Challenges added for CRLF, Command Injection, File Inclusion

CRLF Injection/README.md

@@ -11,7 +11,7 @@
     * [Add a cookie](#add-a-cookie)
     * [Add a cookie - XSS Bypass](#add-a-cookie---xss-bypass)
     * [Write HTML](#write-html)
-* [Filter Bypass](#filter-bypass)
+    * [Filter Bypass](#filter-bypass)
 * [Labs](#labs)
 * [References](#references)
 
@@ -97,7 +97,7 @@ Content-Length: 34
 
 Using UTF-8 encoding
 
-```http
+```http
 %E5%98%8A%E5%98%8Dcontent-type:text/html%E5%98%8A%E5%98%8Dlocation:%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%BCsvg/onload=alert%28innerHTML%28%29%E5%98%BE
 ```
 
@@ -116,6 +116,7 @@ Remainder:
 
 
 ## References
+
 - [CRLF Injection - CWE-93 - OWASP - May 20, 2022](https://www.owasp.org/index.php/CRLF_Injection)
 - [Starbucks: [newscdn.starbucks.com] CRLF Injection, XSS - Bobrov - 2016-12-20](https://vulners.com/hackerone/H1:192749)
 ## References

Command Injection/README.md

@@ -423,7 +423,10 @@ In Unix-like command-line interfaces, the `--` symbol is used to signify the end
 * [PortSwigger - Blind OS command injection with output redirection](https://portswigger.net/web-security/os-command-injection/lab-blind-output-redirection)
 * [PortSwigger - Blind OS command injection with out-of-band interaction](https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band)
 * [PortSwigger - Blind OS command injection with out-of-band data exfiltration](https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band-data-exfiltration)
-
+* [Root Me - PHP - Command injection](https://www.root-me.org/en/Challenges/Web-Server/PHP-Command-injection)
+* [Root Me - Command injection - Filter bypass](https://www.root-me.org/en/Challenges/Web-Server/Command-injection-Filter-bypass)
+* [Root Me - PHP - assert()](https://www.root-me.org/en/Challenges/Web-Server/PHP-assert)
+* [Root Me - PHP - preg_replace()](https://www.root-me.org/en/Challenges/Web-Server/PHP-preg_replace)
 
 ### Challenge
 

File Inclusion/README.md

@@ -41,6 +41,7 @@
 - [LFI to RCE via PHP sessions](#lfi-to-rce-via-php-sessions)
 - [LFI to RCE via PHP PEARCMD](#lfi-to-rce-via-php-pearcmd)
 - [LFI to RCE via credentials files](#lfi-to-rce-via-credentials-files)
+- [Labs](#labs)
 - [References](#references)
 
 
@@ -661,6 +662,14 @@ Another way to gain SSH access to a Linux machine through LFI is by reading the
 If SSH is active check which user is being used `/proc/self/status` and `/etc/passwd` and try to access `/<HOME>/.ssh/id_rsa`.
 
 
+## Labs
+
+* [Root Me - Local File Inclusion](https://www.root-me.org/en/Challenges/Web-Server/Local-File-Inclusion)
+* [Root Me - Local File Inclusion - Double encoding](https://www.root-me.org/en/Challenges/Web-Server/Local-File-Inclusion-Double-encoding)
+* [Root Me - Remote File Inclusion](https://www.root-me.org/en/Challenges/Web-Server/Remote-File-Inclusion)
+* [Root Me - PHP - Filters](https://www.root-me.org/en/Challenges/Web-Server/PHP-Filters)
+
+
 ## References
 
 * [Baby^H Master PHP 2017 - Orange Tsai (@orangetw) - Dec 5, 2021](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017)

GraphQL Injection/README.md

@@ -22,8 +22,8 @@
     - [JSON list based batching](#json-list-based-batching)
     - [Query name based batching](#query-name-based-batching)
 - [Injections](#injections)
-  - [NOSQL injection](#nosql-injection)
-  - [SQL injection](#sql-injection)
+    - [NOSQL injection](#nosql-injection)
+    - [SQL injection](#sql-injection)
 - [Labs](#labs)
 - [References](#references)
 

Type Juggling/README.md

@@ -144,7 +144,8 @@ The exploitation phase is the following:
 
 ## Labs
 
-* [Root Me - PHP - type juggling](https://www.root-me.org/en/Challenges/Web-Server/PHP-type-juggling)
+* [Root Me - PHP - Type Juggling](https://www.root-me.org/en/Challenges/Web-Server/PHP-type-juggling)
+* [Root Me - PHP - Loose Comparison](https://www.root-me.org/en/Challenges/Web-Server/PHP-Loose-Comparison)
 
 
 ## References