Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Broken Links #292

Open
CRImier opened this issue Oct 6, 2020 · 16 comments
Open

Broken Links #292

CRImier opened this issue Oct 6, 2020 · 16 comments
Assignees
Labels
404 An issue that outlines a 404 issue or a PR related to the fix for one

Comments

@CRImier
Copy link
Contributor

CRImier commented Oct 6, 2020

Was going through pages, found plenty of broken references. Ran a broken URL checker against the website, found a lot of broken URLs. Fixed some of them in #290 . Some URLs remain broken:

https://support.google.com/mail/forum/AAAAK7un8RU3J3r2JqFNTw/discussion/?hl=en&gpf=d/topic/gmail/3J3r2JqFNTw/discussion
https://www.javaworld.com/javaworld/javaqa/2003-05/01-qa-0509-jcrypt.html?page=2
http://www.php-security.org/downloads/rips.pdf
http://www.seclab.tuwien.ac.at/papers/pixy.pdf
http://w2spconf.com/2010/papers/p27.pdf
https://www.codemagi.com/blog/post/194
https://www.itu.int/rec/T-REC-X.690-200811-I/en
https://www.ietf.org/id/draft-ietf-websec-key-pinning-09.txt
https://github.com/andresriancho/w3af/blob/master/plugins/grep/csp.py
http://blog.php-security.org/archives/76-Holes-in-most-preg_match-filters.html
http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=77
http://www.ruxcon.org.au/files/2008/Attacking_Rich_Internet_Applications.pdf
http://yehg.net/lab/pr0js/files.php/inspath.zip
http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip
http://www.comptechdoc.org/independent/web/cgi/ssimanual/ssiexamples.html
http://www.iss.net/security_center/advice/Exploits/TCP/session_hijacking/default.htm
http://www.derkeiler.com/pdf/Mailing-Lists/Securiteam/2002-12/0099.pdf
http://archives.neohapsis.com/archives/bugtraq/2002-05/0118.html
http://hacker-eliminator.com/trojansymptoms.html
http://www.microsoft.com/technet/security/bulletin/MS00-078.mspx
https://www.checkmarx.com/Demo/XSHM.aspx
https://blog.watchfire.com/wfblog/2008/06/javascript-code.html
http://shlang.com/netkill/netkill.html
https://cirt.net/code/nikto.shtml
https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/
https://www.ecrimelabs.com/tools/webroot/WebRoot.txt
https://www.cs.rice.edu/~scrosby/hash/slides/USENIX-RegexpWIP.2.ppt
https://www.checkmarx.com/NewsDetails.aspx?id=23&cat=3
https://owasp.org/index.php/Dhiraj_Mishra
http://puzzlemall.googlecode.com/files/Session
https://owasp.org/index.php/Image:RequestRodeo-MartinJohns.pdf
http://windows.stanford.edu/docs/IISsecchecklist.htm
http://www.net-security.org/dl/articles/php-file-upload.pdf
http://www.windowsitpro.com/Files/18/27072/Webtable_01.pdf
https://www.imperva.com/404?aspxerrorpath=/application_defense_center/glossary/forceful_browsing.html
http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html
https://blog.shapesecurity.com/heartbleed-bug-places-encrypted-user-data-and-webservers-at-risk
https://www.mitre.org/sites/default/files/publications/pr-18-2417-deliver-uncompromised-MITRE-study-8AUG2018.pdf
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
http://www.digitaldwarf.be/products/mangle.c
http://projects.info-pull.com/mokb/
http://www.bonsai-sec.com/en/research/untidy-xml-fuzzer.php
https://support.snyk.io/snyk-cli/how-can-i-set-a-snyk-cli-project-as-open-source
http://www.rubcast.rub.de/index2.php?id=1009
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
http://aeditor.rubyforge.org/ruby_cplusplus/index.html
https://owasp-skf.gitbook.io/asvs-write-ups/filename-injection
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
https://blog.48bits.com/2010/09/28/iis6-asp-file-upload-for-fun-and-profit/
http://palisade.plynt.com/issues/2006Jun/injection-stored-procedures/
http://www.bindshell.net/tools/odysseus
http://www.ntobjectives.com/products/firewater/
http://home.intekom.com/rdawes/exodus.html
http://www.wastelands.gen.nz/odysseus/index.php
http://www.webcohort.com/web_application_security/research/tools.html
http://www.rsasecurity.com/standards/ssl/basics.html
http://palisade.plynt.com/issues/2005Aug/page-tokens/
http://www.microsoft.com/mspress/books/toc/5612.asp
http://www.seczone.cn/2018/06/27/codesec源代码安全检测平台/

