From ff6999383e6ab0c3a62cd328ee6b00ec9ba17a46 Mon Sep 17 00:00:00 2001 From: RRudder <96507400+RRudder@users.noreply.github.com> Date: Wed, 15 Oct 2025 16:49:35 +1000 Subject: [PATCH] Fixing markdown rendering of HTTP within code blocks Replaces all instances of HTTP with http so that the markdown renders correctly --- .../cross_tenant_pii_leakage_exposure/template.md | 2 +- .../sensitive_information_disclosure/key_leak/template.md | 2 +- .../exposed_sensitive_android_intent/template.md | 2 +- .../exposed_sensitive_ios_url_scheme/template.md | 2 +- .../broken_access_control/privilege_escalation/template.md | 2 +- submissions/description/broken_access_control/template.md | 2 +- .../failure_to_invalidate_session/on_logout/template.md | 2 +- .../on_logout_server_side_only/template.md | 2 +- .../template.md | 2 +- .../two_fa_bypass/template.md | 2 +- .../weak_login_function/template.md | 2 +- .../action_specific/authenticated_action/template.md | 2 +- .../action_specific/logout/template.md | 2 +- .../action_specific/template.md | 2 +- .../action_specific/unauthenticated_action/template.md | 2 +- .../application_wide/template.md | 2 +- .../csrf_token_not_unique_per_request/template.md | 2 +- .../flash_based/high_impact/template.md | 2 +- .../flash_based/low_impact/template.md | 2 +- .../cross_site_request_forgery_csrf/flash_based/template.md | 2 +- .../description/cross_site_request_forgery_csrf/template.md | 2 +- .../cross_site_scripting_xss/cookie_based/template.md | 2 +- .../cross_site_scripting_xss/flash_based/template.md | 2 +- .../cross_site_scripting_xss/ie_only/template.md | 2 +- .../off_domain/data_uri/template.md | 2 +- .../cross_site_scripting_xss/off_domain/template.md | 2 +- .../cross_site_scripting_xss/referer/template.md | 2 +- .../cross_site_scripting_xss/reflected/non_self/template.md | 2 +- .../cross_site_scripting_xss/reflected/template.md | 2 +- .../stored/non_admin_to_anyone/template.md | 2 +- .../privileged_user_to_no_privilege_elevation/template.md | 2 +- .../privileged_user_to_privilege_elevation/template.md | 2 +- .../description/cross_site_scripting_xss/stored/template.md | 2 +- .../cross_site_scripting_xss/stored/url_based/template.md | 2 +- .../description/cross_site_scripting_xss/template.md | 2 +- .../cross_site_scripting_xss/trace_method/template.md | 2 +- .../cross_site_scripting_xss/universal_uxss/template.md | 2 +- .../password_disclosure/template.md | 2 +- .../critically_sensitive_data/private_api_keys/template.md | 2 +- .../critically_sensitive_data/template.md | 2 +- .../disclosure_of_secrets/data_traffic_spam/template.md | 2 +- .../disclosure_of_secrets/pay_per_use_abuse/template.md | 2 +- .../non_sensitive_token/template.md | 2 +- .../sensitive_token/template.md | 2 +- .../via_localstorage_sessionstorage/template.md | 2 +- .../description/sensitive_data_exposure/xssi/template.md | 2 +- .../cache_deception/template.md | 2 +- .../cache_poisoning/template.md | 2 +- .../excessively_privileged_user_dba/template.md | 2 +- .../dbms_misconfiguration/template.md | 2 +- .../email_verification_bypass/template.md | 2 +- .../change_email_address/template.md | 2 +- .../change_password/template.md | 2 +- .../delete_account/template.md | 2 +- .../lack_of_password_confirmation/manage_two_fa/template.md | 2 +- .../lack_of_password_confirmation/template.md | 2 +- .../external_dns_query_only/template.md | 2 +- .../external_low_impact/template.md | 2 +- .../internal_high_impact/template.md | 2 +- .../internal_scan_and_or_medium_impact/template.md | 2 +- .../server_side_request_forgery_ssrf/template.md | 2 +- .../unsafe_cross_origin_resource_sharing/template.md | 6 +++--- .../file_extension_filter_bypass/template.md | 4 ++-- .../unsafe_file_upload/template.md | 4 ++-- .../content_spoofing/email_html_injection/template.md | 2 +- .../template.md | 2 +- .../external_authentication_injection/template.md | 2 +- .../template.md | 2 +- .../content_spoofing/homograph_idn_based/template.md | 2 +- .../content_spoofing/html_content_injection/template.md | 2 +- .../content_spoofing/iframe_injection/template.md | 2 +- .../server_side_injection/content_spoofing/rtlo/template.md | 2 +- .../server_side_injection/content_spoofing/template.md | 2 +- .../content_spoofing/text_injection/template.md | 2 +- .../outdated_software_version/template.md | 2 +- .../using_components_with_known_vulnerabilities/template.md | 2 +- 76 files changed, 80 insertions(+), 80 deletions(-) diff --git a/submissions/description/ai_application_security/sensitive_information_disclosure/cross_tenant_pii_leakage_exposure/template.md b/submissions/description/ai_application_security/sensitive_information_disclosure/cross_tenant_pii_leakage_exposure/template.md index 1cb23034..7cc5c631 100644 --- a/submissions/description/ai_application_security/sensitive_information_disclosure/cross_tenant_pii_leakage_exposure/template.md +++ b/submissions/description/ai_application_security/sensitive_information_disclosure/cross_tenant_pii_leakage_exposure/template.md @@ -9,7 +9,7 @@ This vulnerability can lead to reputational and financial damage of the company 1. Log in to the AI system with credentials for Tenant A 1. Send the following request targeting the data or resources belonging to Tenant B: -```HTTP +```http {HTTP request} ``` diff --git a/submissions/description/ai_application_security/sensitive_information_disclosure/key_leak/template.md b/submissions/description/ai_application_security/sensitive_information_disclosure/key_leak/template.md index 61f6011c..34da0ca6 100644 --- a/submissions/description/ai_application_security/sensitive_information_disclosure/key_leak/template.md +++ b/submissions/description/ai_application_security/sensitive_information_disclosure/key_leak/template.md @@ -15,7 +15,7 @@ Unauthorized access to critical systems and data, potential compromise of sensit 1. Send the following request which demonstrates the leaked keys are valid: -```HTTP +```http {HTTP request} ``` diff --git a/submissions/description/broken_access_control/exposed_sensitive_android_intent/template.md