a05-security-misconfiguration

star 0

Skills for exploiting security misconfigurations including XXE, file upload, subdomain takeover, and cache issues per OWASP A05:2021.

omkar-ukirde

By omkar-ukirde schedule Updated 2/2/2026

play_arrow Run Skill in Manus View GitHub

name: a05-security-misconfiguration description: Skills for exploiting security misconfigurations including XXE, file upload, subdomain takeover, and cache issues per OWASP A05:2021. compatibility: Requires xxeinjector, nuclei allowed-tools: xxeinjector nuclei burpsuite curl metadata: owasp: A05:2021 category: web

Security Misconfiguration (OWASP A05)

Missing or improperly configured security controls at any level of the application stack.

Skills

XXE - XML External Entity injection
File Upload - Unrestricted file upload exploitation
Subdomain Takeover - Dangling DNS exploitation
Cache Deception - Web cache poisoning attacks

Quick Reference

Attack	Target	Impact
XXE	XML parsers	File read, SSRF, RCE
File Upload	Upload endpoints	Webshell, RCE
Subdomain Takeover	Dangling DNS	Phishing, cookies
Cache Deception	CDN/proxy	Data theft

Install via CLI

npx skills add https://github.com/omkar-ukirde/Cyber-Security-Agent-skills --skill a05-security-misconfiguration

Repository Details

star Stars 0

call_split Forks 0

navigation Branch main

article Path SKILL.md

More from Creator

omkar-ukirde

omkar-ukirde Explore all skills →