appsec.fyi · Sources

book.hacktricks.xyz

12 curated AppSec resources from book.hacktricks.xyz across 10 topics on appsec.fyi.

book.hacktricks.xyz

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-17.

SSRF 3 SSTI 2 API Sec 1 AuthZ 1 CSRF 1 Deser 1 GraphQL 1 IDOR 1 JWT 1 XXE 1
Date Added Resource Excerpt
2026-04-17 2026Basic .Net deserialization ObjectDataProvider gadget (HackTricks)DeserBasic .Net deserialization ObjectDataProvider gadget (HackTricks)
2026-04-11 2026Rate Limit Bypass - HackTricksAPI SecLibrary detailing rate limit bypass techniques. This resource explores methods including brute-forcing variations of endpoints like `/api/v3/sign-up`, inserting blank bytes, and modifying headers such as `X-Forwarded-For` to evade IP-based rate limiting. It also covers bypassing limits by altering user-agent and cookie headers, adding non-significant parameters, and leveraging HTTP/2 multiplexing and GraphQL batching. Advanced techniques like using WebSocket or gRPC streaming, sharding counters across multiple regions, and utilizing tools like PortSwigger's Turbo Intruder and `websocat` are also discussed.
2026-04-10 2026HackTricks: Jinja2 SSTISSTILibrary detailing Jinja2 Server-Side Template Injection (SSTI) vulnerabilities, including techniques for escaping sandboxes to access regular Python execution flow. It demonstrates methods to recover the `<class 'object'>` from accessible objects like `dict`, `request`, and `config`, enabling the retrieval of subclasses. This allows for operations such as reading and writing remote files using the `File` class, and executing arbitrary commands via `subprocess.Popen`. The library also covers techniques for abusing statement tags like `{% with %}` and `{% if %}` when `{{ ... }}` is blocked.
2026-04-10 2026HackTricks: SSTI (Server Side Template Injection)SSTIHackTricks: SSTI (Server Side Template Injection)
2026-04-10 2026HackTricks: JWT vulnerabilitiesJWTLibrary for exploring JSON Web Token (JWT) vulnerabilities, detailing techniques like signature bypass using `jwt_tool` and `SignSaboteur`, exploiting `alg=none`, and key confusion attacks that leverage RS256 with a public key as a shared secret. It also covers crafting JWE tokens by exploiting pac4j-jwt vulnerabilities and forging tokens using leaked encryption keys and user data.
2026-04-03 2026CSRF (Cross Site Request Forgery) | HackTricksCSRFReference detailing Cross-Site Request Forgery (CSRF) vulnerabilities, explaining how attackers exploit authenticated sessions to perform actions on behalf of users. It covers exploitation conditions, countermeasures like SameSite cookies, CORS, user verification, referrer checks, and CSRF tokens. The resource also highlights common anti-patterns, such as bypassing CSRF protections on non-POST verbs through method overrides and inadequate token validation tied to global pools.
2026-04-03 2026GraphQL | HackTricksGraphQLReference detailing GraphQL security vulnerabilities and enumeration techniques. It covers discovering GraphQL endpoints via common paths and identifying the engine with tools like `graphw00f`. The document explains how to leverage introspection with queries like `{__typename}` and `{__schema}` to map out schemas, identify data types, and extract sensitive information from exposed `flags` or `users` fields, recommending JSON for POST requests to prevent CSRF.
2026-04-03 2026IDOR - HackTricksAuthZIDORReference detailing Insecure Direct Object Reference (IDOR) and Broken Object Level Authorization (BOLA) vulnerabilities, which occur when applications expose user-controllable identifiers to access internal objects without proper authorization checks. The resource highlights exploitation techniques using parameters in paths, queries, JSON bodies, headers, and cookies, including examples with sequential IDs and common tools like `curl` and `ffuf`. It discusses real-world breaches such as the McHire applicant data exposure and the Carlsberg media leak, emphasizing that encoding does not inherently provide security and advocating for server-side object-level authorization and unpredictable identifiers like UUIDv4.
2025-08-14 2025XXE - XEE - XML External Entity - HackTricksXXELibrary detailing XML External Entity (XXE) vulnerabilities. It explains XML entities, DTDs, and custom/external entity definitions, highlighting how parsers can be exploited. The resource covers techniques for detecting XXE using parameter entities, including out-of-band detection methods and attempts to read local files like `/etc/passwd` and `C:\windows\system32\drivers\etc\hosts`. It also demonstrates advanced exfiltration strategies using malicious external DTDs to send file contents via HTTP requests or display them within error messages, and explores XXE for SSRF attacks against cloud metadata endpoints.
2025-08-14 2025URL Format Bypass - HackTricksSSRFReference detailing numerous URL format bypass techniques for SSRF, including localhost payloads with various encodings (decimal, octal, hex, mixed), domain confusion payloads, DNS rebind techniques leveraging tools like Singularity, and backslash trick exploits. It also covers domain parser bypasses and domain confusion payloads, mentioning the Burp extension Burp-Encode-IP and the recollapse tool for generating bypass variations.
2025-08-14 2025Cloud SSRFSSRFReference detailing Cloud SSRF vulnerabilities, specifically focusing on AWS EC2 metadata endpoints. It explains how to exploit the EC2 metadata service (IMDSv1 and IMDSv2) to extract sensitive information like IAM role credentials, instance details, and network configurations. The entry also covers SSRF techniques for ECS and EKS environments, including accessing container credentials via `/v2/credentials/` and utilizing Pod Identity in EKS by reading environment variables and service account token files.
2025-08-14 2025SSRF (Server Side Request Forgery) - HackTricksSSRFThe content is about SSRF (Server Side Request Forgery) and is part of the HackTricks series. SSRF is a vulnerability that allows an attacker to make requests on behalf of the server, potentially accessing internal systems or performing malicious actions. The HackTricks series likely provides information on exploiting and defending against SSRF attacks.