If anyone wants to go through these, grep --color=always -nr -Ff broken_urls_left.txt|grep --color=always -v "broken_"|sort will show where those URLs are specifically (might miss some of these, though). Could probably also find a lot of broken internal references by looking for "wikilink".

@kingthorin kingthorin added the 404 An issue that outlines a 404 issue or a PR related to the fix for one label Oct 6, 2020
@kingthorin
Copy link
Contributor

If anyone wants to go through these, grep --color=always -nr -Ff broken_urls_left.txt|grep --color=always -v "broken_"|sort will show where those URLs are specifically (might miss some of these, though). Could probably also find a lot of broken internal references by looking for "wikilink".

Could you attach broken_urls_left.txt?

@kingthorin kingthorin changed the title Fixing broken URLs Broken Links Oct 6, 2020
@CRImier
Copy link
Contributor Author

CRImier commented Oct 6, 2020

It's the contents of the code snippet in the OP. Would be great to use a better URL checker - the one I used didn't catch all the broken internal references, and its non-paid version only checked 2000 links out of, potentially, many more.

broken_urls_left.txt

@CRImier
Copy link
Contributor Author

CRImier commented Oct 6, 2020

Also, some of these links actually might resolve (just that there's a Javascript or 3xx code redirect), just one more peculiarity of the URL checker I used - in that case, IMO, the URL needs to be updated because, at some point, old links inevitably stop redirecting and start 404'ing.

@kingthorin
Copy link
Contributor

Thanks @CRImier

@megalucio
Copy link

megalucio commented Dec 3, 2020

This is also a broken one https://owasp.org/www-community/attacks/Tokenizing from the main page in CSRF.

@kingthorin
Copy link
Contributor

kingthorin commented Dec 3, 2020

It seems there was never "Tokenizing" content: https://wiki.owasp.org/index.php/Tokenizing

For that one it would be best to just remove the link.

@Biepa
Copy link

Biepa commented Jan 25, 2021

kingthorin added a commit to kingthorin/www-community that referenced this issue Jan 25, 2021
kingthorin added a commit that referenced this issue Jan 25, 2021
@fzipi
Copy link
Contributor

fzipi commented Mar 10, 2021

Page https://github.com/OWASP/www-community/blob/master/pages/Broken_Access_Control.md has this link: http://www.infosecuritymag.com/2002/jun/insecurity.shtml
\We should be able to get something with less than near 20 years by now....

@kingthorin
Copy link
Contributor

@fzipi let us know what your suggestion is, or just go ahead and open a PR.

@fzipi
Copy link
Contributor

fzipi commented Mar 22, 2021

@kingthorin Added #393 with the links from the top 10.

@Jeymz
Copy link

Jeymz commented Mar 3, 2023

Would it be worth going through these and just linking to the wayback machine until suitable replacements can be identified?

@kingthorin
Copy link
Contributor

I’d suggest fixing a few properly (in batches or whatever), vs. having to go through them all twice.

@draunger
Copy link

draunger commented Feb 2, 2024

@CRImier can I work on this issue

@kingthorin
Copy link
Contributor

kingthorin commented Feb 2, 2024

@draunger go for it.

@CRImier
Copy link
Contributor Author

CRImier commented Feb 6, 2024

I concur, go for it^^

@StepQuest
Copy link

On page https://github.com/OWASP/www-community/blob/master/pages/Types_of_Cross-Site_Scripting.md there is "broken" (author of GitHub page has hidden the content) link in References [2]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
404 An issue that outlines a 404 issue or a PR related to the fix for one
Projects
None yet
Development

No branches or pull requests

8 participants