b/submissions/description/broken_access_control/exposed_sensitive_android_intent/template.md index 81fe3d70..e1dcbbe0 100644 --- a/submissions/description/broken_access_control/exposed_sensitive_android_intent/template.md +++ b/submissions/description/broken_access_control/exposed_sensitive_android_intent/template.md @@ -12,7 +12,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Log in to an account that should not be able to perform {{action}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/broken_access_control/exposed_sensitive_ios_url_scheme/template.md b/submissions/description/broken_access_control/exposed_sensitive_ios_url_scheme/template.md index ef6be7ff..5797f0ca 100644 --- a/submissions/description/broken_access_control/exposed_sensitive_ios_url_scheme/template.md +++ b/submissions/description/broken_access_control/exposed_sensitive_ios_url_scheme/template.md @@ -13,7 +13,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Log in to an account that should not be able to perform {{action}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/broken_access_control/privilege_escalation/template.md b/submissions/description/broken_access_control/privilege_escalation/template.md index 9061d8e2..7d4d516e 100644 --- a/submissions/description/broken_access_control/privilege_escalation/template.md +++ b/submissions/description/broken_access_control/privilege_escalation/template.md @@ -11,7 +11,7 @@ The impact of this vulnerability can vary in severity depending on the degree of 1. Log in to User Account A 1. Using the HTTP interception proxy, forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/broken_access_control/template.md b/submissions/description/broken_access_control/template.md index fddc34d3..15de4056 100644 --- a/submissions/description/broken_access_control/template.md +++ b/submissions/description/broken_access_control/template.md @@ -11,7 +11,7 @@ Broken access controls can lead to financial loss through an attacker accessing, 1. Log in to an account that should not be able to perform {{action}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_logout/template.md b/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_logout/template.md index 6f4418a9..fceb3076 100644 --- a/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_logout/template.md +++ b/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_logout/template.md @@ -17,7 +17,7 @@ Failure to invalidate a session on logout may also lead to data theft through th 1. Log out of the user account in the browser 1. In the HTTP interception proxy, resend the following request to the endpoint {{URL}}: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_logout_server_side_only/template.md b/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_logout_server_side_only/template.md index 490ba793..d0b4be49 100644 --- a/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_logout_server_side_only/template.md +++ b/submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/on_logout_server_side_only/template.md @@ -17,7 +17,7 @@ Failure to invalidate a session on logout may also lead to data theft through th 1. Log out of the user account in the browser 1. In the HTTP interception proxy, resend the captured request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/broken_authentication_and_session_management/template.md b/submissions/description/broken_authentication_and_session_management/template.md index 580f3fd0..72726231 100644 --- a/submissions/description/broken_authentication_and_session_management/template.md +++ b/submissions/description/broken_authentication_and_session_management/template.md @@ -12,7 +12,7 @@ Broken authentication and session management could lead to data theft through th 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/broken_authentication_and_session_management/two_fa_bypass/template.md b/submissions/description/broken_authentication_and_session_management/two_fa_bypass/template.md index 57d2e09a..629194fc 100644 --- a/submissions/description/broken_authentication_and_session_management/two_fa_bypass/template.md +++ b/submissions/description/broken_authentication_and_session_management/two_fa_bypass/template.md @@ -14,7 +14,7 @@ Bypassing 2FA mechanisms could lead to data theft through the attacker’s abili 1. Intercept the 2FA request using the HTTP interception proxy 1. Modify the body of the request (as below) and forward it to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/broken_authentication_and_session_management/weak_login_function/template.md b/submissions/description/broken_authentication_and_session_management/weak_login_function/template.md index 0bc402c1..2e22bae9 100644 --- a/submissions/description/broken_authentication_and_session_management/weak_login_function/template.md +++ b/submissions/description/broken_authentication_and_session_management/weak_login_function/template.md @@ -10,7 +10,7 @@ Weak login function can lead to indirect financial loss through an attacker acce 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_request_forgery_csrf/action_specific/authenticated_action/template.md b/submissions/description/cross_site_request_forgery_csrf/action_specific/authenticated_action/template.md index 6b60933d..230a8806 100644 --- a/submissions/description/cross_site_request_forgery_csrf/action_specific/authenticated_action/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/action_specific/authenticated_action/template.md @@ -17,7 +17,7 @@ CSRF could lead to data theft through the attacker’s ability to manipulate dat and forward the request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_request_forgery_csrf/action_specific/logout/template.md b/submissions/description/cross_site_request_forgery_csrf/action_specific/logout/template.md index 912f04f2..cfb6eed9 100644 --- a/submissions/description/cross_site_request_forgery_csrf/action_specific/logout/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/action_specific/logout/template.md @@ -17,7 +17,7 @@ CSRF could lead to reputational damage for the business through the impact to cu and forward the request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_request_forgery_csrf/action_specific/template.md b/submissions/description/cross_site_request_forgery_csrf/action_specific/template.md index fba0a65c..518c2abd 100644 --- a/submissions/description/cross_site_request_forgery_csrf/action_specific/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/action_specific/template.md @@ -22,7 +22,7 @@ CSRF could lead to data theft through the attacker’s ability to manipulate dat and forward the request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_request_forgery_csrf/action_specific/unauthenticated_action/template.md b/submissions/description/cross_site_request_forgery_csrf/action_specific/unauthenticated_action/template.md index fdb75eee..c57ea914 100644 --- a/submissions/description/cross_site_request_forgery_csrf/action_specific/unauthenticated_action/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/action_specific/unauthenticated_action/template.md @@ -17,7 +17,7 @@ CSRF could lead to reputational damage for the business through the impact to cu and forward the request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_request_forgery_csrf/application_wide/template.md b/submissions/description/cross_site_request_forgery_csrf/application_wide/template.md index 6a4c3163..63e7f85b 100644 --- a/submissions/description/cross_site_request_forgery_csrf/application_wide/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/application_wide/template.md @@ -17,7 +17,7 @@ CSRF could lead to data theft through the attacker’s ability to manipulate dat and forward the request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_request_forgery_csrf/csrf_token_not_unique_per_request/template.md b/submissions/description/cross_site_request_forgery_csrf/csrf_token_not_unique_per_request/template.md index 8c5c7a0d..44fdc9fa 100644 --- a/submissions/description/cross_site_request_forgery_csrf/csrf_token_not_unique_per_request/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/csrf_token_not_unique_per_request/template.md @@ -20,7 +20,7 @@ CSRF could lead to data theft through the attacker’s ability to manipulate dat and forward the request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_request_forgery_csrf/flash_based/high_impact/template.md b/submissions/description/cross_site_request_forgery_csrf/flash_based/high_impact/template.md index a1d6d3ac..e1a5963f 100644 --- a/submissions/description/cross_site_request_forgery_csrf/flash_based/high_impact/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/flash_based/high_impact/template.md @@ -17,7 +17,7 @@ High impact CSRF could lead to data modification or theft leading to indirect fi and forward the request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_request_forgery_csrf/flash_based/low_impact/template.md b/submissions/description/cross_site_request_forgery_csrf/flash_based/low_impact/template.md index 1557ff24..74222bd3 100644 --- a/submissions/description/cross_site_request_forgery_csrf/flash_based/low_impact/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/flash_based/low_impact/template.md @@ -17,7 +17,7 @@ CSRF could lead to data theft through the attacker’s ability to manipulate dat and forward the request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_request_forgery_csrf/flash_based/template.md b/submissions/description/cross_site_request_forgery_csrf/flash_based/template.md index cea09c52..1ec0cd3b 100644 --- a/submissions/description/cross_site_request_forgery_csrf/flash_based/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/flash_based/template.md @@ -17,7 +17,7 @@ CSRF could lead to data theft through the attacker’s ability to manipulate dat and forward the request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_request_forgery_csrf/template.md b/submissions/description/cross_site_request_forgery_csrf/template.md index 1d5833c5..77d61d2c 100644 --- a/submissions/description/cross_site_request_forgery_csrf/template.md +++ b/submissions/description/cross_site_request_forgery_csrf/template.md @@ -22,7 +22,7 @@ CSRF could lead to data theft through the attacker’s ability to manipulate dat and forward the request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/cookie_based/template.md b/submissions/description/cross_site_scripting_xss/cookie_based/template.md index 858a3c1f..014de93b 100644 --- a/submissions/description/cross_site_scripting_xss/cookie_based/template.md +++ b/submissions/description/cross_site_scripting_xss/cookie_based/template.md @@ -13,7 +13,7 @@ XSS could lead to data theft through the attacker’s ability to manipulate data 1. Update the local storage on your browser to contain the cookie: {{parameter}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/flash_based/template.md b/submissions/description/cross_site_scripting_xss/flash_based/template.md index 96577b40..8072c6aa 100644 --- a/submissions/description/cross_site_scripting_xss/flash_based/template.md +++ b/submissions/description/cross_site_scripting_xss/flash_based/template.md @@ -13,7 +13,7 @@ Flash-based XSS could lead to data theft through the attacker’s ability to man 1. Upload the following flash file: {{.SWF}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/ie_only/template.md b/submissions/description/cross_site_scripting_xss/ie_only/template.md index 4cc08d17..d226e88c 100644 --- a/submissions/description/cross_site_scripting_xss/ie_only/template.md +++ b/submissions/description/cross_site_scripting_xss/ie_only/template.md @@ -10,7 +10,7 @@ XSS could result in reputational damage for the business through the impact to c 1. Use an Internet Explorer browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/off_domain/data_uri/template.md b/submissions/description/cross_site_scripting_xss/off_domain/data_uri/template.md index c7d9906c..76ac3036 100644 --- a/submissions/description/cross_site_scripting_xss/off_domain/data_uri/template.md +++ b/submissions/description/cross_site_scripting_xss/off_domain/data_uri/template.md @@ -13,7 +13,7 @@ XSS could lead to data theft through the attacker’s ability to manipulate data 1. Observe that a data URI is being used to request data 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/off_domain/template.md b/submissions/description/cross_site_scripting_xss/off_domain/template.md index d748ff65..5a789d8d 100644 --- a/submissions/description/cross_site_scripting_xss/off_domain/template.md +++ b/submissions/description/cross_site_scripting_xss/off_domain/template.md @@ -12,7 +12,7 @@ XSS could lead to data theft through the attacker’s ability to manipulate data 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/referer/template.md b/submissions/description/cross_site_scripting_xss/referer/template.md index c68e5622..3968d3c0 100644 --- a/submissions/description/cross_site_scripting_xss/referer/template.md +++ b/submissions/description/cross_site_scripting_xss/referer/template.md @@ -12,7 +12,7 @@ XSS could lead to data theft through the attacker’s ability to manipulate data 1. Use a browser to navigate to: {{URL}} 1. Append the following JavaScript payload to the end of the Referrer header and forward the following request: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/reflected/non_self/template.md b/submissions/description/cross_site_scripting_xss/reflected/non_self/template.md index 18831a85..b6f25de1 100644 --- a/submissions/description/cross_site_scripting_xss/reflected/non_self/template.md +++ b/submissions/description/cross_site_scripting_xss/reflected/non_self/template.md @@ -12,7 +12,7 @@ Reflected XSS could lead to data theft through the attacker’s ability to manip 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP Request +```http Request {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/reflected/template.md b/submissions/description/cross_site_scripting_xss/reflected/template.md index 3a7cd298..efce1251 100644 --- a/submissions/description/cross_site_scripting_xss/reflected/template.md +++ b/submissions/description/cross_site_scripting_xss/reflected/template.md @@ -12,7 +12,7 @@ Reflected XSS could lead to data theft through the attacker’s ability to manip 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md b/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md index 76d00ccf..7416bb37 100644 --- a/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md +++ b/submissions/description/cross_site_scripting_xss/stored/non_admin_to_anyone/template.md @@ -14,7 +14,7 @@ Stored XSS could lead to data theft through the attacker’s ability to manipula 1. Navigate to {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/stored/privileged_user_to_no_privilege_elevation/template.md b/submissions/description/cross_site_scripting_xss/stored/privileged_user_to_no_privilege_elevation/template.md index 0c5df807..447abfc7 100644 --- a/submissions/description/cross_site_scripting_xss/stored/privileged_user_to_no_privilege_elevation/template.md +++ b/submissions/description/cross_site_scripting_xss/stored/privileged_user_to_no_privilege_elevation/template.md @@ -12,7 +12,7 @@ Stored XSS could lead to data theft through the attacker’s ability to manipula 1. Log into the application at with an account (User A) 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/stored/privileged_user_to_privilege_elevation/template.md b/submissions/description/cross_site_scripting_xss/stored/privileged_user_to_privilege_elevation/template.md index 13b3f1ab..de040b07 100644 --- a/submissions/description/cross_site_scripting_xss/stored/privileged_user_to_privilege_elevation/template.md +++ b/submissions/description/cross_site_scripting_xss/stored/privileged_user_to_privilege_elevation/template.md @@ -12,7 +12,7 @@ Stored XSS could lead to data theft through the attacker’s ability to manipula 1. Log into the application at with the privileged user account (User B) 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/stored/template.md b/submissions/description/cross_site_scripting_xss/stored/template.md index e37b4400..1d845cfb 100644 --- a/submissions/description/cross_site_scripting_xss/stored/template.md +++ b/submissions/description/cross_site_scripting_xss/stored/template.md @@ -12,7 +12,7 @@ Stored XSS could lead to data theft through the attacker’s ability to manipula 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/stored/url_based/template.md b/submissions/description/cross_site_scripting_xss/stored/url_based/template.md index 089d0b2f..9b37edf7 100644 --- a/submissions/description/cross_site_scripting_xss/stored/url_based/template.md +++ b/submissions/description/cross_site_scripting_xss/stored/url_based/template.md @@ -12,7 +12,7 @@ Stored XSS could lead to data theft through the attacker’s ability to manipula 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/template.md b/submissions/description/cross_site_scripting_xss/template.md index 73e64fd6..aa6e84bd 100644 --- a/submissions/description/cross_site_scripting_xss/template.md +++ b/submissions/description/cross_site_scripting_xss/template.md @@ -12,7 +12,7 @@ XSS could lead to data theft through the attacker’s ability to manipulate data 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/trace_method/template.md b/submissions/description/cross_site_scripting_xss/trace_method/template.md index 10855d27..225fe867 100644 --- a/submissions/description/cross_site_scripting_xss/trace_method/template.md +++ b/submissions/description/cross_site_scripting_xss/trace_method/template.md @@ -12,7 +12,7 @@ XSS could lead to data theft through the attacker’s ability to manipulate data 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/cross_site_scripting_xss/universal_uxss/template.md b/submissions/description/cross_site_scripting_xss/universal_uxss/template.md index 9c7caba1..b4138ef2 100644 --- a/submissions/description/cross_site_scripting_xss/universal_uxss/template.md +++ b/submissions/description/cross_site_scripting_xss/universal_uxss/template.md @@ -12,7 +12,7 @@ XSS could lead to data theft through the attacker’s ability to manipulate data 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/sensitive_data_exposure/critically_sensitive_data/password_disclosure/template.md b/submissions/description/sensitive_data_exposure/critically_sensitive_data/password_disclosure/template.md index 9d3bc742..1c3ab19a 100644 --- a/submissions/description/sensitive_data_exposure/critically_sensitive_data/password_disclosure/template.md +++ b/submissions/description/sensitive_data_exposure/critically_sensitive_data/password_disclosure/template.md @@ -11,7 +11,7 @@ Disclosure of secrets can lead to indirect financial loss through an attacker ac 1. Observe and copy the password value that is exposed 1. Using the HTTP interception proxy, forward the following request: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/sensitive_data_exposure/critically_sensitive_data/private_api_keys/template.md b/submissions/description/sensitive_data_exposure/critically_sensitive_data/private_api_keys/template.md index 42a09029..7b83f2ff 100644 --- a/submissions/description/sensitive_data_exposure/critically_sensitive_data/private_api_keys/template.md +++ b/submissions/description/sensitive_data_exposure/critically_sensitive_data/private_api_keys/template.md @@ -13,7 +13,7 @@ This could also result in reputational damage for the business through the impac 1. Observe and copy the private API key that is exposed 1. Using the HTTP interception proxy, forward the following request: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/sensitive_data_exposure/critically_sensitive_data/template.md b/submissions/description/sensitive_data_exposure/critically_sensitive_data/template.md index 6749f70b..679f3ec9 100644 --- a/submissions/description/sensitive_data_exposure/critically_sensitive_data/template.md +++ b/submissions/description/sensitive_data_exposure/critically_sensitive_data/template.md @@ -13,7 +13,7 @@ This could also result in reputational damage for the business through the impac 1. Observe and copy the critical sensitive data that is exposed 1. Using the HTTP interception proxy, forward the following request: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/sensitive_data_exposure/disclosure_of_secrets/data_traffic_spam/template.md b/submissions/description/sensitive_data_exposure/disclosure_of_secrets/data_traffic_spam/template.md index dead9aa4..32052889 100644 --- a/submissions/description/sensitive_data_exposure/disclosure_of_secrets/data_traffic_spam/template.md +++ b/submissions/description/sensitive_data_exposure/disclosure_of_secrets/data_traffic_spam/template.md @@ -10,7 +10,7 @@ Disclosure of secrets can lead to indirect financial loss through an attacker ac 1. Use a browser to navigate to: {{URL}} 1 Generate data traffic by forwarding the following request multiple times to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/sensitive_data_exposure/disclosure_of_secrets/pay_per_use_abuse/template.md b/submissions/description/sensitive_data_exposure/disclosure_of_secrets/pay_per_use_abuse/template.md index 5b019944..20c91370 100644 --- a/submissions/description/sensitive_data_exposure/disclosure_of_secrets/pay_per_use_abuse/template.md +++ b/submissions/description/sensitive_data_exposure/disclosure_of_secrets/pay_per_use_abuse/template.md @@ -14,7 +14,7 @@ Disclosure of secrets can lead to direct financial loss through an attacker maki 1 Send the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/non_sensitive_token/template.md b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/non_sensitive_token/template.md index d8b4aad6..eff681f5 100644 --- a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/non_sensitive_token/template.md +++ b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/non_sensitive_token/template.md @@ -10,7 +10,7 @@ This vulnerability can lead to data theft through the attacker’s ability to ac 1. Use a browser to navigate to: {{URL}} 1. Using the HTTP interception proxy, forward the following request: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/sensitive_token/template.md b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/sensitive_token/template.md index b5b3579c..b26dfd55 100644 --- a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/sensitive_token/template.md +++ b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/sensitive_token/template.md @@ -10,7 +10,7 @@ This vulnerability can lead to data theft through the attacker’s ability to ma 1. Use a browser to navigate to: {{URL}} 1. Using the HTTP interception proxy, forward the following request: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/template.md b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/template.md index aaa09c0e..60cdaa00 100644 --- a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/template.md +++ b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/template.md @@ -10,7 +10,7 @@ This vulnerability can lead to data theft through the attacker’s ability to ac 1. Use a browser to navigate to: {{URL}} 1. Using the HTTP interception proxy, forward the following request: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/sensitive_data_exposure/xssi/template.md b/submissions/description/sensitive_data_exposure/xssi/template.md index c2afea4f..7c439c9b 100644 --- a/submissions/description/sensitive_data_exposure/xssi/template.md +++ b/submissions/description/sensitive_data_exposure/xssi/template.md @@ -10,7 +10,7 @@ XSSI could lead to data theft and exfiltration through the attacker’s ability 1. Use a browser to navigate to: {{URL}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/cache_deception/template.md b/submissions/description/server_security_misconfiguration/cache_deception/template.md index f9672466..904d5644 100644 --- a/submissions/description/server_security_misconfiguration/cache_deception/template.md +++ b/submissions/description/server_security_misconfiguration/cache_deception/template.md @@ -11,7 +11,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Intercept the request in the HTTP interception Proxy and change HTTP header: {{value}} to {{value}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/cache_poisoning/template.md b/submissions/description/server_security_misconfiguration/cache_poisoning/template.md index 0a2b8318..f73a23d2 100644 --- a/submissions/description/server_security_misconfiguration/cache_poisoning/template.md +++ b/submissions/description/server_security_misconfiguration/cache_poisoning/template.md @@ -13,7 +13,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Intercept the request in the HTTP interception Proxy and change HTTP header: {{value}} to {{value}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/dbms_misconfiguration/excessively_privileged_user_dba/template.md b/submissions/description/server_security_misconfiguration/dbms_misconfiguration/excessively_privileged_user_dba/template.md index 5dae2a0c..a025e01c 100644 --- a/submissions/description/server_security_misconfiguration/dbms_misconfiguration/excessively_privileged_user_dba/template.md +++ b/submissions/description/server_security_misconfiguration/dbms_misconfiguration/excessively_privileged_user_dba/template.md @@ -14,7 +14,7 @@ DBMS misconfigurations can lead to reputational damage for the business due to a 1. Navigate to the vulnerable functionality {{value}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/dbms_misconfiguration/template.md b/submissions/description/server_security_misconfiguration/dbms_misconfiguration/template.md index c3a47d57..d1b6ba65 100644 --- a/submissions/description/server_security_misconfiguration/dbms_misconfiguration/template.md +++ b/submissions/description/server_security_misconfiguration/dbms_misconfiguration/template.md @@ -12,7 +12,7 @@ DBMS misconfigurations can lead to reputational damage for the business due to a 1. Navigate to the vulnerable functionality {{value}} 1. Forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/email_verification_bypass/template.md b/submissions/description/server_security_misconfiguration/email_verification_bypass/template.md index 824f4f69..97e4d66b 100644 --- a/submissions/description/server_security_misconfiguration/email_verification_bypass/template.md +++ b/submissions/description/server_security_misconfiguration/email_verification_bypass/template.md @@ -11,7 +11,7 @@ The impact of this vulnerability can lead to an attacker creating multiple fake 1. Register User Account A 1. Using the HTTP interception proxy, intercept the following request: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/change_email_address/template.md b/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/change_email_address/template.md index 401e5f72..a4e5e9d4 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/change_email_address/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/change_email_address/template.md @@ -14,7 +14,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Intercept the request in a Web Proxy 1. Adjust and forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/change_password/template.md b/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/change_password/template.md index 3b11a0c5..a633fcf3 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/change_password/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/change_password/template.md @@ -14,7 +14,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Intercept the request in a Web Proxy 1. Adjust and forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/delete_account/template.md b/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/delete_account/template.md index 873f54ee..0cc6c15e 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/delete_account/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/delete_account/template.md @@ -14,7 +14,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Intercept the request in a Web Proxy 1. Adjust and forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/manage_two_fa/template.md b/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/manage_two_fa/template.md index 9d690294..f4636043 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/manage_two_fa/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/manage_two_fa/template.md @@ -14,7 +14,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Intercept the request in a Web Proxy 1. Adjust and forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/template.md b/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/template.md index aac69b83..8275a32c 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_password_confirmation/template.md @@ -12,7 +12,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Intercept the request in a Web Proxy 1. Adjust and forward the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_dns_query_only/template.md b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_dns_query_only/template.md index 1fc57fd9..276789e7 100644 --- a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_dns_query_only/template.md +++ b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_dns_query_only/template.md @@ -10,7 +10,7 @@ External DNS-only SSRF can result in the application and internal network being 1. Use a browser to log in and navigate to: {{URL}} 1. Forward the following payload to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_low_impact/template.md b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_low_impact/template.md index 1368eecb..59eea21c 100644 --- a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_low_impact/template.md +++ b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/external_low_impact/template.md @@ -10,7 +10,7 @@ External SSRF can lead to data theft and through an attacker accessing, deleting 1. Use a browser to log in and navigate to: {{URL}} 1. Forward the following payload to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_high_impact/template.md