(s) injection into the application scope.
 

diff --git a/Insecure Management Interface/README.md b/Insecure Management Interface/README.md
@@ -1,4 +1,4 @@
-# Insecure management interface
+# Insecure Management Interface
 
 ## Springboot-Actuator
 

diff --git a/Insecure Source Code Management/README.md b/Insecure Source Code Management/README.md
@@ -1,4 +1,4 @@
-# Insecure source code management
+# Insecure Source Code Management
 
 * [Git](#git)
   + [Example](#example)

diff --git a/LDAP Injection/README.md b/LDAP Injection/README.md
@@ -1,4 +1,4 @@
-# LDAP injection
+# LDAP Injection
 
 > LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements using a local proxy.
 

diff --git a/NoSQL Injection/README.md b/NoSQL Injection/README.md
@@ -1,4 +1,4 @@
-# NoSQL injection
+# NoSQL Injection
 
 > NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren't using the traditional SQL syntax.
 

diff --git a/OAuth/README.md → OAuth Misconfiguration/README.md b/OAuth/README.md → OAuth Misconfiguration/README.md
@@ -1,4 +1,4 @@
-# OAuth
+# OAuth Misconfiguration
 
 ## Summary
 

diff --git a/SQL Injection/README.md b/SQL Injection/README.md
@@ -1,4 +1,4 @@
-# SQL injection
+# SQL Injection
 
 > A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.
 

diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md
@@ -1,4 +1,4 @@
-# Templates Injections
+# Server Side Template Injection
 
 > Template injection allows an attacker to include template code into an existing (or not) template. A template engine makes designing HTML pages easier by using static template files which at runtime replaces variables/placeholders with actual values in the HTML pages
 

diff --git a/Upload Insecure Files/README.md b/Upload Insecure Files/README.md
@@ -1,4 +1,4 @@
-# Upload
+# Upload Insecure Files
 
 > Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code.
 

diff --git a/Web Cache Deception/README.md b/Web Cache Deception/README.md
@@ -1,4 +1,4 @@
-# Web Cache Deception Attack
+# Web Cache Deception
 
 ## Tools
 

diff --git a/Web Sockets/README.md b/Web Sockets/README.md
@@ -1,17 +1,23 @@
-# Web Sockets Attacks
+# Web Sockets
 
 > The WebSocket protocol allows a bidirectional and full-duplex communication between a client and a server
 
 ## Summary
 
 * [Tools](#tools)
-* [Using ws-harness.py](#using-ws-harness-py)
+* [Exploit](#exploit)
+  * [Using ws-harness.py](#using-ws-harness-py)
+* [Cross-Site WebSocket Hijacking (CSWSH)](#cross-site-websocket-hijacking-cswsh)
+* [Labs](#labs)
+* [References](#references)
 
 ## Tools
 
 * [ws-harness.py](https://gist.githubusercontent.com/mfowl/ae5bc17f986d4fcc2023738127b06138/raw/e8e82467ade45998d46cef355fd9b57182c3e269/ws.harness.py)
 
-## Using ws-harness.py
+## Exploit
+
+### Using ws-harness.py
 
 Start ws-harness to listen on a web-socket, and specify a message template to send to the endpoint.
 

diff --git a/XPATH Injection/README.md b/XPATH Injection/README.md
@@ -1,4 +1,4 @@
-# XPATH injection
+# XPATH Injection
 
 > XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents.