Search Results: exploit

Found 164 Skills

Security & Complianceyaklang/hack-skills

business-logic-vulnerabilities

Business logic vulnerability playbook. Use when reasoning about workflows, race conditions, price manipulation, coupon abuse, state machines, and multi-step authorization gaps.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

expression-language-injection

Expression Language injection playbook. Use when Java EL, SpEL, OGNL, or MVEL expressions may evaluate attacker-controlled input in Spring, Struts2, Confluence, or similar frameworks.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

upload-insecure-files

Insecure file upload playbook. Use when testing upload validation, storage paths, processing pipelines, preview behavior, overwrite risks, and upload-to-RCE chains.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

nosql-injection

NoSQL injection playbook. Use when MongoDB-style operators, JSON query objects, flexible search filters, or backend query DSLs may allow data or logic abuse.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

kubernetes-pentesting

Kubernetes penetration testing playbook. Use when targeting Kubernetes clusters via API server, RBAC enumeration, service account abuse, etcd access, Kubelet API, pod escape, cloud-specific metadata, admission webhook bypass, and registry secrets.

🇺🇸|EnglishTranslated

Security & Complianceproffesor-for-testing/age...

qe-pentest-validation

AQE skill

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

open-redirect

Open redirect playbook. Use when URL parameters, form actions, or JavaScript sinks control navigation targets and may redirect users to attacker-controlled destinations.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

unauthorized-access-common-services

Unauthorized access playbook for common exposed services. Use when Redis, Rsync, PHP-FPM, AJP/Ghostcat, Hadoop YARN, H2 Console, or similar management interfaces are exposed without authentication.

🇺🇸|EnglishTranslated