b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_high_impact/template.md index 4f7edab5..92dbc9a2 100644 --- a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_high_impact/template.md +++ b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_high_impact/template.md @@ -10,7 +10,7 @@ SSRF can lead to data theft and through an attacker accessing, deleting, or modi 1. Use a browser to log in and navigate to: {{URL}} 1. Forward the following payload to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_scan_and_or_medium_impact/template.md b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_scan_and_or_medium_impact/template.md index 0fae50e4..cc837a43 100644 --- a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_scan_and_or_medium_impact/template.md +++ b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/internal_scan_and_or_medium_impact/template.md @@ -10,7 +10,7 @@ SSRF can lead to data theft and through an attacker accessing, deleting, or modi 1. Use a browser to log in and navigate to: {{URL}} 1. Forward the following payload to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/template.md b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/template.md index acc911f9..837cd900 100644 --- a/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/template.md +++ b/submissions/description/server_security_misconfiguration/server_side_request_forgery_ssrf/template.md @@ -12,7 +12,7 @@ SSRF can lead to data theft and through an attacker accessing, deleting, or modi 1. Use a browser to log in and navigate to: {{URL}} 1. Forward the following payload to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_security_misconfiguration/unsafe_cross_origin_resource_sharing/template.md b/submissions/description/server_security_misconfiguration/unsafe_cross_origin_resource_sharing/template.md index 0f8249c7..aec50139 100644 --- a/submissions/description/server_security_misconfiguration/unsafe_cross_origin_resource_sharing/template.md +++ b/submissions/description/server_security_misconfiguration/unsafe_cross_origin_resource_sharing/template.md @@ -10,17 +10,17 @@ Unsafe CORS can lead to reputational damage for the business due to a loss in co 1. With the HTTP intercept proxy turned on, use a browser to navigate to: {{URL}} 1. In the HTTP intercept proxy, observe the following header: -```HTTP +```http {{Header}} ``` 1. The following request and response pair demonstrates the unsafe CORS: -```HTTP +```http {{Request}} ``` -```HTTP +```http {{Response}} ``` diff --git a/submissions/description/server_security_misconfiguration/unsafe_file_upload/file_extension_filter_bypass/template.md b/submissions/description/server_security_misconfiguration/unsafe_file_upload/file_extension_filter_bypass/template.md index 9d281c7c..0b0b228c 100644 --- a/submissions/description/server_security_misconfiguration/unsafe_file_upload/file_extension_filter_bypass/template.md +++ b/submissions/description/server_security_misconfiguration/unsafe_file_upload/file_extension_filter_bypass/template.md @@ -10,13 +10,13 @@ Unsafe file upload can lead to reputational damage for the business due to a los 1. With the HTTP intercept proxy turned on, use a browser to navigate to: {{URL}} 1. Intercept the request in the HTTP intercept proxy: -```HTTP +```http {{Request}} ``` 1. Change the following parameter to append a different value to the extension, as seen below: -```HTTP +```http {{Request}} ``` diff --git a/submissions/description/server_security_misconfiguration/unsafe_file_upload/template.md b/submissions/description/server_security_misconfiguration/unsafe_file_upload/template.md index 8f20b198..afcc302b 100644 --- a/submissions/description/server_security_misconfiguration/unsafe_file_upload/template.md +++ b/submissions/description/server_security_misconfiguration/unsafe_file_upload/template.md @@ -10,13 +10,13 @@ Unsafe file upload can lead to reputational damage for the business due to a los 1. With the HTTP intercept proxy turned on, use a browser to navigate to: {{URL}} 1. Intercept the request in the HTTP intercept proxy: -```HTTP +```http {{Request}} ``` 1. Change the following parameter to append a different value to the extension, as seen below: -```HTTP +```http {{Request}} ``` diff --git a/submissions/description/server_side_injection/content_spoofing/email_html_injection/template.md b/submissions/description/server_side_injection/content_spoofing/email_html_injection/template.md index b823c496..99ec4720 100644 --- a/submissions/description/server_side_injection/content_spoofing/email_html_injection/template.md +++ b/submissions/description/server_side_injection/content_spoofing/email_html_injection/template.md @@ -14,7 +14,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Insert {{payload}} in {{parameter}} and forward or replay the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_side_injection/content_spoofing/email_hyperlink_injection_based_on_email_provider/template.md b/submissions/description/server_side_injection/content_spoofing/email_hyperlink_injection_based_on_email_provider/template.md index 5af75b70..169b5530 100644 --- a/submissions/description/server_side_injection/content_spoofing/email_hyperlink_injection_based_on_email_provider/template.md +++ b/submissions/description/server_side_injection/content_spoofing/email_hyperlink_injection_based_on_email_provider/template.md @@ -13,7 +13,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Perform {{action}} and capture the request in the HTTP interception proxy 1. Insert {{payload}} in {{parameter}} and forward or replay the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_side_injection/content_spoofing/external_authentication_injection/template.md b/submissions/description/server_side_injection/content_spoofing/external_authentication_injection/template.md index 3bf42f80..2a554b9a 100644 --- a/submissions/description/server_side_injection/content_spoofing/external_authentication_injection/template.md +++ b/submissions/description/server_side_injection/content_spoofing/external_authentication_injection/template.md @@ -13,7 +13,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Perform {{action}} and capture the request in the HTTP interception proxy 1. Insert {{payload}} in {{parameter}} and forward or replay the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_side_injection/content_spoofing/flash_based_external_authentication_injection/template.md b/submissions/description/server_side_injection/content_spoofing/flash_based_external_authentication_injection/template.md index b59bd861..272df56c 100644 --- a/submissions/description/server_side_injection/content_spoofing/flash_based_external_authentication_injection/template.md +++ b/submissions/description/server_side_injection/content_spoofing/flash_based_external_authentication_injection/template.md @@ -13,7 +13,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Perform {{action}} and capture the request in the HTTP interception proxy 1. Insert {{payload}} in {{parameter}} and forward or replay the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_side_injection/content_spoofing/homograph_idn_based/template.md b/submissions/description/server_side_injection/content_spoofing/homograph_idn_based/template.md index dba07ac7..217f3f3f 100644 --- a/submissions/description/server_side_injection/content_spoofing/homograph_idn_based/template.md +++ b/submissions/description/server_side_injection/content_spoofing/homograph_idn_based/template.md @@ -13,7 +13,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Perform {{action}} and capture the request in the HTTP interception proxy 1. Insert {{payload}} in {{parameter}} and forward or replay the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_side_injection/content_spoofing/html_content_injection/template.md b/submissions/description/server_side_injection/content_spoofing/html_content_injection/template.md index 6e785c8a..9ea760a0 100644 --- a/submissions/description/server_side_injection/content_spoofing/html_content_injection/template.md +++ b/submissions/description/server_side_injection/content_spoofing/html_content_injection/template.md @@ -11,7 +11,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Perform {{action}} and capture the request in the HTTP interception proxy 1. Insert {{payload}} in {{parameter}} and forward or replay the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_side_injection/content_spoofing/iframe_injection/template.md b/submissions/description/server_side_injection/content_spoofing/iframe_injection/template.md index 03e2f66e..e016457d 100644 --- a/submissions/description/server_side_injection/content_spoofing/iframe_injection/template.md +++ b/submissions/description/server_side_injection/content_spoofing/iframe_injection/template.md @@ -13,7 +13,7 @@ This vulnerability could lead to data theft and indirect financial loss through 1. Perform {{action}} and capture the request in the HTTP interception proxy 1. Insert {{payload}} in {{parameter}} and forward or replay the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_side_injection/content_spoofing/rtlo/template.md b/submissions/description/server_side_injection/content_spoofing/rtlo/template.md index cdedcedf..7ddc3444 100644 --- a/submissions/description/server_side_injection/content_spoofing/rtlo/template.md +++ b/submissions/description/server_side_injection/content_spoofing/rtlo/template.md @@ -14,7 +14,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Append/add an RLO unicode character to: {{parameter}} 1. Forward or replay the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_side_injection/content_spoofing/template.md b/submissions/description/server_side_injection/content_spoofing/template.md index 674775f7..d780dd99 100644 --- a/submissions/description/server_side_injection/content_spoofing/template.md +++ b/submissions/description/server_side_injection/content_spoofing/template.md @@ -13,7 +13,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Perform {{action}} and capture the request in the HTTP interception proxy 1. Insert {{payload}} in {{parameter}} and forward or replay the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/server_side_injection/content_spoofing/text_injection/template.md b/submissions/description/server_side_injection/content_spoofing/text_injection/template.md index 3d0594aa..27fb5759 100644 --- a/submissions/description/server_side_injection/content_spoofing/text_injection/template.md +++ b/submissions/description/server_side_injection/content_spoofing/text_injection/template.md @@ -17,7 +17,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Forward or replay the following request to the endpoint: -```HTTP +```http {{request}} ``` diff --git a/submissions/description/using_components_with_known_vulnerabilities/outdated_software_version/template.md b/submissions/description/using_components_with_known_vulnerabilities/outdated_software_version/template.md index a4f17e46..85132c24 100644 --- a/submissions/description/using_components_with_known_vulnerabilities/outdated_software_version/template.md +++ b/submissions/description/using_components_with_known_vulnerabilities/outdated_software_version/template.md @@ -11,7 +11,7 @@ Outdated Software Version can lead to reputational damage for the business due t 1. Intercept a response with the HTTP interception proxy 1. Observe the outdated software version: -```HTTP +```http {{response}} ``` diff --git a/submissions/description/using_components_with_known_vulnerabilities/template.md b/submissions/description/using_components_with_known_vulnerabilities/template.md index dcb6a0fc..4de9d0cb 100644 --- a/submissions/description/using_components_with_known_vulnerabilities/template.md +++ b/submissions/description/using_components_with_known_vulnerabilities/template.md @@ -11,7 +11,7 @@ Outdated Software Version can lead to reputational damage for the business due t 1. Intercept a response with the HTTP interception proxy 1. Observe the outdated software version: -```HTTP +```http {{response}} ```