Awesome

offsec_WE

my learning case to prepare OSWE exam

work in progress...

• Atmail Mail Server Appliance Case Study (CVE-2012-2593) <br>
• X-Cart Shopping Cart Case Study (CVE-2012-2570) <br>
• SolarWinds Orion Case Study - (CVE-2012-2577) <br>
• DELL SonicWall Scrutinizer Case Study - (CVE-2012-XXXX) <br>
• SolarWinds Storage Manager 5.10 - (CVE-2012-2576) <br>
• WhatsUp Gold 15.02 Case Study - (CVE-2012-2589) <br>
• Symantec Web Gateway Blind SQLi- (CVE-2012-2574) <br>
• AlienVault OSSIM - (CVE-2012-2594, CVE-2012-2599) <br>
• PHPNuke CMS Case Study - CVE - 2010-XXXXX <br>
• Symantec Web Gateway 5.0.3.18 RCE - CVE-2012-2953 <br>
• FreePBX Elastix Remote Code Execution - CVE - 2012-XXXX <br>

another resource: <br>

https://sarthaksaini.com/2019/awae/xss-rce.html <br> https://securitycafe.ro/2015/01/05/understanding-php-object-injection/ <br> https://github.com/wetw0rk/AWAE-PREP <br> https://github.com/timip/OSWE <br> https://www.youtube.com/watch?v=Xfbu-pQ1tIc&list=PLwvifWoWyqwqkmJ3ieTG6uXUSuid95L33 <br> https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project <br> https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#practices-application <br> https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Deserialization_Cheat_Sheet.md <br> https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project <br> https://techblog.mediaservice.net/2017/05/reliable-discovery-and-exploitation-of-java-deserialization-vulnerabilities/ <br> https://www.acunetix.com/blog/web-security-zone/deserialization-vulnerabilities-attacking-deserialization-in-js/ <br> https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ <br> https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet <br>