This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>PHP Web Shell</title> | |
</head> | |
<body> | |
<h1>PHP Web Shell</h1> | |
<form method="POST"> | |
<label>Enter a command:</label><br> | |
<input type="text" name="cmd"><br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
declare -r reset="$(tput sgr0)" bold="$(tput bold)" dim="$(tput dim)" blink="$(tput blink)" underline="$(tput smul)" end_underline="$(tput rmul)" reverse="$(tput rev)" hidden="$(tput invis)" black="$(tput setaf 0)" red="$(tput setaf 1)" green="$(tput setaf 2)" yellow="$(tput setaf 3)" blue="$(tput setaf 4)" magenta="$(tput setaf 5)" cyan="$(tput setaf 6)" white="$(tput setaf 7)" default="$(tput setaf 9)" bg_black="$(tput setab 0)" bg_red="$(tput setab 1)" bg_green="$(tput setab 2)" bg_yellow="$(tput setab 3)" bg_blue="$(tput setab 4)" bg_magenta="$(tput setab 5)" bg_cyan="$(tput setab 6)" bg_white="$(tput setab 7)" bg_default="$(tput setab 9)" | |
l[1]=" ${cyan}╭────────────────────────────────────────────────────────╮" | |
l[2]=" ${cyan}│ │" | |
l[3]=" ${cyan}│${reset} ${bold}${cyan}Mr. Adesh Kolte${reset} ${cyan}│" | |
l[4]=" ${cyan}│${reset} ${bold}Offensive Security Engineer @ ZokyoLabs${reset} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cyber Security Base - Course Project I | |
I made a web application to which users can register and login to submit comments. | |
Logged in users can logout, view their own profile, delete their own comments and | |
delete their account as well as create new comments. | |
The application includes five different security flaws from the OWASP’s 2013 10 Most Critical Web Application Security Risks | |
list (https://www.owasp.org/index.php/Top_10_2013-Top_10). The flaws are as follows: | |
A2 - Broken Authentication and Session Management | |
A3 - Cross-Site Scripting (XSS) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
╔╦╗╦ ╦ ╔╗ ┬ ┬┌─┐ ╔╗ ┌─┐┬ ┬┌┐┌┬┐┬ ┬ ╦═╗┌─┐┌─┐┌─┐┬ ┬┬─┐┌─┐┌─┐┌─┐ | |
║║║╚╦╝ ╠╩╗│ ││ ┬ ╠╩╗│ ││ │││││ └┬┘ ╠╦╝├┤ └─┐│ ││ │├┬┘│ ├┤ └─┐ | |
╩ ╩ ╩ ╚═╝└─┘└─┘ ╚═╝└─┘└─┘┘└┘┴ ┴ ╩╚═└─┘└─┘└─┘└─┘┴└─└─┘└─┘└─┘ | |
// | |
()==========>>======================================-- | |
\\ | |
2FA Bypass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
An arbitrary file upload web vulnerability has been discovered in the | |
> Super File Explorer app for iOS. | |
> The vulnerability is located in the developer path that is accessible | |
> and hidden next to the root path. | |
> By default, there is no password set for the FTP or Web UI service. | |
he arbitrary file | |
> upload web vulnerability can be exploited by remote attackers without | |
> privilege application user account or user interaction. For security | |
> demonstration or to reproduce the vulnerability follow the provided | |
> information and steps below to continue. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Author: Adesh Nandkishor KOlte | |
> Vulnerable Parameter:Client Name | |
> | |
> PoC: Exploitation | |
"><svg onload=prompt(/xss/);> | |
> | |
> [Vulnerability Type] | |
> Cross Site Scripting (XSS) | |
> |