gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 07:40:34 -08:00
Code Issues Packages Projects Releases Wiki Activity

Normalize page header for CSRF, DNS, DOS, Dependencies

Browse Source
This commit is contained in:
Swissky
2024-11-10 11:18:46 +01:00
parent d80f73a829
commit 2deb20a6f1
14 changed files with 104 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Dependency Confusion/README.md
View File

@@ -5,21 +5,22 @@
## Summary
* [Tools](#tools)
* [Exploit](#exploitation)
* [Methodology](#methodology)
* [NPM Example](#npm-example)
* [References](#references)
## Tools
* [Confused](https://github.com/visma-prodsec/confused)
* [visma-prodsec/confused](https://github.com/visma-prodsec/confused) - Tool to check for dependency confusion vulnerabilities in multiple package management systems
## Exploit
## Methodology
Look for `npm`, `pip`, `gem` packages, the methodology is the same : you register a public package with the same name of private one used by the company and then you wait for it to be used.
### NPM example
### NPM Example
* List all the packages (ie: package.json, composer.json, ...)
* Find the package missing from https://www.npmjs.com/